feat(eks-v2-alpha): use native L1 to create fargate profile (#32316)

### Reason for this change Currently Fargate Profile is created using custom resource. We should use the native L1 to replace the custom resource. ### Description of changes Change the resource type from custom resource to `CfnFargateProfile` ### Description of how you validated changes Unit test Integration tests are not added yet (keep in a separate branch) because they will fail the build with breaking changes. Will add integration tests back once most changes are finished. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Nov 28, 2024 · efc02c7 · efc02c7
1 parent 13d3623
commit efc02c7
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 119 deletions.
diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts
@@ -1,10 +1,9 @@
 import { Construct } from 'constructs';
 import { Cluster, AuthenticationMode } from './cluster';
-import { FARGATE_PROFILE_RESOURCE_TYPE } from './cluster-resource-handler/consts';
-import { ClusterResourceProvider } from './cluster-resource-provider';
 import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as iam from 'aws-cdk-lib/aws-iam';
-import { Annotations, CustomResource, ITaggable, Lazy, TagManager, TagType } from 'aws-cdk-lib/core';
+import { CfnFargateProfile } from 'aws-cdk-lib/aws-eks';
+import { Annotations, ITaggable, TagManager, TagType } from 'aws-cdk-lib/core';
 
 /**
  * Options for defining EKS Fargate Profiles.
@@ -143,10 +142,6 @@ export class FargateProfile extends Construct implements ITaggable {
   constructor(scope: Construct, id: string, props: FargateProfileProps) {
     super(scope, id);
 
-    const provider = ClusterResourceProvider.getOrCreate(this, {
-      onEventLayer: props.cluster.onEventLayer,
-    });
-
     this.podExecutionRole = props.podExecutionRole ?? new iam.Role(this, 'PodExecutionRole', {
       assumedBy: new iam.ServicePrincipal('eks-fargate-pods.amazonaws.com'),
       managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSFargatePodExecutionRolePolicy')],
@@ -174,23 +169,22 @@ export class FargateProfile extends Construct implements ITaggable {
 
     this.tags = new TagManager(TagType.MAP, 'AWS::EKS::FargateProfile');
 
-    const resource = new CustomResource(this, 'Resource', {
-      serviceToken: provider.serviceToken,
-      resourceType: FARGATE_PROFILE_RESOURCE_TYPE,
-      properties: {
-        AssumeRoleArn: props.cluster.adminRole.roleArn,
-        Config: {
-          clusterName: props.cluster.clusterName,
-          fargateProfileName: props.fargateProfileName,
-          podExecutionRoleArn: this.podExecutionRole.roleArn,
-          selectors: props.selectors,
-          subnets,
-          tags: Lazy.any({ produce: () => this.tags.renderTags() }),
-        },
-      },
+    const resource = new CfnFargateProfile(this, 'Resource', {
+      clusterName: props.cluster.clusterName,
+      fargateProfileName: props.fargateProfileName,
+      podExecutionRoleArn: this.podExecutionRole.roleArn,
+      selectors: props.selectors.map((s) => ({
+        namespace: s.namespace,
+        labels: Object.entries(s.labels ?? {}).map((e) => ({
+          key: e[0],
+          value: e[1],
+        })),
+      })),
+      subnets,
+      tags: this.tags.renderTags(),
     });
 
-    this.fargateProfileArn = resource.getAttString('fargateProfileArn');
+    this.fargateProfileArn = resource.attrArn;
     this.fargateProfileName = resource.ref;
 
     // Fargate profiles must be created sequentially. If other profile(s) already

diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/fargate.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/fargate.test.ts
@@ -20,12 +20,10 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: { Ref: 'MyCluster8AD82BF8' },
-        podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
-        selectors: [{ namespace: 'default' }],
-      },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: { Ref: 'MyCluster8AD82BF8' },
+      PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
+      Selectors: [{ Namespace: 'default' }],
     });
   });
 
@@ -41,13 +39,11 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: { Ref: 'MyCluster8AD82BF8' },
-        podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
-        selectors: [{ namespace: 'default' }],
-        fargateProfileName: 'MyProfileName',
-      },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: { Ref: 'MyCluster8AD82BF8' },
+      PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
+      Selectors: [{ Namespace: 'default' }],
+      FargateProfileName: 'MyProfileName',
     });
   });
 
@@ -64,12 +60,10 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: { Ref: 'MyCluster8AD82BF8' },
-        podExecutionRoleArn: { 'Fn::GetAtt': ['MyRoleF48FFE04', 'Arn'] },
-        selectors: [{ namespace: 'default' }],
-      },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: { Ref: 'MyCluster8AD82BF8' },
+      PodExecutionRoleArn: { 'Fn::GetAtt': ['MyRoleF48FFE04', 'Arn'] },
+      Selectors: [{ Namespace: 'default' }],
     });
   });
 
