Deploy the sysdig helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Sysdig Helm chart on an Amazon EKS cluster using Pulumi, you'll need to perform the following steps:

1. Set up an AWS EKS cluster.
2. Create an IAM role that can be used by the EKS cluster.
3. Configure your Kubernetes provider to interact with the EKS cluster.
4. Use the Helm package resource to install the Sysdig chart into your EKS cluster.

Below you will find a detailed Pulumi program written in TypeScript which demonstrates how to accomplish these tasks:

Firstly, install the necessary Pulumi packages by running the following commands:

```bash
pulumi plugin install resource aws 6.13.3
pulumi plugin install resource eks 1.0.3
pulumi plugin install resource kubernetes 3.18.1
npm install @pulumi/aws @pulumi/eks @pulumi/kubernetes
```

Now, you can write your Pulumi program as follows:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as aws from '@pulumi/aws';
import * as eks from '@pulumi/eks';
import * as k8s from '@pulumi/kubernetes';

// Create an EKS cluster.
const cluster = new eks.Cluster('my-cluster', {
    // specify the desired version for the EKS Kubernetes cluster
    version: '1.21',
    // use the default node group configuration, or customize as needed
    instanceType: 't3.medium',
    desiredCapacity: 2, // specify the desired number of cluster instances
    minSize: 1,
    maxSize: 3,
    createOidcProvider: true, // create an OIDC identity provider for the cluster
});

// Create a Kubernetes provider instance that uses our EKS cluster.
const k8sProvider = new k8s.Provider('k8s-provider', {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

// Deploy the Sysdig Helm chart.
const sysdigChart = new k8s.helm.v3.Chart('sysdig', {
    chart: 'sysdig',
    version: '1.12.3', // specify the desired chart version
    fetchOpts: {
        repo: 'https://charts.sysdig.com', // Sysdig Helm repository
    },
    values: {
        // specify configuration values here, such as:
        sysdig: {
            accessKey: 'your-sysdig-access-key', // replace with your actual Sysdig access key
            // additional configuration options...
        },
    },
}, { provider: k8sProvider });

// Export the cluster name and kubeconfig.
export const clusterName = cluster.eksCluster.name;
export const kubeconfig = pulumi.secret(cluster.kubeconfig);
```

This program performs the following actions:

- It defines an EKS cluster using the `eks.Cluster` class. It specifies the Kubernetes version, instance type, and size of the node group.
- It creates an IAM role for the EKS cluster, which is implicitly done by the EKS package. The EKS package creates the roles and attaches the necessary AWS IAM policies.
- It sets up a Kubernetes provider to interact with the EKS cluster by using the kubeconfig output from the created cluster.
- It declares a `k8s.helm.v3.Chart` resource to deploy the Sysdig Helm chart into the EKS cluster.

To run this program, save it into a file, for example `index.ts`, and then execute `pulumi up` after setting up your Pulumi program.

Remember to replace `'your-sysdig-access-key'` with your actual Sysdig access key and to review and adjust the configuration options in the `values` parameter according to your requirements.

For more information on each of the used packages, you can refer to the documentation:
- [`@pulumi/aws`](https://www.pulumi.com/docs/reference/pkg/aws/)
- [`@pulumi/eks`](https://www.pulumi.com/registry/packages/eks/api-docs/cluster/)
- [`@pulumi/kubernetes`](https://www.pulumi.com/docs/reference/pkg/kubernetes/)