chore(eks-v2): refactor kubectlProvider (#33087)

### Reason for this change Group `kubectl` related properties together and make the cluster construct easier to use. ### Description of changes - Move all `kubectl` related properties into an interface `kubectlProviderOptions` - When `kubectlProviderOptions` is not set, kubectl provider custom resource will not be created. - clean up some properties - minor changes to import API to remove some unused props. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes Unit tests passed. Integration tests will be added in next PR. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jan 28, 2025 · c710e70 · c710e70
1 parent bcb7f9b
commit c710e70
Show file tree

Hide file tree

Showing 20 changed files with 546 additions and 1,169 deletions.
diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts
diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-cluster.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-cluster.ts
@@ -1,11 +1,11 @@
 import { Construct } from 'constructs';
-import { Cluster, ClusterOptions, CoreDnsComputeType } from './cluster';
+import { Cluster, ClusterCommonOptions, CoreDnsComputeType } from './cluster';
 import { FargateProfile, FargateProfileOptions } from './fargate-profile';
 
 /**
  * Configuration props for EKS Fargate.
  */
-export interface FargateClusterProps extends ClusterOptions {
+export interface FargateClusterProps extends ClusterCommonOptions {
   /**
    * Fargate Profile to create along with the cluster.
    *

diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-profile.ts
@@ -146,8 +146,6 @@ export class FargateProfile extends Construct implements ITaggable {
       managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSFargatePodExecutionRolePolicy')],
     });
 
-    this.podExecutionRole.grantPassRole(props.cluster.adminRole);
-
     if (props.subnetSelection && !props.vpc) {
       Annotations.of(this).addWarningV2('@aws-cdk/aws-eks:fargateProfileDefaultToPrivateSubnets', 'Vpc must be defined to use a custom subnet selection. All private subnets belonging to the EKS cluster will be used by default');
     }

diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/helm-chart.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/helm-chart.ts
@@ -133,7 +133,10 @@ export class HelmChart extends Construct {
 
     const stack = Stack.of(this);
 
-    const provider = KubectlProvider.getOrCreate(this, props.cluster);
+    const provider = KubectlProvider.getKubectlProvider(this, props.cluster);
+    if (!provider) {
+      throw new Error('Kubectl Provider is not defined in this cluster. Define it when creating the cluster');
+    }
 
     const timeout = props.timeout?.toSeconds();
     if (timeout && timeout > 900) {
@@ -159,14 +162,13 @@ export class HelmChart extends Construct {
     // default to set atomic as false
     const atomic = props.atomic ?? false;
 
-    this.chartAsset?.grantRead(provider.handlerRole);
+    this.chartAsset?.grantRead(provider.role!);
 
     new CustomResource(this, 'Resource', {
       serviceToken: provider.serviceToken,
       resourceType: HelmChart.RESOURCE_TYPE,
       properties: {
         ClusterName: props.cluster.clusterName,
-        RoleArn: provider.roleArn, // TODO: bake into the provider's environment
         Release: props.release ?? Names.uniqueId(this).slice(-53).toLowerCase(), // Helm has a 53 character limit for the name
         Chart: this.chart,
         ChartAssetURL: this.chartAsset?.s3ObjectUrl,

diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/k8s-manifest.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/k8s-manifest.ts
@@ -124,7 +124,10 @@ export class KubernetesManifest extends Construct {
     super(scope, id);
 
     const stack = Stack.of(this);
-    const provider = KubectlProvider.getOrCreate(this, props.cluster);
+    const provider = KubectlProvider.getKubectlProvider(this, props.cluster);
+    if (!provider) {
+      throw new Error('Kubectl Provider is not defined in this cluster. Define it when creating the cluster');
+    }
 
     const prune = props.prune ?? props.cluster.prune;
     const pruneLabel = prune
@@ -144,7 +147,6 @@ export class KubernetesManifest extends Construct {
         // StepFunctions, CloudWatch Dashboards etc).
         Manifest: stack.toJsonString(props.manifest),
         ClusterName: props.cluster.clusterName,
-        RoleArn: provider.roleArn, // TODO: bake into provider's environment
         PruneLabel: pruneLabel,
         Overwrite: props.overwrite,
         SkipValidation: props.skipValidation,

diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/k8s-object-value.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/k8s-object-value.ts
@@ -62,14 +62,17 @@ export class KubernetesObjectValue extends Construct {
   constructor(scope: Construct, id: string, props: KubernetesObjectValueProps) {
     super(scope, id);
 
-    const provider = KubectlProvider.getOrCreate(this, props.cluster);
+    const provider = KubectlProvider.getKubectlProvider(this, props.cluster);
+
+    if (!provider) {
+      throw new Error('Kubectl Provider is not defined in this cluster. Define it when creating the cluster');
+    }
 
     this._resource = new CustomResource(this, 'Resource', {
       resourceType: KubernetesObjectValue.RESOURCE_TYPE,
       serviceToken: provider.serviceToken,
       properties: {
         ClusterName: props.cluster.clusterName,
-        RoleArn: provider.roleArn,
         ObjectType: props.objectType,
         ObjectName: props.objectName,
         ObjectNamespace: props.objectNamespace ?? 'default',

diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/k8s-patch.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/k8s-patch.ts
@@ -72,7 +72,11 @@ export class KubernetesPatch extends Construct {
     super(scope, id);
 
     const stack = Stack.of(this);
-    const provider = KubectlProvider.getOrCreate(this, props.cluster);
+
+    const provider = KubectlProvider.getKubectlProvider(this, props.cluster);
+    if (!provider) {
+      throw new Error('Kubectl Provider is not defined in this cluster. Define it when creating the cluster');
+    }
 
     new CustomResource(this, 'Resource', {
       serviceToken: provider.serviceToken,
@@ -83,7 +87,6 @@ export class KubernetesPatch extends Construct {
         ApplyPatchJson: stack.toJsonString(props.applyPatch),
         RestorePatchJson: stack.toJsonString(props.restorePatch),
         ClusterName: props.cluster.clusterName,
-        RoleArn: provider.roleArn, // TODO: bake into provider's environment
         PatchType: props.patchType ?? PatchType.STRATEGIC,
       },
     });