@@ -87,16 +81,20 @@ describe('fargate', () => {
     Tags.of(cluster).add('propTag', '123');
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        selectors: [{ namespace: 'default' }],
-        clusterName: { Ref: 'MyCluster8AD82BF8' },
-        podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
-        tags: {
-          propTag: '123',
-          aspectTag: 'hello',
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      Selectors: [{ Namespace: 'default' }],
+      ClusterName: { Ref: 'MyCluster8AD82BF8' },
+      PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
+      Tags: [
+        {
+          Key: 'aspectTag',
+          Value: 'hello',
         },
-      },
+        {
+          Key: 'propTag',
+          Value: '123',
+        },
+      ],
     });
   });
 
@@ -117,13 +115,11 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: { Ref: 'MyCluster8AD82BF8' },
-        podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
-        selectors: [{ namespace: 'default' }],
-        subnets: ['priv1'],
-      },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: { Ref: 'MyCluster8AD82BF8' },
+      PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] },
+      Selectors: [{ Namespace: 'default' }],
+      Subnets: ['priv1'],
     });
   });
 
@@ -164,22 +160,20 @@ describe('fargate', () => {
       },
     });
 
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: {
-          Ref: 'FargateCluster019F03E8',
-        },
-        podExecutionRoleArn: {
-          'Fn::GetAtt': [
-            'FargateClusterfargateprofiledefaultPodExecutionRole66F2610E',
-            'Arn',
-          ],
-        },
-        selectors: [
-          { namespace: 'default' },
-          { namespace: 'kube-system' },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: {
+        Ref: 'FargateCluster019F03E8',
+      },
+      PodExecutionRoleArn: {
+        'Fn::GetAtt': [
+          'FargateClusterfargateprofiledefaultPodExecutionRole66F2610E',
+          'Arn',
         ],
       },
+      Selectors: [
+        { Namespace: 'default' },
+        { Namespace: 'kube-system' },
+      ],
     });
   });
 
@@ -196,23 +190,21 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: {
-          Ref: 'FargateCluster019F03E8',
-        },
-        fargateProfileName: 'my-app',
-        podExecutionRoleArn: {
-          'Fn::GetAtt': [
-            'FargateClusterfargateprofilemyappPodExecutionRole875B4635',
-            'Arn',
-          ],
-        },
-        selectors: [
-          { namespace: 'foo' },
-          { namespace: 'bar' },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: {
+        Ref: 'FargateCluster019F03E8',
+      },
+      FargateProfileName: 'my-app',
+      PodExecutionRoleArn: {
+        'Fn::GetAtt': [
+          'FargateClusterfargateprofilemyappPodExecutionRole875B4635',
+          'Arn',
         ],
       },
+      Selectors: [
+        { Namespace: 'foo' },
+        { Namespace: 'bar' },
+      ],
     });
   });
 
@@ -229,22 +221,20 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: {
-          Ref: 'FargateCluster019F03E8',
-        },
-        podExecutionRoleArn: {
-          'Fn::GetAtt': [
-            'FargateClusterfargateprofilecustomPodExecutionRoleDB415F19',
-            'Arn',
-          ],
-        },
-        selectors: [
-          { namespace: 'foo' },
-          { namespace: 'bar' },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: {
+        Ref: 'FargateCluster019F03E8',
+      },
+      PodExecutionRoleArn: {
+        'Fn::GetAtt': [
+          'FargateClusterfargateprofilecustomPodExecutionRoleDB415F19',
+          'Arn',
         ],
       },
+      Selectors: [
+        { Namespace: 'foo' },
+        { Namespace: 'bar' },
+      ],
     });
   });
 
@@ -262,27 +252,16 @@ describe('fargate', () => {
     });
 
     // THEN
-    Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', {
-      Config: {
-        clusterName: { Ref: 'MyCluster8AD82BF8' },
-        podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37', 'Arn'] },
-        selectors: [{ namespace: 'namespace1' }],
-      },
+    Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', {
+      ClusterName: { Ref: 'MyCluster8AD82BF8' },
+      PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37', 'Arn'] },
+      Selectors: [{ Namespace: 'namespace1' }],
     });
-    Template.fromStack(stack).hasResource('Custom::AWSCDK-EKS-FargateProfile', {
+    Template.fromStack(stack).hasResource('AWS::EKS::FargateProfile', {
       Properties: {
-        ServiceToken: {
-          'Fn::GetAtt': [
-            'awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454',
-            'Outputs.awscdkawseksClusterResourceProviderframeworkonEventEA97AA31Arn',
-          ],
-        },
-        AssumeRoleArn: { 'Fn::GetAtt': ['MyClusterCreationRoleB5FA4FF3', 'Arn'] },
-        Config: {
-          clusterName: { Ref: 'MyCluster8AD82BF8' },
-          podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile2PodExecutionRoleD1151CCF', 'Arn'] },
-          selectors: [{ namespace: 'namespace2' }],
-        },
+        ClusterName: { Ref: 'MyCluster8AD82BF8' },
+        PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile2PodExecutionRoleD1151CCF', 'Arn'] },
+        Selectors: [{ Namespace: 'namespace2' }],
       },
       DependsOn: [
         'MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37',