feat: update KubectlLayer with the latest security patches for Helm a…

…nd remove deprecated python3.7 and nodejs14.x runtimes (#623) Similar to #546, this PR adds kubectl 1.29.4 and Helm 3.14.4 security patch https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1293 https://github.com/helm/helm/releases/tag/v3.14.4 Fixes [#588](#588). Fixes [#752](#752). Removes the EOL python3.7 runtime in the integ test and upgrade nodejs14.0 to nodejs16.0 used in custom resource provider by upgrading aws-cdk-lib from 2.28.0 to 2.85.0 in the current branch, which addresses the usage of node 14 [#25995](aws/aws-cdk#25995)
cdklabs · Jun 5, 2024 · e5cef1b · e5cef1b
1 parent e3d1e86
commit e5cef1b
Show file tree

Hide file tree

Showing 15 changed files with 522 additions and 98 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/release-kubectl-v29.yml b/.github/workflows/release-kubectl-v29.yml
diff --git a/.projen/deps.json b/.projen/deps.json
diff --git a/.projenrc.ts b/.projenrc.ts
@@ -11,7 +11,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
   projenrcTs: true,
   author: 'Amazon Web Services',
   authorAddress: 'aws-cdk-dev@amazon.com',
-  cdkVersion: '2.28.0',
+  cdkVersion: '2.94.0',
   name: `@aws-cdk/lambda-layer-kubectl-v${SPEC_VERSION}`,
   description: `A Lambda Layer that contains kubectl v1.${SPEC_VERSION}`,
   repositoryUrl: 'https://github.com/cdklabs/awscdk-asset-kubectl.git',

diff --git a/API.md b/API.md
diff --git a/README.md b/README.md
@@ -13,8 +13,8 @@ This module exports a single class called `KubectlV29Layer` which is a `lambda.L
 bundles the [`kubectl`](https://kubernetes.io/docs/reference/kubectl/kubectl/) and the
 [`helm`](https://helm.sh/) command line.
 
-> - Helm Version: 3.14.0
-> - Kubectl Version: 1.29.1
+> - Helm Version: 3.14.4
+> - Kubectl Version: 1.29.4
 >
 
 Usage:

diff --git a/layer/Dockerfile b/layer/Dockerfile
@@ -5,8 +5,8 @@ FROM public.ecr.aws/lambda/provided:latest
 # versions
 #
 
-ARG KUBECTL_VERSION=1.29.1
-ARG HELM_VERSION=3.14.0
+ARG KUBECTL_VERSION=1.29.4
+ARG HELM_VERSION=3.14.4
 
 USER root
 RUN mkdir -p /opt

diff --git a/package.json b/package.json
diff --git a/projenrc/workflow-no-docker-patch.ts b/projenrc/workflow-no-docker-patch.ts
@@ -22,7 +22,7 @@ export class WorkflowNoDockerPatch {
       JsonPatch.add(`/jobs/${workflow}/steps/`, {
         name: 'Setup Node.js',
         uses: 'actions/setup-node@v3',
-        with: { 'node-version': project.minNodeVersion ?? '14.x' },
+        with: { 'node-version': project.minNodeVersion ?? '16.x' },
       }),
       JsonPatch.remove(`/jobs/${workflow}/container`),
     );

diff --git a/src/kubectl-layer.ts b/src/kubectl-layer.ts
@@ -11,7 +11,7 @@ export class KubectlV29Layer extends lambda.LayerVersion {
       code: lambda.Code.fromAsset(ASSET_FILE, {
         assetHash: assetHash(),
       }),
-      description: '/opt/kubectl/kubectl 1.29; /opt/helm/helm 3.14',
+      description: '/opt/kubectl/kubectl 1.29.4; /opt/helm/helm 3.14.4',
       license: 'Apache-2.0',
     });
   }

diff --git a/test/kubectl-layer.integ.snapshot/lambda-layer-kubectl-integ-stack.assets.json b/test/kubectl-layer.integ.snapshot/lambda-layer-kubectl-integ-stack.assets.json
@@ -1,15 +1,15 @@
 {
-  "version": "20.0.0",
+  "version": "34.0.0",
   "files": {
-    "b5925bba477fd1ac27c3a695a9f6ece293bd0ae6940bc65a5b99008ab54f60f7": {
+    "2266ac05f7e1f3dbecd7349c1f994abb28703d561d08d58f559927e0d31817d4": {
       "source": {
-        "path": "asset.b5925bba477fd1ac27c3a695a9f6ece293bd0ae6940bc65a5b99008ab54f60f7.zip",
+        "path": "asset.2266ac05f7e1f3dbecd7349c1f994abb28703d561d08d58f559927e0d31817d4.zip",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "b5925bba477fd1ac27c3a695a9f6ece293bd0ae6940bc65a5b99008ab54f60f7.zip",
+          "objectKey": "2266ac05f7e1f3dbecd7349c1f994abb28703d561d08d58f559927e0d31817d4.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
@@ -27,28 +27,28 @@
         }
       }
     },
-    "eaeb69bc290b516fe3b049f89d6118b22249df682fbabf56af300cf345198574": {
+    "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf": {
       "source": {
-        "path": "asset.eaeb69bc290b516fe3b049f89d6118b22249df682fbabf56af300cf345198574",
+        "path": "asset.f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "eaeb69bc290b516fe3b049f89d6118b22249df682fbabf56af300cf345198574.zip",
+          "objectKey": "f2d30cfc360482320a52a4fcde8a70f3569df79ab30be24650fda58eb60052cf.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "7793bea638b52e9d8f5e0c5a129f4337959bf7bdf7408d2035cc2ddfdf4f7d56": {
+    "11baabd2ea39a92e958855fe9d0e2c549a83bc8710379d8695623383d256922f": {
       "source": {
         "path": "lambda-layer-kubectl-integ-stack.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "7793bea638b52e9d8f5e0c5a129f4337959bf7bdf7408d2035cc2ddfdf4f7d56.json",
+          "objectKey": "11baabd2ea39a92e958855fe9d0e2c549a83bc8710379d8695623383d256922f.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }