Merge pull request #24 from doitintl/dynamic_config

Dynamic config

Author: neoakris

cdk.context.json

@@ -1 +1,5 @@
-{}
+{
+  "acknowledged-issue-numbers": [
+    34892
+  ]
+}

config/eks/dev_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks'
 import {

config/eks/global_baseline_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as eks from 'aws-cdk-lib/aws-eks';

config/eks/higher_envs_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import * as iam from 'aws-cdk-lib/aws-iam';
@@ -48,8 +49,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const kube_proxy = new eks.CfnAddon(stack, 'kube-proxy', {
         clusterName: cluster.clusterName,
         addonName: 'kube-proxy',
-        addonVersion: 'v1.33.3-eksbuild.6', //v--query for latest, alternatively you can comment this line out to get default version
-        // aws eks describe-addon-versions --kubernetes-version=1.33 --addon-name=kube-proxy --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_kube_proxy_1_33_eks_addon(), // or 'v1.33.3-eksbuild.6'
         resolveConflicts: 'OVERWRITE',
         configurationValues: '{}',
     });

config/eks/lower_envs_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import * as iam from 'aws-cdk-lib/aws-iam';
@@ -48,8 +49,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const kube_proxy = new eks.CfnAddon(stack, 'kube-proxy', {
         clusterName: cluster.clusterName,
         addonName: 'kube-proxy',
-        addonVersion: 'v1.33.3-eksbuild.6', //v--query for latest, alternatively you can comment this line out to get default version
-        // aws eks describe-addon-versions --kubernetes-version=1.33 --addon-name=kube-proxy --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_kube_proxy_1_33_eks_addon(), // or 'v1.33.3-eksbuild.6'
         resolveConflicts: 'OVERWRITE',
         configurationValues: '{}',
     });

config/eks/my_orgs_baseline_eks_config.ts

@@ -1,11 +1,11 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import { KubernetesVersion } from 'aws-cdk-lib/aws-eks';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as kms from 'aws-cdk-lib/aws-kms';
 import request from 'sync-request-curl'; //npm install sync-request-curl (cdk requires sync functions, async not allowed)
-import cluster from 'cluster';
 //Intended Use:
 //A baseline config file (to be applied to all EasyEKS Clusters in your organization)
 //EasyEKS Admins would be expected to edit this file with defaults specific to their org. (that rarely change and are low risk to add)
@@ -74,8 +74,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const vpc_cni = new eks.CfnAddon(stack, 'vpc-cni', {
         clusterName: cluster.clusterName,
         addonName: 'vpc-cni',
-        addonVersion: 'v1.19.6-eksbuild.7', //v--query for latest, latest of this addon tends to be valid for all versions of kubernetes
-        // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=vpc-cni --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_vpc_cni_eks_addon(), //OR 'v1.20.1-eksbuild.3'
         //serviceAccountRoleArn: <-- leave this blank, to use worker node's IAM role, which gives dualstack ipv4/ipv6 support
         resolveConflicts: 'OVERWRITE',
         configurationValues: '{}',
@@ -84,8 +83,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const coredns = new eks.CfnAddon(stack, 'coredns', {
         clusterName: cluster.clusterName,
         addonName: 'coredns',
-        addonVersion: 'v1.11.4-eksbuild.14', //v--query for latest, latest tends to be valid for all version of kubernetes
-        // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=coredns --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_coredns_eks_addon(), //OR 'v1.12.3-eksbuild.1'
         resolveConflicts: 'OVERWRITE',
         //v-- Below represents an optimized CoreDNS deployment, based on
         //    https://aws.amazon.com/blogs/containers/amazon-eks-add-ons-advanced-configuration/
@@ -147,8 +145,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const metrics_server = new eks.CfnAddon(stack, 'metrics-server', { //allows `kubectl top nodes` to work & valid for all versions of kubernetes
         clusterName: cluster.clusterName,
         addonName: 'metrics-server',
-        addonVersion: 'v0.8.0-eksbuild.1', //v--query for latest
-        // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=metrics-server --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_metrics_server_eks_addon(), //OR 'v0.8.0-eksbuild.2'
         resolveConflicts: 'OVERWRITE',
         configurationValues: `{
             "replicas": 2,
@@ -203,8 +200,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const eks_node_monitoring_agent = new eks.CfnAddon(stack, 'eks-node-monitoring-agent', {
         clusterName: cluster.clusterName,
         addonName: 'eks-node-monitoring-agent',
-        addonVersion: 'v1.3.0-eksbuild.2', //v--query for latest
-        // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=eks-node-monitoring-agent --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_eks_node_monitoring_agent_eks_addon(), //or 'v1.4.0-eksbuild.2'
         resolveConflicts: 'OVERWRITE',
         configurationValues: '{}',
     });
@@ -244,8 +240,7 @@ export function deploy_addons(config: Easy_EKS_Config_Data, stack: cdk.Stack, cl
     const ebs_csi_addon = new eks.CfnAddon(stack, 'aws-ebs-csi-driver', {
         clusterName: cluster.clusterName,
         addonName: 'aws-ebs-csi-driver',
-        addonVersion: 'v1.45.0-eksbuild.2', //v--query for latest
-        // aws eks describe-addon-versions --kubernetes-version=1.31 --addon-name=aws-ebs-csi-driver --query='addons[].addonVersions[].addonVersion' | jq '.[0]'
+        addonVersion: Easy_EKS_Dynamic_Config.get_latest_version_of_ebs_csi_eks_addon(), //OR 'v1.48.0-eksbuild.2'
         resolveConflicts: 'OVERWRITE',
         podIdentityAssociations: [
             {
@@ -276,8 +271,7 @@ export function deploy_essentials(config: Easy_EKS_Config_Data, stack: cdk.Stack
         release: "node-local-dns-cache", // Name for our chart in Kubernetes (helm list -A)
         repository: "oci://ghcr.io/deliveryhero/helm-charts/node-local-dns",  // HTTPS address of the helm chart (associated with helm repo add command)
         namespace: "kube-system",
-        version: "2.1.10", // version of the helm chart, below can be used to look up latest
-        // curl https://raw.githubusercontent.com/deliveryhero/helm-charts/refs/heads/master/stable/node-local-dns/Chart.yaml | grep version: | cut -d ':' -f 2
+        version: Easy_EKS_Dynamic_Config.get_latest_version_of_node_local_dns_cache_helm_chart(), //OR "2.1.10"
         wait: false,
         values: { //<-- helm chart values per https://github.com/deliveryhero/helm-charts/blob/master/stable/node-local-dns/values.yaml
           config: {

