From 4121b33905e74acb75d38891508d77bfe5ac91fa Mon Sep 17 00:00:00 2001 From: shapirov Date: Mon, 21 Oct 2024 17:52:45 -0400 Subject: [PATCH 1/6] fixes #1082 - dependency added between chart and namespace --- bin/main.ts | 2 +- examples/blueprint-construct/index.ts | 2 +- examples/blueprint-ipv6-construct/index.ts | 2 +- lib/addons/keda/index.ts | 3 +-- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/bin/main.ts b/bin/main.ts index 1f5b9adf0..74b72b682 100644 --- a/bin/main.ts +++ b/bin/main.ts @@ -13,4 +13,4 @@ new BlueprintIPv4Construct(app, props); // Deploying IPV6 cluster in us-east-2 region. Assuming IPV4 cluster will be deployed to another region. props = { env: { account, region: "us-east-2" } }; // Create ipv6 cluster: temporarily removed from the e2e tests due to the timeouts. -//new BlueprintIPV6Construct(app, props); +new BlueprintIPV6Construct(app, props); diff --git a/examples/blueprint-construct/index.ts b/examples/blueprint-construct/index.ts index c3518fea1..8225294cd 100644 --- a/examples/blueprint-construct/index.ts +++ b/examples/blueprint-construct/index.ts @@ -166,7 +166,7 @@ export default class BlueprintConstruct { serviceName: blueprints.AckServiceName.S3 }), new blueprints.addons.KarpenterAddOn({ - version: "v0.33.2", + version: "v0.37.5", nodePoolSpec: this.nodePoolSpec, ec2NodeClassSpec: this.nodeClassSpec, interruptionHandling: true, diff --git a/examples/blueprint-ipv6-construct/index.ts b/examples/blueprint-ipv6-construct/index.ts index a21fed852..ebd43fefb 100644 --- a/examples/blueprint-ipv6-construct/index.ts +++ b/examples/blueprint-ipv6-construct/index.ts @@ -36,7 +36,7 @@ export default class BlueprintIPV6Construct extends BlueprintConstruct { const addOns: Array = [ new blueprints.addons.KarpenterAddOn({ - version: "v0.34.5", + version: "v0.37.5", nodePoolSpec: this.nodePoolSpec, ec2NodeClassSpec: this.nodeClassSpec, interruptionHandling: true, diff --git a/lib/addons/keda/index.ts b/lib/addons/keda/index.ts index a5eff52d3..86b590bbd 100644 --- a/lib/addons/keda/index.ts +++ b/lib/addons/keda/index.ts @@ -101,10 +101,9 @@ export class KedaAddOn extends HelmAddOn { } else { //Let Keda Create Service account for you. This is controlled by flag helmOptions.createServiceAccount (refer line no:118) const chart = this.addHelmChart(clusterInfo, values); + chart.node.addDependency(namespace); return Promise.resolve(chart); } - - } } From 1aaa89d6911870c2fb78c07707b2ca29ed485c4c Mon Sep 17 00:00:00 2001 From: shapirov Date: Mon, 21 Oct 2024 23:53:45 -0400 Subject: [PATCH 2/6] Fixes #1077 - added createNamespace option, if set to true will create namespace --- lib/addons/efs-csi-driver/index.ts | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/addons/efs-csi-driver/index.ts b/lib/addons/efs-csi-driver/index.ts index b2e58c014..8ac886031 100644 --- a/lib/addons/efs-csi-driver/index.ts +++ b/lib/addons/efs-csi-driver/index.ts @@ -4,7 +4,7 @@ import { HelmAddOn, HelmAddOnUserProps } from "../helm-addon"; import { getEfsDriverPolicyStatements } from "./iam-policy"; import { registries } from "../../utils/registry-utils"; import * as iam from "aws-cdk-lib/aws-iam"; -import { setPath, supportsALL} from "../../utils"; +import { createNamespace, setPath, supportsALL} from "../../utils"; import * as kms from "aws-cdk-lib/aws-kms"; @@ -31,6 +31,11 @@ export interface EfsCsiDriverProps extends HelmAddOnUserProps { */ kmsKeys?: kms.Key[]; + /** + * Create Namespace with the provided one (will not if namespace is kube-system) + */ + createNamespace?: boolean + } /** @@ -42,7 +47,8 @@ const defaultProps: EfsCsiDriverProps = { repository: "https://kubernetes-sigs.github.io/aws-efs-csi-driver/", name: EFS_CSI_DRIVER, chart: EFS_CSI_DRIVER, - replicaCount: 2 + replicaCount: 2, + createNamespace: false }; @supportsALL @@ -62,10 +68,16 @@ export class EfsCsiDriverAddOn extends HelmAddOn { name: EFS_CSI_CONTROLLER_SA, namespace: this.options.namespace, }); + getEfsDriverPolicyStatements(this.options?.kmsKeys).forEach((statement) => { serviceAccount.addToPrincipalPolicy(iam.PolicyStatement.fromJson(statement)); }); + // Create namespace + if (this.options.createNamespace) { + const ns = createNamespace(this.options.namespace!, cluster, true); + serviceAccount.node.addDependency(ns); + } // Lookup