This is a model for creating in Python an EKS environment with the AWS provider on Pulumi using GitHub Actions.
- Access "https://github.com/smashse/pulumi-iac-eks"
- Click in "Use this template"
- Create a new repository from template "pulumi-iac-eks"(example "pulumi-iac-eks") and chose as "Private"
Install AWS (Optional)
cd /tmp
ssh-keygen -f pulumi_eks_py_access
curl "<https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip>" -o "awscliv2.zip"
unzip awscliv2.zip && sudo ./aws/install
aws configure
aws ec2 import-key-pair --public-key-material "$(cat pulumi_eks_py_access.pub | base64)" --key-name pulumi_eks_py_access --region us-west-2 --profile yourprofile
Download the PULUMI template
mkdir -p $HOME/Pulumi
cd $HOME/Pulumi
git clone https://github.com/yourgithubuser/pulumi-iac-eks.git
cd pulumi-iac-eks
Install Pulumi on Linux by running the installation script:
curl -fsSL https://get.pulumi.com | sh && bash
Install Python VirtualEnv:
sudo apt -y install python3-virtualenv
Create a "pulumi_eks_py" project:
cd $HOME/Pulumi/pulumi-iac-eks/pulumi_eks_py
Note: If you want to change the name given to Kubernetes cluster, execute the command below in the template folder.
sed -i "s/"template-"/"desiredname-"/g" *.py
Install Python Requirements
python3 -m venv venv
source venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements.txt
Perform an initial deployment, run the following commands:
pulumi login
pulumi stack init pulumi_eks_py
Set AWS_PROFILE:
pulumi config set aws:profile yourprofile
Set AWS_REGION:
pulumi config set aws:region us-west-2
Review the "pulumi_eks_py" project
pulumi preview
Enable Workflow
cd $HOME/Pulumi/pulumi-iac-eks/.github/workflows
mv pull_request.yml.template pull_request.yml
mv push.yml.template push.yml
Environment Variables
There are a number of Environment Variables that can be set to interact with the action:
- By default, Pulumi will try to connect to the Pulumi SaaS. For this to happen, the GitHub Action needs to be passed a "PULUMI_ACCESS_TOKEN".
Amazon Web Services (AWS)
For AWS, you'll need to create or use an existing IAM user for your action. Please see the Pulumi documentation page for pointers to the relevant AWS documentation for doing this.
As soon as you have an AWS user in hand, you'll set the environment variables "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY" using GitHub Secrets, and then consume them in your action.
Note: Go to Settings> Secrets and add "PULUMI_ACCESS_TOKEN", "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY" as new repository secret.
Commit the changes
cd $HOME/Pulumi/pulumi-iac-eks/
git add *
git add .github/workflows/*
git add .pulumi/*
git add pulumi_eks_py/*
git commit -m "pulumi-iac-eks"
git push
Access EKS Kubernetes cluster
sudo snap install kubectl --classic
aws eks list-clusters --region us-west-2 --profile yourprofile
aws eks --region us-west-2 --profile yourprofile update-kubeconfig --name $(pulumi stack output cluster-name)
kubectl get po --all-namespaces
Destroy the "pulumi_eks_py" project
cd $HOME/Pulumi/pulumi-iac-eks/pulumi_eks_py
pulumi destroy
Remove the "pulumi_eks_py" project from Stack
cd $HOME/Pulumi/pulumi-iac-eks/pulumi_eks_py
pulumi stack rm pulumi_eks_py
Source:
https://www.pulumi.com/docs/get-started/
https://www.pulumi.com/docs/reference/pkg/
https://www.pulumi.com/docs/intro/concepts/state/
https://www.pulumi.com/docs/guides/continuous-delivery/github-actions/
Top comments (1)
Excellent article by Praneet Loke, thanks for the tip Martyna Łokuciejewska.
spacelift.io/blog/what-is-pulumi