From 8cafa9e2fde107fa34503fb579f7e8b36d3de4fc Mon Sep 17 00:00:00 2001 From: Mikhail Shapirov <60622975+shapirov103@users.noreply.github.com> Date: Mon, 30 Dec 2024 16:53:45 -0800 Subject: [PATCH] Task/1.16.3 release prep (#1106) * minor style fix * CDK updates * Fixing S3 CSI driver and minor improvements in tests * deprecated gmaestro addon due to EOL in 2025 * incrementing default adot version * fixed broken link * one more broken link for paralus * fixed vpc cni addon dependency and aws lb controller * version increment * fixed unit tests and upgraded CDK to 2.173.4 * added a section on add-on ordering --- .devcontainer/devcontainer.json | 2 +- README.md | 4 +- docs/README.md | 4 +- docs/addons/gmaestro.md | 6 +- docs/addons/index.md | 72 +- docs/addons/paralus.md | 2 +- docs/getting-started.md | 6 +- docs/internal/ci.md | 2 +- examples/blueprint-construct/index.ts | 830 +++++++++--------- examples/blueprint-ipv4-construct/index.ts | 3 +- examples/examples.ts | 2 +- lib/addons/adot/index.ts | 12 +- .../aws-loadbalancer-controller/index.ts | 29 +- lib/addons/aws-privateca-issuer/index.ts | 2 +- lib/addons/core-addon/index.ts | 2 +- lib/addons/efs-csi-driver/index.ts | 2 +- lib/addons/s3-csi-driver/index.ts | 19 +- lib/addons/vpc-cni/index.ts | 12 +- lib/pipelines/code-pipeline.ts | 2 +- lib/utils/addon-utils.ts | 5 +- package.json | 6 +- 21 files changed, 564 insertions(+), 460 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 128953a8e..fbc701122 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -6,7 +6,7 @@ }, "ghcr.io/devcontainers/features/aws-cli:1": {}, "ghcr.io/devcontainers-contrib/features/aws-cdk:2": { - "version": "2.162.1" + "version": "2.173.4" } }, "postCreateCommand": ".devcontainer/postCreateCommand.sh", diff --git a/README.md b/README.md index ccd94f9fe..16ba89389 100644 --- a/README.md +++ b/README.md @@ -48,14 +48,14 @@ aws --version Install CDK matching the current version of the Blueprints QuickStart (which can be found in package.json). ```bash -npm install -g aws-cdk@2.162.1 +npm install -g aws-cdk@2.173.4 ``` Verify the installation. ```bash cdk --version -# must output 2.162.1 +# must output 2.173.4 ``` Create a new CDK project. We use `typescript` for this example. diff --git a/docs/README.md b/docs/README.md index 516cfb2ca..4c8860974 100644 --- a/docs/README.md +++ b/docs/README.md @@ -44,14 +44,14 @@ aws --version Install CDK matching the current version of the Blueprints QuickStart (which can be found in package.json). ```bash -npm install -g aws-cdk@2.162.1 +npm install -g aws-cdk@2.173.4 ``` Verify the installation. ```bash cdk --version -# must output 2.162.1 +# must output 2.173.4 ``` Create a new CDK project. We use `typescript` for this example. diff --git a/docs/addons/gmaestro.md b/docs/addons/gmaestro.md index 83a6a52d5..3420c8ae3 100644 --- a/docs/addons/gmaestro.md +++ b/docs/addons/gmaestro.md @@ -1,6 +1,6 @@ # gMaestro add-on for Amazon EKS Blueprints -This add-on deploys the [gMaestro Agent](https://app.granulate.io/gMaestroSignup) on Amazon EKS using the [eks-blueprints](https://github.com/aws-quickstart/cdk-eks-blueprints) [CDK](https://aws.amazon.com/cdk/) construct. +This add-on deploys the [gMaestro Agent](https://app.granulate.io/) on Amazon EKS using the [eks-blueprints](https://github.com/aws-quickstart/cdk-eks-blueprints) [CDK](https://aws.amazon.com/cdk/) construct. gMaestro is a Kubernetes cost optimization solution that helps companies reduce spending on un-utilized resources by up to 60%. With gMaestro, you gain full visibility into K8s clusters, seamlessly interact with HPA scaling policies, and achieve your cost-performance goals by applying custom rightsizing recommendations based on actual usage in production. @@ -9,8 +9,8 @@ This add-on will deploy gMaestro agent on a namespace of your choice and create ## Prerequisites Before using gMaestro, you need to: -1. [Sign up](https://app.granulate.io/gMaestroSignup) to the gMaestro platform -2. Download a config YAML file - After signing up to gMaestro, navigate to the [Deploy](https://app.granulate.io/deploy) on the left-hand menu, fill in the required fields and click on "Generate Config File" as shown bellow: +1. [Sign up](https://app.granulate.io/) to the gMaestro platform +2. Download a config YAML file - After signing up to gMaestro, navigate to the [Deploy](https://app.granulate.io/) on the left-hand menu, fill in the required fields and click on "Generate Config File" as shown bellow: ![GmaestroGenerateConfigFile](./../assets/images/gmaestro-generate-config-file.png) diff --git a/docs/addons/index.md b/docs/addons/index.md index 918872222..1825e61f6 100644 --- a/docs/addons/index.md +++ b/docs/addons/index.md @@ -4,6 +4,76 @@ The `eks-blueprints` framework leverages a modular approach to managing [Add-ons Within the context of the `eks-blueprints` framework, an add-on is abstracted as `ClusterAddOn` interface, and the implementation of the add-on interface can do whatever is necessary to support the desired add-on functionality. This can include applying manifests to a Kubernetes cluster or calling AWS APIs to provision new resources. +Here's an improved version of the public documentation abstract with enhanced readability: + +## Add-on Dependencies and Ordering in EKS Blueprints + +Add-ons in EKS Blueprints rely on CDK/CloudFormation constructs for provisioning. By default, these constructs don't guarantee a specific order unless explicitly defined using the [CDK dependency mechanism](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib-readme.html#dependencies). + +**Default Behavior** +- Add-ons without explicit dependencies are provisioned concurrently in an arbitrary order. +- The order in which you add add-ons to the blueprint may not matter if there are no explicit dependencies between them. + +Lack