1. Deploy the harbor-scanner-sysdig-secure helm chart on AWS EKS


    To deploy the harbor-scanner-sysdig-secure Helm chart on AWS EKS, you would need to take the following steps:

    1. Set up an EKS cluster on AWS.
    2. Configure the Helm chart repository where harbor-scanner-sysdig-secure is located.
    3. Install the Helm chart onto your EKS cluster.

    Below is a Pulumi program written in TypeScript that demonstrates how to accomplish this. This program assumes that you have the necessary AWS credentials already set up for Pulumi to use.

    First, we'll create an EKS cluster. In this example, we'll use the higher-level eks.Cluster component which simplifies the setup. You’ll need to create an IAM role for your EKS cluster. Then you'll configure your VPC and subnet IDs, along with other necessary parameters.

    Next, we'll configure the Helm chart by setting up the repository and defining the chart's release. The details like chart, version, and namespace are specific to the harbor-scanner-sysdig-secure chart you want to deploy. You might need to check the Helm repository for the exact chart name and version.

    Here's the TypeScript program:

    import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; import * as eks from "@pulumi/eks"; import * as k8s from "@pulumi/kubernetes"; // Create an EKS cluster. const cluster = new eks.Cluster("my-cluster", { // Specify the desired Kubernetes version, e.g., "1.21" version: "1.21", // Set up a node group for the cluster. nodeGroupOptions: { instanceType: "t2.medium", desiredCapacity: 2, }, }); // Create a Kubernetes provider instance using the kubeconfig from the created EKS cluster. const k8sProvider = new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeconfig.apply(JSON.stringify), }); // Set up the Helm chart repository. const harborScannerSysdigSecureRepo = new k8s.helm.v3.Repository("harbor-scanner-sysdig-secure-repo", { url: "https://charts.sysdig.com", // The repository URL; this might change so please verify. }, { provider: k8sProvider }); // Install the Helm chart into the cluster. const harborScannerSysdigSecureChart = new k8s.helm.v3.Chart("harbor-scanner-sysdig-secure", { chart: "harbor-scanner-sysdig-secure", version: "1.0.0", // Replace with the appropriate chart version. namespace: "default", // Replace with the namespace of your choice. fetchOpts: { repo: harborScannerSysdigSecureRepo.url, }, }, { provider: k8sProvider }); // Export the cluster's kubeconfig. export const kubeconfig = cluster.kubeconfig; // Optionally, export the URL to the Harbor interface if it creates an external endpoint. export const harborEndpoint = harborScannerSysdigSecureChart.getResourceProperty("v1/Service", "default/harbor", "status") .apply(status => status.loadBalancer.ingress[0]?.hostname || status.loadBalancer.ingress[0]?.ip);

    Let's break down what each part of the program does:

    • We create an EKS cluster by instantiating eks.Cluster. The properties include the Kubernetes version, the node group configuration with EC2 instance type, and the desired number of nodes.

    • We create a Kubernetes provider connected to the newly created EKS cluster by supplying its kubeconfig, which we serialize into a string. This provider will allow us to interact with the Kubernetes API of our EKS cluster.

    • Then, we declare a Helm chart repository using k8s.helm.v3.Repository, specifying the URL of the repository where the harbor-scanner-sysdig-secure chart is hosted.

    • After setting up the repository, we use k8s.helm.v3.Chart to deploy the Helm chart into our cluster. We specify the chart name, version, and release namespace. This will install harbor-scanner-sysdig-secure in our Kubernetes cluster.

    • Finally, we export the kubeconfig required to interact with the Kubernetes cluster and the endpoint of the Harbor service, assuming it creates an external endpoint accessible over the internet.

    Remember to check the official documentation and Helm repository for specific details about the harbor-scanner-sysdig-secure chart configuration and version. You might need to adjust the version and parameters to fit your requirements.