Deploy the istio-egress-gateway helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Istio Egress Gateway on an AWS EKS cluster using Pulumi, we need to follow these steps:

Set up an EKS cluster.
Create an Amazon Elastic Container Registry (ECR) repository to store our container images.
Install the Istio Egress Gateway using a Helm chart.

We will use Pulumi's eks package to provision the EKS cluster, then use aws.ecr.Repository to create an ECR repository. After setting up the infrastructure, we will deploy the Istio Egress Gateway using the kubernetes.helm.v3.Chart resource from Pulumi's kubernetes package.

Let's walk through the Pulumi TypeScript program:

First, make sure you have the required Pulumi packages installed:

# Install required Pulumi packages
$ pulumi package install aws@^6.13.3
$ pulumi package install eks@^1.0.3
$ pulumi package install kubernetes@^4.4.0

Now, here is the TypeScript program to deploy the Egress Gateway on AWS EKS:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    storageClasses: "gp2",
    deployDashboard: false,
});

// Output the kubeconfig for connecting to the EKS cluster with kubectl.
export const kubeconfig = cluster.kubeconfig;

// Create an ECR repository for our container images.
const repo = new aws.ecr.Repository("my-repo");

// Deploy Istio Egress Gateway using a Helm chart.
const istioNamespace = new k8s.core.v1.Namespace("istio-system", {}, { provider: cluster.provider });

const egressChart = new k8s.helm.v3.Chart("istio-egress", {
    chart: "istio-egressgateway",
    version: "<HELM_CHART_VERSION>",
    namespace: istioNamespace.metadata.name,
    fetchOpts: {
        repo: "https://istio.io/egress-helm-repo/",
    },
}, { provider: cluster.provider });

// Export the ECR repository URL.
export const repositoryUrl = repo.repositoryUrl;

// Export the Helm chart values, which might be useful for debugging.
export const egressChartValues = pulumi.output(egressChart.getResourceProperty("v1/Service", "istio-system", "istio-egressgateway", "spec"));

In this program, we first create a new EKS cluster with a desired capacity of 2 worker nodes using an instanceType of t2.medium. We also specify the storage class to use and opt not to deploy the Kubernetes dashboard.

We then export the kubeconfig which you can use to interact with your EKS cluster via kubectl.

Next, we create an ECR repository named my-repo that can be used to store any container images you may need for your EKS workloads.

Then we create a new Kubernetes namespace for Istio and deploy the Istio Egress Gateway helm chart to this namespace, specifying the chart version and the Helm repository where the chart is located.

Finally, we export the URL for the ECR repository and some values from the deployed Helm chart. These outputs can be used to monitor the deployed resources or for further integration with other parts of your infrastructure.

Remember to replace <HELM_CHART_VERSION> with the specific version of the Istio Egress Gateway Helm chart that you wish to deploy.

Once this code is deployed, Pulumi will provision the necessary AWS and Kubernetes resources, install the given Helm chart, and output the necessary information to further interact with your EKS cluster.