Deploy the keycloak-resources deployment for keycloak-operator helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `keycloak-resources` deployment using the `keycloak-operator` Helm chart on an AWS EKS cluster using Pulumi, you must follow a series of steps:

1. **Create an EKS Cluster**: You will need an EKS cluster where Keycloak and its operator will be deployed. The Pulumi EKS package simplifies the creation of an EKS cluster.

2. **IAM Role for EKS**: AWS requires an IAM role that EKS can assume to create AWS resources such as Elastic Load Balancers.

3. **Deploy the Helm chart for keycloak-operator**: Helm charts help to deploy applications on Kubernetes clusters. The `keycloak-operator` Helm chart will provision the necessary operator to manage Keycloak instances in the EKS cluster.

4. **Keycloak Resources using keycloak-operator**: After deploying the operator, you can define `keycloak-resources` such as realms, users, or clients using custom resources that the Keycloak operator will manage.

Below is a detailed program written in TypeScript for use with Pulumi to deploy a Keycloak instance on AWS EKS. Before you run the code, make sure you have the Pulumi CLI installed and configured with the necessary AWS credentials.

```typescript
import * as eks from "@pulumi/eks";
import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS Cluster
// This will create an AWS EKS cluster with default configurations. You may need to adjust
// specific configurations like instance types or the number of nodes as per the requirements.
const cluster = new eks.Cluster("my-eks-cluster", {
    // The instanceType to use for the cluster's nodes. Defaults to "t2.medium".
    instanceType: "t2.medium",
    // The number of worker nodes that the cluster should initially start with.
    desiredCapacity: 2,
    // If you need to specify a specific Kubernetes version, you can add it here.
    // Otherwise, EKS chooses the default version.
    version: "1.21",
});

// Using the cluster's kubeconfig, create a Kubernetes provider that we'll use for deploying 
// the Helm chart later in the code.
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

// Deploy keycloak-operator using the Helm Provider.
// Here, we use the Pulumi Kubernetes Provider to interact with the created EKS cluster.
// Replace 'my-keycloak-operator' with your preferred release name and 'namespace' with the
// namespace you want to deploy into.
const keycloakOperatorChart = new k8s.helm.v3.Chart("my-keycloak-operator", {
    chart: "keycloak-operator",
    version: "1.0.0", // Replace with the version of the keycloak-operator Helm chart you wish to deploy
    namespace: "default",
    // Set the values for the Helm chart as needed.
    values: {
        // Custom values for the Helm chart can be set here if needed
    },
}, { provider: k8sProvider });

// Once the keycloak-operator is installed and running, you can deploy Keycloak resources.
// Here's an example of how you could create a Keycloak instance using the keycloak-operator.
const keycloakInstance = new k8s.apiextensions.CustomResource("my-keycloak-instance", {
    apiVersion: "keycloak.org/v1alpha1",
    kind: "Keycloak",
    metadata: {
        namespace: "default", // Ensure this is the same namespace as the operator
    },
    spec: {
        instances: 1,
        // Define the specifications for your Keycloak instance here.
        // You will need to consult the keycloak-operator documentation for the required spec values.
    },
}, { provider: k8sProvider, dependsOn: [keycloakOperatorChart] });

// Export the cluster's kubeconfig and Keycloak URL
export const kubeconfig = cluster.kubeconfig;
export const keycloakUrl = pulumi.interpolate`http://${keycloakInstance.status.externalUrl}`;

```

This program sets up an AWS EKS cluster, then deploys the `keycloak-operator` Helm chart into it. After that, it uses the Keycloak operator to create a Keycloak instance. Once the program is executed with `pulumi up`, it will print out the kubeconfig needed to manage the Kubernetes cluster and the external URL to access Keycloak.

Make sure to replace `1.0.0` with the actual version of the keycloak-operator Helm chart you wish to deploy and update the `kind: "Keycloak"` CustomResource with the actual API version and specifications for deploying Keycloak resources.

The `dependsOn` option in the Keycloak custom resource makes sure that it is created only after the Keycloak operator has been deployed by the Helm chart.

Running `pulumi up` will start the deployment process, and once completed, you should be able to access your EKS cluster and Keycloak URL.