Deploy the selfsigned-cert-manager helm chart on AWS EKS
TypeScriptTo deploy the
selfsigned-cert-manager
Helm chart on AWS Elastic Kubernetes Service (EKS), we'll go through the following steps:- Set up an EKS cluster: Before deploying any application, we need to have an EKS cluster running.
- Create the necessary IAM roles: EKS requires specific IAM roles for cluster operation and for nodes to join the cluster.
- Configure the EKS cluster: This includes configuring the Kubernetes version, subnets, and security groups.
- Deploy the
selfsigned-cert-manager
using Helm: Finally, we'll deploy theselfsigned-cert-manager
using the Helm package manager in Kubernetes.
We'll be utilizing Pulumi's EKS package to create the cluster and the Kubernetes package to deploy the Helm chart. The
eks.Cluster
resource from the Pulumi EKS package makes it simple to create and manage an EKS cluster. Thekubernetes.helm.v3.Chart
resource from the Kubernetes package makes it easy to install Helm charts.Below is a Pulumi program written in TypeScript that carries out these tasks:
import * as eks from '@pulumi/eks'; import * as aws from '@pulumi/aws'; import * as iam from '@pulumi/aws-iam'; import * as pulumi from '@pulumi/pulumi'; import * as k8s from '@pulumi/kubernetes'; // Step 1: Create an EKS cluster const vpc = new aws.ec2.Vpc("vpc", { cidrBlock: "10.100.0.0/16" }); const subnet = new aws.ec2.Subnet("subnet", { vpcId: vpc.id, cidrBlock: "10.100.1.0/24", availabilityZone: "us-west-2a" }); const cluster = new eks.Cluster("eks-cluster", { vpcId: vpc.id, subnetIds: [subnet.id], instanceType: "t2.medium", desiredCapacity: 2, minSize: 1, maxSize: 2, }); // Step 2: Export the cluster's kubeconfig export const kubeconfig = cluster.kubeconfig; // Step 3: Create a new Kubernetes provider instance that uses our EKS kubeconfig const provider = new k8s.Provider("provider", { kubeconfig: kubeconfig, }); // Step 4: Deploy the selfsigned-cert-manager Helm chart using Pulumi's Helm support const certManagerChart = new k8s.helm.v3.Chart("selfsigned-cert-manager", { repo: "jetstack", chart: "cert-manager", version: "1.0.4", // We can provide chart values in this `values` property. values: { installCRDs: true, ingressShim: { defaultIssuerName: "selfsigned", defaultIssuerKind: "ClusterIssuer" } }, }, { provider }); // Export the cluster's name and kubeconfig export const clusterName = cluster.eksCluster.name;
Explanation:
- We first create a new VPC and a subnet to place our EKS cluster in. EKS can also be configured to work with an existing VPC.
- We create a managed EKS cluster with the
eks.Cluster
class, specifying the VPC, subnets, and desired instance types and sizes for our worker nodes. - We then export the
kubeconfig
generated by Pulumi for our cluster. Thiskubeconfig
is necessary to interact with the cluster usingkubectl
and other Kubernetes tools. - We set up a new Kubernetes provider instance to interact with our newly created EKS cluster.
- We then deploy the
selfsigned-cert-manager
Helm chart to our EKS cluster. We specify that it should installCRDs
and configure an issuer namedselfsigned
.
This will set up
cert-manager
in your EKS cluster and configure it to use a self-signed issuer, which can issue self-signed SSL certificates for your applications. Please ensure that you have Helm'sjetstack
repository added to your Helm configuration to access thecert-manager
chart.Remember that to run this code, you'll need Pulumi installed, AWS credentials configured, and kubectl installed if you want to directly interact with your cluster. To run the Pulumi program, you'd save it in a file (e.g.,
index.ts
), runpulumi up
, and then approve the preview if it looks correct. Pulumi will then create the resources in AWS for you.