aws-cdk-lib/aws-eks/lib/fargate-profile.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__setModuleDefault=exports&&exports.__setModuleDefault||(Object.create?(function(o,v){Object.defineProperty(o,"default",{enumerable:!0,value:v})}):function(o,v){o.default=v}),__importStar=exports&&exports.__importStar||(function(){var ownKeys=function(o){return ownKeys=Object.getOwnPropertyNames||function(o2){var ar=[];for(var k in o2)Object.prototype.hasOwnProperty.call(o2,k)&&(ar[ar.length]=k);return ar},ownKeys(o)};return function(mod){if(mod&&mod.__esModule)return mod;var result={};if(mod!=null)for(var k=ownKeys(mod),i=0;i<k.length;i++)k[i]!=="default"&&__createBinding(result,mod,k[i]);return __setModuleDefault(result,mod),result}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.FargateProfile=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},consts_1=()=>{var tmp=require("./cluster-resource-handler/consts");return consts_1=()=>tmp,tmp},cluster_resource_provider_1=()=>{var tmp=require("./cluster-resource-provider");return cluster_resource_provider_1=()=>tmp,tmp},ec2=()=>{var tmp=__importStar(require("../../aws-ec2"));return ec2=()=>tmp,tmp},iam=()=>{var tmp=__importStar(require("../../aws-iam"));return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class FargateProfile extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.FargateProfile",version:"2.260.0"};fargateProfileArn;fargateProfileName;tags;podExecutionRole;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_FargateProfileProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,FargateProfile),error}const provider=cluster_resource_provider_1().ClusterResourceProvider.getOrCreate(this,{onEventLayer:props.cluster.onEventLayer});this.podExecutionRole=props.podExecutionRole??new(iam()).Role(this,"PodExecutionRole",{assumedBy:new(iam()).ServicePrincipal("eks-fargate-pods.amazonaws.com"),managedPolicies:[iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSFargatePodExecutionRolePolicy")]}),this.podExecutionRole.grantPassRole(props.cluster.adminRole),props.subnetSelection&&!props.vpc&&core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-eks:fargateProfileDefaultToPrivateSubnets","Vpc must be defined to use a custom subnet selection. All private subnets belonging to the EKS cluster will be used by default");let subnets;if(props.vpc){const selection=props.subnetSelection??{subnetType:ec2().SubnetType.PRIVATE_WITH_EGRESS};subnets=props.vpc.selectSubnets(selection).subnetIds}if(props.selectors.length<1)throw new(core_1()).ValidationError((0,literal_string_1().lit)`FargateProfileRequiresLeastOne`,"Fargate profile requires at least one selector",this);if(props.selectors.length>5)throw new(core_1()).ValidationError((0,literal_string_1().lit)`FargateProfileSupportsUpFive`,"Fargate profile supports up to five selectors",this);this.tags=new(core_1()).TagManager(core_1().TagType.MAP,"AWS::EKS::FargateProfile");const resource=new(core_1()).CustomResource(this,"Resource",{serviceToken:provider.serviceToken,resourceType:consts_1().FARGATE_PROFILE_RESOURCE_TYPE,properties:{AssumeRoleArn:props.cluster.adminRole.roleArn,Config:{clusterName:props.cluster.clusterName,fargateProfileName:props.fargateProfileName,podExecutionRoleArn:this.podExecutionRole.roleArn,selectors:props.selectors,subnets,tags:core_1().Lazy.any({produce:()=>this.tags.renderTags()})}}});this.fargateProfileArn=resource.getAttString("fargateProfileArn"),this.fargateProfileName=resource.ref;const clusterFargateProfiles=props.cluster._attachFargateProfile(this);if(clusterFargateProfiles.length>1){const previousProfile=clusterFargateProfiles[clusterFargateProfiles.length-2];resource.node.addDependency(previousProfile)}[void 0,cluster_1().AuthenticationMode.CONFIG_MAP,cluster_1().AuthenticationMode.API_AND_CONFIG_MAP].includes(props.cluster.authenticationMode)&&props.cluster.awsAuth.addRoleMapping(this.podExecutionRole,{username:"system:node:{{SessionName}}",groups:["system:bootstrappers","system:nodes","system:node-proxier"]}),props.removalPolicy&&core_1().RemovalPolicies.of(this).apply(props.removalPolicy)}}exports.FargateProfile=FargateProfile;