Deploy the velero-backup helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Velero backup Helm chart on an AWS EKS cluster using Pulumi, we'll proceed with the following steps:

Setting up an EKS Cluster: A Kubernetes cluster is required for deploying Helm charts. Pulumi provides an eks.Cluster class that simplifies the creation of an EKS cluster. We'll start by defining a cluster.
Deploying the Helm chart: Once the cluster is set up, we'll deploy the Velero Helm chart to the cluster. Pulumi's kubernetes.helm.v3.Chart class is designed for this purpose. It allows us to specify the Helm chart we want to deploy along with its values.

For the following program, I am assuming that:

You have the AWS CLI configured with appropriate credentials.
You have already installed Pulumi and set up the AWS and Kubernetes providers.

Let's look at the TypeScript code for this process:

import * as pulumi from '@pulumi/pulumi';
import * as aws from '@pulumi/aws';
import * as eks from '@pulumi/eks';
import * as k8s from '@pulumi/kubernetes';

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    // Specify the desired settings for the cluster
    // For complete configuration options, visit:
    // https://www.pulumi.com/registry/packages/eks/api-docs/cluster/
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Using Pulumi's Helm chart support to deploy Velero Helm chart
const veleroChart = new k8s.helm.v3.Chart("velero-backup", {
    chart: "velero",
    version: "2.23.3", // Specify the chart version you want to deploy
    fetchOpts: {
        repo: "https://vmware-tanzu.github.io/helm-charts",
    },
    namespace: "velero", // The namespace where the Helm chart will be installed.
    // Specify the values for the chart
    // For the Velero Helm chart's values, visit:
    // https://artifacthub.io/packages/helm/vmware-tanzu/velero
    values: {
        // Configuration values for velero, e.g.:
        // configuration: {
        //     provider: "aws",
        //     backupStorageLocation: {
        //         bucket: "<Your-Bucket-Name>",
        //         config: {
        //             region: "<Your-Bucket-Region>",
        //         },
        //     },
        //     volumeSnapshotLocation: {
        //         config: {
        //             region: "<Your-Bucket-Region>",
        //         },
        //     },
        // },
        // serviceAccount: {
        //     server: {
        //         create: true,
        //         annotations: {
        //             // Ensure this IAM role has the appropriate permissions for Velero
        //             "eks.amazonaws.com/role-arn": "<Your-Velero-IAM-Role-ARN>",
        //         },
        //     },
        // },
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeconfig }) });

// Exporting the Helm chart status
export const veleroStatus = veleroChart.status;

Here's what the code is doing:

An EKS cluster is being provisioned using the eks.Cluster class. We haven't included any configuration details, but you would specify options like the number of nodes, node type, and others in the constructor. For more configuration options for the EKS cluster, refer to the eks.Cluster documentation.
We then use the kubernetes.helm.v3.Chart class from Pulumi's Kubernetes provider to deploy the Velero Helm chart to our EKS cluster. You need to specify the chart name, version number, and values for the chart configuration. The values object would include all of the necessary Velero configurations. For the actual values and configurations supported by the Velero Helm chart, consult the official Velero Helm chart documentation.
Annotations for the service account are commented out. A correct IAM role ARN needs to be provided for Velero to interact with AWS services. These annotations allow Kubernetes to associate an AWS IAM role with a Service Account, using the IAM Roles for Service Accounts feature in EKS. Make sure the role has the correct permissions for Velero to access S3 for backups.
After defining your Velero Helm chart deployment, we export the kubeconfig needed to access your newly created cluster and the status of the Helm chart so that you can verify the deployment.

When using this code in practice, it's essential to replace placeholder text like "<Your-Bucket-Name>" and "<Your-Velero-IAM-Role-ARN>" with actual values relevant to your AWS environment. Additionally, ensure that the values you use for configuring the Helm chart align with your backup strategy and resource specifications.

To deploy this Pulumi program:

Save the code to a file named index.ts.
Run pulumi up to preview and deploy the changes.

Please make sure to review the plan output by Pulumi before confirming the deployment, as it will list all resources that will be created in your AWS account.