aws-cdk-lib/aws-eks/lib/kubectl-provider.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.KubectlProvider=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),path=require("path"),iam=require("../../aws-iam"),lambda=require("../../aws-lambda"),core_1=require("../../core"),cr=require("../../custom-resources"),lambda_layer_awscli_1=require("../../lambda-layer-awscli"),lambda_layer_kubectl_1=require("../../lambda-layer-kubectl"),constructs_1=require("constructs"),cluster_1=require("./cluster");class KubectlProvider extends core_1.NestedStack{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_eks_KubectlProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,KubectlProvider),error}const cluster=props.cluster;if(!cluster.kubectlRole)throw new Error('"kubectlRole" is not defined, cannot issue kubectl commands against this cluster');if(cluster.kubectlPrivateSubnets&&!cluster.kubectlSecurityGroup)throw new Error('"kubectlSecurityGroup" is required if "kubectlSubnets" is specified');const memorySize=cluster.kubectlMemory?cluster.kubectlMemory.toMebibytes():1024,handler=new lambda.Function(this,"Handler",{code:lambda.Code.fromAsset(path.join(__dirname,"kubectl-handler")),runtime:lambda.Runtime.PYTHON_3_7,handler:"index.handler",timeout:core_1.Duration.minutes(15),description:"onEvent handler for EKS kubectl resource provider",memorySize,environment:cluster.kubectlEnvironment,role:cluster.kubectlLambdaRole?cluster.kubectlLambdaRole:void 0,vpc:cluster.kubectlPrivateSubnets?cluster.vpc:void 0,securityGroups:cluster.kubectlSecurityGroup?[cluster.kubectlSecurityGroup]:void 0,vpcSubnets:cluster.kubectlPrivateSubnets?{subnets:cluster.kubectlPrivateSubnets}:void 0});handler.addLayers(props.cluster.awscliLayer??new lambda_layer_awscli_1.AwsCliLayer(this,"AwsCliLayer")),handler.addLayers(props.cluster.kubectlLayer??new lambda_layer_kubectl_1.KubectlLayer(this,"KubectlLayer")),this.handlerRole=handler.role,this.handlerRole.addToPrincipalPolicy(new iam.PolicyStatement({actions:["eks:DescribeCluster"],resources:[cluster.clusterArn]})),this.handlerRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEC2ContainerRegistryReadOnly")),this.handlerRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonElasticContainerRegistryPublicReadOnly")),cluster.kubectlRole.grant(this.handlerRole,"sts:AssumeRole");const provider=new cr.Provider(this,"Provider",{onEventHandler:handler,vpc:cluster.kubectlPrivateSubnets?cluster.vpc:void 0,vpcSubnets:cluster.kubectlPrivateSubnets?{subnets:cluster.kubectlPrivateSubnets}:void 0,securityGroups:cluster.kubectlSecurityGroup?[cluster.kubectlSecurityGroup]:void 0});this.serviceToken=provider.serviceToken,this.roleArn=cluster.kubectlRole.roleArn}static getOrCreate(scope,cluster){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_eks_ICluster(cluster)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.getOrCreate),error}if(cluster instanceof cluster_1.Cluster)return cluster._attachKubectlResourceScope(scope);if(cluster.kubectlProvider)return cluster.kubectlProvider;const uid=`${core_1.Names.nodeUniqueId(cluster.node)}-KubectlProvider`,stack=core_1.Stack.of(scope);let provider=stack.node.tryFindChild(uid);return provider||(provider=new KubectlProvider(stack,uid,{cluster})),provider}static fromKubectlProviderAttributes(scope,id,attrs){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_eks_KubectlProviderAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromKubectlProviderAttributes),error}return new ImportedKubectlProvider(scope,id,attrs)}}exports.KubectlProvider=KubectlProvider,_a=JSII_RTTI_SYMBOL_1,KubectlProvider[_a]={fqn:"aws-cdk-lib.aws_eks.KubectlProvider",version:"2.70.0"};class ImportedKubectlProvider extends constructs_1.Construct{constructor(scope,id,props){super(scope,id),this.serviceToken=props.functionArn,this.roleArn=props.kubectlRoleArn,this.handlerRole=props.handlerRole}}