Deploy the cronjob-backup-keycloak helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `cronjob-backup-keycloak` Helm chart on AWS EKS using Pulumi, you'll need to perform a series of steps. Below is a comprehensive guide and a corresponding Pulumi TypeScript program that deploys an EKS cluster and then the Helm chart onto that cluster.

### Overview

Firstly, we will need to create an EKS cluster. With Pulumi, we can define our infrastructure as code using familiar programming languages. We'll use TypeScript in this example. An EKS cluster requires a VPC, IAM roles, and security groups as prerequisites. We will create those and then define the EKS cluster.

Once the EKS cluster is up and running, we'll deploy the `cronjob-backup-keycloak` Helm chart onto it. Pulumi has a native support for Helm charts, which allows us to define the deployment of the Helm chart as part of our infrastructure.

Below is the TypeScript program that accomplishes this:

```typescript
import * as awsx from '@pulumi/awsx';
import * as eks from '@pulumi/eks';
import * as pulumi from '@pulumi/pulumi';
import * as k8s from '@pulumi/kubernetes';

// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc('my-vpc', { numberOfAvailabilityZones: 2 });

// IAM roles for the node groups.
const eksRole = new aws.iam.Role('eksRole', {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({
        Service: 'eks.amazonaws.com',
    }),
});

// The policies required by the EKS workers.
const servicePolicyAttachment = new aws.iam.RolePolicyAttachment('servicePolicyAttachment', {
    role: eksRole,
    policyArn: 'arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy',
});
const cniPolicyAttachment = new aws.iam.RolePolicyAttachment('cniPolicyAttachment', {
    role: eksRole,
    policyArn: 'arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy',
});
const registryPolicyAttachment = new aws.iam.RolePolicyAttachment('registryPolicyAttachment', {
    role: eksRole,
    policyArn: 'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly',
});

// Create the EKS cluster itself with the default node group settings.
const cluster = new eks.Cluster('my-cluster', {
    vpcId: vpc.id,
    subnetIds: vpc.subnetIds,
    instanceType: 't2.medium',
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    roleMappings: [
        {
            groups: ['system:masters'],
            roleArn: eksRole.arn,
            username: 'pulumi:admin',
        },
    ],
});

// Export the cluster's kubeconfig and name.
export const kubeconfig = cluster.kubeconfig;
export const clusterName = cluster.core.cluster.name;

// Now that we have an EKS cluster, we can create a Helm chart instance on that cluster.

// Create an instance of the Kubernetes provider that uses our EKS cluster's kubeconfig.
const k8sProvider = new k8s.Provider('k8sProvider', {
    kubeconfig: cluster.kubeconfig,
});

// Deploy the cronjob-backup-keycloak Helm chart.
const cronjobBackupKeycloak = new k8s.helm.v3.Chart('cronjob-backup-keycloak', {
    chart: 'cronjob-backup-keycloak',
    // Specify the repo URL if the chart is not on the official Helm chart repository.
    // For example: repo: 'https://my-charts.mydomain.com/',
    version: '1.0.0', // specify the exact chart version
    namespace: 'default',
    // Values to override.

// You need to specify the correct values according to your Keycloak setup and backup configuration requirements.
    values: {
        // Schedule for the cron job.
        schedule: '0 */6 * * *', // Runs every 6 hours
        // Other values like image repository, tag, resources, etc.
        image: {
            repository: 'myrepo/cronjob-backup',
            tag: 'latest',
        },
        resources: {
            requests: {
                memory: '256Mi',
                cpu: '250m',
            },
            limits: {
                memory: '512Mi',
                cpu: '500m',
            },
        },
    },
}, { provider: k8sProvider }); // Ensure we use the created EKS cluster's provider.

// Export the Helm chart name and version.
export const cronjobBackupKeycloakVersion = cronjobBackupKeycloak.version;
export const cronjobBackupKeycloakName = cronjobBackupKeycloak.release.name;
```

### Explanation

In the program above, we perform the following actions:

- **Create a VPC:** A new VPC is created through `awsx.ec2.Vpc`, which will hold all of the infrastructure for the EKS cluster.
- **Set up IAM roles:** The EKS cluster requires certain IAM roles to operate. We create these roles and attach the appropriate policies.
- **Instantiate the EKS cluster:** Using `eks.Cluster`, we create an EKS cluster specifying the VPC, subnets, node group configuration, and role mappings.
- **Export cluster details:** The `kubeconfig` is exported to interact with the cluster using kubectl, and the `clusterName` for other potential integrations.
- **Create Kubernetes provider with EKS kubeconfig:** This provider is how Pulumi interacts with our EKS cluster.
- **Deploy the Helm chart:** We use `k8s.helm.v3.Chart` to deploy the Helm chart to the cluster, specifying the chart's parameters like version and values according to the backup configuration needs.
- **Export Helm chart details:** We export the deployed Helm chart's name and version for reference.

The provided values in the `values` object should be replaced with the actual values according to your `cronjob-backup-keycloak` Helm chart's configuration needs.

To apply this program:

1. Make sure you have Pulumi CLI installed, and AWS CLI is configured with the necessary access rights.
2. Save the code to a `index.ts` file within your Pulumi project.
3. Run `pulumi up` in the command line to create the resources as defined.
4. The program will output the necessary details such as `kubeconfig` to interact with your cluster.

The resources used in this program are:

- [Vpc](https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/)
- [Role](https://www.pulumi.com/registry/packages/aws/api-docs/iam/role/)
- [RolePolicyAttachment](https://www.pulumi.com/registry/packages/aws/api-docs/iam/rolepolicyattachment/)
- [eks.Cluster](https://www.pulumi.com/registry/packages/eks/api-docs/cluster/)
- [Provider](https://www.pulumi.com/registry/packages/kubernetes/api-docs/provider/)
- [helm.v3.Chart](https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm.sh/v3/chart/)

Make sure to check the documentation for each Pulumi resource if you need to make customizations or understand the resources' capabilities in more depth.