config/eks/prod_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks'
 import * as iam from 'aws-cdk-lib/aws-iam';

config/eks/stage_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks'
 import * as iam from 'aws-cdk-lib/aws-iam';

config/eks/test_eks_config.ts

@@ -1,4 +1,5 @@
 import { Easy_EKS_Config_Data } from '../../lib/Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from '../../lib/Easy_EKS_Dynamic_Config';
 import * as cdk from 'aws-cdk-lib';
 import * as eks from 'aws-cdk-lib/aws-eks'
 import * as iam from 'aws-cdk-lib/aws-iam';

lib/Easy_EKS_Cluster.ts

@@ -6,9 +6,6 @@ import * as eks from 'aws-cdk-lib/aws-eks';
 import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as kms from 'aws-cdk-lib/aws-kms';
-import { KubectlV31Layer } from '@aws-cdk/lambda-layer-kubectl-v31'; //npm install @aws-cdk/lambda-layer-kubectl-v31
-import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32'; //npm install @aws-cdk/lambda-layer-kubectl-v32
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33'; //npm install @aws-cdk/lambda-layer-kubectl-v33
 //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 //Config Library Imports:
 import * as global_baseline_eks_config from '../config/eks/global_baseline_eks_config';
@@ -26,6 +23,7 @@ import console = require('console'); //can help debug feedback loop, allows `con
 //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 //Local Library Imports:
 import { Easy_EKS_Config_Data } from './Easy_EKS_Config_Data';
+import { Easy_EKS_Dynamic_Config } from './Easy_EKS_Dynamic_Config';
 //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 
@@ -197,7 +195,10 @@ export class Easy_EKS_Cluster{ //purposefully don't extend stack, to implement b
         // Logic to add the person running cdk deploy to the list of cluster admins
         // This satisfies EKS IAM access entry rights prerequisite, needed to allow the output command to work
         // aws eks update-kubeconfig --region ca-central-1 --name dev1-eks
-        config.addClusterAdminARN(CDK_Deployer.get_ARN_of_CDK_Deployers_IAM_ID());
+        // For good security we lock this down to whitelisted IAM access entries, defined in the Access tab of EKS's web console
+        // For convienence we make an assumption that the IAM identity running cdk deploy dev1-eks, should be auto-added to that list.
+        // A singleton pattern is used to avoid multiple lookups.
+        config.addClusterAdminARN(Easy_EKS_Dynamic_Config.get_ARN_of_IAM_Identity_running_CDK_Deploy());
         ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
         ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -219,39 +220,11 @@ export class Easy_EKS_Cluster{ //purposefully don't extend stack, to implement b
         ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     }//end of stage_deployment_of_eks_cluster()
 
-
 }//end class Easy_EKS_Cluster
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 
 
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-class CDK_Deployer { 
-    // After cdk deploy dev1-eks-cluster is run, a kubectl population command will be displayed
-    // Example:
-    // aws eks update-kubeconfig --region ca-central-1 --name dev1-eks
-    //
-    // For good security we lock this down to whitelisted IAM access entries, defined in the Access tab of EKS's web console
-    // For convienence we make an assumption that the IAM identity running cdk deploy dev1-eks, should be auto-added to that list.
-    // A singleton pattern is used to avoid multiple lookups.
-    private static singleton: CDK_Deployer;
-    private static iam_id: string;
-    public static get_ARN_of_CDK_Deployers_IAM_ID(): string{
-        if(!CDK_Deployer.singleton){
-            CDK_Deployer.singleton = new CDK_Deployer();
-            const cmd = `aws sts get-caller-identity | jq .Arn | tr -d '"|\n|\r'`; //translate delete (remove) double quote & new lines
-            const cmd_results = shell.exec(cmd, {silent:true});
-            if(cmd_results.code===0){
-                this.iam_id = cmd_results.stdout; //plausible value = arn:aws:iam::111122223333:user/example
-            }
-        }
-        return CDK_Deployer.iam_id; //returns arn of IAM user/role identity that ran `cdk deploy dev1-eks-cluster`
-    }
-} //end CDK_Deployer
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-
-
-
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 //Viewer Only RBAC Access (Equivalent to whats in research folder)
 //Converted using https://onlineyamltools.com/convert-yaml-to-json