Deploy the teleport-ent-auth helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the `teleport-ent-auth` Helm chart on an AWS EKS cluster with Pulumi, follow these steps:

1. **Set up the EKS Cluster**: We'll begin by provisioning an EKS cluster using the `aws.eks.Cluster` resource. This cluster will be the Kubernetes environment where your Helm chart will be deployed.
   
2. **Create IAM Roles**: For the EKS cluster to function properly, you need an IAM role with the necessary AWS service permissions.

3. **Define Node Group**: Define at least one node group with the `aws.eks.NodeGroup` resource, which specifies the worker nodes that the EKS cluster will use for deploying applications.

4. **Deploy Helm Chart**: Using the `kubernetes.helm.v3.Chart` resource, we'll deploy the `teleport-ent-auth` helm chart onto the EKS cluster.

Below is a step-by-step Pulumi program in TypeScript that sets up the EKS cluster and deploys the Helm chart:

```typescript
import * as eks from "@pulumi/eks";
import * as aws from "@pulumi/aws";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an EKS cluster
const cluster = new eks.Cluster("my-cluster", {
    // Specify the version of Kubernetes you want to deploy
    version: "1.21",
    // Define the instance type and desired number of cluster nodes
    nodeGroup: {
        instanceType: "t2.medium",
        desiredCapacity: 2,
        minSize: 1,
        maxSize: 3,
    },
});

// Step 2: IAM Role for the EKS cluster - placeholder for actual role creation logic

// Step 3: (Optional) If we need any specific NodeGroup configurations, we can add them here.

// Now that we have our cluster, we can declare our Helm chart as follows:

// Step 4: Deploy the teleport-ent-auth helm chart
const helmChart = new k8s.helm.v3.Chart("teleport-ent-auth", {
    chart: "teleport-ent-auth",
    // Add your repository where the Helm chart is hosted if it's not in Helm's default repo
    fetchOpts: {
        repo: "https://charts.releases.teleport.dev/",
    },
    // Specify the namespace and values.yaml parameters or custom values
    namespace: "default",
    values: {
        // Add any custom values that you want to override here
    },
}, { provider: cluster.provider });

// Export the Cluster Name and Kubeconfig
export const clusterName = cluster.eksCluster.name;
export const kubeconfig = cluster.kubeconfig;
```

In this Pulumi program:
- We first import the necessary packages: `eks` for AWS EKS resources, `aws` for AWS resources like IAM, and `kubernetes` for interacting with the Kubernetes cluster.
- We use the `eks.Cluster` class from the `@pulumi/eks` package to provision an EKS cluster. To customize the cluster properties such as Kubernetes version or node group configurations, you can adjust the parameters in the `Cluster` constructor.
- We mention a placeholder comment for IAM role creation, which can be done by defining an IAM role using the `aws.iam.Role` class and associating it with the EKS cluster with necessary policies attached.
- We create a Helm chart resource using the `k8s.helm.v3.Chart` class, specifying the chart name and the repository where the Helm chart is located. Additionally, you can also supply any `values` you wish to override in the Helm chart's `values.yaml`.

This example assumes you have Pulumi installed with AWS access configured. You can deploy this stack using the Pulumi CLI by placing this TypeScript code in an `index.ts` file, and then running `pulumi up`.