Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK-Lib EKS Constructs - Private repo support for artifacts #26842

Open
2 tasks
elarsson1 opened this issue Aug 22, 2023 · 5 comments
Open
2 tasks

CDK-Lib EKS Constructs - Private repo support for artifacts #26842

elarsson1 opened this issue Aug 22, 2023 · 5 comments
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@elarsson1
Copy link

Describe the feature

Allow customers to specify private repositories for external artifacts referenced by AWS provided constructs. For example, the AWS Load Balancer Controller construct directly references the public GitHub repo for its Helm chart:

https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-eks/lib/alb-controller.ts#L273

Use Case

Security sensitive customers have requirements for all software artifacts to be sourced from internal vetted repos, that may take additional measures to ensure artifacts are immutable, and that consumption from upstream is vetted through organization required security checks. They cannot have.a deployment trigger a system to pull artifacts directly from a source on the internet.

Proposed Solution

Expose artifact URLs as configuration instead of hard coding them in construct libraries. Allow customers to override the artifact URL with a local URL or OCI compliant repository for supported artifacts, such as container images or Helm charts.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.92

Environment details (OS name and version, etc.)

Amazon Linux 2
@elarsson1 elarsson1 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 22, 2023
@github-actions github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Aug 22, 2023
@peterwoodworth peterwoodworth added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Aug 22, 2023
@peterwoodworth
Copy link
Contributor

peterwoodworth commented Aug 22, 2023
edited
Loading

Makes sense, thanks for the request.

@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 23, 2023
edited
Loading

We can add a property to customize that URL.

@iliapolo
Copy link
Contributor

As a workaround, you can use escape hatches:

const cluster = new eks.Cluster(this, 'Cluster', {
  version: eks.KubernetesVersion.V1_27,
  albController: {
    version: eks.AlbControllerVersion.V2_2_3,
  }
});

const albHelmChart = cluster.albController?.node.defaultChild as eks.HelmChart
const albCr = albHelmChart.node.defaultChild?.node.defaultChild as cdk.CfnResource
albCr.addPropertyOverride('Repository', '<my-company-repository>')

@manupatteri
Copy link

manupatteri commented Aug 25, 2023
edited
Loading

+1. Thank you @elarsson1 for raising this issue. We are definitely looking forward to a clean and easy solution as you have described.
Thanks for the workaround @iliapolo. I will try it out.

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
@caretak3r
Copy link

+1 Currently I have to host the image and helm chart package in ECR (privately), and add_helm_chart to the cluster to do this. Not even sure if some configurations are being missed going in this direction, versus using the construct's albController setup.

@caretak3r caretak3r mentioned this issue Nov 22, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@manupatteri @rix0rrr @iliapolo @elarsson1 @peterwoodworth @caretak3r