Deploy the static-site helm chart on AWS EKS

Question

Pulumi · Accepted Answer

Deploying a static-site using a Helm chart on Amazon EKS (Elastic Kubernetes Service) consists of several steps:

1. **Provisioning an EKS Cluster**: This involves creating the Kubernetes cluster itself, which requires setting up the control plane, worker nodes, and necessary IAM roles.

2. **Deploying the Helm Chart**: Helm charts help you define, install, and upgrade even the most complex Kubernetes applications. You will need a Helm chart that defines your static-site application.

3. **Configuring Access and Services**: You might need to set up a LoadBalancer or an Ingress controller to expose your static-site to the public. With EKS, services of type LoadBalancer are automatically assigned an Elastic Load Balancer (ELB) by AWS.

Below, I'll guide you through a Pulumi program in TypeScript to perform these steps:

### Setting up your Pulumi project

Before running this program, make sure you have Pulumi installed and configured with AWS credentials. You will also need `kubectl` configured to interact with your Kubernetes cluster, and Helm installed to work with Helm charts.

### Pulumi Program in TypeScript to Deploy a Static-Site on AWS EKS

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Provisioning the EKS Cluster
// This will create an EKS cluster with the default settings:
// - 2x `t2.medium` instances as worker nodes
// - IAM roles for the EKS cluster and the node group
// - A new VPC with public subnets (unless you specify an existing VPC)

const cluster = new eks.Cluster("my-cluster", {
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    storageClasses: "gp2", // The default gp2 storage class
    deployDashboard: false, // Dashboard is not recommended in production
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Step 2: Deploy the Helm Chart for a static-site
// We'll assume that the static-site Helm chart is located in your Helm chart repository.
// Replace `MY-HELM-REPOSITORY` and `MY-CHART-NAME` with your respective repository URL and chart name.

const helmChart = new k8s.helm.v3.Chart("static-site", {
    chart: "MY-CHART-NAME",
    version: "1.0.0",
    fetchOpts: {
        repo: "https://MY-HELM-REPOSITORY",
    },
}, { provider: cluster.provider });

// Step 3: Expose the static site using a LoadBalancer Service
// The Helm chart should include a LoadBalancer service or Ingress controller to make the site public.
// If it does not, you can set up a LoadBalancer here. Below is an example if you needed to do this manually:

const staticSiteService = new k8s.core.v1.Service("static-site-svc", {
    metadata: {
        labels: helmChart.getResource("v1/Service", "MY-CHART-NAME").metadata.apply(md => md.labels),
        namespace: helmChart.getResource("v1/Service", "MY-CHART-NAME").metadata.apply(md => md.namespace),
    },
    spec: {
        type: "LoadBalancer",
        selector: helmChart.getResource("v1/Service", "MY-CHART-NAME").spec.apply(s => s.selector),
        ports: [{
            port: 80,
            targetPort: 8080,
        }],
    },
}, { provider: cluster.provider });

// Export the DNS name of the LoadBalancer service
export const serviceHostname = staticSiteService.status.apply(s => s.loadBalancer.ingress[0].hostname);
```

### Explanation

- This program uses the `@pulumi/eks` module to create an EKS cluster. The EKS Cluster is given a desired capacity of 2 worker nodes, but can scale from 1 to 2 nodes as needed.

- IAM roles for the EKS cluster and node groups are implicitly created and associated with the cluster and node groups.

- A new VPC with public subnets is created to host the cluster, though you could configure the cluster to use an existing VPC.

- The Helm chart for your static site is defined and fetched using its repository URL. Replace the placeholder values with the actual names of your chart and repository.

- The program shows how to set up a LoadBalancer service to expose your static-site. It retrieves the needed labels and namespace from the Helm chart resources, which ensures that the LoadBalancer correctly targets the pods deployed by the Helm chart.

- Finally, the program exports the `kubeconfig` to allow you to interact with your cluster using `kubectl`, and `serviceHostname` which gives you the DNS name of the LoadBalancer to access your static-site.

Remember to replace `MY-CHART-NAME` and `https://MY-HELM-REPOSITORY` with your own chart name and repository URL. Also, modify the port numbers as per your Helm chart's service configuration.

Make sure to check if the chart already includes a service before creating the `staticSiteService`; if it's already there, you do not need to create it manually.

Run this program using the command `pulumi up`. After deployment, you can access your static-site via the `serviceHostname` output.