Deploy the harbor-scanner-aqua helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the harbor-scanner-aqua helm chart on AWS EKS, you'll perform several steps including setting up an EKS cluster, configuring Helm, and deploying the chart. I'll lead you through creating an EKS cluster using Pulumi's EKS package, which simplifies the process. Then, we'll use the `kubernetes.helm.v3.Chart` resource from the Pulumi Kubernetes provider to deploy the helm chart.

### Prerequisites
Make sure you have the following prerequisites installed and set up:

- Pulumi CLI
- AWS CLI, configured with appropriate access credentials and default region
- Node.js and npm
- Kubernetes CLI (kubectl)

### Step 1: Setting up the EKS Cluster
First, we will define our EKS cluster. Pulumi’s EKS package provides a high-level abstraction over AWS EKS, which simplifies the creation and management of the cluster.

```typescript
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("my-vpc", { numberOfAvailabilityZones: 2 });

// Create an EKS cluster with the default configuration.
const cluster = new eks.Cluster("my-cluster", {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    providerCredentialOpts: {
        profileName: aws.config.profile, // use AWS profile from config
    },
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;
```

In this code, we create a new VPC using `awsx.ec2.Vpc`. This VPC will contain our EKS cluster. The `eks.Cluster` resource provision includes a cluster with a specified `instanceType`, and the number of desired instances is set with the `desiredCapacity`, `minSize`, and `maxSize` arguments.

### Step 2: Deploying the Helm Chart
With the EKS cluster in place, we can proceed to deploy the harbor-scanner-aqua helm chart using the `kubernetes.helm.v3.Chart` resource.

```typescript
// Create a Kubernetes Helm Chart in the EKS cluster.
const harborScannerAqua = new k8s.helm.v3.Chart("harbor-scanner-aqua", {
    chart: "harbor-scanner-aqua",
    // Replace this with the correct repository URL or name.
    // For example, if deploying from Bitnami, specify `bitnami/<chart>`.
    fetchOpts: { repo: "https://helm-chart-repository-url/" },
    namespace: "default", // Deploy into the default namespace.
    values: {
        // Specify any custom values here.
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeconfig }) });

// Export the Harbor Scanner Aqua endpoint so you can access it.
export const harborScannerAquaEndpoint = harborScannerAqua.getResourceProperty("v1/Service", "harbor-scanner-aqua", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

Here we define the Helm chart we want to deploy by specifying the chart name, any custom values, and the location of the Helm chart's repository. Once deployed, we can export the service endpoint of the Harbor Scanner Aqua.

### Complete Pulumi Program
Combine the code for setting up the EKS cluster and deploying the Harbour Scanner Aqua Helm Chart into one program:

```typescript
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a VPC for our cluster.
const vpc = new awsx.ec2.Vpc("my-vpc", { numberOfAvailabilityZones: 2 });

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    providerCredentialOpts: {
        profileName: aws.config.profile, // use AWS profile from config
    },
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Deploy Harbor Scanner Aqua Helm Chart.
const harborScannerAqua = new k8s.helm.v3.Chart("harbor-scanner-aqua", {
    chart: "harbor-scanner-aqua",
    fetchOpts: { repo: "https://helm-chart-repository-url/" },
    namespace: "default",
    values: {
        // Place your custom values
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeconfig }) });

// Export the Harbor Scanner Aqua service endpoint.
export const harborScannerAquaEndpoint = harborScannerAqua.getResourceProperty("v1/Service", "harbor-scanner-aqua", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

To run this program:

1. Save the code to a file with a `.ts` extension (e.g., `index.ts`).
2. Ensure you've configured the Pulumi CLI with your AWS credentials and have selected the correct stack.
3. Run `npm install` to install the required dependencies.
4. Execute `pulumi up` to preview and deploy the changes.

When you run `pulumi up`, Pulumi will provision the required resources in the correct order. After the deployment, you can use the `harborScannerAquaEndpoint` export to access the Harbor Scanner Aqua service.

Please replace `"https://helm-chart-repository-url/"` with the URL of the actual repository where the Harbor Scanner Aqua Helm chart is located, and populate the `values` property with any necessary configurations that the chart requires.