Deploy the openunison-kiali helm chart on AWS EKS
TypeScriptTo deploy the openunison-kiali Helm chart on AWS EKS, we will follow these steps:
- Set up an EKS Cluster: We will use the
aws.eks.Cluster
resource to provision a managed Kubernetes cluster on AWS. - Create an IAM Role for EKS: This step uses the
aws-iam.EKSRole
resource to create the necessary AWS IAM role with permissions for EKS to manage resources on behalf of your Kubernetes workloads. - Deploy the Helm Chart: Once the Kubernetes cluster is up and running, we will use the
kubernetes.helm.sh/v3.Chart
resource to deploy the openunison-kiali Helm chart into our EKS cluster.
Let's write the Pulumi program in TypeScript to accomplish this:
import * as pulumi from '@pulumi/pulumi'; import * as aws from '@pulumi/aws'; import * as eks from '@pulumi/eks'; import * as k8s from '@pulumi/kubernetes'; // Step 1: Create an EKS Cluster. // This will set up an EKS cluster with the default configuration. const cluster = new eks.Cluster('my-cluster',{ // Define other required fields, like vpcId and subnetIds if you're not using the default VPC. }); // Step 2: Create an IAM Role for EKS. // This IAM role is the `Role` that nodes will assume for AWS permissions. const eksRole = new aws.iam.Role('eksRole', { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "eks.amazonaws.com", }), }); // Step 3: Define a role policy attachment for the Amazon EKS worker node policy. new aws.iam.RolePolicyAttachment('eksWorkerNodePolicyAttachment', { policyArn: 'arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy', role: eksRole.name, }); // Define a role policy attachment for the Amazon EKS CNI policy. new aws.iam.RolePolicyAttachment('eksCniPolicyAttachment', { policyArn: 'arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy', role: eksRole.name, }); // Define a role policy attachment for the Amazon EC2 Container Registry ReadOnly policy. new aws.iam.RolePolicyAttachment('eksEcrReadOnlyPolicyAttachment', { policyArn: 'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly', role: eksRole.name, }); // Deploy the openunison-kiali Helm chat into the EKS cluster. // Step 4: Create a Kubernetes provider instance that uses our EKS cluster's kubeconfig. const k8sProvider = new k8s.Provider('k8s', { kubeconfig: cluster.kubeconfig.apply(JSON.stringify), }); // Step 5: Deploy the openunison-kiali Helm chart. const chart = new k8s.helm.v3.Chart('openunison-kiali', { chart: 'openunison-kiali', // Specify the Helm repository here if it's not stable. fetchOpts: { repo: 'https://helm-repo-url/' }, // If needed, you can specify values for the Helm chart. values: { /* ... */ }, }, { provider: k8sProvider }); // Exports export const kubeconfig = cluster.kubeconfig; export const kialiConsoleUrl = pulumi.interpolate`http://${chart.getResourceProperty("v1/Service", "openunison-kiali", "status")}.loadBalancer.ingress[0].hostname`;
Explanation:
-
Step 1: We create an EKS cluster with default settings. You can customize this by providing specific VPC and subnet IDs if necessary. The
eks.Cluster
resource abstracts much of the complexity in deploying an EKS cluster. EKS Cluster Docs -
Step 2: AWS IAM roles are critical for security in AWS. Here, we set up a role that EKS will use when creating infrastructure.
-
Step 3: Role policy attachments connect our IAM role to policies that grant the necessary permissions for EKS. Policies like
AmazonEKSWorkerNodePolicy
,AmazonEKS_CNI_Policy
, andAmazonEC2ContainerRegistryReadOnly
are typical for EKS clusters. -
Step 4 and Step 5: We deploy the openunison-kiali Helm chart into the cluster using Pulumi's Kubernetes provider, which interfaces with the cluster's kubeconfig. The `k8s.helm.v3
- Set up an EKS Cluster: We will use the