Deploy the cyberark-sidecar-injector helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the CyberArk Sidecar Injector Helm chart on AWS EKS, the following steps are typically required:

1. **Create an EKS Cluster**: You need a running EKS cluster where your application will reside.
2. **ECR Repository (Optional)**: If you have custom containers, you might need an Elastic Container Registry (ECR) to store your Docker images.
3. **IAM Roles for EKS**: Proper IAM roles must be configured for the EKS cluster to manage resources.
4. **Helm Installation**: Helm is a package manager for Kubernetes, which simplifies the deployment of applications.
5. **CyberArk Sidecar Injector Deployment**: Finally, you'll use Helm to deploy the CyberArk Sidecar Injector to your EKS cluster.

Below is a Pulumi program written in TypeScript that demonstrates how to accomplish this setup. This program assumes that you have already set up AWS credentials and Pulumi configuration. It uses the `aws`, `eks`, and `kubernetes` providers from Pulumi to create these resources.

### Detailed Program Explanation

First, we'll import the necessary modules and set up the AWS provider. Then, we create an EKS cluster with a default node group. Once the cluster is up and running, we'll use Pulumi's `kubernetes` provider to deploy the CyberArk Sidecar Injector Helm chart to the EKS cluster.

We're using the `eks.Cluster` resource from the `@pulumi/eks` module because it's a higher-level component that simplifies creating and managing an EKS cluster. We're installing the `cyberark-sidecar-injector` using the `kubernetes.helm.v3.Chart` resource, which allows us to deploy Helm charts.

Here is the TypeScript program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster with the default configuration
const cluster = new eks.Cluster("eks-cluster", {
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
});

// Export the cluster's kubeconfig
export const kubeconfig = cluster.kubeconfig;

// Set up a Kubernetes provider using the EKS cluster's kubeconfig
const k8sProvider = new k8s.Provider("k8s", {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

// Deploy the CyberArk Sidecar Injector Helm chart
const sidecarInjectorChart = new k8s.helm.v3.Chart("cyberark-sidecar-injector", {
    repo: "cyberark",
    chart: "cyberark-sidecar-injector",
    namespace: "default" // You can specify a different namespace
}, { provider: k8sProvider });

// Export the name of the cluster
export const clusterName = cluster.eksCluster.name;
```
### Usage Guide

To use this Pulumi program:

- Save the code in a file named `index.ts`.
- Ensure you have the AWS and Pulumi CLIs installed and configured.
- Run `pulumi up` to create the EKS cluster and deploy the CyberArk Sidecar Injector Helm chart.

If you need to customize the version of the chart or specify values to configure the CyberArk Sidecar Injector, you can add a `version` or `values` property to the `Chart` resource, respectively.

The `kubeconfig` output of the `eks.Cluster` resource provides the kubeconfig file necessary to manage your Kubernetes cluster with `kubectl`. You can fetch this configuration after running `pulumi up` and use it to connect to your new EKS cluster.

The `clusterName` output can be useful if you need to reference the EKS cluster by name in AWS management consoles or CLI tools.

Remember to check the [official Pulumi documentation](https://www.pulumi.com/docs/intro/cloud-providers/aws/) for AWS, [EKS module documentation](https://www.pulumi.com/registry/packages/eks/), and [Kubernetes provider documentation](https://www.pulumi.com/registry/packages/kubernetes/) for more details and best practices.