of explicit dependencies can lead to: +- Race conditions +- Non-deterministic behavior +- Difficult-to-troubleshoot problems + +For example, if an add-on requires the AWS LoadBalancer Controller to be in place, but there's no explicit dependency, the dependent add-on might start installing before the ALB controller is fully provisioned. + +### Built-in Dependencies + +Many add-ons in EKS Blueprints have pre-defined dependencies. For example, `Istio*` add-ons depend on `IstioBase`, `AmpAddOn` depends on `AdotCollectorAddOn`, etc. + +These dependencies are implemented using the `@dependable` decorator applied to the `deploy` method of the dependent add-on: + +```typescript +export class AmpAddOn implements ClusterAddOn { + @dependable(AdotCollectorAddOn.name) + deploy(clusterInfo: ClusterInfo): Promise { + // Implementation + } +} +``` + +### Custom Ordering + +For cases where the framework doesn't capture all necessary dependencies, you have two options: + +1. Subclass an add-on and override the `deploy` method to declare additional dependencies. +2. Use the EKS Blueprints framework's mechanism to create dependencies at the project level. + +**Creating Dependencies at the Project Level** + +To ensure one add-on is installed before another: + +1. Ensure the prerequisite add-on is added to the blueprint ahead of the dependent add-ons. +2. Mark the prerequisite add-on as "strictly ordered" using: + +```typescript +Reflect.defineMetadata("ordered", true, blueprints.addons.PrerequisiteAddOn); +``` + +This ensures that all add-ons declared after the marked add-on will only be provisioned after it's successfully deployed. + +### Example + +```typescript +// Enable detailed logging +blueprints.utils.logger.settings.minLevel = 1; + +// Mark AwsLoadBalancerControllerAddOn as requiring strict ordering +Reflect.defineMetadata("ordered", true, blueprints.addons.AwsLoadBalancerControllerAddOn); + +blueprints.EksBlueprint.builder() + .addOns(new VpcCniAddon) // add all add-ons that do NOT need to depend on ALB before the ALB add-on + .addOns(new AwsLoadBalancerControllerAddOn()) + .addOns(new MyAddOn()) // Automatically depends on AwsLoadBalancerControllerAddOn + .build(...); +``` + +Note: You can mark multiple add-ons as `ordered` if needed. + ## Supported Add-ons The framework currently supports the following add-ons. @@ -79,7 +149,7 @@ The framework currently supports the following add-ons. | [`VeleroAddOn`](./velero.md) | Adds [Velero](https://velero.io/) to the EKS Cluster. | ✅ | ✅ | | [`XrayAddOn`](./xray.md) | Adds XRay Daemon to the EKS Cluster. | NA | NA | [`XrayAdotAddOn`](./xray-adot-addon.md) | Deploys ADOT Collector for Xray to receive traces from your workloads. | ✅ | ✅ | -| [`GmaestroAddOn`](./gmaestro.md) | Adds [gMaestro](https://app.granulate.io/gMaestroSignup) cost optimization solution for EKS cluster. | +| ~~[`GmaestroAddOn`](./gmaestro.md)~~ | Deprecated due to EOL. Adds [gMaestro](https://app.granulate.io) cost optimization solution for EKS cluster. | | [`EksPodIdentityAgentAddOn`](./eks-pod-identity-agent.md) | [Setting up the EKS Pod Identity Agent](https://docs.aws.amazon.com/en_ca/eks/latest/userguide/pod-id-agent-setup.html) | ✅ | ✅ | diff --git a/docs/addons/paralus.md b/docs/addons/paralus.md index 3f753c6a4..8b29b1d1a 100644 --- a/docs/addons/paralus.md +++ b/docs/addons/paralus.md @@ -84,7 +84,7 @@ blueprints.EksBlueprint.builder() | `deploy.postgresql.enable` | Deploy and use postgres database | false | | `deploy.postgresql.dsn` | DSN of your existing postgres database for paralus to use | "" | | `deploy.fluentbit.enable` | Deploy and use fluentbit for auditlogs with database storage | "" | -| `paralus.initialize.adminEmail` | Admin email to access paralus | "" | +| `paralus.initialize.adminEmail` | Admin email to access paralus | `admin@paralus.local` | | `paralus.initialize.org` | Organization name using paralus | "ParalusOrg" | | `auditLogs.storage` | Default storage of auditlogs | "database" | | `fqdn.domain` | Root domain | "paralus.local" | diff --git a/docs/getting-started.md b/docs/getting-started.md index 06d843240..039885253 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -26,8 +26,8 @@ Create a directory that represents you project (e.g. `my-blueprints`) and then c ```bash npm install -g n # may require sudo n stable # may require sudo -npm install -g aws-cdk@2.162.1 # may require sudo (Ubuntu) depending on configuration -cdk --version # must produce 2.162.1 +npm install -g aws-cdk@2.173.4 # may require sudo (Ubuntu) depending on configuration +cdk --version # must produce 2.173.4 mkdir my-blueprints cd my-blueprints cdk init app --language typescript @@ -57,7 +57,7 @@ npm ERR! peer bundled aws-cdk-lib@"2.133.0" from @aws-quickstart/eks-blueprints@ npm ERR! node_modules/@aws-quickstart/eks-blueprint ``` -This message means that the version of CDK that the customer is using is different from the version of CDK used in EKS Blueprints. Locate the line `peer bundled` and check the expected version of the CDK. Make sure that in your `package.json` the version is set to the expected. In this example, `package.json` contained `"aws-cdk-lib": "2.133.0"`, while the expected version was `2.162.1`. +This message means that the version of CDK that the customer is using is different from the version of CDK used in EKS Blueprints. Locate the line `peer bundled` and check the expected version of the CDK. Make sure that in your `package.json` the version is set to the expected. In this example, `package.json` contained `"aws-cdk-lib": "2.133.0"`, while the expected version was `2.173.4`. **Note**: after the initial installation, upgrading the version of CDK to an incompatible higher/lower version will produce a warning, but will succeed. For community support (submitting GitHub issues) please make sure