Deploy the istio-ingress-gateway helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Istio Ingress Gateway Helm chart on AWS EKS using Pulumi, we will need the following components:

1. **EKS Cluster**: An Amazon EKS cluster to run our Istio service mesh. We’ll use the `eks.Cluster` component from the Pulumi EKS package to provision the EKS cluster.
2. **Helm Chart**: The Istio ingress gateway, which will be deployed via a Helm chart. For this, we'll utilize the `Chart` resource from the Pulumi Kubernetes package to deploy the Helm chart for Istio Ingress Gateway to the EKS cluster.

### Step-by-step explanation and the program

Let’s start by making sure we understand each element included in the code and their purpose:

- **AWS EKS Cluster**: It’s critical to have a Kubernetes cluster running on AWS EKS where the Istio Ingress Gateway will be deployed.
- **Helm Chart for Istio Ingress Gateway**: This Helm chart will set up the necessary Istio infrastructure to manage ingress traffic to services within the Kubernetes cluster.

First, we’ll create a new EKS cluster. After the cluster is provisioned, we’ll deploy the Istio Ingress Gateway Helm chart.

The following TypeScript code will perform these actions using Pulumi:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as k8s from '@pulumi/kubernetes';
import * as eks from '@pulumi/eks';

// Create an EKS cluster.
const cluster = new eks.Cluster('eks-cluster', {
    // Specify the desired settings for the cluster
    instanceType: 't2.medium',
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    deployDashboard: false, // Dashboard is optional
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Create a Helm chart for Istio Ingress Gateway.
const istioIngressGateway = new k8s.helm.v3.Chart('istio-ingress', {
    chart: "istio-ingress",
    version: "1.8.2", // Set the chart version you wish to deploy
    namespace: "istio-system", // Define the namespace for the Istio deployment
    fetchOpts: { // Where to fetch the chart from if not already cached
      repo: "https://istio-release.storage.googleapis.com/charts",
    },
}, { 
    provider: cluster.provider, // Use the provider of the EKS cluster created earlier
});

// Export the endpoint to access the Istio Ingress Gateway.
export const istioIngressGatewayEndpoint = istioIngressGateway.getResourceProperty('v1/Service', 'istio-ingressgateway', 'status').apply(s => s.loadBalancer.ingress[0].ip);
```

Make sure you have Pulumi CLI installed and configured with your AWS account and the AWS provider before running this code.

### Running the program

To run this Pulumi program:

1. Save the code to a file with a `.ts` file extension, for example, `index.ts`.
2. Make sure you have the necessary Pulumi packages installed using `npm` or `yarn`. You can install them by running `npm install` or `yarn install` with a proper `package.json` file containing the pulumi packages.
3. Run `pulumi up` to preview and deploy the resources (make sure you are logged in to Pulumi CLI and set up the correct AWS credentials).

This will start the deployment and, once completed, will output the necessary information to access your cluster and Istio Ingress Gateway.

Note that Istio provides multiple Helm charts for different components and features. The above example uses generic values and assumes `istio-ingress` is the chart name that may vary as per the actual Istio Helm repository structure, and you should replace it with the specific chart name and version according to the Istio documentation.