AWS Partner Network (APN) Blog

How to Easily Deploy an HAQM EKS Cluster with Pulumi

Pulumi logo-1
APN Advanced Technology Partner-2
Connect with Pulumi-1
Rate Pulumi-1

By Luke Hoban, CTO at Pulumi
By Ian Scofield, Partner Solutions Architect at AWS

Pulumi, an AWS Partner Network (APN) Advanced Technology Partner, is a cloud-native development platform for describing, deploying, and managing cloud infrastructure across HAQM Web Services (AWS), Kubernetes, and other cloud platforms.

Pulumi offers cloud configuration as software, not just via a declarative language like YAML or JSON, but instead using popular programming languages such as JavaScript/TypeScript and Python.

This allows the deployment requirements of an HAQM Elastic Container Service for Kubernetes (HAQM EKS) cluster, for example, to be described in code and versioned as a reusable software component.

HAQM EKS is a great way to deploy Kubernetes on AWS, combining the benefits of a standardized Kubernetes environment with the reliable and battle-tested foundations of AWS—a multi-Availability Zone (AZ) control plane, AWS Identity and Access Management (IAM) integration, Elastic Load Balancers, HAQM Elastic Block Store (HAQM EBS), Auto Scaling, and more.

In this post, we’ll show how Pulumi can be used to quickly provision an HAQM EKS cluster, and then extended to customize the AWS and Kubernetes environments for your cloud applications.

Pulumi allows you to mix management of Kubernetes resources, AWS infrastructure, and high-level managed AWS services within the same deployment.

You can describe HAQM Simple Storage Service (HAQM S3) buckets and HAQM Relational Database Service (HAQM RDS) databases that will be used by your Kubernetes application in the same Pulumi deployment. You can also describe the Kubernetes services and deployments that describe services within the cluster needed to bootstrap your own Kubernetes application environment.

Installing HAQM EKS with Pulumi

To get started, sign up at pulumi.com and download the Pulumi Command Line Interface (CLI). The Pulumi CLI requires AWS credentials to access your AWS account and provision resources. If you already have the AWS CLI installed and configured, you can proceed. Otherwise, check out the docs here to get set up.

Once installed and configured, you now have the ability to quickly deploy your HAQM EKS infrastructure with just a single command:

$ pulumi new http://github.com/pulumi/apps/tree/eks/eks

You’ll get a chance to configure a few settings such as the region you’d like to deploy into, the HAQM Elastic Compute Cloud (HAQM EC2) instance type to deploy into the cluster, and whether to install the Kubernetes Dashboard into your cluster automatically.

You’ll then be presented a preview of the AWS and Kubernetes resources that will be deployed to create the cluster. Once you have reviewed and selected “Yes,” the cluster will begin deploying. Figure 1 shows the terminal output of what this workflow looks like.

Pulumi EKS-1

Figure 1 – Pulumi Dashboard listing the various resources created in our HAQM EKS cluster, including deep links.

Once the deployment is complete, you can grab the kubeconfig.json needed to work with this cluster and connect to it with kubectl:

$ pulumi stack output kubeconfig > kubeconfig.json 
$ KUBECONFIG=./kubeconfig.json kubectl get nodes

Following these steps will provide a complete managed HAQM EKS cluster, configured similar to the steps outlined in the HAQM EKS Getting Started guide, including optional support for HAQM EBS-backed StorageClasses and access to the Kubernetes Dashboard.

Reusable HAQM EKS Component

This HAQM EKS installer is built on top of a reusable eks.Cluster component that is available with Pulumi. In fact, the installed Pulumi software is just:

import * as aws from "@pulumi/aws";
import * as awsinfra from "@pulumi/aws-infra";
import * as eks from "@pulumi/eks";


// Create a VPC for our cluster.
const network = new awsinfra.Network("eksNetwork");


// Create the EKS cluster
const cluster = new eks.Cluster("eksCluster", {
    vpcId: network.vpcId,
    subnetIds: network.subnetIds,
    instanceType: "t2.micro",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    storageClasses: "gp2",
    deployDashboard: true,

});


// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

Users can extend or modify this program to change the details of their HAQM EKS cluster, or to install additional AWS or Kubernetes resources to associate with the cluster. For example, if applications running in the cluster need access to an HAQM S3 bucket, add:

const bucket = new aws.s3.Bucket("assets");

Or, to install some Kubernetes applications automatically into the HAQM EKS cluster (such as WordPress), add them using the Pulumi Kubernetes provider:

import * as k8s from "@pulumi/kubernetes";

// ...

const wordpress = new k8s.helm.v2.Chart("wpdev", {
    repo: "stable",
    version: "2.1.3",
    chart: "wordpress"
}, { providers: { kubernetes: cluster.kubernetesProvider }});

Pulumi makes it possible to define the cluster, managed AWS resources, and critical Kubernetes objects that are needed to bootstrap your entire Kubernetes environment in one place. This can then be versioned together, and exact replicas of the environment can be easily stood up independently for operations such as testing or even disaster recovery.

By expressing these resources in code instead of in YAML, users get many software engineering benefits—improved tooling, easier refactoring, the ability to create components, and when using TypeScript, strong typing to validate correctness up front.

Under the Hood

The Pulumi EKS component takes care of setting up all the pieces needed for an HAQM EKS cluster:

  • Creating an EKS Service Role
  • Optionally creating a new Virtual Private Cloud (VPC)
  • Creating an HAQM EKS cluster
  • Configuring a Kubernetes provider with access to the HAQM EKS cluster
  • Launching worker nodes in an Auto Scaling group to join the cluster
  • Installing a ConfigMap into the cluster to allow new HAQM EC2 worker nodes to join
  • Installing a StorageClass into the cluster to allow provisioning HAQM EBS-backed PersistentVolumes
  • Constructing the ‘kubeconfig’ needed to access the cluster
  • Optionally installing additional Kubernetes YAML and/or Helm charts

This involves steps that provision resources in AWS, steps that provision resources in Kubernetes, and other custom computation to coordinate these steps. These steps are written in an imperative fashion, not just declaratively, using TypeScript, allowing for robust validation due to being statically typed, as well as reuse through advanced object inheritance and modelling.

In addition, during the deployment Pulumi also provides complex coordination between these different steps.

Managing Pulumi Deployments

Once you have deployed your HAQM EKS cluster and Kubernetes resources to AWS, you can manage the deployment at pulumi.com, including deep links into the AWS console and Kubernetes dashboard to get real-time insights on your cluster.

All of the resources managed by your deployment, both in AWS and in Kubernetes, are available from this single view, along with an auditable history of deployments to this stack. The stack exports are also published in this same dashboard, so that key outputs from a deployment are easily available and can be shared with other users in your organization.

Additional management features, including role-based access control, CI/CD integrations, and rich resource graph visualization, are also available via the Pulumi management portal.

Pulumi EKS-2

Figure 2 – Easily deploying an HAQM EKS cluster via the Pulumi CLI.

Get Started Today

Pulumi offers a cloud-native developer platform for describing, deploying, and managing cloud infrastructure across AWS, Kubernetes, and other cloud platforms. You can use Pulumi to easily deploy HAQM EKS, or to deploy your own custom AWS and Kubernetes-based applications and infrastructure.

Get started with Pulumi for AWS at pulumi.io >>

The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.

.

Pulumi logo-1

Pulumi – APN Partner Spotlight

Pulumi is an APN Advanced Technology Partner. They are a cloud-native development platform for describing, deploying, and managing cloud infrastructure across AWS, Kubernetes, and other cloud platforms.

Contact Pulumi | Solution Overview

*Already worked with Pulumi? Rate this Partner

*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.