what is it about
Creating a deployment pipeline that install helm release in EKS cluster. We will see how to create workflow that uses the helm chart from CodeCommit --> Lint the chart --> pacakage and upload to s3 --> dry-run --> approval --> deploy to eks
Clone the Repo for the helper files https://github.com/uptownaravi/EKS_Deployment.git
Step 1 - IAM Roles and aws-auth configmap
Create a role to access eks using the file eks-deploy-role.json and add trust relationship for this role with eks-deploy-role-trust-relation.json
Add this role name in the aws-auth configmap. Create Kubernetes Role and Rolebinding for this. Make sure the username matches in aws-auth configmap and the rolebinding.
Also be careful when you edit the configmap as access to the cluster is based on this.
refer https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
Then we create role for codebuild service role with the file codebuild-pyapp-service-role.json
Codebuild needs access to codecommit, s3 for publishing the helm chart, EKS API and Cloudwatch logs.
Codebuild service role should be able to assume the eks-deploy-role so make sure the trust relationship allows that.
Step 2 - CodeBuild projects
Two code build projects are required.
First to lint, upload the helm chart to s3 and perform dry run of the install. Use the file buildspec_prepare.yaml to create the codebuild project.
We lint the chart, package, upload to s3 (using helm s3 plugin). and perform dry-run.
helm s3 plugin reference https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/set-up-a-helm-v3-chart-repository-in-amazon-s3.html
Second project to perform actual deployment with helm install/upgrade. Using the file buildspec_deploy.yaml to create the project.
replace the account numbers and other variables as required. Add the path of the helm if it's in different folder.
most of the steps like installing the tools and plugins in the buildspec file can be baked into a docker image and used during prepare/deploy. The idea is to show how the process works so added those commands individually.
Step 3 - Pipeline
Create a Code pipeline with 4 stages
source stage as the git repo where the helm chart is available
Second stage is codebuild prepare project which runs the validation and dry-run
third stage is manual approve, so we can check the output of helm lint and dry-run.
fourth stage is codebuild deploy project which does helm install/upgrade.
Please comment your feedback.
Top comments (0)