From 6a894b4fa00074513783a31565ae4de941e38557 Mon Sep 17 00:00:00 2001 From: Pahud Hsieh Date: Fri, 10 Nov 2023 15:36:47 +0000 Subject: [PATCH 1/2] support eks with k8s 1.28 --- packages/aws-cdk-lib/aws-eks/README.md | 60 ++++++++++----------- packages/aws-cdk-lib/aws-eks/lib/cluster.ts | 9 ++++ 2 files changed, 39 insertions(+), 30 deletions(-) diff --git a/packages/aws-cdk-lib/aws-eks/README.md b/packages/aws-cdk-lib/aws-eks/README.md index 1ca4e347e31a9..fba788290d009 100644 --- a/packages/aws-cdk-lib/aws-eks/README.md +++ b/packages/aws-cdk-lib/aws-eks/README.md @@ -63,12 +63,12 @@ This example defines an Amazon EKS cluster with the following configuration: * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. ```ts -import { KubectlV27Layer } from '@aws-cdk/lambda-layer-kubectl-v27'; +import { KubectlV28Layer } from '@aws-cdk/lambda-layer-kubectl-v28'; // provisioning a cluster const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_27, - kubectlLayer: new KubectlV27Layer(this, 'kubectl'), + version: eks.KubernetesVersion.V1_28, + kubectlLayer: new KubectlV28Layer(this, 'kubectl'), }); // apply a kubernetes manifest to the cluster @@ -134,7 +134,7 @@ Creating a new cluster is done using the `Cluster` or `FargateCluster` construct ```ts new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); ``` @@ -142,7 +142,7 @@ You can also use `FargateCluster` to provision a cluster that uses only fargate ```ts new eks.FargateCluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); ``` @@ -166,7 +166,7 @@ At cluster instantiation time, you can customize the number of instances and the ```ts new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); @@ -178,7 +178,7 @@ Additional customizations are available post instantiation. To apply them, set t ```ts const cluster = new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, defaultCapacity: 0, }); @@ -258,7 +258,7 @@ const eksClusterNodeGroupRole = new iam.Role(this, 'eksClusterNodeGroupRole', { }); const cluster = new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, defaultCapacity: 0, }); @@ -401,7 +401,7 @@ The following code defines an Amazon EKS cluster with a default Fargate Profile ```ts const cluster = new eks.FargateCluster(this, 'MyCluster', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); ``` @@ -478,7 +478,7 @@ You can also configure the cluster to use an auto-scaling group as the default c ```ts const cluster = new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, defaultCapacityType: eks.DefaultCapacityType.EC2, }); ``` @@ -571,7 +571,7 @@ You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/ ```ts const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, endpointAccess: eks.EndpointAccess.PRIVATE, // No access outside of your VPC. }); ``` @@ -593,7 +593,7 @@ To deploy the controller on your EKS cluster, configure the `albController` prop ```ts new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, albController: { version: eks.AlbControllerVersion.V2_6_2, }, @@ -633,7 +633,7 @@ You can specify the VPC of the cluster using the `vpc` and `vpcSubnets` properti declare const vpc: ec2.Vpc; new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }], }); @@ -680,7 +680,7 @@ You can configure the environment of the Cluster Handler functions by specifying ```ts declare const proxyInstanceSecurityGroup: ec2.SecurityGroup; const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, clusterHandlerEnvironment: { https_proxy: 'http://proxy.myproxy.com', }, @@ -722,7 +722,7 @@ for (let subnet of subnets) { } const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, vpc: vpc, ipFamily: eks.IpFamily.IP_V6, vpcSubnets: [{ subnets: vpc.publicSubnets }], @@ -757,7 +757,7 @@ You can configure the environment of this function by specifying it at cluster i ```ts const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com', }, @@ -777,11 +777,11 @@ Depending on which version of kubernetes you're targeting, you will need to use the `@aws-cdk/lambda-layer-kubectl-vXY` packages. ```ts -import { KubectlV27Layer } from '@aws-cdk/lambda-layer-kubectl-v27'; +import { KubectlV28Layer } from '@aws-cdk/lambda-layer-kubectl-v28'; const cluster = new eks.Cluster(this, 'hello-eks', { - version: eks.KubernetesVersion.V1_27, - kubectlLayer: new KubectlV27Layer(this, 'kubectl'), + version: eks.KubernetesVersion.V1_28, + kubectlLayer: new KubectlV28Layer(this, 'kubectl'), }); ``` @@ -816,7 +816,7 @@ const cluster1 = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, vpc, clusterName: 'cluster-name', - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); // or @@ -834,7 +834,7 @@ By default, the kubectl provider is configured with 1024MiB of memory. You can u ```ts new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4), - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); // or @@ -873,7 +873,7 @@ When you create a cluster, you can specify a `mastersRole`. The `Cluster` constr ```ts declare const role: iam.Role; new eks.Cluster(this, 'HelloEKS', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, mastersRole: role, }); ``` @@ -923,7 +923,7 @@ You can use the `secretsEncryptionKey` to configure which key the cluster will u const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); ``` @@ -933,7 +933,7 @@ You can also use a similar configuration for running a cluster built using the F const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey, - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, }); ``` @@ -977,7 +977,7 @@ To access the Kubernetes resources from the console, make sure your viewing prin in the `aws-auth` ConfigMap. Some options to consider: ```ts -import { KubectlV27Layer } from '@aws-cdk/lambda-layer-kubectl-v27'; +import { KubectlV28Layer } from '@aws-cdk/lambda-layer-kubectl-v28'; declare const cluster: eks.Cluster; declare const your_current_role: iam.Role; declare const vpc: ec2.Vpc; @@ -997,7 +997,7 @@ your_current_role.addToPolicy(new iam.PolicyStatement({ ```ts // Option 2: create your custom mastersRole with scoped assumeBy arn as the Cluster prop. Switch to this role from the AWS console. -import { KubectlV27Layer } from '@aws-cdk/lambda-layer-kubectl-v27'; +import { KubectlV28Layer } from '@aws-cdk/lambda-layer-kubectl-v28'; declare const vpc: ec2.Vpc; const mastersRole = new iam.Role(this, 'MastersRole', { @@ -1006,8 +1006,8 @@ const mastersRole = new iam.Role(this, 'MastersRole', { const cluster = new eks.Cluster(this, 'EksCluster', { vpc, - version: eks.KubernetesVersion.V1_27, - kubectlLayer: new KubectlV27Layer(this, 'KubectlLayer'), + version: eks.KubernetesVersion.V1_28, + kubectlLayer: new KubectlV28Layer(this, 'KubectlLayer'), mastersRole, }); @@ -1291,7 +1291,7 @@ when a cluster is defined: ```ts new eks.Cluster(this, 'MyCluster', { - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, prune: false, }); ``` @@ -1678,7 +1678,7 @@ property. For example: ```ts const cluster = new eks.Cluster(this, 'Cluster', { // ... - version: eks.KubernetesVersion.V1_27, + version: eks.KubernetesVersion.V1_28, clusterLogging: [ eks.ClusterLoggingTypes.API, eks.ClusterLoggingTypes.AUTHENTICATOR, diff --git a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts index bdfa393e21865..ced3296e8d389 100644 --- a/packages/aws-cdk-lib/aws-eks/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-eks/lib/cluster.ts @@ -927,6 +927,15 @@ export class KubernetesVersion { */ public static readonly V1_27 = KubernetesVersion.of('1.27'); + /** + * Kubernetes version 1.28 + * + * When creating a `Cluster` with this version, you need to also specify the + * `kubectlLayer` property with a `KubectlV28Layer` from + * `@aws-cdk/lambda-layer-kubectl-v28`. + */ + public static readonly V1_28 = KubernetesVersion.of('1.28'); + /** * Custom cluster version * @param version custom version number From 8b8593408362398ad175020d78a49cee331dd9b4 Mon Sep 17 00:00:00 2001 From: Pahud Hsieh Date: Fri, 10 Nov 2023 16:14:12 +0000 Subject: [PATCH 2/2] fix build err --- packages/aws-cdk-lib/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json index 2dda5a5fa6ae6..bc480f9c2ba0a 100644 --- a/packages/aws-cdk-lib/package.json +++ b/packages/aws-cdk-lib/package.json @@ -489,7 +489,7 @@ }, "jsiiRosetta": { "exampleDependencies": { - "@aws-cdk/lambda-layer-kubectl-v27": "^2.0.0", + "@aws-cdk/lambda-layer-kubectl-v28": "^2.0.0", "cdk8s-plus-25": "^2.7.0", "@aws-cdk/aws-apigatewayv2-alpha": "*", "@aws-cdk/aws-kinesisfirehose-alpha": "*",