Deploy the servicemesh-istio-resource helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `servicemesh-istio-resource` Helm chart on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS), you'll follow these general steps:

1. **Create an EKS Cluster**: Provision an EKS cluster where your service mesh will be deployed. This consists of setting up the necessary AWS infrastructure, such as an EKS cluster and node groups for your cluster’s worker nodes.

2. **Deploy the Helm Chart to the Cluster**: Once you have your EKS cluster in place, you can deploy the Istio service mesh into it using the Helm chart. You'll first need to add the Istio Helm repository and then proceed to deploy the Helm chart to your cluster.

To accomplish this task using Pulumi, you can write a program in TypeScript that first defines and provisions an EKS cluster, and then deploys the Istio service mesh using Helm.

Below is a Pulumi program written in TypeScript that demonstrates how to do this:

```typescript
import * as eks from "@pulumi/eks";
import * as pulumi from "@pulumi/pulumi";
import * as kubernetes from "@pulumi/kubernetes";

// Create an EKS cluster with the desired configuration.
const cluster = new eks.Cluster("my-cluster", {
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    deployDashboard: false,
});

// Export the kubeconfig for the EKS cluster.
export const kubeconfig = cluster.kubeconfig;

// Create a Kubernetes provider instance by using the kubeconfig from EKS.
const k8sProvider = new kubernetes.Provider("k8s-provider", {
    kubeconfig: cluster.kubeconfig,
});

// Add the Helm repository for Istio.
const istioRepo = new kubernetes.yaml.ConfigGroup("istio-repo", {
    yaml: `
apiVersion: v1
kind: Namespace
metadata:
  name: istio-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: istio-operator
---
apiVersion: helm.sh/v1
kind: HelmRepository
metadata:
  name: istio
  namespace: istio-operator
spec:
  url: https://istio-release.storage.googleapis.com/charts
`, 
}, { provider: k8sProvider });

// Deploy Istio using a Helm chart.
const istioChart = new kubernetes.helm.v3.Chart("istio", {
    chart: "istio-base",
    namespace: "istio-system",
    fetchOpts: {
        repo: "https://istio-release.storage.googleapis.com/charts",
    },
    version: "1.11.4", // Specify the version of Istio you wish to deploy.
}, { provider: k8sProvider, dependsOn: [istioRepo] });

// Now you can proceed to deploy other Istio components like IstioD or Istio ingress-gateway.

```

This Pulumi program performs the following actions:
- It starts by importing the necessary modules to create an AWS EKS cluster and to deploy Helm charts to Kubernetes.
- It defines an EKS cluster with the given configuration. Note that the `instanceType`, and scaling configurations (`desiredCapacity`, `minSize`, and `maxSize`) should be chosen based on your specific requirements and could result in different costs.
- It exports the `kubeconfig` generated for the EKS cluster so we can interact with our Kubernetes cluster using external tools like `kubectl`.
- It creates a Kubernetes provider configured with the `kubeconfig` of the EKS cluster which tells Pulumi how to communicate with our Kubernetes cluster.
- It adds the Istio Helm repository to the Kubernetes cluster. Before the Istio Helm chart can be deployed, its repository needs to be added. This component also creates the necessary namespaces for Istio components.
- After setting up the repository, it deploys the `istio-base` chart from Istio's repository into the `istio-system` namespace, which will set up the foundation of Istio on the EKS cluster. The version is pinned to `1.11.4`, but you should check for the latest version that is compatible with your requirements.

Please, replace `"1.11.4"` with the version of Istio you wish to use. Remember that to maintain the Istio service mesh and to use its features, additional components might be required such as IstioD, Istio Ingress/Egress gateways, and so on, which are not described in this program.

Before running this Pulumi code, make sure you have set up and configured the AWS credentials on your machine and installed Pulumi. Then, navigate to the directory containing your Pulumi project and run `pulumi up` to deploy the resources.