Deploy the trivy-sbom helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `trivy-sbom` Helm chart on an AWS Elastic Kubernetes Service (EKS) cluster using Pulumi, we will create the following resources:

1. An **EKS Cluster**: This is the Kubernetes cluster provided by AWS where our Helm chart will be deployed.
2. An **ECR Repository** (optional): If the `trivy-sbom` image needs to be stored in AWS, we can use an Amazon Elastic Container Registry (ECR) repository.
3. A **Helm Chart**: This is the package containing the `trivy-sbom` application and its Kubernetes resources.

Below is a Pulumi program that describes these steps. Note that we assume you have an existing VPC or appropriate networking setup for the EKS cluster. Make sure you have Pulumi and the AWS CLI installed and configured with the necessary permissions to create these resources.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    // Specify the desired EKS version and other cluster settings here.
    version: "1.21",
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    // Specify your VPC configuration here.
    vpcId: "vpc-12345678",
    subnetIds: ["subnet-12345678", "subnet-87654321"],
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Create a Kubernetes provider instance using the kubeconfig from the cluster.
const provider = new k8s.Provider("k8s-provider", {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

// Deploy the trivy-sbom Helm chart to the EKS cluster.
const trivySbomChart = new k8s.helm.v3.Chart("trivy-sbom", {
    chart: "trivy-sbom",
    version: "1.0.0", // Specify the chart version you want to deploy.
    fetchOpts: {
        repo: "https://charts.trivy.example.com/", // Use the correct Helm repository URL.
    },
}, { provider: provider });

// Export the Helm chart resources.
export const helmChartResources = trivySbomChart.resources;
```

Explanation of what you're doing:
- The `eks.Cluster` resource creates a new EKS cluster where your applications will be deployed. 
  - You need to provide specific details such as the version of Kubernetes you want to use, the type of instances for the worker nodes, and the minimum, desired, and maximum sizes of your node group.
  - You also need to provide the VPC ID and subnet IDs where you'd like your EKS cluster to reside.

- The Kubernetes provider is instantiated using the generated kubeconfig of the cluster, which allows Pulumi to communicate with your EKS cluster.

- The `k8s.helm.v3.Chart` resource is responsible for deploying the Helm chart to your EKS cluster. 
  - You must specify the name of the chart and optionally the version and the repository if it's not a chart hosted on the Helm stable repository.

Make sure to replace placeholders like `vpc-12345678`, `subnet-12345678`, `subnet-87654321`, `https://charts.trivy.example.com/`, and the version number `1.0.0` with actual values specific to your environment and the Helm chart you wish to deploy.

Once this program is executed with Pulumi, it will provision an EKS cluster and deploy the `trivy-sbom` Helm chart onto it. You can observe progress and get the outputs by running Pulumi CLI commands such as `pulumi up` to preview and deploy changes, and `pulumi stack output` to view the outputs after deploying.