Skip to content

Commit

Permalink
feat(eks): bundle kubectl, helm and awscli instead of SAR app (aws#12129
Browse files Browse the repository at this point in the history 
)

The EKS module uses the AWS CLI, `kubectl` and `helm` in order to interact with the Kubernetes cluster. These tools were consumed from a SAR app maintained by @pahud as an AWS Sample (see [repo](https://github.com/aws-samples/aws-lambda-layer-kubectl)).

This dependency on sample code introduces an operational and maintenance risk and as part of productizing the EKS module, we need to break it. The dependency on SAR is not required, and adds a few unnecessary layers (a nested stack, SAR regional availability, etc).

To that end, this change bundles the AWS CLI and the Kubernetes tools (`kubectl` and `helm`) into the AWS CDK. These layers are maintained in two new CDK modules called `@aws-cdk/lambda-layer-awscli` and `@aws-cdk/lambda-layer-kubectl` respectively. These are normal CDK modules that export a `lambda.LayerVersion` resource that can be mounted to any AWS Lambda function.

Since the s3-deployment module also needs the AWS CLI (and bundles it), we now reuse the AWS CLI layer in there as well.

Module sizes:
- lambda-layer-awscli: 10MiB
- lambda-layer-kubectl: 24MiB

This change increases the total module size of the MonoCDK by 24MiB (10MiB are reused with s3-deployment which was already bundled). In the future we are planning to remove these bundles from the library and publish them externally so they can be consumed at deploy-time but this is out of scope for this PR (see aws/aws-cdk-rfcs#39).



Resolves aws#11874

BREAKING CHANGE: the `@aws-cdk/eks.KubectlLayer` layer class has been moved to `@aws-cdk/lambda-layer-kubectl.KubectlLayer`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
Elad Ben-Israel authored Dec 24, 2020
1 parent b92ed51 commit 63bc98f
Show file tree
Hide file tree
Showing 67 changed files with 1,723 additions and 1,018 deletions.
14 changes: 7 additions & 7 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.app-mesh-proxy-config.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,8 +437,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -448,7 +446,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -636,8 +636,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -647,7 +645,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -874,8 +874,8 @@
],
"Family": "awsecsintegTaskDef6FDFB69A",
"IpcMode": "host",
"PidMode": "task",
"NetworkMode": "awsvpc",
"PidMode": "task",
"ProxyConfiguration": {
"ContainerName": "envoy",
"ProxyConfigurationProperties": [
Expand Down
14 changes: 7 additions & 7 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.clb-host-nw.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -458,8 +458,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -469,7 +467,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -657,8 +657,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -668,7 +666,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -895,8 +895,8 @@
],
"Family": "awsecsintegTaskDef6FDFB69A",
"IpcMode": "host",
"PidMode": "task",
"NetworkMode": "host",
"PidMode": "task",
"RequiresCompatibilities": [
"EC2"
],
Expand Down
79 changes: 70 additions & 9 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -991,6 +991,50 @@
}
}
},
"EnvFileDeploymentAwsCliLayerA8FC897D": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"Content": {
"S3Bucket": {
"Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7"
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::Select": [
0,
{
"Fn::Split": [
"||",
{
"Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F"
}
]
}
]
},
{
"Fn::Select": [
1,
{
"Fn::Split": [
"||",
{
"Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F"
}
]
}
]
}
]
]
}
},
"Description": "/opt/awscli/aws"
}
},
"EnvFileDeploymentCustomResourceDBE78DE4": {
"Type": "Custom::CDKBucketDeployment",
"Properties": {
Expand Down Expand Up @@ -1175,7 +1219,7 @@
"Properties": {
"Code": {
"S3Bucket": {
"Ref": "AssetParametersc9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176S3Bucket77147E20"
"Ref": "AssetParameters3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7S3Bucket28CE5152"
},
"S3Key": {
"Fn::Join": [
Expand All @@ -1188,7 +1232,7 @@
"Fn::Split": [
"||",
{
"Ref": "AssetParametersc9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176S3VersionKey4253216F"
"Ref": "AssetParameters3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7S3VersionKeyAF6E05ED"
}
]
}
Expand All @@ -1201,7 +1245,7 @@
"Fn::Split": [
"||",
{
"Ref": "AssetParametersc9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176S3VersionKey4253216F"
"Ref": "AssetParameters3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7S3VersionKeyAF6E05ED"
}
]
}
Expand All @@ -1219,6 +1263,11 @@
]
},
"Runtime": "python3.6",
"Layers": [
{
"Ref": "EnvFileDeploymentAwsCliLayerA8FC897D"
}
],
"Timeout": 900
},
"DependsOn": [
Expand Down Expand Up @@ -1288,17 +1337,29 @@
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
"Default": "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id"
},
"AssetParametersc9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176S3Bucket77147E20": {
"AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": {
"Type": "String",
"Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\""
},
"AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": {
"Type": "String",
"Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\""
},
"AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": {
"Type": "String",
"Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\""
},
"AssetParameters3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7S3Bucket28CE5152": {
"Type": "String",
"Description": "S3 bucket for asset \"c9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176\""
"Description": "S3 bucket for asset \"3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7\""
},
"AssetParametersc9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176S3VersionKey4253216F": {
"AssetParameters3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7S3VersionKeyAF6E05ED": {
"Type": "String",
"Description": "S3 key for asset version \"c9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176\""
"Description": "S3 key for asset version \"3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7\""
},
"AssetParametersc9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176ArtifactHash4E343C6C": {
"AssetParameters3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7ArtifactHash8926088E": {
"Type": "String",
"Description": "Artifact hash for asset \"c9ac4b3b65f3510a2088b7fd003de23d2aefac424025eb168725ce6769e3c176\""
"Description": "Artifact hash for asset \"3c3ed777478fe845fb5950df5e26461242b39cf220f00e0683aab244d9d7c0f7\""
},
"AssetParameters972240f9dd6e036a93d5f081af9a24315b2053828ac049b3b19b2fa12d7ae64aS3Bucket1F1A8472": {
"Type": "String",
Expand Down
12 changes: 6 additions & 6 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.firelens-s3-config.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,8 +437,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -448,7 +446,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -636,8 +636,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -647,7 +645,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down
12 changes: 6 additions & 6 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-awsvpc-nw.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,8 +437,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -448,7 +446,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -636,8 +636,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -647,7 +645,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down
12 changes: 6 additions & 6 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-bridge-nw.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -458,8 +458,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -469,7 +467,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -657,8 +657,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -668,7 +666,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down
12 changes: 6 additions & 6 deletions packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-awsvpc-nw.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,8 +437,6 @@
"ecs:Poll",
"ecs:StartTelemetrySession"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -448,7 +446,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down Expand Up @@ -636,8 +636,6 @@
"ecs:DescribeContainerInstances",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": {
Expand All @@ -647,7 +645,9 @@
]
}
}
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
Expand Down
Loading

0 comments on commit 63bc98f

Please sign in to comment.