From 6b2c3652a2bf105632cb81bef8a0b1508b499895 Mon Sep 17 00:00:00 2001 From: Vu Dao Date: Thu, 20 Jun 2024 22:46:46 +0700 Subject: [PATCH 1/2] [KEDA] Update helm values to work from v2.14.0 --- lib/addons/keda/index.ts | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/lib/addons/keda/index.ts b/lib/addons/keda/index.ts index c4f0d1c67..b9573a54b 100644 --- a/lib/addons/keda/index.ts +++ b/lib/addons/keda/index.ts @@ -12,7 +12,7 @@ import { HelmAddOn, HelmAddOnProps, HelmAddOnUserProps } from "../helm-addon"; export interface KedaAddOnProps extends HelmAddOnUserProps { /** * Version of the helm chart to deploy - */ + */ version?: string; /** * Name of the KEDA operator @@ -25,12 +25,12 @@ export interface KedaAddOnProps extends HelmAddOnUserProps { /** * securityContext: fsGroup * Check the workaround for SQS Scalar with IRSA https://github.com/kedacore/keda/issues/837#issuecomment-789037326 - */ + */ podSecurityContextFsGroup?: number; /** * securityContext:runAsGroup * Check the workaround for SQS Scalar with IRSA https://github.com/kedacore/keda/issues/837#issuecomment-789037326 - */ + */ securityContextRunAsGroup?: number; /** * securityContext:runAsUser @@ -38,9 +38,9 @@ export interface KedaAddOnProps extends HelmAddOnUserProps { */ securityContextRunAsUser?: number; /** - * An array of Managed IAM Policies which Service Account needs for IRSA Eg: irsaRoles:["CloudWatchFullAccess","AmazonSQSFullAccess"]. If not empty + * An array of Managed IAM Policies which Service Account of KEDA operator needs for IRSA Eg: irsaRoles:["CloudWatchFullAccess","AmazonSQSFullAccess"]. If not empty * Service Account will be Created by CDK with IAM Roles Mapped (IRSA). In case if its empty, Keda will create the Service Account with out IAM Roles - */ + */ irsaRoles?: string[]; } @@ -52,7 +52,7 @@ const defaultProps: HelmAddOnProps & KedaAddOnProps = { name: "blueprints-keda-addon", chart: "keda", namespace:"keda", - version: "2.13.2", + version: "2.14.2", release: "keda", repository: "https://kedacore.github.io/charts", values: {}, @@ -74,19 +74,20 @@ export class KedaAddOn extends HelmAddOn { } deploy(clusterInfo: ClusterInfo): Promise { - + const cluster = clusterInfo.cluster; let values: Values = populateValues(this.options); values = merge(values, this.props.values ?? {}); - + + const namespace = createNamespace(this.options.namespace! , cluster); + if (this.options.irsaRoles!.length > 0) { //Create Service Account with IRSA const opts = { name: this.options.kedaOperatorName, namespace: this.options.namespace }; const sa = cluster.addServiceAccount(this.options.kedaServiceAccountName!, opts); setRoles(sa,this.options.irsaRoles!); - const namespace = createNamespace(this.options.namespace! , cluster); sa.node.addDependency(namespace); - + const chart = this.addHelmChart(clusterInfo, values); chart.node.addDependency(sa); return Promise.resolve(chart); @@ -96,8 +97,8 @@ export class KedaAddOn extends HelmAddOn { const chart = this.addHelmChart(clusterInfo, values); return Promise.resolve(chart); } - - + + } } @@ -108,14 +109,10 @@ export class KedaAddOn extends HelmAddOn { function populateValues(helmOptions: KedaAddOnProps): Values { const values = helmOptions.values ?? {}; - // Check the workaround for SQS Scalar https://github.com/kedacore/keda/issues/837 setPath(values, "operator.name", helmOptions.kedaOperatorName); - setPath(values, "podSecurityContext.fsGroup", helmOptions.podSecurityContextFsGroup); - setPath(values, "securityContext.runAsGroup", helmOptions.securityContextRunAsGroup); - setPath(values, "securityContext.runAsUser", helmOptions.securityContextRunAsUser); //In Case irsaRoles array is non empty, code should not allow Keda to create Service Account, CDK will create Service Account with IRSA enabled - setPath(values, "serviceAccount.create", helmOptions.irsaRoles!.length > 0 ? false : true); - setPath(values, "serviceAccount.name", helmOptions.kedaServiceAccountName); + setPath(values, "serviceAccount.operator.create", helmOptions.irsaRoles!.length > 0 ? false : true); + setPath(values, "serviceAccount.operator.name", helmOptions.kedaServiceAccountName); return values; } @@ -131,4 +128,3 @@ function populateValues(helmOptions: KedaAddOnProps): Values { sa.role.addManagedPolicy(policy); }); } - \ No newline at end of file From 6c43e5e67ea3750e6b102064b38a50057c85ec9a Mon Sep 17 00:00:00 2001 From: Vu Dao Date: Fri, 21 Jun 2024 14:50:07 +0700 Subject: [PATCH 2/2] Document deprecated fields for Keda v2.14.0+ --- lib/addons/keda/index.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/addons/keda/index.ts b/lib/addons/keda/index.ts index b9573a54b..a5eff52d3 100644 --- a/lib/addons/keda/index.ts +++ b/lib/addons/keda/index.ts @@ -25,16 +25,22 @@ export interface KedaAddOnProps extends HelmAddOnUserProps { /** * securityContext: fsGroup * Check the workaround for SQS Scalar with IRSA https://github.com/kedacore/keda/issues/837#issuecomment-789037326 + * + * @deprecated Has no effect for version 2.14 and above. Update podSecurityContext.operator.fsGroup in Values instead. KEDA-is-secure-by-default with fsGroup: 1000 */ podSecurityContextFsGroup?: number; /** * securityContext:runAsGroup * Check the workaround for SQS Scalar with IRSA https://github.com/kedacore/keda/issues/837#issuecomment-789037326 + * + * @deprecated Has no effect for version 2.14 and above. Update podSecurityContext.operator.runAsGroup in Values instead. KEDA-is-secure-by-default with runAsGroup: 1000 */ securityContextRunAsGroup?: number; /** * securityContext:runAsUser * Check the workaround for SQS Scalar with IRSA https://github.com/kedacore/keda/issues/837#issuecomment-789037326 + * + * @deprecated Has no effect for version 2.14 and above. Update podSecurityContext.operator.runAsUser in Values instead. KEDA-is-secure-by-default with runAsUser: 1000 */ securityContextRunAsUser?: number; /**