Deploy the vault-dev helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `vault-dev` Helm chart on an AWS EKS cluster using Pulumi, you need to perform the following high-level steps:

1. Create an EKS cluster.
2. Deploy the `vault-dev` Helm chart to the cluster.

For this task, we'll utilize the following Pulumi resources:
- `eks.Cluster`: This is a high-level component that wraps the AWS EKS resources and provides defaults for ease of use. It stands up the entire infrastructure necessary to run an EKS Kubernetes cluster.
- `kubernetes.helm.v3.Chart`: This resource deploys a Helm chart to a Kubernetes cluster.

Below is a detailed explanation and a TypeScript program using Pulumi to accomplish the deployment:

### Creating the EKS Cluster

We start by importing the necessary packages and creating an EKS cluster. The `eks.Cluster` component encapsulates the complexity of setting up an EKS cluster. It creates the cluster, the node group, and the associated resources like IAM roles and security groups. You could customize the cluster with additional properties if needed (not shown here for brevity).

### Deploying the Helm Chart

After the cluster is provisioned, we deploy the `vault-dev` Helm chart using the `Chart` resource from the `@pulumi/kubernetes` package. We need to specify the chart name, and optionally, you can provide the repository URL if it's not a chart from the stable repository. The `values` field is used to add overrides to the default chart values.

Please ensure that you have the Pulumi CLI installed and configured with the appropriate AWS credentials before running the Pulumi program.

Here is the Pulumi TypeScript program that performs the deployment:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster with the default configuration.
const cluster = new eks.Cluster("vault-cluster");

// Deploy the vault-dev Helm chart to the EKS cluster.
const vaultChart = new k8s.helm.v3.Chart("vault-dev", {
    chart: "vault",
    // Replace with the correct Helm repo URL if the chart is not in the default Helm repository
    // repo: "https://helm.releases.hashicorp.com",
    version: "0.13.0", // Specify the chart version you want to deploy
    values: {
        // Chart values to override
        // For example, to run Vault in dev mode (not recommended for production):
        server: {
            dev: {
                enabled: true
            }
        }
    },
    // This defines the target Kubernetes cluster for the Helm chart.
    // You should inform the provider with the kubeconfig from the newly created EKS cluster.
    // This uses the kubeconfig provided by the 'cluster' resource directly.
    fetchOpts: {
        repo: "https://helm.releases.hashicorp.com",
    },
}, { provider: cluster.provider });

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

```

This program will set up an EKS cluster and deploy the `vault-dev` Helm chart onto it. The output `kubeconfig` is the configuration needed to connect to your Kubernetes cluster with tools like `kubectl` and to manage your cluster resources.

Remember, deploying Vault in "dev" mode as shown in this example is not recommended for production. Dev mode is a non-persistent instance of Vault with a pre-configured storage backend and an insecure configuration. It's great for learning and experimenting but should not be used for storing real secrets.

After running this program with Pulumi (`pulumi up`), you will have a running instance of HashiCorp Vault in "dev" mode on your EKS cluster.

Please modify the chart values according to your actual requirements, and ensure you use the correct chart name and version for the `vault-dev` Helm chart. If the chart is hosted in a specific Helm repository, ensure to provide the `repo` option with the repository URL. The `version` field specifies the version of the chart you wish to deploy.