Deploy the oidc-proxy helm chart on AWS EKS
TypeScriptTo deploy an
oidic-proxy
helm chart on AWS EKS using Pulumi, we will perform the following high-level steps:- Set up an Amazon EKS (Elastic Kubernetes Service) cluster.
- Configure the OIDC identity provider for the EKS cluster.
- Deploy the
oidc-proxy
helm chart to the EKS cluster.
We will use the
@pulumi/eks
package for simplified Amazon EKS cluster creation,@pulumi/aws
for AWS resources, and@pulumi/kubernetes
for deploying the helm chart.First, let's start with setting up an EKS cluster:
import * as eks from '@pulumi/eks'; import * as aws from '@pulumi/aws'; import * as k8s from '@pulumi/kubernetes'; // Create an EKS cluster with the default configuration. const cluster = new eks.Cluster("my-cluster", {}); // Expose the kubeconfig for the EKS cluster. export const kubeconfig = cluster.kubeconfig;
This block initializes a new AWS EKS cluster with the default settings, which include the creation of default node groups and the necessary IAM roles.
Next, we need to set up OIDC provider for the Amazon EKS cluster:
// Attaching identity provider configuration to the EKS cluster. const identityProvider = new aws.eks.IdentityProviderConfig("oidc-identity-provider", { clusterName: cluster.eksCluster.name, oidc: { clientId: "<Client ID from your OIDC provider>", issuerUrl: "<Issuer URL from your OIDC provider>", // Specify additional properties as needed. }, });
In the
oidc
settings, you should replace<Client ID from your OIDC provider>
and<Issuer URL from your OIDC provider>
with actual values from your OpenID Connect provider.Finally, we deploy the
oidc-proxy
helm chart to the EKS cluster:// Create a new k8s provider using the kubeconfig from the created EKS cluster. const provider = new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeconfig.apply(JSON.stringify), }); // Deploy the oidc-proxy helm chart. const oidcProxyChart = new k8s.helm.v3.Chart("oidc-proxy", { chart: "oidc-proxy", // Values to pass to the oidc-proxy helm chart. // These would be specific to your helm chart and OIDC setup. values: { key: "value", // Replace with actual values for your oidc-proxy configuration. }, }, { provider }); // Export the endpoint of the oidc-proxy service. export const oidcProxyEndpoint = oidcProxyChart.getResourceProperty("v1/Service", "oidc-proxy", "status");
Here we:
- Created a Kubernetes provider which understands how to communicate with our EKS cluster.
- Deployed the
oidc-proxy
helm chart to the cluster using the@pulumi/kubernetes
package, passing in a chart name and specifying values needed for configuring theoidc-proxy
. - Since Helm chart values and configuration are specific to the chart and your particular use case, you would need to replace the
key: "value"
placeholder with actual configuration keys and values for youroidc-proxy
helm chart deployment.
Ensure to replace
oidc-proxy
with the correct helm chart name if it's differently named in the helm repository you are using, and fill in thevalues
with the necessary configuration for your specific OIDC proxy setup.The
oidcProxyEndpoint
export statement is intended to provide you with the network endpoint of theoidc-proxy
service once it's deployed, which you can use to interact with the service.This is a high-level overview to guide you through deploying an OIDC proxy using AWS EKS and Pulumi. Each deployment would be unique based on the specifics of the OIDC Proxy helm chart and your configuration.