eks-for-prod
Version:
EKS Cluster + EFS Filesystem + Aurora Serverless Cluster
35 lines (34 loc) • 1.52 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.ExternalSecrets = void 0;
const core_1 = require("@aws-cdk/core");
const service_account_with_policy_1 = require("./service-account-with-policy");
const external_secrets_policy_1 = require("./service-account-policies/external-secrets-policy");
class ExternalSecrets extends core_1.Construct {
constructor(scope, id, props) {
super(scope, id);
const serviceAccount = new service_account_with_policy_1.ServiceAccountWithPolicy(this, 'ExternalSecrets', {
cluster: props.cluster,
jsonPolicy: external_secrets_policy_1.externalSecretsPolicy(),
serviceAccountName: 'external-secrets',
serviceAccountNamespace: 'kube-system'
});
props.cluster.addHelmChart('ExternalSecretsHelmChart', {
release: 'external-secrets',
namespace: 'kube-system',
repository: 'https://external-secrets.github.io/kubernetes-external-secrets',
chart: 'kubernetes-external-secrets',
values: {
env: {
AWS_REGION: 'us-east-1',
POLLER_INTERVAL_MILLISECONDS: '7200000' // 2 hours
},
serviceAccount: {
create: false,
name: serviceAccount.serviceAccount.serviceAccountName
}
}
}).node.addDependency(serviceAccount);
}
}
exports.ExternalSecrets = ExternalSecrets;