Deploy the unifi-controller helm chart on AWS EKS
TypeScriptDeploying the UniFi Controller on an AWS Elastic Kubernetes Service (EKS) cluster involves multiple steps. First, we will set up an EKS cluster where our Kubernetes workloads will run. Once the cluster is ready, we will deploy the UniFi Controller using the helm chart mechanism provided by Kubernetes.
Here's a high-level description of each step in the process:
- Create an EKS Cluster: You'll set up an EKS cluster using Pulumi's
eks.Cluster
component, which simplifies the creation and configuration of an EKS cluster. - Establish IAM Role For EKS: EKS needs specific IAM roles to function correctly. With Pulumi's
aws-iam.EKSRole
, this role will be configured. - Deploy Helm Chart: Using Pulumi's Helm Chart resource from
kubernetes.helm.v3.Chart
, you will deploy the UniFi Controller helm chart to the EKS cluster.
Below is the Pulumi TypeScript program that performs all these steps. Note, this assumes you have already configured your AWS credentials and Pulumi CLI.
import * as eks from "@pulumi/eks"; import * as aws from "@pulumi/aws"; import * as k8s from "@pulumi/kubernetes"; import * as awsx from "@pulumi/awsx"; // Step 1: Create an EKS cluster const vpc = new awsx.ec2.Vpc("unifi-vpc", { tags: { Name: "pulumi-eks-vpc", }, }); const cluster = new eks.Cluster("unifi-cluster", { vpcId: vpc.id, subnetIds: vpc.privateSubnetIds, instanceType: "t2.medium", desiredCapacity: 2, minSize: 1, maxSize: 3, }); // Step 2: Establish the IAM Role needed by AWS EKS const eksRole = new aws.iam.Role("eksRole", { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "eks.amazonaws.com", }), }); const roleMapping = { roleArn: eksRole.arn, username: "admin", groups: ["system:masters"], }; const coreDNSPolicy = new aws.iam.Policy("coreDNSPolicy", { policy: cluster.instanceRoles.apply(roles => JSON.stringify({ Version: "2012-10-17", Statement: [{ Action: [ "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", ], Resource: "*", Effect: "Allow", }], })), }); new aws.iam.RolePolicyAttachment("coreDNSPolicyAttachment", { policyArn: coreDNSPolicy.arn, role: eksRole.name, }); // Grant the required permissions for EKS admin. new aws.iam.RolePolicyAttachment("eks-admin", { policyArn: "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", role: eksRole, }); new aws.iam.RolePolicyAttachment("eks-cluster", { policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", role: eksRole, }); const provider = new k8s.Provider("provider", { kubeconfig: cluster.kubeconfig, }); // Step 3: Deploy the UniFi Controller helm chart const unifiControllerChart = new k8s.helm.v3.Chart("unifi-controller", { chart: "unifi-controller", version: "1.1.0", // Specify the chart version, change it to the version you require fetchOpts: { repo: "https://kubernetes-charts.storage.googleapis.com/", // The repo where the chart is located }, }, { provider }); export const kubeconfig = cluster.kubeconfig; export const unifiControllerChartName = unifiControllerChart.name;
Explanation:
- VPC Creation: We create a virtual private cloud (VPC) for our EKS cluster to operate within a controlled network environment.
- EKS Cluster: With
eks.Cluster
, you define the cluster, node group, and associated resources. - IAM Role: The
aws.iam.Role
is the identity that EKS assumes when making calls against AWS services on your behalf. - Helm Chart: We use
k8s.helm.v3.Chart
, to specify the deployment of the UniFi Controller helm chart with the necessary version and repository information.
Please ensure you have Helm Chart repository details accurately pointing to where your UniFi Controller Helm Chart is located, as such details might change over time, and the above code includes an example URL.
What's Next:
After running this program with Pulumi, the outputs will display the kubeconfig and UniFi Helm Chart name, indicating that the deployment was successful. You can then proceed to use the Kubernetes kubeconfig to manage your cluster and UniFi deployment.
For more information on Pulumi and how to manage your deployments, you can refer to the official Pulumi documentation:
- Pulumi Kubernetes Documentation
- Pulumi EKS Documentation
- Pulumi EKS Component
- Pulumi AWS IAM Documentation
- Pulumi Helm v3 Charts
You'll need to configure your AWS and Kubernetes providers and populate the properties of resources based on your specific requirements and environment. This code is a starting point that shows how the various Pulumi components fit together to deploy a UniFi Controller on AWS EKS.
- Create an EKS Cluster: You'll set up an EKS cluster using Pulumi's