Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(eks): support AccessConfig for the Cluster construct #30016

Merged
merged 58 commits into from
Jun 12, 2024
Merged

feat(eks): support AccessConfig for the Cluster construct #30016

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
955a94c
access config support
pahud Apr 30, 2024
04a395b
wip
pahud May 2, 2024
8bd96e8
AccessEntry L2 support
pahud May 3, 2024
396b4bb
minor
pahud May 3, 2024
98254fe
unit tests
pahud May 3, 2024
825203a
refactor AccessPolicy
pahud May 4, 2024
526db6c
update README
pahud May 4, 2024
9cb9c6b
disable awsAuth when authMode is API
pahudcc May 5, 2024
caaf04a
throw when configmap is not supported
pahudcc May 5, 2024
734cbca
add integ and snapshots
pahudcc May 6, 2024
fef2785
unit tests for AccessEntry
pahudcc May 6, 2024
3346c06
add more awsauth tests
pahudcc May 6, 2024
bebc33f
update yarn.lock per requested by CI
pahudcc May 6, 2024
d57d537
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud May 6, 2024
ee7def0
add unit tests for AccessPolicy and AccessPolicyArn
pahudcc May 6, 2024
67a2397
fix docstring
pahudcc May 6, 2024
ee00e00
fix integ test
pahudcc May 6, 2024
6249396
update tests
pahudcc May 7, 2024
bd90cb2
fix tests
pahudcc May 7, 2024
209ef32
update integ tests
pahudcc May 7, 2024
17dd42b
update tests
pahudcc May 8, 2024
6b349bf
update tests
pahud May 8, 2024
859ccde
fix README
pahud May 8, 2024
2432b07
updat cluster resource handler to handle
pahud May 8, 2024
4165464
Merge branch 'pahud/aws-eks-support-accessconfig-28588' of https://gi…
pahud May 8, 2024
5ecb856
callout bootstrapClusterCreatorAdminPermissions in README
pahud May 8, 2024
05d0019
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud May 13, 2024
ceac30a
update integ
pahud May 13, 2024
c9b0314
Update packages/aws-cdk-lib/aws-eks/lib/cluster.ts
pahud May 14, 2024
8782fea
improve doc string
pahud May 15, 2024
082c06b
make addToAccessEntry private
pahud May 15, 2024
54cdcbe
update fromAccessPolicyName()
pahud May 22, 2024
ae9a22c
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud Jun 5, 2024
101759f
fix typo and lint
pahud Jun 5, 2024
b930040
update tests
pahud Jun 5, 2024
e1146df
update README
pahud Jun 5, 2024
c4e9c40
improve the tests
pahud Jun 6, 2024
29968e5
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud Jun 6, 2024
6445773
add AccessEntryType
pahud Jun 6, 2024
f19805c
add test for accessEntryType
pahud Jun 6, 2024
8365348
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud Jun 6, 2024
1fddf0c
update
pahud Jun 6, 2024
1b25f92
update tests
pahud Jun 6, 2024
841d6b7
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud Jun 6, 2024
cb7802f
add more checks and tests
pahud Jun 6, 2024
7d1bcfe
fix README
pahud Jun 6, 2024
480bf4a
update README
pahud Jun 7, 2024
5a2191e
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
mergify[bot] Jun 11, 2024
364f86b
chore: upgrade jsii to `~5.4.21` (#30518)
mrgrain Jun 11, 2024
74bcc1f
feat: implement node runtime region awareness for cdk vended custom r…
colifran Jun 11, 2024
11597a0
feat(opensearch): add OpenSearch 2.13 engine version (#30399)
timbru31 Jun 11, 2024
34f92df
Merge remote-tracking branch 'origin/main' into pahud/aws-eks-support…
pahud Jun 12, 2024
b98369a
update snaps
pahud Jun 12, 2024
5121217
fix conflict
pahud Jun 12, 2024
619e7bb
fix conflict
pahud Jun 12, 2024
ac72608
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud Jun 12, 2024
353fc93
update snapshots
pahud Jun 12, 2024
3294656
Merge branch 'main' into pahud/aws-eks-support-accessconfig-28588
pahud Jun 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion packages/aws-cdk-lib/aws-eks/lib/cluster-resource.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ export interface ClusterResourceProps {
readonly clusterHandlerSecurityGroup?: ec2.ISecurityGroup;
readonly tags?: { [key: string]: string };
readonly logging?: { [key: string]: [ { [key: string]: any } ] };
readonly accessconfig?: CfnCluster.AccessConfigProperty;
}

/**
Expand Down Expand Up @@ -88,6 +89,7 @@ export class ClusterResource extends Construct {
},
tags: props.tags,
logging: props.logging,
accessConfig: props.accessconfig,
},
AssumeRoleArn: this.adminRole.roleArn,

Expand All @@ -96,7 +98,7 @@ export class ClusterResource extends Construct {
// doesn't contain XXX key in object" (see #8276) by incrementing this
// number, you will effectively cause a "no-op update" to the cluster
// which will return the new set of attribute.
AttributesRevision: 2,
AttributesRevision: 3,
pahud marked this conversation as resolved.
Show resolved Hide resolved
},
});

Expand Down
27 changes: 27 additions & 0 deletions packages/aws-cdk-lib/aws-eks/lib/cluster.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -809,6 +809,20 @@ export interface ClusterProps extends ClusterOptions {
*/
readonly kubectlLambdaRole?: iam.IRole;

/**
* The desired authentication mode for the cluster.
* @default AuthenticationMode.CONFIG_MAP;
*/
readonly authenticationMode?: AuthenticationMode;

/**
* Whether or not the cluster creator IAM principal was set as a cluster admin access entry
pahud marked this conversation as resolved.
Show resolved Hide resolved
* during cluster creation time.
*
* @default true
*/
readonly bootstrapClusterCreatorAdminPermissions?: boolean;
pahud marked this conversation as resolved.
Show resolved Hide resolved

/**
* The tags assigned to the EKS cluster
*
Expand Down Expand Up @@ -996,6 +1010,15 @@ export enum IpFamily {
IP_V6 = 'ipv6',
}

/**
* Authentication mode of the clsuter.
*/
export enum AuthenticationMode {
CONFIG_MAP = 'CONFIG_MAP',
API_AND_CONFIG_MAP = 'API_AND_CONFIG_MAP',
API = 'API',
}

abstract class ClusterBase extends Resource implements ICluster {
public abstract readonly connections: ec2.Connections;
public abstract readonly vpc: ec2.IVpc;
Expand Down Expand Up @@ -1580,6 +1603,10 @@ export class Cluster extends ClusterBase {
environment: props.clusterHandlerEnvironment,
roleArn: this.role.roleArn,
version: props.version.version,
accessconfig: {
authenticationMode: props.authenticationMode,
bootstrapClusterCreatorAdminPermissions: props.bootstrapClusterCreatorAdminPermissions,
},
resourcesVpcConfig: {
securityGroupIds: [securityGroup.securityGroupId],
subnetIds,
Expand Down
Loading