Using Aws Eks With Lightsail

In this Pulumi program, we will create an EKS cluster and a Lightsail instance on AWS using TypeScript. The key services involved are Amazon EKS for Kubernetes cluster management and AWS Lightsail for simple virtual private server (VPS) deployment. We will also ensure that the Lightsail instance can communicate with the EKS cluster.

Step-by-Step Explanation

Step 1: Set up Pulumi Project

1. Initialize a new Pulumi project with pulumi new aws-typescript.
2. Configure your AWS region with pulumi config set aws:region <your-region>.

Step 2: Create an EKS Cluster

1. Import the necessary Pulumi and AWS SDK packages.
2. Define the VPC and subnets for the EKS cluster.
3. Create the EKS cluster with the specified configurations.
4. Export the kubeconfig for the EKS cluster.

Step 3: Create a Lightsail Instance

1. Define the Lightsail instance configuration, including the instance type, blueprint, and key pair.
2. Create the Lightsail instance.

Step 4: Configure Networking

1. Ensure that the Lightsail instance has the necessary permissions and security group rules to communicate with the EKS cluster.

Conclusion

In this program, we created an EKS cluster and a Lightsail instance on AWS. We also configured the necessary networking to allow communication between the Lightsail instance and the EKS cluster. This setup provides a scalable Kubernetes environment managed by EKS and a simple VPS managed by Lightsail.

Full Code Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";

// Create a VPC for the EKS cluster
const vpc = new aws.ec2.Vpc("eks-vpc", {
    cidrBlock: "10.0.0.0/16",
    enableDnsHostnames: true,
    enableDnsSupport: true,
    tags: { Name: "eks-vpc" },
});

// Create subnets for the VPC
const subnet1 = new aws.ec2.Subnet("subnet-1", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    availabilityZone: "us-west-2a",
    tags: { Name: "subnet-1" },
});

const subnet2 = new aws.ec2.Subnet("subnet-2", {
    vpcId: vpc.id,
    cidrBlock: "10.0.2.0/24",
    availabilityZone: "us-west-2b",
    tags: { Name: "subnet-2" },
});

// Create the EKS cluster
const cluster = new eks.Cluster("eks-cluster", {
    vpcId: vpc.id,
    subnetIds: [subnet1.id, subnet2.id],
    instanceType: "t3.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 3,
    enabledClusterLogTypes: ["api", "audit", "authenticator"],
    tags: { Name: "eks-cluster" },
});

// Export the kubeconfig
export const kubeconfig = cluster.kubeconfig;

// Create a security group for the Lightsail instance
const lightsailSecurityGroup = new aws.ec2.SecurityGroup("lightsail-sg", {
    vpcId: vpc.id,
    description: "Security group for Lightsail instance",
    ingress: [
        { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, // SSH access
        { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, // HTTP access
    ],
    egress: [
        { protocol: "-1", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"] }, // Allow all outbound traffic
    ],
    tags: { Name: "lightsail-sg" },
});

// Create the Lightsail instance
const lightsailInstance = new aws.lightsail.Instance("lightsail-instance", {
    availabilityZone: "us-west-2a",
    blueprintId: "amazon_linux_2",
    bundleId: "nano_2_0",
    keyPairName: "my-key-pair",
    tags: { Name: "lightsail-instance" },
});

// Allow the Lightsail instance to communicate with the EKS cluster
const eksSecurityGroup = cluster.nodeSecurityGroup;
new aws.ec2.SecurityGroupRule("allow-lightsail-to-eks", {
    type: "ingress",
    fromPort: 0,
    toPort: 0,
    protocol: "-1",
    securityGroupId: eksSecurityGroup.id,
    sourceSecurityGroupId: lightsailSecurityGroup.id,
});

// Export the Lightsail instance public IP
export const lightsailInstanceIp = lightsailInstance.publicIpAddress;