Deploy the wordpress-nginx helm chart on AWS EKS

Question

Pulumi · Accepted Answer

Deploying a Wordpress application with an NGINX web server on an AWS EKS cluster using Pulumi involves several steps. We'll be orchestrating this process using Pulumi's TypeScript SDKs. The resources we use for this project include:

- **EKS Cluster**: We will create an EKS cluster, which is a managed Kubernetes service on AWS. This will be the environment on which our Wordpress application runs.
- **IAM Role**: Necessary for the EKS Cluster to interact with other AWS services.
- **Helm Chart**: Helm is a package manager for Kubernetes, which allows us to define, install, and upgrade even the most complex Kubernetes applications. We will use a Helm chart for deploying the Wordpress application with NGINX as the web server.

Here's a step-by-step guide, followed by the Pulumi TypeScript program:

1. **Setting up the EKS cluster**: First, you need to define an EKS cluster where the Wordpress application is to be hosted. We'll use the Pulumi AWS and EKS libraries to create the cluster and configure it properly.

2. **Creating IAM Role for the EKS cluster**: For the EKS cluster to manage resources in AWS on your behalf, it will need the appropriate IAM role with relevant policies attached.

3. **Deploying the Wordpress NGINX Helm Chart**: We'll use the Pulumi Kubernetes library to deploy a Helm chart from an existing repository. Helm charts define a set of resources that can be deployed as a package onto a Kubernetes cluster.

The following TypeScript program will perform these steps:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as aws from '@pulumi/aws';
import * as eks from '@pulumi/eks';
import * as k8s from '@pulumi/kubernetes';

// Create an EKS cluster with the default configuration.
const cluster = new eks.Cluster('my-cluster', {});

// Define the IAM Role for the EKS cluster
const eksRole = new aws.iam.Role('eksRole', {
    assumeRolePolicy: {
        Version: '2012-10-17',
        Statement: [{
            Action: 'sts:AssumeRole',
            Effect: 'Allow',
            Principal: {
                Service: 'eks.amazonaws.com',
            },
        }],
    },
});

// Attach the AWS managed policies to the EKS role: AmazonEKSClusterPolicy and AmazonEKSVPCResourceController
const servicePolicies = ['AmazonEKSClusterPolicy', 'AmazonEKSVPCResourceController'];
for (const policy of servicePolicies) {
    new aws.iam.RolePolicyAttachment(`${policy}-attachment`, {
        role: eksRole,
        policyArn: pulumi.interpolate`arn:aws:iam::aws:policy/${policy}`,
    });
}

// Create a provider to use the created cluster.
const k8sProvider = new k8s.Provider('k8sProvider', {
    kubeconfig: cluster.kubeconfig,
});

// Install the WordPress Helm chart onto the EKS cluster.
const wordpressChart = new k8s.helm.v3.Chart('nginx-wordpress', {
    chart: 'wordpress',
    version: 'X.Y.Z', // specify the version of the chart you want to deploy
    fetchOpts: { repo: 'https://charts.bitnami.com/bitnami' },
}, { provider: k8sProvider });

// Export the cluster's kubeconfig and the WordPress service endpoint.
export const kubeconfig = cluster.kubeconfig;
export const websiteUrl = wordpressChart.getResourceProperty('v1/Service', 'nginx-wordpress', 'status').apply(status => status.loadBalancer.ingress[0].hostname);
```

### Explanation of the TypeScript Program:

- We begin by importing the required Pulumi libraries for AWS, EKS, and Kubernetes.
- We define our EKS cluster with the `eks.Cluster` class, which creates all the necessary resources for an EKS cluster.
- We also create an IAM role using `aws.iam.Role` and attach AWS managed policies that permit the cluster to manage resources on your behalf.
- Then, we create a Kubernetes provider associated with the created EKS cluster using the `k8s.Provider` class. This links our subsequent Kubernetes resources with the EKS cluster.
- We deploy the WordPress Helm chart using `k8s.helm.v3.Chart`. The chart and version are specified, along with the repository URL.
- Finally, we export two important pieces of information:
  - `kubeconfig`: This is necessary for accessing your Kubernetes cluster.
  - `websiteUrl`: The public URL of the WordPress site once it's been deployed and is accessible.

You would need to select the appropriate version for the Helm chart `X.Y.Z` in the wordpressChart initialization.

This program assumes that you have Pulumi and AWS CLI already set up and configured with the appropriate credentials and resource access.

To run this Pulumi program, save the code to a file named `index.ts`, and execute it using the Pulumi CLI commands `pulumi up`, which will provision the resources as described above.