From 0ea25522dcc86a29cc0579b297d0831f90d0d10f Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Wed, 27 Nov 2024 16:19:19 -0800 Subject: [PATCH] feat(eks): use native L1 to create fargate profile --- .../aws-eks-v2-alpha/lib/fargate-profile.ts | 38 ++-- .../aws-eks-v2-alpha/test/fargate.test.ts | 173 ++++++++---------- 2 files changed, 92 insertions(+), 119 deletions(-) diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts index b05d7ca37e0e1..33dfa9b409878 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts @@ -1,10 +1,9 @@ import { Construct } from 'constructs'; import { Cluster, AuthenticationMode } from './cluster'; -import { FARGATE_PROFILE_RESOURCE_TYPE } from './cluster-resource-handler/consts'; -import { ClusterResourceProvider } from './cluster-resource-provider'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as iam from 'aws-cdk-lib/aws-iam'; -import { Annotations, CustomResource, ITaggable, Lazy, TagManager, TagType } from 'aws-cdk-lib/core'; +import { CfnFargateProfile } from 'aws-cdk-lib/aws-eks'; +import { Annotations, ITaggable, TagManager, TagType } from 'aws-cdk-lib/core'; /** * Options for defining EKS Fargate Profiles. @@ -143,10 +142,6 @@ export class FargateProfile extends Construct implements ITaggable { constructor(scope: Construct, id: string, props: FargateProfileProps) { super(scope, id); - const provider = ClusterResourceProvider.getOrCreate(this, { - onEventLayer: props.cluster.onEventLayer, - }); - this.podExecutionRole = props.podExecutionRole ?? new iam.Role(this, 'PodExecutionRole', { assumedBy: new iam.ServicePrincipal('eks-fargate-pods.amazonaws.com'), managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSFargatePodExecutionRolePolicy')], @@ -174,23 +169,22 @@ export class FargateProfile extends Construct implements ITaggable { this.tags = new TagManager(TagType.MAP, 'AWS::EKS::FargateProfile'); - const resource = new CustomResource(this, 'Resource', { - serviceToken: provider.serviceToken, - resourceType: FARGATE_PROFILE_RESOURCE_TYPE, - properties: { - AssumeRoleArn: props.cluster.adminRole.roleArn, - Config: { - clusterName: props.cluster.clusterName, - fargateProfileName: props.fargateProfileName, - podExecutionRoleArn: this.podExecutionRole.roleArn, - selectors: props.selectors, - subnets, - tags: Lazy.any({ produce: () => this.tags.renderTags() }), - }, - }, + const resource = new CfnFargateProfile(this, 'Resource', { + clusterName: props.cluster.clusterName, + fargateProfileName: props.fargateProfileName, + podExecutionRoleArn: this.podExecutionRole.roleArn, + selectors: props.selectors.map((s) => ({ + namespace: s.namespace, + labels: Object.entries(s.labels ?? {}).map((e) => ({ + key: e[0], + value: e[1], + })), + })), + subnets, + tags: this.tags.renderTags(), }); - this.fargateProfileArn = resource.getAttString('fargateProfileArn'); + this.fargateProfileArn = resource.attrArn; this.fargateProfileName = resource.ref; // Fargate profiles must be created sequentially. If other profile(s) already diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/fargate.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/fargate.test.ts index ac6b105fa8a5d..71a5ec82a9cdb 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/fargate.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/fargate.test.ts @@ -20,12 +20,10 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, - selectors: [{ namespace: 'default' }], - }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, + Selectors: [{ Namespace: 'default' }], }); }); @@ -41,13 +39,11 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, - selectors: [{ namespace: 'default' }], - fargateProfileName: 'MyProfileName', - }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, + Selectors: [{ Namespace: 'default' }], + FargateProfileName: 'MyProfileName', }); }); @@ -64,12 +60,10 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyRoleF48FFE04', 'Arn'] }, - selectors: [{ namespace: 'default' }], - }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyRoleF48FFE04', 'Arn'] }, + Selectors: [{ Namespace: 'default' }], }); }); @@ -87,16 +81,20 @@ describe('fargate', () => { Tags.of(cluster).add('propTag', '123'); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - selectors: [{ namespace: 'default' }], - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, - tags: { - propTag: '123', - aspectTag: 'hello', + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + Selectors: [{ Namespace: 'default' }], + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, + Tags: [ + { + Key: 'aspectTag', + Value: 'hello', }, - }, + { + Key: 'propTag', + Value: '123', + }, + ], }); }); @@ -117,13 +115,11 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, - selectors: [{ namespace: 'default' }], - subnets: ['priv1'], - }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfilePodExecutionRole4795C054', 'Arn'] }, + Selectors: [{ Namespace: 'default' }], + Subnets: ['priv1'], }); }); @@ -164,22 +160,20 @@ describe('fargate', () => { }, }); - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { - Ref: 'FargateCluster019F03E8', - }, - podExecutionRoleArn: { - 'Fn::GetAtt': [ - 'FargateClusterfargateprofiledefaultPodExecutionRole66F2610E', - 'Arn', - ], - }, - selectors: [ - { namespace: 'default' }, - { namespace: 'kube-system' }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { + Ref: 'FargateCluster019F03E8', + }, + PodExecutionRoleArn: { + 'Fn::GetAtt': [ + 'FargateClusterfargateprofiledefaultPodExecutionRole66F2610E', + 'Arn', ], }, + Selectors: [ + { Namespace: 'default' }, + { Namespace: 'kube-system' }, + ], }); }); @@ -196,23 +190,21 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { - Ref: 'FargateCluster019F03E8', - }, - fargateProfileName: 'my-app', - podExecutionRoleArn: { - 'Fn::GetAtt': [ - 'FargateClusterfargateprofilemyappPodExecutionRole875B4635', - 'Arn', - ], - }, - selectors: [ - { namespace: 'foo' }, - { namespace: 'bar' }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { + Ref: 'FargateCluster019F03E8', + }, + FargateProfileName: 'my-app', + PodExecutionRoleArn: { + 'Fn::GetAtt': [ + 'FargateClusterfargateprofilemyappPodExecutionRole875B4635', + 'Arn', ], }, + Selectors: [ + { Namespace: 'foo' }, + { Namespace: 'bar' }, + ], }); }); @@ -229,22 +221,20 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { - Ref: 'FargateCluster019F03E8', - }, - podExecutionRoleArn: { - 'Fn::GetAtt': [ - 'FargateClusterfargateprofilecustomPodExecutionRoleDB415F19', - 'Arn', - ], - }, - selectors: [ - { namespace: 'foo' }, - { namespace: 'bar' }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { + Ref: 'FargateCluster019F03E8', + }, + PodExecutionRoleArn: { + 'Fn::GetAtt': [ + 'FargateClusterfargateprofilecustomPodExecutionRoleDB415F19', + 'Arn', ], }, + Selectors: [ + { Namespace: 'foo' }, + { Namespace: 'bar' }, + ], }); }); @@ -262,27 +252,16 @@ describe('fargate', () => { }); // THEN - Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-FargateProfile', { - Config: { - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37', 'Arn'] }, - selectors: [{ namespace: 'namespace1' }], - }, + Template.fromStack(stack).hasResourceProperties('AWS::EKS::FargateProfile', { + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37', 'Arn'] }, + Selectors: [{ Namespace: 'namespace1' }], }); - Template.fromStack(stack).hasResource('Custom::AWSCDK-EKS-FargateProfile', { + Template.fromStack(stack).hasResource('AWS::EKS::FargateProfile', { Properties: { - ServiceToken: { - 'Fn::GetAtt': [ - 'awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454', - 'Outputs.awscdkawseksClusterResourceProviderframeworkonEventEA97AA31Arn', - ], - }, - AssumeRoleArn: { 'Fn::GetAtt': ['MyClusterCreationRoleB5FA4FF3', 'Arn'] }, - Config: { - clusterName: { Ref: 'MyCluster8AD82BF8' }, - podExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile2PodExecutionRoleD1151CCF', 'Arn'] }, - selectors: [{ namespace: 'namespace2' }], - }, + ClusterName: { Ref: 'MyCluster8AD82BF8' }, + PodExecutionRoleArn: { 'Fn::GetAtt': ['MyClusterfargateprofileMyProfile2PodExecutionRoleD1151CCF', 'Arn'] }, + Selectors: [{ Namespace: 'namespace2' }], }, DependsOn: [ 'MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37',