(aws-eks) Proxy settings in kubectlEnvironment should be passed onto provider-framework Lambda

[starchx]

The Issue (Bug)

Since #10200, for VPC that:

• requires proxy for all outbound connections
• has no Lambda VPC endpoint

All kubectl applies are failing, even with proper proxy set in kubectlEnvironment.

framework.onEvent lambda function -- involves --> kubectl lambda function

Since CDK 1.80, framework.onEvent lambda function has been put into VPC: https://github.com/aws/aws-cdk/blob/v1.80.0/packages/@aws-cdk/custom-resources/lib/provider-framework/provider.ts#L179
and the proxy environments are not added. framework.onEvent lambda function can no longer makes call to Lambda API to invoke function.

Environment

• CDK CLI Version: N/A
• Module Version: aws-eks 1.80 onwards
• Node.js Version: 10.14
• OS: all
• Language: TypeScript

Other information

Proposals:
A: Take framework.onEvent lambda function out of VPC (same as 1.79), and only leaves kubectl function inside the VPC.
B: Add proxy (set in kubectlEnvironment) to framework.onEvent lambda function

[iliapolo]

Hi @starchx Thanks for reporting this. We will address it.

In the meanwhile, I can offer the following workaround, to remove the VPC configuration from the framework function:

const providerStack = Stack.of(cluster).node.tryFindChild('@aws-cdk/aws-eks.KubectlProvider') as cdk.NestedStack;
const providerOnEvent = providerStack.node.findAll().filter(c => c.node.id.includes('framework-onEvent'))[0].node.defaultChild as lambda.CfnFunction;
providerOnEvent.addPropertyDeletionOverride('VpcConfig');

[iliapolo]

Just for reference, this issue contains information on which VPC endpoints need to exist in order for the framework functions to successfully invoke the handlers.

[github-actions]

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.