Deploy the secrets-store-csi-driver-provider-aws helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `secrets-store-csi-driver-provider-aws` Helm chart on AWS EKS, you will need an EKS cluster and Helm installed in your environment.

In Pulumi, you can create an EKS cluster using the `@pulumi/eks` library, which provides a higher-level abstraction for working with EKS. After you have the cluster, the next step is to install the necessary Helm chart for the secrets-store CSI driver. This can be done using the `@pulumi/kubernetes` library which allows you to work with Kubernetes resources, including those from Helm.

Here is a complete TypeScript program that sets up an EKS cluster and deploys the secrets-store-csi-driver-provider-aws Helm chart:

```typescript
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster with default settings
const cluster = new eks.Cluster("my-cluster");

// Export the cluster's kubeconfig
export const kubeconfig = cluster.kubeconfig;

// Create a Kubernetes provider instance that uses our EKS cluster's kubeconfig
const provider = new k8s.Provider("provider", {
    kubeconfig: cluster.kubeconfig,
});

// Deploy the secrets-store-csi-driver-provider-aws Helm chart
const csiDriverChart = new k8s.helm.v3.Chart(
    "secrets-store-csi-driver-provider-aws",
    {
        chart: "secrets-store-csi-driver-provider-aws",
        version: "0.0.1", // specify the desired chart version
        fetchOpts: {
            repo: "https://raw.githubusercontent.com/aws/secrets-store-csi-driver-provider-aws/main/helm/", // specify the chart repository URL
        },
    },
    {
        provider: provider, // inform Pulumi to use the EKS K8s provider
    }
);

// To interact with resources in your EKS cluster you can use the kubeconfig
// For example, you can use `kubectl` from your local machine to get nodes:
// $ kubectl get nodes --kubeconfig=(pulumi stack output kubeconfig)

// Export the name of the chart and the Kubernetes provider
export const chartName = csiDriverChart.releaseName;
```

Here's what each part of the program does:

1. `eks.Cluster`: This creates a new EKS cluster with default settings. You can modify the configuration by passing an options object to the `Cluster` constructor.
   
2. The `kubeconfig` export: This line exports the kubeconfig of the newly created cluster, which is needed to interact with the cluster using tools like `kubectl`.

3. `k8s.Provider`: This tells Pulumi to create a new Kubernetes provider that understands how to communicate with our EKS cluster.

4. `k8s.helm.v3.Chart`: This component is responsible for installing the specified Helm chart into our EKS cluster. It's worth noting that you need to provide the chart name and version, as well as optionally the repository URL if the chart is not located in the default Helm chart repositories.

To run this program, you should have Pulumi and AWS CLI installed on your local machine, with the necessary AWS credentials configured to create resources in your account.

After running this program with `pulumi up`, your EKS cluster will be set up, and the secrets-store-csi-driver-provider-aws will be installed on the cluster.