appropriate image repo const repo = registries.get(clusterInfo.cluster.stack.region) + EFS_REGISTRY_SUFFIX; From ada1f3d1c75ba363c8be8063c8b12dc592d91389 Mon Sep 17 00:00:00 2001 From: shapirov Date: Tue, 22 Oct 2024 23:29:46 -0400 Subject: [PATCH 3/6] addressing lint --- lib/addons/velero/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/addons/velero/index.ts b/lib/addons/velero/index.ts index 5592295a2..cba7f8866 100644 --- a/lib/addons/velero/index.ts +++ b/lib/addons/velero/index.ts @@ -1,4 +1,4 @@ -import { KubernetesManifest, ServiceAccount } from "aws-cdk-lib/aws-eks"; +import { ServiceAccount } from "aws-cdk-lib/aws-eks"; import * as iam from "aws-cdk-lib/aws-iam"; import * as s3 from "aws-cdk-lib/aws-s3"; import { Construct } from "constructs"; From e64b5c2730f47f9a5764f20916acfef4c6174f9f Mon Sep 17 00:00:00 2001 From: shapirov Date: Tue, 22 Oct 2024 23:32:32 -0400 Subject: [PATCH 4/6] compile issue fixed --- bin/main.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/main.ts b/bin/main.ts index daeb07eec..2cc0eae5f 100644 --- a/bin/main.ts +++ b/bin/main.ts @@ -13,4 +13,4 @@ new BlueprintIPv4Construct(app, props); // Deploying IPV6 cluster in us-east-2 region. Assuming IPV4 cluster will be deployed to another region. props = { env: { account, region: "us-east-2" } }; // Create ipv6 cluster: temporarily removed from the e2e tests due to the timeouts. -new BlueprintIPV6Construct(app, props); +// new BlueprintIPV6Construct(app, props); From 11809817e4168c4e918fc6eb850ec48fbcba4da4 Mon Sep 17 00:00:00 2001 From: shapirov Date: Tue, 22 Oct 2024 23:34:03 -0400 Subject: [PATCH 5/6] version increment to 1.16.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1ffb878f0..d009aca35 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@aws-quickstart/eks-blueprints", - "version": "1.15.1", + "version": "1.16.0", "license": "Apache-2.0", "main": "dist/index.js", "types": "dist/index.d.ts", From 4c33a34a91e1ee2ba89e8a8513123cbf6dc43331 Mon Sep 17 00:00:00 2001 From: shapirov Date: Tue, 22 Oct 2024 23:48:10 -0400 Subject: [PATCH 6/6] refactored keda addon to add createNamespace option --- lib/addons/keda/index.ts | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/lib/addons/keda/index.ts b/lib/addons/keda/index.ts index c07b58477..928b1b23c 100644 --- a/lib/addons/keda/index.ts +++ b/lib/addons/keda/index.ts @@ -49,6 +49,11 @@ export interface KedaAddOnProps extends HelmAddOnUserProps { */ irsaRoles?: string[]; + /** + * If set to true the namespace will be created. Default is true, since namespace is set to keda. + * Set to false if installing to kube-system or other existing namespace. + */ + createNamespace?: boolean, } /** @@ -64,7 +69,8 @@ const defaultProps: HelmAddOnProps & KedaAddOnProps = { values: {}, kedaOperatorName: "keda-operator", kedaServiceAccountName: "keda-operator", - irsaRoles: [] + irsaRoles: [], + createNamespace: true }; /** @@ -85,25 +91,26 @@ export class KedaAddOn extends HelmAddOn { let values: Values = populateValues(this.options); values = merge(values, this.props.values ?? {}); - const namespace = createNamespace(this.options.namespace! , cluster); + let namespace: Construct | undefined = undefined; + + if(this.options.createNamespace) { + namespace = createNamespace(this.options.namespace! , cluster); + } + const chart = this.addHelmChart(clusterInfo, values); if (this.options.irsaRoles!.length > 0) { //Create Service Account with IRSA const opts = { name: this.options.kedaOperatorName, namespace: this.options.namespace }; const sa = cluster.addServiceAccount(this.options.kedaServiceAccountName!, opts); - setRoles(sa,this.options.irsaRoles!); - sa.node.addDependency(namespace); - - const chart = this.addHelmChart(clusterInfo, values); + setRoles(sa, this.options.irsaRoles!); + if(namespace) { + sa.node.addDependency(namespace); + } chart.node.addDependency(sa); - return Promise.resolve(chart); - - } else { - //Let Keda Create Service account for you. This is controlled by flag helmOptions.createServiceAccount (refer line no:118) - const chart = this.addHelmChart(clusterInfo, values); + } else if(namespace) { chart.node.addDependency(namespace); - return Promise.resolve(chart); } + return Promise.resolve(chart); } }