you have a matching version configured. diff --git a/docs/internal/ci.md b/docs/internal/ci.md index 289758c5e..0bad74956 100644 --- a/docs/internal/ci.md +++ b/docs/internal/ci.md @@ -19,7 +19,7 @@ cd cdk-eks-blueprints Install CDK (please review and install any missing [pre-requisites](https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html) for your environment) ```sh -npm install -g aws-cdk@2.162.1 +npm install -g aws-cdk@2.173.4 ``` Install the dependencies for this project. diff --git a/examples/blueprint-construct/index.ts b/examples/blueprint-construct/index.ts index 971ec5f6d..10f9c8e1a 100644 --- a/examples/blueprint-construct/index.ts +++ b/examples/blueprint-construct/index.ts @@ -1,447 +1,469 @@ -import * as cdk from 'aws-cdk-lib'; +import * as cdk from "aws-cdk-lib"; import * as ec2 from "aws-cdk-lib/aws-ec2"; -import { CapacityType, KubernetesVersion, NodegroupAmiType } from 'aws-cdk-lib/aws-eks'; -import * as iam from 'aws-cdk-lib/aws-iam'; -import * as kms from 'aws-cdk-lib/aws-kms'; +import { + CapacityType, + KubernetesVersion, + NodegroupAmiType, +} from "aws-cdk-lib/aws-eks"; +import * as iam from "aws-cdk-lib/aws-iam"; +import * as kms from "aws-cdk-lib/aws-kms"; import { Construct } from "constructs"; -import * as blueprints from '../../lib'; -import * as team from '../teams'; -import { CfnWorkspace } from 'aws-cdk-lib/aws-aps'; +import * as blueprints from "../../lib"; +import * as addons from "../../lib/addons"; +import * as team from "../teams"; +import { CfnWorkspace } from "aws-cdk-lib/aws-aps"; import { - CreateEfsFileSystemProvider, - CreateRoleProvider, - CreateS3BucketProvider, - GenericClusterProvider, ManagedNodeGroup + CreateEfsFileSystemProvider, + CreateRoleProvider, + CreateS3BucketProvider, + GenericClusterProvider, + ManagedNodeGroup, } from "../../lib"; -const burnhamManifestDir = './examples/teams/team-burnham/'; -const rikerManifestDir = './examples/teams/team-riker/'; +const burnhamManifestDir = "./examples/teams/team-burnham/"; +const rikerManifestDir = "./examples/teams/team-riker/"; const teamManifestDirList = [burnhamManifestDir, rikerManifestDir]; -const blueprintID = 'blueprint-construct-dev'; +const blueprintID = "blueprint-construct-dev"; export interface BlueprintConstructProps { - /** - * Id - */ - id: string + /** + * Id + */ + id: string; } export default class BlueprintConstruct { - teams: Array; - nodeRole: CreateRoleProvider; - ampWorkspaceName: string; - ampWorkspace: CfnWorkspace; - apacheAirflowS3Bucket: CreateS3BucketProvider; - apacheAirflowEfs: CreateEfsFileSystemProvider; - addOns: Array; - clusterProvider: GenericClusterProvider; - dataTeam: blueprints.EmrEksTeamProps; - batchTeam: blueprints.BatchEksTeamProps; - nodeClassSpec: blueprints.Ec2NodeClassSpec; - nodePoolSpec: blueprints.NodePoolSpec; + teams: Array; + nodeRole: CreateRoleProvider; + ampWorkspaceName: string; + ampWorkspace: CfnWorkspace; + apacheAirflowS3Bucket: CreateS3BucketProvider; + apacheAirflowEfs: CreateEfsFileSystemProvider; + addOns: Array; + clusterProvider: GenericClusterProvider; + dataTeam: blueprints.EmrEksTeamProps; + batchTeam: blueprints.BatchEksTeamProps; + nodeClassSpec: blueprints.Ec2NodeClassSpec; + nodePoolSpec: blueprints.NodePoolSpec; + constructor(scope: Construct, props: cdk.StackProps) { + blueprints.HelmAddOn.validateHelmVersions = true; + blueprints.HelmAddOn.failOnVersionValidation = false; - constructor(scope: Construct, props: cdk.StackProps) { + this.teams = [ + new team.TeamTroi(), + new team.TeamRiker(scope, teamManifestDirList[1]), + new team.TeamBurnham(scope, teamManifestDirList[0]), + new team.TeamPlatform(process.env.CDK_DEFAULT_ACCOUNT!), + ]; - blueprints.HelmAddOn.validateHelmVersions = true; - blueprints.HelmAddOn.failOnVersionValidation = false; + this.nodeRole = new blueprints.CreateRoleProvider( + "blueprint-node-role", + new iam.ServicePrincipal("ec2.amazonaws.com"), + [ + iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSWorkerNodePolicy"), + iam.ManagedPolicy.fromAwsManagedPolicyName( + "AmazonEC2ContainerRegistryReadOnly" + ), + iam.ManagedPolicy.fromAwsManagedPolicyName( + "AmazonSSMManagedInstanceCore" + ), + ] + ); - this.teams = [ - new team.TeamTroi, - new team.TeamRiker(scope, teamManifestDirList[1]), - new team.TeamBurnham(scope, teamManifestDirList[0]), - new team.TeamPlatform(process.env.CDK_DEFAULT_ACCOUNT!) - ]; + this.ampWorkspaceName = "blueprints-amp-workspace"; + this.ampWorkspace = blueprints.getNamedResource(this.ampWorkspaceName); - this.nodeRole = new blueprints.CreateRoleProvider("blueprint-node-role", new iam.ServicePrincipal("ec2.amazonaws.com"), - [ - iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSWorkerNodePolicy"), - iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEC2ContainerRegistryReadOnly"), - iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonSSMManagedInstanceCore") - ]); + this.apacheAirflowS3Bucket = new blueprints.CreateS3BucketProvider({ + id: "apache-airflow-s3-bucket-id", + s3BucketProps: { removalPolicy: cdk.RemovalPolicy.DESTROY }, + }); + this.apacheAirflowEfs = new blueprints.CreateEfsFileSystemProvider({ + name: "blueprints-apache-airflow-efs", + }); + this.nodeClassSpec = { + amiFamily: "AL2", + subnetSelectorTerms: [ + { tags: { Name: `${blueprintID}/${blueprintID}-vpc/PrivateSubnet*` } }, + ], + securityGroupSelectorTerms: [ + { tags: { "aws:eks:cluster-name": `${blueprintID}` } }, + ], + }; - this.ampWorkspaceName = "blueprints-amp-workspace"; - this.ampWorkspace = blueprints.getNamedResource(this.ampWorkspaceName); + this.nodePoolSpec = { + labels: { + type: "karpenter-test", + }, + annotations: { + "eks-blueprints/owner": "young", + }, + taints: [ + { + key: "workload", + value: "test", + effect: "NoSchedule", + }, + ], + requirements: [ + { + key: "node.kubernetes.io/instance-type", + operator: "In", + values: ["m5.2xlarge"], + }, + { + key: "topology.kubernetes.io/zone", + operator: "In", + values: [`${props?.env?.region}a`, `${props?.env?.region}b`], + }, + { + key: "kubernetes.io/arch", + operator: "In", + values: ["amd64", "arm64"], + }, + { key: "karpenter.sh/capacity-type", operator: "In", values: ["spot"] }, + ], + disruption: { + consolidationPolicy: "WhenEmpty", + consolidateAfter: "30s", + expireAfter: "20m", + }, + }; - this.apacheAirflowS3Bucket = new blueprints.CreateS3BucketProvider({ - id: 'apache-airflow-s3-bucket-id', - s3BucketProps: { removalPolicy: cdk.RemovalPolicy.DESTROY } - }); - this.apacheAirflowEfs = new blueprints.CreateEfsFileSystemProvider({ - name: 'blueprints-apache-airflow-efs', - }); - this.nodeClassSpec = { - amiFamily: "AL2", - subnetSelectorTerms: [{ tags: { "Name": `${blueprintID}/${blueprintID}-vpc/PrivateSubnet*` }}], - securityGroupSelectorTerms: [{ tags: { "aws:eks:cluster-name": `${blueprintID}` }}], - }; - - this.nodePoolSpec = { - labels: { - type: "karpenter-test" - }, - annotations: { - "eks-blueprints/owner": "young" - }, - taints: [{ - key: "workload", - value: "test", - effect: "NoSchedule", - }], - requirements: [ - { key: 'node.kubernetes.io/instance-type', operator: 'In', values: ['m5.2xlarge'] }, - { key: 'topology.kubernetes.io/zone', operator: 'In', values: [`${props?.env?.region}a`,`${props?.env?.region}b`]}, - { key: 'kubernetes.io/arch', operator: 'In', values: ['amd64','arm64']}, - { key: 'karpenter.sh/capacity-type', operator: 'In', values: ['spot']}, - ], - disruption: { - consolidationPolicy: "WhenEmpty", - consolidateAfter: "30s", - expireAfter: "20m", - } - }; + this.addOns = [ + // pre-reqs / core addons + new addons.VpcCniAddOn({ + customNetworkingConfig: { + subnets: [ + blueprints.getNamedResource("secondary-cidr-subnet-0"), + blueprints.getNamedResource("secondary-cidr-subnet-1"), + blueprints.getNamedResource("secondary-cidr-subnet-2"), + ], + }, + awsVpcK8sCniCustomNetworkCfg: true, + eniConfigLabelDef: "topology.kubernetes.io/zone", + serviceAccountPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKS_CNI_Policy"), + ], + }), + new addons.AwsLoadBalancerControllerAddOn(), + new addons.CertManagerAddOn(), + new addons.AdotCollectorAddOn({ + namespace: "adot", + version: "auto", + }), + new addons.EfsCsiDriverAddOn({ + replicaCount: 1, + kmsKeys: [ + blueprints.getResource( + (context) => + new kms.Key(context.scope, "efs-csi-driver-key", { + alias: "efs-csi-driver-key", + }) + ), + ], + }), + new addons.KarpenterAddOn({ + nodePoolSpec: this.nodePoolSpec, + ec2NodeClassSpec: this.nodeClassSpec, + interruptionHandling: true, + installCRDs: false, + }), - this.addOns = [ - new blueprints.KubeRayAddOn(), - new blueprints.addons.AwsLoadBalancerControllerAddOn(), - new blueprints.addons.AppMeshAddOn(), - new blueprints.addons.CalicoOperatorAddOn(), - new blueprints.addons.CertManagerAddOn(), - new blueprints.addons.KubeStateMetricsAddOn(), - new blueprints.addons.PrometheusNodeExporterAddOn(), - new blueprints.addons.AdotCollectorAddOn({ - namespace:'adot', - version: 'auto' - }), - new blueprints.addons.AmpAddOn({ - ampPrometheusEndpoint: this.ampWorkspace.attrPrometheusEndpoint, - namespace: 'adot' - }), - new blueprints.addons.XrayAdotAddOn({ - namespace: 'adot' - }), - new blueprints.addons.XrayAddOn(), - // new blueprints.addons.CloudWatchAdotAddOn(), - // new blueprints.addons.ContainerInsightsAddOn(), - // new blueprints.addons.CloudWatchInsights(), - new blueprints.addons.IstioBaseAddOn(), - new blueprints.addons.IstioControlPlaneAddOn(), - new blueprints.addons.IstioCniAddon(), - new blueprints.addons.IstioIngressGatewayAddon(), - new blueprints.addons.MetricsServerAddOn(), - new blueprints.addons.SecretsStoreAddOn(), - new blueprints.addons.ArgoCDAddOn(), - new blueprints.addons.SSMAgentAddOn(), - new blueprints.addons.NginxAddOn({ - values: { - controller: { service: { create: false } } - } - }), - new blueprints.addons.IngressNginxAddOn({ - serviceType: 'ClusterIP' - }), - // new blueprints.addons.VeleroAddOn(), - new blueprints.addons.VpcCniAddOn({ - customNetworkingConfig: { - subnets: [ - blueprints.getNamedResource("secondary-cidr-subnet-0"), - blueprints.getNamedResource("secondary-cidr-subnet-1"), - blueprints.getNamedResource("secondary-cidr-subnet-2"), - ] - }, - awsVpcK8sCniCustomNetworkCfg: true, - eniConfigLabelDef: 'topology.kubernetes.io/zone', - serviceAccountPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKS_CNI_Policy")] - }), - new blueprints.addons.CoreDnsAddOn(), - new blueprints.addons.KubeProxyAddOn(), - new blueprints.addons.OpaGatekeeperAddOn(), - new blueprints.addons.AckAddOn({ - id: "s3-ack", - createNamespace: true, - skipVersionValidation: true, - serviceName: blueprints.AckServiceName.S3 - }), - new blueprints.addons.KarpenterAddOn({ - nodePoolSpec: this.nodePoolSpec, - ec2NodeClassSpec: this.nodeClassSpec, - interruptionHandling: true, - installCRDs: false - }), - new blueprints.addons.AwsNodeTerminationHandlerAddOn(), - new blueprints.addons.KubeviousAddOn(), - new blueprints.addons.EbsCsiDriverAddOn({ - version: "auto", - kmsKeys: [ - blueprints.getResource( - (context) => - new kms.Key(context.scope, "ebs-csi-driver-key", { - alias: "ebs-csi-driver-key", - }) - ), - ], - storageClass: "gp3", - }), - new blueprints.addons.EfsCsiDriverAddOn({ - replicaCount: 1, - kmsKeys: [ - blueprints.getResource( context => new kms.Key(context.scope, "efs-csi-driver-key", { alias: "efs-csi-driver-key"})), - ], - }), - new blueprints.addons.KedaAddOn({ - podSecurityContextFsGroup: 1001, - securityContextRunAsGroup: 1001, - securityContextRunAsUser: 1001, - irsaRoles: ["CloudWatchFullAccess", "AmazonSQSFullAccess"] - }), - new blueprints.addons.AWSPrivateCAIssuerAddon(), - // new blueprints.addons.JupyterHubAddOn({ - // efsConfig: { - // pvcName: "efs-persist", - // removalPolicy: cdk.RemovalPolicy.DESTROY, - // capacity: '10Gi', - // }, - // serviceType: blueprints.JupyterHubServiceType.CLUSTERIP, - // notebookStack: 'jupyter/datascience-notebook', - // values: { prePuller: { hook: { enabled: false }}} - // }), - new blueprints.EmrEksAddOn(), - new blueprints.AwsBatchAddOn(), - // Commenting due to conflicts with `CloudWatchLogsAddon` - // new blueprints.AwsForFluentBitAddOn(), - new blueprints.FluxCDAddOn(), - new blueprints.GpuOperatorAddon({ - values:{ - driver: { - enabled: true - }, - mig: { - strategy: 'mixed' - }, - devicePlugin: { - enabled: true, - version: 'v0.13.0' - }, - migManager: { - enabled: true, - WITH_REBOOT: true - }, - toolkit: { - version: 'v1.13.1-centos7' - }, - operator: { - defaultRuntime: 'containerd' - }, - gfd: { - version: 'v0.8.0' - } - } - }), - new blueprints.GrafanaOperatorAddon(), - new blueprints.CloudWatchLogsAddon({ - logGroupPrefix: '/aws/eks/blueprints-construct-dev', - logRetentionDays: 30 - }), - new blueprints.ApacheAirflowAddOn({ - enableLogging: true, - s3Bucket: 'apache-airflow-s3-bucket-provider', - enableEfs: true, - efsFileSystem: 'apache-airflow-efs-provider' - }), - new blueprints.ExternalsSecretsAddOn(), - new blueprints.EksPodIdentityAgentAddOn(), - new blueprints.NeuronDevicePluginAddOn(), - new blueprints.NeuronMonitorAddOn(), - new blueprints.UpboundCrossplaneAddOn({ - skipVersionValidation: true, - clusterAccessRole: blueprints.getNamedResource("node-role") - }) - ]; + // other addons + new addons.AckAddOn({ + id: "s3-ack", + createNamespace: true, + skipVersionValidation: true, + serviceName: blueprints.AckServiceName.S3, + }), - // Instantiated to for helm version check. - new blueprints.ExternalDnsAddOn({ - hostedZoneResources: [ blueprints.GlobalResources.HostedZone ] - }); + new addons.AmpAddOn({ + ampPrometheusEndpoint: this.ampWorkspace.attrPrometheusEndpoint, + namespace: "adot", + }), + new addons.ApacheAirflowAddOn({ + enableLogging: true, + s3Bucket: "apache-airflow-s3-bucket-provider", + enableEfs: true, + efsFileSystem: "apache-airflow-efs-provider", + }), + new addons.AppMeshAddOn(), + new addons.ArgoCDAddOn(), + new addons.AwsBatchAddOn(), + new addons.AWSPrivateCAIssuerAddon(), + new addons.AwsNodeTerminationHandlerAddOn(), + new addons.CalicoOperatorAddOn(), + new addons.CloudWatchLogsAddon({ + logGroupPrefix: "/aws/eks/blueprints-construct-dev", + logRetentionDays: 30, + }), + new addons.CoreDnsAddOn(), + new addons.EbsCsiDriverAddOn({ + version: "auto", + kmsKeys: [ + blueprints.getResource( + (context) => + new kms.Key(context.scope, "ebs-csi-driver-key", { + alias: "ebs-csi-driver-key", + }) + ), + ], + storageClass: "gp3", + }), + new addons.EksPodIdentityAgentAddOn(), + new addons.EmrEksAddOn(), + new addons.ExternalsSecretsAddOn(), + new addons.FluxCDAddOn(), + new addons.GpuOperatorAddon({ + values: { + driver: { + enabled: true, + }, + mig: { + strategy: "mixed", + }, + devicePlugin: { + enabled: true, + version: "v0.13.0", + }, + migManager: { + enabled: true, + WITH_REBOOT: true, + }, + toolkit: { + version: "v1.13.1-centos7", + }, + operator: { + defaultRuntime: "containerd", + }, + gfd: { + version: "v0.8.0", + }, + }, + }), + new addons.GrafanaOperatorAddon(), + new addons.IngressNginxAddOn({ + serviceType: "ClusterIP", + }), + new addons.IstioBaseAddOn(), + new addons.IstioControlPlaneAddOn(), + new addons.IstioCniAddon(), + new addons.IstioIngressGatewayAddon(), + new addons.KedaAddOn({ + podSecurityContextFsGroup: 1001, + securityContextRunAsGroup: 1001, + securityContextRunAsUser: 1001, + irsaRoles: ["CloudWatchFullAccess", "AmazonSQSFullAccess"], + }), + new addons.KubeProxyAddOn(), + new addons.KubeRayAddOn(), + new addons.KubeStateMetricsAddOn(), + new addons.KubeviousAddOn(), + new addons.MetricsServerAddOn(), + new addons.NeuronDevicePluginAddOn(), + new addons.NeuronMonitorAddOn(), + new addons.NginxAddOn({ + values: { + controller: { service: { create: false } }, + }, + }), + new addons.OpaGatekeeperAddOn(), + new addons.PrometheusNodeExporterAddOn(), + new addons.S3CSIDriverAddOn({ + s3BucketName: "s3-csi-driver-for-blueprints-xbucket", + }), + new addons.SecretsStoreAddOn(), + new addons.SSMAgentAddOn(), + new addons.UpboundCrossplaneAddOn({ + skipVersionValidation: true, + clusterAccessRole: blueprints.getNamedResource("node-role"), + }), + new addons.XrayAddOn(), + new addons.XrayAdotAddOn({ + namespace: "adot", + }), + ]; - this.clusterProvider = getClusterProvider([ - addGenericNodeGroup(), - addCustomNodeGroup(), - addWindowsNodeGroup(), // commented out to check the impact on e2e - addGpuNodeGroup() - ]); + // Instantiated to for helm version check. + new blueprints.ExternalDnsAddOn({ + hostedZoneResources: [blueprints.GlobalResources.HostedZone], + }); - const executionRolePolicyStatement:iam. PolicyStatement [] = [ - new iam.PolicyStatement({ - resources: ['*'], - actions: ['s3:*'], - }), - new iam.PolicyStatement({ - resources: ['*'], - actions: ['glue:*'], - }), - new iam.PolicyStatement({ - resources: ['*'], - actions: [ - 'logs:*', - ], - }), - ]; + this.clusterProvider = getClusterProvider([ + addGenericNodeGroup(), + addCustomNodeGroup(), + addWindowsNodeGroup(), // commented out to check the impact on e2e + addGpuNodeGroup(), + ]); - this.dataTeam = { - name:'dataTeam', - virtualClusterName: 'batchJob', - virtualClusterNamespace: 'batchjob', - createNamespace: true, - executionRoles: [ - { - executionRoleIamPolicyStatement: executionRolePolicyStatement, - executionRoleName: 'myBlueprintExecRole' - } - ] - }; + const executionRolePolicyStatement: iam.PolicyStatement[] = [ + new iam.PolicyStatement({ + resources: ["*"], + actions: ["s3:*"], + }), + new iam.PolicyStatement({ + resources: ["*"], + actions: ["glue:*"], + }), + new iam.PolicyStatement({ + resources: ["*"], + actions: ["logs:*"], + }), + ]; - this.batchTeam = { - name: 'batch-a', - namespace: 'aws-batch', - envName: 'batch-a-comp-env', - computeResources: { - envType: blueprints.BatchEnvType.EC2, - allocationStrategy: blueprints.BatchAllocationStrategy.BEST, - priority: 10, - minvCpus: 0, - maxvCpus: 128, - instanceTypes: ["m5", "c4.4xlarge"] - }, - jobQueueName: 'team-a-job-queue', - }; - } + this.dataTeam = { + name: "dataTeam", + virtualClusterName: "batchJob", + virtualClusterNamespace: "batchjob", + createNamespace: true, + executionRoles: [ + { + executionRoleIamPolicyStatement: executionRolePolicyStatement, + executionRoleName: "myBlueprintExecRole", + }, + ], + }; + + this.batchTeam = { + name: "batch-a", + namespace: "aws-batch", + envName: "batch-a-comp-env", + computeResources: { + envType: blueprints.BatchEnvType.EC2, + allocationStrategy: blueprints.BatchAllocationStrategy.BEST, + priority: 10, + minvCpus: 0, + maxvCpus: 128, + instanceTypes: ["m5", "c4.4xlarge"], + }, + jobQueueName: "team-a-job-queue", + }; + } } -export function getClusterProvider(managedNodeGroups: ManagedNodeGroup[]){ - return new blueprints.GenericClusterProvider({ - version: KubernetesVersion.V1_30, - tags: { - "Name": "blueprints-example-cluster", - "Type": "generic-cluster" - }, - mastersRole: blueprints.getResource(context => { - return new iam.Role(context.scope, 'AdminRole', { assumedBy: new iam.AccountRootPrincipal() }); - }), - managedNodeGroups: managedNodeGroups - }); +export function getClusterProvider(managedNodeGroups: ManagedNodeGroup[]) { + return new blueprints.GenericClusterProvider({ + version: KubernetesVersion.V1_30, + tags: { + Name: "blueprints-example-cluster", + Type: "generic-cluster", + }, + mastersRole: blueprints.getResource((context) => { + return new iam.Role(context.scope, "AdminRole", { + assumedBy: new iam.AccountRootPrincipal(), + }); + }), + managedNodeGroups: managedNodeGroups, + }); } export function addGenericNodeGroup(): blueprints.ManagedNodeGroup { - - return { - id: "mng1", - amiType: NodegroupAmiType.AL2_X86_64, - instanceTypes: [new ec2.InstanceType('m5.4xlarge')], - desiredSize: 2, - maxSize: 3, - nodeRole: blueprints.getNamedResource("node-role") as iam.Role, - nodeGroupSubnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, - launchTemplate: { - // You can pass Custom Tags to Launch Templates which gets Propogated to worker nodes. - tags: { - "Name": "Mng1", - "Type": "Managed-Node-Group", - "LaunchTemplate": "Custom", - "Instance": "ONDEMAND" - }, - requireImdsv2: false - } - }; + return { + id: "mng1", + amiType: NodegroupAmiType.AL2_X86_64, + instanceTypes: [new ec2.InstanceType("m5.4xlarge")], + desiredSize: 2, + maxSize: 3, + nodeRole: blueprints.getNamedResource("node-role") as iam.Role, + nodeGroupSubnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, + launchTemplate: { + // You can pass Custom Tags to Launch Templates which gets Propogated to worker nodes. + tags: { + Name: "Mng1", + Type: "Managed-Node-Group", + LaunchTemplate: "Custom", + Instance: "ONDEMAND", + }, + requireImdsv2: false, + }, + }; } export function addCustomNodeGroup(): blueprints.ManagedNodeGroup { + const userData = ec2.UserData.forLinux(); + userData.addCommands(`/etc/eks/bootstrap.sh ${blueprintID}`); - const userData = ec2.UserData.forLinux(); - userData.addCommands(`/etc/eks/bootstrap.sh ${blueprintID}`); - - return { - id: "mng2-customami", - amiType: NodegroupAmiType.AL2_X86_64, - instanceTypes: [new ec2.InstanceType('t3.large')], - nodeGroupCapacityType: CapacityType.SPOT, - desiredSize: 0, - minSize: 0, - nodeRole: blueprints.getNamedResource("node-role") as iam.Role, - launchTemplate: { - tags: { - "Name": "Mng2", - "Type": "Managed-Node-Group", - "LaunchTemplate": "Custom", - "Instance": "SPOT" - }, - machineImage: ec2.MachineImage.genericLinux({ - 'eu-west-1': 'ami-00805477850d62b8c', - 'us-east-1': 'ami-08e520f5673ee0894', - 'us-west-2': 'ami-0403ff342ceb30967', - 'us-east-2': 'ami-07109d69738d6e1ee', - 'us-west-1': 'ami-07bda4b61dc470985', - 'us-gov-west-1': 'ami-0e9ebbf0d3f263e9b', - 'us-gov-east-1':'ami-033eb9bc6daf8bfb1' - }), - userData: userData, - } - }; + return { + id: "mng2-customami", + amiType: NodegroupAmiType.AL2_X86_64, + instanceTypes: [new ec2.InstanceType("t3.large")], + nodeGroupCapacityType: CapacityType.SPOT, + desiredSize: 0, + minSize: 0, + nodeRole: blueprints.getNamedResource("node-role") as iam.Role, + launchTemplate: { + tags: { + Name: "Mng2", + Type: "Managed-Node-Group", + LaunchTemplate: "Custom", + Instance: "SPOT", + }, + machineImage: ec2.MachineImage.genericLinux({ + "eu-west-1": "ami-00805477850d62b8c", + "us-east-1": "ami-08e520f5673ee0894", + "us-west-2": "ami-0403ff342ceb30967", + "us-east-2": "ami-07109d69738d6e1ee", + "us-west-1": "ami-07bda4b61dc470985", + "us-gov-west-1": "ami-0e9ebbf0d3f263e9b", + "us-gov-east-1": "ami-033eb9bc6daf8bfb1", + }), + userData: userData, + }, + }; } export function addWindowsNodeGroup(): blueprints.ManagedNodeGroup { - - return { - id: "mng3-windowsami", - amiType: NodegroupAmiType.WINDOWS_CORE_2019_X86_64, - instanceTypes: [new ec2.InstanceType('m5.4xlarge')], - desiredSize: 0, - minSize: 0, - nodeRole: blueprints.getNamedResource("node-role") as iam.Role, - diskSize: 50, - tags: { - "Name": "Mng3", - "Type": "Managed-WindowsNode-Group", - "LaunchTemplate": "WindowsLT", - "kubernetes.io/cluster/blueprint-construct-dev": "owned" - } - }; + return { + id: "mng3-windowsami", + amiType: NodegroupAmiType.WINDOWS_CORE_2019_X86_64, + instanceTypes: [new ec2.InstanceType("m5.4xlarge")], + desiredSize: 0, + minSize: 0, + nodeRole: blueprints.getNamedResource("node-role") as iam.Role, + diskSize: 50, + tags: { + Name: "Mng3", + Type: "Managed-WindowsNode-Group", + LaunchTemplate: "WindowsLT", + "kubernetes.io/cluster/blueprint-construct-dev": "owned", + }, + }; } export function addGpuNodeGroup(): blueprints.ManagedNodeGroup { - - return { - id: "mng-linux-gpu", - amiType: NodegroupAmiType.AL2_X86_64_GPU, - instanceTypes: [new ec2.InstanceType('g5.xlarge')], - desiredSize: 0, - minSize: 0, - maxSize: 1, - nodeGroupSubnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, - launchTemplate: { - tags: { - "Name": "Mng-linux-Gpu", - "Type": "Managed-linux-Gpu-Node-Group", - "LaunchTemplate": "Linux-Launch-Template", - }, - requireImdsv2: false - } - }; + return { + id: "mng-linux-gpu", + amiType: NodegroupAmiType.AL2_X86_64_GPU, + instanceTypes: [new ec2.InstanceType("g5.xlarge")], + desiredSize: 0, + minSize: 0, + maxSize: 1, + nodeGroupSubnets: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, + launchTemplate: { + tags: { + Name: "Mng-linux-Gpu", + Type: "Managed-linux-Gpu-Node-Group", + LaunchTemplate: "Linux-Launch-Template", + }, + requireImdsv2: false, + }, + }; } export function addInferentiaNodeGroup(): blueprints.ManagedNodeGroup { - - return { - id: "mng4-inferentia", - instanceTypes: [new ec2.InstanceType('inf1.2xlarge')], - desiredSize: 1, - minSize: 1, - nodeRole: blueprints.getNamedResource("node-role") as iam.Role, - diskSize: 50, - tags: { - "Name": "Mng4", - "Type": "Managed-InferentiaNode-Group", - "LaunchTemplate": "Inferentia", - "kubernetes.io/cluster/blueprint-construct-dev": "owned" - } - }; + return { + id: "mng4-inferentia", + instanceTypes: [new ec2.InstanceType("inf1.2xlarge")], + desiredSize: 1, + minSize: 1, + nodeRole: blueprints.getNamedResource("node-role") as iam.Role, + diskSize: 50, + tags: { + Name: "Mng4", + Type: "Managed-InferentiaNode-Group", + LaunchTemplate: "Inferentia", + "kubernetes.io/cluster/blueprint-construct-dev": "owned", + }, + }; } diff --git a/examples/blueprint-ipv4-construct/index.ts b/examples/blueprint-ipv4-construct/index.ts index 2c7185de9..af2463102 100644 --- a/examples/blueprint-ipv4-construct/index.ts +++ b/examples/blueprint-ipv4-construct/index.ts @@ -15,7 +15,8 @@ export interface BlueprintConstructProps { export default class BlueprintIPv4Construct extends BlueprintConstruct { constructor(scope: Construct, props: cdk.StackProps) { super(scope, props); - + blueprints.utils.logger.settings.minLevel = 1; + Reflect.defineMetadata("ordered", true, blueprints.addons.AwsLoadBalancerControllerAddOn); blueprints.EksBlueprint.builder() .addOns(...this.addOns) .resourceProvider(blueprints.GlobalResources.Vpc, new blueprints.VpcProvider(undefined, { diff --git a/examples/examples.ts b/examples/examples.ts index 1b102da2a..0801763ab 100644 --- a/examples/examples.ts +++ b/examples/examples.ts @@ -35,7 +35,7 @@ const publicCluster = { }; builder() - .clusterProvider(new bp.FargateClusterProvider(publicCluster)) + .clusterProvider(new bp.FargateClusterProvider({...publicCluster})) .build(app, "fargate-blueprint"); builder() diff --git a/lib/addons/adot/index.ts b/lib/addons/adot/index.ts index a5ad9c1b8..1aaa3ea66 100644 --- a/lib/addons/adot/index.ts +++ b/lib/addons/adot/index.ts @@ -8,12 +8,12 @@ import { getAdotCollectorPolicyDocument } from "./iam-policy"; import { KubernetesVersion } from "aws-cdk-lib/aws-eks"; const versionMap: Map = new Map([ - // 1.31 not supported for adot as of 10/20/2024 - [KubernetesVersion.V1_30, "v0.102.1-eksbuild.1"], - [KubernetesVersion.V1_29, "v0.102.1-eksbuild.1"], - [KubernetesVersion.V1_28, "v0.102.1-eksbuild.1"], - [KubernetesVersion.V1_27, "v0.102.1-eksbuild.1"], - [KubernetesVersion.V1_26, "v0.102.1-eksbuild.1"], + // 1.31 not supported for adot as of 10/20/2024 + [KubernetesVersion.V1_30, "v0.109.0-eksbuild.2"], + [KubernetesVersion.V1_29, "v0.109.0-eksbuild.2"], + [KubernetesVersion.V1_28, "v0.109.0-eksbuild.2"], + [KubernetesVersion.V1_27, "v0.109.0-eksbuild.2"], + [KubernetesVersion.V1_26, "v0.109.0-eksbuild.2"], ]); /** diff --git a/lib/addons/aws-loadbalancer-controller/index.ts b/lib/addons/aws-loadbalancer-controller/index.ts index c6b27131c..b1ddfec19 100644 --- a/lib/addons/aws-loadbalancer-controller/index.ts +++ b/lib/addons/aws-loadbalancer-controller/index.ts @@ -8,6 +8,7 @@ import { AwsLoadbalancerControllerIamPolicy } from "./iam-policy"; import { supportsALL } from "../../utils"; import { Duration } from "aws-cdk-lib"; + /** * Configuration options for the add-on. */ @@ -58,7 +59,7 @@ const defaultProps: AwsLoadBalancerControllerProps = { chart: AWS_LOAD_BALANCER_CONTROLLER, repository: 'https://aws.github.io/eks-charts', release: AWS_LOAD_BALANCER_CONTROLLER, - version: '1.9.2', + version: '1.11.0', enableShield: false, enableWaf: false, enableWafv2: false, @@ -77,32 +78,38 @@ function lookupImage(registry?: string, region?: string): Values { return { image: { repository: registry + "amazon/aws-load-balancer-controller" } }; } -@Reflect.metadata("ordered", true) @supportsALL export class AwsLoadBalancerControllerAddOn extends HelmAddOn { - readonly options: AwsLoadBalancerControllerProps; constructor(props?: AwsLoadBalancerControllerProps) { - super({ ...defaultProps as any, ...props }); + super({ ...