DEV Community

Harish Aravindan
Harish Aravindan

Posted on

AWS EKS Deployment with Helm Chart using Codebuild and CodePipeline

what is it about

Creating a deployment pipeline that install helm release in EKS cluster. We will see how to create workflow that uses the helm chart from CodeCommit --> Lint the chart --> pacakage and upload to s3 --> dry-run --> approval --> deploy to eks

Clone the Repo for the helper files https://github.com/uptownaravi/EKS_Deployment.git

Step 1 - IAM Roles and aws-auth configmap

Create a role to access eks using the file eks-deploy-role.json and add trust relationship for this role with eks-deploy-role-trust-relation.json

Add this role name in the aws-auth configmap. Create Kubernetes Role and Rolebinding for this. Make sure the username matches in aws-auth configmap and the rolebinding.
Also be careful when you edit the configmap as access to the cluster is based on this.

refer https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

Then we create role for codebuild service role with the file codebuild-pyapp-service-role.json
Codebuild needs access to codecommit, s3 for publishing the helm chart, EKS API and Cloudwatch logs.

Codebuild service role should be able to assume the eks-deploy-role so make sure the trust relationship allows that.

Step 2 - CodeBuild projects

Two code build projects are required.

First to lint, upload the helm chart to s3 and perform dry run of the install. Use the file buildspec_prepare.yaml to create the codebuild project.

We lint the chart, package, upload to s3 (using helm s3 plugin). and perform dry-run.

helm s3 plugin reference https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/set-up-a-helm-v3-chart-repository-in-amazon-s3.html

Second project to perform actual deployment with helm install/upgrade. Using the file buildspec_deploy.yaml to create the project.

replace the account numbers and other variables as required. Add the path of the helm if it's in different folder.

most of the steps like installing the tools and plugins in the buildspec file can be baked into a docker image and used during prepare/deploy. The idea is to show how the process works so added those commands individually.

Step 3 - Pipeline

Create a Code pipeline with 4 stages

source stage as the git repo where the helm chart is available

Second stage is codebuild prepare project which runs the validation and dry-run

third stage is manual approve, so we can check the output of helm lint and dry-run.

fourth stage is codebuild deploy project which does helm install/upgrade.

Please comment your feedback.

Top comments (0)