How do I build an eks index vpccni with Pulumi?

Question

Pulumi · Accepted Answer

To create an Amazon EKS cluster with "aws.vpc.Cni" setting which refers to the Amazon VPC CNI plugin for Kubernetes networking, you would use the `aws.eks.Cluster` resource from the `aws` package in Pulumi.

The Amazon VPC CNI offers integrated AWS Virtual Private Cloud (VPC) networking for Kubernetes pods. This provides several advantages including:
- Native VPC networking performance for pods
- Compatibility with VPC flow logs, VPC routing policies and network traffic mirroring
- Granular control over subnet and IP selection.

Here is a simplified TypeScript code example:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a new IAM role for the cluster
const exampleRole = new aws.iam.Role("exampleRole", { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service:  "eks.amazonaws.com" }) });

// Attach the EKS Cluster Policy to the Role
new aws.iam.RolePolicyAttachment("exampleAttachment", {
    role: exampleRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
});

// Create a new Security Group for the EKS cluster control plane
const exampleSecurityGroup = new aws.ec2.SecurityGroup("exampleSecurityGroup", {});

// Define the EKS cluster
const exampleCluster = new aws.eks.Cluster("exampleCluster", {
    roleArn: exampleRole.arn,
    tags: {
        Name: "exampleCluster",
    },
    vpcConfig: {
        securityGroupIds: [ exampleSecurityGroup.id ],
        subnetIds: ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"],  // replace these with actual subnet IDs
    },
});

// Export the kubeconfig
export const kubeconfig = exampleCluster.kubeconfig;
```

This program does the following:
1. It creates a new AWS IAM Role that we will use for the EKS cluster.
2. It attaches the AmazonEKS service policy to the IAM role which is required for EKS service to have necessary permissions to function.
3. It creates a new AWS Security Group to use with the EKS cluster.
4. The EKS cluster is managed by AWS and the Amazon VPC CNI plugin for Kubernetes is installed by default.
5. It exports the `kubeconfig` that you can use with `kubectl` to manage your Kubernetes cluster.

Please replace the subnet IDs with your actual subnet IDs in your VPC where you want the EKS cluster.

Once the cluster is created, the Amazon VPC CNI plugin for Kubernetes networking will be installed by default in your EKS cluster. You can then create and configure your Kubernetes pods to run and communicate with each other within your VPC.

Check out the [EKS Cluster Pulumi Documentation](https://www.pulumi.com/registry/packages/aws/api-docs/eks/cluster/) for more details.