diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 128953a8e..e8832b8fa 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -6,7 +6,7 @@ }, "ghcr.io/devcontainers/features/aws-cli:1": {}, "ghcr.io/devcontainers-contrib/features/aws-cdk:2": { - "version": "2.162.1" + "version": "2.173.2" } }, "postCreateCommand": ".devcontainer/postCreateCommand.sh", diff --git a/README.md b/README.md index ccd94f9fe..48c137f3b 100644 --- a/README.md +++ b/README.md @@ -48,14 +48,14 @@ aws --version Install CDK matching the current version of the Blueprints QuickStart (which can be found in package.json). ```bash -npm install -g aws-cdk@2.162.1 +npm install -g aws-cdk@2.173.2 ``` Verify the installation. ```bash cdk --version -# must output 2.162.1 +# must output 2.173.2 ``` Create a new CDK project. We use `typescript` for this example. diff --git a/docs/README.md b/docs/README.md index 516cfb2ca..9defee3ca 100644 --- a/docs/README.md +++ b/docs/README.md @@ -44,14 +44,14 @@ aws --version Install CDK matching the current version of the Blueprints QuickStart (which can be found in package.json). ```bash -npm install -g aws-cdk@2.162.1 +npm install -g aws-cdk@2.173.2 ``` Verify the installation. ```bash cdk --version -# must output 2.162.1 +# must output 2.173.2 ``` Create a new CDK project. We use `typescript` for this example. diff --git a/docs/getting-started.md b/docs/getting-started.md index 06d843240..e595f41e8 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -26,8 +26,8 @@ Create a directory that represents you project (e.g. `my-blueprints`) and then c ```bash npm install -g n # may require sudo n stable # may require sudo -npm install -g aws-cdk@2.162.1 # may require sudo (Ubuntu) depending on configuration -cdk --version # must produce 2.162.1 +npm install -g aws-cdk@2.173.2 # may require sudo (Ubuntu) depending on configuration +cdk --version # must produce 2.173.2 mkdir my-blueprints cd my-blueprints cdk init app --language typescript @@ -57,7 +57,7 @@ npm ERR! peer bundled aws-cdk-lib@"2.133.0" from @aws-quickstart/eks-blueprints@ npm ERR! node_modules/@aws-quickstart/eks-blueprint ``` -This message means that the version of CDK that the customer is using is different from the version of CDK used in EKS Blueprints. Locate the line `peer bundled` and check the expected version of the CDK. Make sure that in your `package.json` the version is set to the expected. In this example, `package.json` contained `"aws-cdk-lib": "2.133.0"`, while the expected version was `2.162.1`. +This message means that the version of CDK that the customer is using is different from the version of CDK used in EKS Blueprints. Locate the line `peer bundled` and check the expected version of the CDK. Make sure that in your `package.json` the version is set to the expected. In this example, `package.json` contained `"aws-cdk-lib": "2.133.0"`, while the expected version was `2.173.2`. **Note**: after the initial installation, upgrading the version of CDK to an incompatible higher/lower version will produce a warning, but will succeed. For community support (submitting GitHub issues) please make sure you have a matching version configured. diff --git a/docs/internal/ci.md b/docs/internal/ci.md index 289758c5e..5ea9cc44b 100644 --- a/docs/internal/ci.md +++ b/docs/internal/ci.md @@ -19,7 +19,7 @@ cd cdk-eks-blueprints Install CDK (please review and install any missing [pre-requisites](https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html) for your environment) ```sh -npm install -g aws-cdk@2.162.1 +npm install -g aws-cdk@2.173.2 ``` Install the dependencies for this project. diff --git a/examples/examples.ts b/examples/examples.ts index 1b102da2a..0801763ab 100644 --- a/examples/examples.ts +++ b/examples/examples.ts @@ -35,7 +35,7 @@ const publicCluster = { }; builder() - .clusterProvider(new bp.FargateClusterProvider(publicCluster)) + .clusterProvider(new bp.FargateClusterProvider({...publicCluster})) .build(app, "fargate-blueprint"); builder() diff --git a/lib/addons/amp/collector-config-amp-daemonset.ytpl b/lib/addons/amp/collector-config-amp-daemonset.ytpl index 8eb806b92..152f769a4 100644 --- a/lib/addons/amp/collector-config-amp-daemonset.ytpl +++ b/lib/addons/amp/collector-config-amp-daemonset.ytpl @@ -49,6 +49,40 @@ spec: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true + - job_name: ksh-metrics + scheme: https + metrics_path: /apis/metrics.eks.amazonaws.com/v1/ksh/container/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + action: keep + regex: default;kubernetes;https + + - job_name: kcm-metrics + scheme: https + metrics_path: /apis/metrics.eks.amazonaws.com/v1/kcm/container/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + action: keep + regex: default;kubernetes;https + - job_name: kubernetes-nodes bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: @@ -348,6 +382,13 @@ rules: - get - list - watch +- apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get - nonResourceURLs: - /metrics verbs: diff --git a/lib/addons/amp/collector-config-amp.ytpl b/lib/addons/amp/collector-config-amp.ytpl index 55957e265..c0580e78d 100644 --- a/lib/addons/amp/collector-config-amp.ytpl +++ b/lib/addons/amp/collector-config-amp.ytpl @@ -43,6 +43,38 @@ spec: tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true + - job_name: ksh-metrics + scheme: https + metrics_path: /apis/metrics.eks.amazonaws.com/v1/ksh/container/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + action: keep + regex: default;kubernetes;https + - job_name: kcm-metrics + scheme: https + metrics_path: /apis/metrics.eks.amazonaws.com/v1/kcm/container/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + action: keep + regex: default;kubernetes;https - job_name: kubernetes-nodes bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: @@ -1934,6 +1966,13 @@ rules: - get - list - watch +- apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get - nonResourceURLs: - /metrics verbs: diff --git a/lib/addons/aws-loadbalancer-controller/iam-policy.ts b/lib/addons/aws-loadbalancer-controller/iam-policy.ts index 3e91b1fe6..6bf54e5d4 100644 --- a/lib/addons/aws-loadbalancer-controller/iam-policy.ts +++ b/lib/addons/aws-loadbalancer-controller/iam-policy.ts @@ -37,7 +37,9 @@ export const AwsLoadbalancerControllerIamPolicy = (partition: string) => { "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeTags" + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTrustStores", + "elasticloadbalancing:DescribeListenerAttributes" ], "Resource": "*" }, @@ -186,7 +188,8 @@ export const AwsLoadbalancerControllerIamPolicy = (partition: string) => { "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:DeleteTargetGroup" + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ModifyListenerAttributes" ], "Resource": "*", "Condition": { diff --git a/lib/addons/cloud-watch-insights/index.ts b/lib/addons/cloud-watch-insights/index.ts index 16db44b4c..15335ac33 100644 --- a/lib/addons/cloud-watch-insights/index.ts +++ b/lib/addons/cloud-watch-insights/index.ts @@ -10,11 +10,11 @@ import {KubernetesVersion} from "aws-cdk-lib/aws-eks"; // aws eks describe-addon-versions --kubernetes-version --addon-name amazon-cloudwatch-observability \ // --query 'addons[].addonVersions[].{Version: addonVersion, Defaultversion: compatibilities[0].defaultVersion}' --output table const versionMap: Map = new Map([ - [KubernetesVersion.V1_31, "v2.1.3-eksbuild.1"], - [KubernetesVersion.V1_30, "v2.1.3-eksbuild.1"], - [KubernetesVersion.V1_29, "v2.1.3-eksbuild.1"], - [KubernetesVersion.V1_28, "v2.1.3-eksbuild.1"], - [KubernetesVersion.V1_27, "v2.1.3-eksbuild.1"] + [KubernetesVersion.V1_31, "v2.3.0-eksbuild.1"], + [KubernetesVersion.V1_30, "v2.3.0-eksbuild.1"], + [KubernetesVersion.V1_29, "v2.3.0-eksbuild.1"], + [KubernetesVersion.V1_28, "v2.3.0-eksbuild.1"], + [KubernetesVersion.V1_27, "v2.3.0-eksbuild.1"] ]); diff --git a/lib/addons/cloudwatch-adot-addon/collector-config-cloudwatch.ytpl b/lib/addons/cloudwatch-adot-addon/collector-config-cloudwatch.ytpl index bdab1bba1..e0987a21d 100644 --- a/lib/addons/cloudwatch-adot-addon/collector-config-cloudwatch.ytpl +++ b/lib/addons/cloudwatch-adot-addon/collector-config-cloudwatch.ytpl @@ -45,6 +45,40 @@ spec: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true + - job_name: ksh-metrics + scheme: https + metrics_path: /apis/metrics.eks.amazonaws.com/v1/ksh/container/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + action: keep + regex: default;kubernetes;https + + - job_name: kcm-metrics + scheme: https + metrics_path: /apis/metrics.eks.amazonaws.com/v1/kcm/container/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + action: keep + regex: default;kubernetes;https + - job_name: kubernetes-nodes bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: @@ -409,6 +443,13 @@ rules: - get - list - watch + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get - nonResourceURLs: - /metrics verbs: diff --git a/lib/addons/core-addon/index.ts b/lib/addons/core-addon/index.ts index 4a080eb5c..a29e8102f 100644 --- a/lib/addons/core-addon/index.ts +++ b/lib/addons/core-addon/index.ts @@ -8,6 +8,7 @@ import { createServiceAccountWithPolicy, deployBeforeCapacity, logger, userLog, import * as sdk from "@aws-sdk/client-eks"; import { RemovalPolicy } from "aws-cdk-lib"; + export class CoreAddOnProps { /** * Name of the add-on to instantiate @@ -87,7 +88,7 @@ export class CoreAddOn implements ClusterAddOn { let version: string = this.coreAddOnProps.version; if (this.coreAddOnProps.version === "auto") { - version = await this.provideVersion(clusterInfo); + version = await this.provideVersion(clusterInfo.version, clusterInfo.cluster.stack.region); } let addOnProps = { @@ -176,11 +177,11 @@ export class CoreAddOn implements ClusterAddOn { return result; } - async provideVersion(clusterInfo: ClusterInfo) : Promise { - const client = new sdk.EKSClient({ region: clusterInfo.cluster.stack.region }); + async provideVersion(clusterVersion: KubernetesVersion, region: string) : Promise { + const client = new sdk.EKSClient({ region }); const command = new sdk.DescribeAddonVersionsCommand({ addonName: this.coreAddOnProps.addOnName, - kubernetesVersion: clusterInfo.version.version + kubernetesVersion: clusterVersion.version }); try { @@ -210,7 +211,7 @@ export class CoreAddOn implements ClusterAddOn { logger.warn(`Failed to retrieve add-on versions from EKS for add-on ${this.coreAddOnProps.addOnName}.