Deploy the jfrog-common helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `jfrog-common` Helm chart on AWS EKS using Pulumi, you'll need to perform these high-level steps:

1. Set up an AWS EKS Cluster: This is the Kubernetes cluster where your applications will run.
2. Create an AWS IAM role for the EKS service: This role allows EKS to make calls to other AWS services on your behalf.
3. Deploy the `jfrog-common` Helm chart to the EKS cluster: Helm charts are packages of pre-configured Kubernetes resources.

Below is a Pulumi program written in TypeScript which illustrates these steps. The program sets up an EKS cluster, configures an IAM role, and deploys the `jfrog-common` Helm chart. It uses the `eks` package to create the cluster and IAM role, and the `kubernetes` package for deploying the Helm chart.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an EKS cluster
const cluster = new eks.Cluster("my-cluster", {
    // Specify the desired Kubernetes version
    version: "1.21",
    // Use default VPC, subnets, and node group settings in this example
});

// Step 2: Create an IAM role for the EKS service
const serviceRole = new aws.iam.Role("eks-serviceRole", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "eks.amazonaws.com" }),
});

new aws.iam.RolePolicyAttachment("eks-serviceRole-PolicyAttachment", {
    role: serviceRole,
    policyArn: pulumi.interpolate`arn:aws:iam::${aws.getCallerIdentity().then(id => id.accountId)}:policy/AmazonEKSClusterPolicy`,
});

// Now, we'll grab the Kubeconfig from the EKS cluster to use with the Kubernetes provider
const kubeconfig = cluster.kubeconfig.apply(JSON.stringify);

// Step 3: Deploy the jfrog-common Helm chart to the EKS cluster
const helmProvider = new k8s.Provider("helm-provider", {
    kubeconfig: kubeconfig,
});

new k8s.helm.v3.Chart("jfrog-common", {
    chart: "jfrog-common",
    // This assumes that the Helm chart is available in the default Helm repository
    // If the chart is in a custom repository, provide `repo` argument with the URL
    // You can also provide `values` for any custom configurations as an argument
    // For JFrog, this may include setting up databases, configuring services, etc.
}, { provider: helmProvider });

// Export the kubeconfig and the cluster name
export const kubeconfigOutput = kubeconfig;
export const clusterName = cluster.core.cluster.name;

```

Let's break down what each part of this program is doing:

- **eks.Cluster**: This creates a new EKS cluster using default settings. These settings include using the default VPC and default node group configuration. The EKS cluster is where your applications, managed by Kubernetes, will run.

- **aws.iam.Role**: This sets up an IAM role the EKS service will use. This role is required for EKS to access other AWS services. The `assumeRolePolicy` specifies that only the EKS service can assume this role.

- **aws.iam.RolePolicyAttachment**: This attaches the necessary policy to the IAM role we created, granting it the permissions required to operate the EKS cluster.

- **k8s.Provider**: This is the Kubernetes provider that utilizes the generated `kubeconfig` from the created EKS cluster. It allows Pulumi to deploy Kubernetes resources to the cluster.

- **k8s.helm.v3.Chart**: This deploys the `jfrog-common` Helm chart to your EKS cluster using the Helm provider we created. The argument `chart` specifies the name of the Helm chart. If the chart is not on the default Helm repo, you'd need to specify the `repo` property with the appropriate URL. You can also provide custom configurations using the `values` property.

Finally, the program exports the `kubeconfig` and `clusterName`. `kubeconfig` is the configuration file needed to connect to your cluster with kubectl or any Kubernetes client. `clusterName` is the name of the created cluster.

Remember to replace `1.21` with the Kubernetes version you want to use for your EKS Cluster and `jfrog-common` with the correct chart name if it differs.

To run this Pulumi program, save it to a `index.ts` file, set up your [AWS credentials](https://www.pulumi.com/docs/intro/cloud-providers/aws/setup/), and then execute it with the Pulumi CLI commands:

```bash
pulumi up
```

This will prompt Pulumi to provision the infrastructure as defined in the code.