(defaultProps as any), ...props }); this.options = this.props as AwsLoadBalancerControllerProps; } deploy(clusterInfo: ClusterInfo): Promise { const cluster = clusterInfo.cluster; - const serviceAccount = cluster.addServiceAccount('aws-load-balancer-controller', { - name: AWS_LOAD_BALANCER_CONTROLLER, - namespace: this.options.namespace, - }); - - AwsLoadbalancerControllerIamPolicy(cluster.stack.partition).Statement.forEach((statement) => { - serviceAccount.addToPrincipalPolicy(iam.PolicyStatement.fromJson(statement)); + const serviceAccount = cluster.addServiceAccount( + "aws-load-balancer-controller", + { + name: AWS_LOAD_BALANCER_CONTROLLER, + namespace: this.options.namespace, + } + ); + + AwsLoadbalancerControllerIamPolicy( + cluster.stack.partition + ).Statement.forEach((statement) => { + serviceAccount.addToPrincipalPolicy( + iam.PolicyStatement.fromJson(statement) + ); }); const registry = registries.get(cluster.stack.region); const image = lookupImage(registry, cluster.stack.region); + const awsLoadBalancerControllerChart = this.addHelmChart(clusterInfo, { clusterName: cluster.clusterName, serviceAccount: { diff --git a/lib/addons/aws-privateca-issuer/index.ts b/lib/addons/aws-privateca-issuer/index.ts index 5a67f4f51..a93ac1fa1 100644 --- a/lib/addons/aws-privateca-issuer/index.ts +++ b/lib/addons/aws-privateca-issuer/index.ts @@ -30,7 +30,7 @@ const defaultProps: HelmAddOnProps & AWSPrivateCAIssuerAddonProps = { name: "blueprints-aws-pca-issuer-addon", chart: "aws-privateca-issuer", namespace:"aws-pca-issuer", - version: "1.3.0", + version: "1.4.0", release: "aws-pca-issuer", repository: "https://cert-manager.github.io/aws-privateca-issuer", values: {}, diff --git a/lib/addons/core-addon/index.ts b/lib/addons/core-addon/index.ts index 60312ed69..a29e8102f 100644 --- a/lib/addons/core-addon/index.ts +++ b/lib/addons/core-addon/index.ts @@ -7,7 +7,7 @@ import { KubernetesVersion } from "aws-cdk-lib/aws-eks"; import { createServiceAccountWithPolicy, deployBeforeCapacity, logger, userLog, } from "../../utils"; import * as sdk from "@aws-sdk/client-eks"; import { RemovalPolicy } from "aws-cdk-lib"; -import cluster from "cluster"; + export class CoreAddOnProps { /** diff --git a/lib/addons/efs-csi-driver/index.ts b/lib/addons/efs-csi-driver/index.ts index 8ac886031..60c4b01d7 100644 --- a/lib/addons/efs-csi-driver/index.ts +++ b/lib/addons/efs-csi-driver/index.ts @@ -42,7 +42,7 @@ export interface EfsCsiDriverProps extends HelmAddOnUserProps { * Defaults options for the add-on */ const defaultProps: EfsCsiDriverProps = { - version: '3.0.8', + version: '3.1.3', namespace: "kube-system", repository: "https://kubernetes-sigs.github.io/aws-efs-csi-driver/", name: EFS_CSI_DRIVER, diff --git a/lib/addons/s3-csi-driver/index.ts b/lib/addons/s3-csi-driver/index.ts index 5e7da94e6..4d6dc7eb2 100644 --- a/lib/addons/s3-csi-driver/index.ts +++ b/lib/addons/s3-csi-driver/index.ts @@ -6,7 +6,8 @@ import { createNamespace, setPath, supportsALL } from "../../utils"; import { getS3DriverPolicyStatements } from "./iam-policy"; const S3_CSI_DRIVER_SA = 's3-csi-driver-sa'; -const S3_CSI_DRIVER = 's3-csi-driver'; +const S3_CSI_DRIVER = "aws-mountpoint-s3-csi-driver"; + const S3_CSI_DRIVER_RELEASE = 's3-csi-driver-release'; const S3_DRIVER_POLICY = 's3-csi-driver-policy'; @@ -28,14 +29,14 @@ export interface S3CSIDriverAddOnProps extends HelmAddOnUserProps { * Defaults options for the add-on */ const defaultProps: HelmAddOnUserProps & S3CSIDriverAddOnProps = { - chart: S3_CSI_DRIVER, - name: S3_CSI_DRIVER, - namespace: 'kube-system', - release: S3_CSI_DRIVER_RELEASE, - version: 'v1.9.0', - repository: 'https://github.com/awslabs/mountpoint-s3-csi-driver', - createNamespace: false, - s3BucketName: '' + chart: S3_CSI_DRIVER, + name: S3_CSI_DRIVER, + namespace: "kube-system", + release: S3_CSI_DRIVER_RELEASE, + version: "v1.11.0", + repository: "https://awslabs.github.io/mountpoint-s3-csi-driver", + createNamespace: false, + s3BucketName: "" }; @supportsALL diff --git a/lib/addons/vpc-cni/index.ts b/lib/addons/vpc-cni/index.ts index c161725ba..d6a44bcd6 100644 --- a/lib/addons/vpc-cni/index.ts +++ b/lib/addons/vpc-cni/index.ts @@ -9,12 +9,12 @@ import { KubectlProvider, ManifestDeployment } from "../helm-addon/kubectl-provi import { KubernetesVersion } from "aws-cdk-lib/aws-eks"; const versionMap: Map = new Map([ - [KubernetesVersion.V1_31, "v1.18.3-eksbuild.2"], - [KubernetesVersion.V1_30, "v1.18.1-eksbuild.3"], - [KubernetesVersion.V1_29, "v1.16.0-eksbuild.1"], - [KubernetesVersion.V1_28, "v1.15.1-eksbuild.1"], - [KubernetesVersion.V1_27, "v1.15.1-eksbuild.1"], - [KubernetesVersion.V1_26, "v1.15.1-eksbuild.1"], + [KubernetesVersion.V1_31, "v1.19.0-eksbuild.1"], + [KubernetesVersion.V1_30, "v1.19.0-eksbuild.1"], + [KubernetesVersion.V1_29, "v1.19.0-eksbuild.1"], + [KubernetesVersion.V1_28, "v1.19.0-eksbuild.1"], + [KubernetesVersion.V1_27, "v1.19.0-eksbuild.1"], + [KubernetesVersion.V1_26, "v1.19.0-eksbuild.1"], ]); /** diff --git a/lib/pipelines/code-pipeline.ts b/lib/pipelines/code-pipeline.ts index 94ab6e356..be4e5391d 100644 --- a/lib/pipelines/code-pipeline.ts +++ b/lib/pipelines/code-pipeline.ts @@ -457,7 +457,7 @@ class CodePipeline { primaryOutputDirectory: `${path}/cdk.out`, installCommands: [ 'n stable', - 'npm install -g aws-cdk@2.162.1', + 'npm install -g aws-cdk@2.173.4', `cd $CODEBUILD_SRC_DIR/${path} && npm install` ], commands: [`cd $CODEBUILD_SRC_DIR/${path}`, 'npm run build', 'npx cdk synth ' + app] diff --git a/lib/utils/addon-utils.ts b/lib/utils/addon-utils.ts index b67db5ad3..a32844d0d 100644 --- a/lib/utils/addon-utils.ts +++ b/lib/utils/addon-utils.ts @@ -35,7 +35,10 @@ export function dependable(...addOns: string[]) { addOns.forEach( (addOn) => { const dep = clusterInfo.getScheduledAddOn(addOn); - assert(dep, `Missing a dependency for ${addOn} for ${stack}`); + + let targetString = target?.constructor?.toString().split("\n")[0] ?? "unknown"; + + assert(dep, `Missing a dependency for ${addOn} for ${stack} and target ${targetString}`); dependencies.push(dep!); }); diff --git a/package.json b/package.json index d5ba2d74e..7cb7abcdc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@aws-quickstart/eks-blueprints", - "version": "1.16.2", + "version": "1.16.3", "license": "Apache-2.0", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -74,7 +74,7 @@ "semver": "^7.6.0" }, "peerDependencies": { - "aws-cdk-lib": "2.162.1", - "aws-cdk": "2.162.1" + "aws-cdk-lib": "2.173.4", + "aws-cdk": "2.173.4" } }