`); logger.warn("Possible reasons for failures - Unauthorized or Authentication failure or Network failure on the terminal."); logger.warn(" Falling back to default version."); - let version: string = this.provideDefaultAutoVersion(clusterInfo.version); + let version: string = this.provideDefaultAutoVersion(clusterVersion); userLog.debug(`Core add-on ${this.coreAddOnProps.addOnName} has autoselected version ${version}`); return version; } diff --git a/lib/addons/kube-proxy/index.ts b/lib/addons/kube-proxy/index.ts index 82ab605e8..75a7c46d7 100644 --- a/lib/addons/kube-proxy/index.ts +++ b/lib/addons/kube-proxy/index.ts @@ -1,9 +1,9 @@ import { KubernetesVersion } from "aws-cdk-lib/aws-eks"; -import { CoreAddOn, CoreAddOnProps } from "../core-addon"; import { supportsALL } from "../../utils"; +import { CoreAddOn, CoreAddOnProps } from "../core-addon"; const versionMap: Map = new Map([ - [KubernetesVersion.V1_31, "1.31.0-eksbuild.5"], + [KubernetesVersion.V1_31, "v1.31.0-eksbuild.5"], [KubernetesVersion.V1_30, "v1.30.0-eksbuild.3"], [KubernetesVersion.V1_29, "v1.29.0-eksbuild.1"], [KubernetesVersion.V1_28, "v1.28.2-eksbuild.2"], diff --git a/lib/pipelines/code-pipeline.ts b/lib/pipelines/code-pipeline.ts index 94ab6e356..d96e7ed7d 100644 --- a/lib/pipelines/code-pipeline.ts +++ b/lib/pipelines/code-pipeline.ts @@ -457,7 +457,7 @@ class CodePipeline { primaryOutputDirectory: `${path}/cdk.out`, installCommands: [ 'n stable', - 'npm install -g aws-cdk@2.162.1', + 'npm install -g aws-cdk@2.173.2', `cd $CODEBUILD_SRC_DIR/${path} && npm install` ], commands: [`cd $CODEBUILD_SRC_DIR/${path}`, 'npm run build', 'npx cdk synth ' + app] diff --git a/lib/resource-providers/ipv6-iam.ts b/lib/resource-providers/ipv6-iam.ts index 7f5798778..e9c2cc580 100644 --- a/lib/resource-providers/ipv6-iam.ts +++ b/lib/resource-providers/ipv6-iam.ts @@ -1,7 +1,7 @@ import * as spi from "../spi"; import * as iam from "aws-cdk-lib/aws-iam"; import {IManagedPolicy} from "aws-cdk-lib/aws-iam"; -import {getEKSNodeIpv6PolicyDocument} from '../../lib/utils/ipv6-utils'; +import {getEKSNodeIpv6PolicyDocument} from '../utils/ipv6-utils'; /** * Resource provider that creates a new role with ipv6 permissions. diff --git a/lib/resource-providers/vpc.ts b/lib/resource-providers/vpc.ts index e2a0ac7ec..cf0d1c97b 100644 --- a/lib/resource-providers/vpc.ts +++ b/lib/resource-providers/vpc.ts @@ -107,7 +107,6 @@ export function getVPCFromId(context: ResourceContext, nodeId: string, vpcId?: s } else { console.log(`looking up non-default ${vpcId} VPC`); vpc = ec2.Vpc.fromLookup(context.scope, nodeId + "-vpc", { vpcId: vpcId }); - console.log(vpc); } } return vpc; diff --git a/package.json b/package.json index d009aca35..c15d4ca0a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@aws-quickstart/eks-blueprints", - "version": "1.16.0", + "version": "1.16.2", "license": "Apache-2.0", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -74,7 +74,7 @@ "semver": "^7.6.0" }, "peerDependencies": { - "aws-cdk-lib": "2.162.1", - "aws-cdk": "2.162.1" + "aws-cdk-lib": "2.173.2", + "aws-cdk": "2.173.2" } } diff --git a/test/cloudwatch-insights.test.ts b/test/cloudwatch-insights.test.ts index 0303c7e33..d28405eff 100644 --- a/test/cloudwatch-insights.test.ts +++ b/test/cloudwatch-insights.test.ts @@ -80,7 +80,7 @@ describe('Unit test for CloudWatch Addon', () => { const app = new cdk.App(); const addOn = new blueprints.CloudWatchInsights({}); - const version = KubernetesVersion.V1_29; + const version = KubernetesVersion.V1_30; const blueprint = await blueprints.EksBlueprint.builder() .version(version) .account("123456789012").region('us-east-2') @@ -89,9 +89,11 @@ describe('Unit test for CloudWatch Addon', () => { const template = Template.fromStack(blueprint); + const inferredVersion = await addOn.provideVersion(version, 'us-west-2'); + template.hasResource("AWS::EKS::Addon", { Properties: { - "AddonVersion": Match.exact(addOn.provideDefaultAutoVersion(version)) + "AddonVersion": Match.exact(inferredVersion) } }); });