From fcc1838932fead426509286dd00bd4f65b3018b1 Mon Sep 17 00:00:00 2001 From: guessi Date: Tue, 14 Jan 2025 13:25:25 +0800 Subject: [PATCH] chore(java/eks): refresh sample code and set Amazon EKS version as 1.31 --- java/eks/fargate-cluster/cdk.json | 24 +++++++++++++++++-- java/eks/fargate-cluster/pom.xml | 9 ++++++- .../com/amazonaws/cdk/EksFargateStack.java | 11 ++++----- .../amazonaws/cdk/EksFargateStackTest.java | 2 +- .../cdk/EksFargateStackExpected.json | 6 ++--- java/eks/private-cluster/README.md | 14 +++++------ java/eks/private-cluster/cdk.json | 24 +++++++++++++++++-- java/eks/private-cluster/pom.xml | 9 ++++++- .../cdk/examples/EksPrivateClusterStack.java | 6 ++--- .../examples/EksPrivateClusterStackTest.java | 2 +- 10 files changed, 79 insertions(+), 28 deletions(-) diff --git a/java/eks/fargate-cluster/cdk.json b/java/eks/fargate-cluster/cdk.json index 441b988fc6..d78c89aaaf 100644 --- a/java/eks/fargate-cluster/cdk.json +++ b/java/eks/fargate-cluster/cdk.json @@ -30,7 +30,6 @@ "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, "@aws-cdk/core:enablePartitionLiterals": true, "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, - "@aws-cdk/aws-iam:standardizedServicePrincipals": true, "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, @@ -55,6 +54,27 @@ "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true, "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true, "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true, - "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true, + "@aws-cdk/aws-eks:nodegroupNameAttribute": true, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true } } diff --git a/java/eks/fargate-cluster/pom.xml b/java/eks/fargate-cluster/pom.xml index 38a4c306b2..a04cc078bd 100644 --- a/java/eks/fargate-cluster/pom.xml +++ b/java/eks/fargate-cluster/pom.xml @@ -9,7 +9,8 @@ UTF-8 - 2.115.0 + 2.175.1 + 2.0.0 [10.0.0,11.0.0) 5.7.1 @@ -22,6 +23,12 @@ ${cdk.version} + + software.amazon.awscdk + cdk-lambda-layer-kubectl-v31 + ${kubectl.version} + + software.constructs constructs diff --git a/java/eks/fargate-cluster/src/main/java/com/amazonaws/cdk/EksFargateStack.java b/java/eks/fargate-cluster/src/main/java/com/amazonaws/cdk/EksFargateStack.java index 4fc38bc9ab..a1f237e36c 100644 --- a/java/eks/fargate-cluster/src/main/java/com/amazonaws/cdk/EksFargateStack.java +++ b/java/eks/fargate-cluster/src/main/java/com/amazonaws/cdk/EksFargateStack.java @@ -2,7 +2,7 @@ import software.amazon.awscdk.CfnOutput; import software.amazon.awscdk.Stack; -import software.amazon.awscdk.lambdalayer.kubectl.KubectlLayer; +import software.amazon.awscdk.cdk.lambdalayer.kubectl.v31.KubectlV31Layer; import software.amazon.awscdk.services.ec2.SubnetSelection; import software.amazon.awscdk.services.ec2.SubnetType; import software.amazon.awscdk.services.eks.*; @@ -43,9 +43,9 @@ public EksFargateStack(final Construct scope, final String id, final EksFargateP .mastersRole(clusterAdminRole) .role(clusterAdminRole) .endpointAccess(EndpointAccess.PUBLIC) - .version(KubernetesVersion.V1_28) + .version(KubernetesVersion.V1_31) .vpc(props.getVpc()) - .kubectlLayer(new KubectlLayer(this, "KubectlLayer")) + .kubectlLayer(new KubectlV31Layer(this, "KubectlLayer")) .vpcSubnets(List.of(SubnetSelection.builder() .subnetType(SubnetType.PRIVATE_WITH_EGRESS) .build())) @@ -65,15 +65,14 @@ public EksFargateStack(final Construct scope, final String id, final EksFargateP new CfnAddon(this, "eks-vpc-cni-addon", CfnAddonProps.builder() .clusterName(eksCluster.getClusterName()) .addonName("vpc-cni") - .addonVersion("v1.16.0-eksbuild.1") + .addonVersion("v1.19.2-eksbuild.1") .resolveConflicts("OVERWRITE") - .build()); new CfnAddon(this, "eks-kube-proxy-addon", CfnAddonProps.builder() .clusterName(eksCluster.getClusterName()) .addonName("kube-proxy") - .addonVersion("v1.28.4-eksbuild.1") + .addonVersion("v1.31.3-eksbuild.2") .resolveConflicts("OVERWRITE") .build()); diff --git a/java/eks/fargate-cluster/src/test/java/com/amazonaws/cdk/EksFargateStackTest.java b/java/eks/fargate-cluster/src/test/java/com/amazonaws/cdk/EksFargateStackTest.java index 016c3bc069..6b5c86c240 100644 --- a/java/eks/fargate-cluster/src/test/java/com/amazonaws/cdk/EksFargateStackTest.java +++ b/java/eks/fargate-cluster/src/test/java/com/amazonaws/cdk/EksFargateStackTest.java @@ -56,7 +56,7 @@ void testEksCluster() { Map.of( "Config", Map.of( "name", "SampleCluster", - "version", "1.28" + "version", "1.31" ) ) ), 1); diff --git a/java/eks/fargate-cluster/src/test/resources/com/amazonaws/cdk/EksFargateStackExpected.json b/java/eks/fargate-cluster/src/test/resources/com/amazonaws/cdk/EksFargateStackExpected.json index 6beb76fdcd..0d63e518fe 100644 --- a/java/eks/fargate-cluster/src/test/resources/com/amazonaws/cdk/EksFargateStackExpected.json +++ b/java/eks/fargate-cluster/src/test/resources/com/amazonaws/cdk/EksFargateStackExpected.json @@ -384,7 +384,7 @@ }, "Config": { "name": "SampleCluster", - "version": "1.28", + "version": "1.31", "roleArn": { "Fn::GetAtt": [ "EksClusterAdminRoleD3CAEBD0", @@ -751,7 +751,7 @@ "Type": "AWS::EKS::Addon", "Properties": { "AddonName": "vpc-cni", - "AddonVersion": "v1.16.0-eksbuild.1", + "AddonVersion": "v1.19.2-eksbuild.1", "ClusterName": { "Ref": "EksFargateCluster07FC3D2B" }, @@ -765,7 +765,7 @@ "Type": "AWS::EKS::Addon", "Properties": { "AddonName": "kube-proxy", - "AddonVersion": "v1.28.4-eksbuild.1", + "AddonVersion": "v1.31.3-eksbuild.2", "ClusterName": { "Ref": "EksFargateCluster07FC3D2B" }, diff --git a/java/eks/private-cluster/README.md b/java/eks/private-cluster/README.md index df0ddc8050..e4a63d382c 100644 --- a/java/eks/private-cluster/README.md +++ b/java/eks/private-cluster/README.md @@ -95,12 +95,10 @@ For other packages or tools like `kubectl`, create an S3 bucket accessible from Sample cloudshell session: ``` -[cloudshell-user@ip-10-2-84-204 ~]$ curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.28.5/2024-01-04/bin/linux/amd64/kubectl -% Total % Received % Xferd Average Speed Time Time Time Current - Dload Upload Total Spent Left Speed -100 47.5M 100 47.5M 0 0 7975k 0 0:00:06 0:00:06 --:--:-- 10.4M -[cloudshell-user@ip-10-2-84-204 ~]$ aws s3 cp kubectl s3://my-bucket/kubectl-1.28.5 -upload: ./kubectl to s3://my-bucket/kubectl-1.28.5 +[cloudshell-user@ip-10-2-84-204 ~]$ curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.31.4/2025-01-10/bin/darwin/amd64/kubectl + +[cloudshell-user@ip-10-2-84-204 ~]$ aws s3 cp kubectl s3://my-bucket/kubectl-1.31.4 +upload: ./kubectl to s3://my-bucket/kubectl-1.31.4 ``` ## Accessing the EKS cluster with kubectl @@ -118,7 +116,7 @@ Test the access to the EKS cluster. Get pods and nodes ``` [ssm-user@ip-10-0-0-240 ~]$ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-0-60.ap-southeast-1.compute.internal Ready 19h v1.28.5-eks-5e0fdde +ip-10-0-0-60.ap-southeast-1.compute.internal Ready 19h v1.31.0-eks-a737599 [ssm-user@ip-10-0-0-240 ~]$ kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE @@ -131,4 +129,4 @@ kube-system kube-proxy-m9ms4 1/1 Running 1 (4h39m ago) 19h ## Cleanup ``` cdk destroy -``` \ No newline at end of file +``` diff --git a/java/eks/private-cluster/cdk.json b/java/eks/private-cluster/cdk.json index 441b988fc6..d78c89aaaf 100644 --- a/java/eks/private-cluster/cdk.json +++ b/java/eks/private-cluster/cdk.json @@ -30,7 +30,6 @@ "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, "@aws-cdk/core:enablePartitionLiterals": true, "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, - "@aws-cdk/aws-iam:standardizedServicePrincipals": true, "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, @@ -55,6 +54,27 @@ "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true, "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true, "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true, - "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true + "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true, + "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true, + "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true, + "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true, + "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true, + "@aws-cdk/aws-eks:nodegroupNameAttribute": true, + "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, + "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true, + "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false, + "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false, + "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false, + "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true, + "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true, + "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true, + "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true, + "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true, + "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true, + "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true, + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true, + "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true, + "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true } } diff --git a/java/eks/private-cluster/pom.xml b/java/eks/private-cluster/pom.xml index 85258b621d..1b47d6e9fe 100644 --- a/java/eks/private-cluster/pom.xml +++ b/java/eks/private-cluster/pom.xml @@ -9,7 +9,8 @@ UTF-8 - 2.122.0 + 2.175.1 + 2.0.0 [10.0.0,11.0.0) 5.7.1 @@ -44,6 +45,12 @@ ${cdk.version} + + software.amazon.awscdk + cdk-lambda-layer-kubectl-v31 + ${kubectl.version} + + software.constructs constructs diff --git a/java/eks/private-cluster/src/main/java/com/amazonaws/cdk/examples/EksPrivateClusterStack.java b/java/eks/private-cluster/src/main/java/com/amazonaws/cdk/examples/EksPrivateClusterStack.java index 79dd667d68..7b6dfa4e26 100644 --- a/java/eks/private-cluster/src/main/java/com/amazonaws/cdk/examples/EksPrivateClusterStack.java +++ b/java/eks/private-cluster/src/main/java/com/amazonaws/cdk/examples/EksPrivateClusterStack.java @@ -4,7 +4,7 @@ import java.util.Map; import software.amazon.awscdk.Stack; import software.amazon.awscdk.StackProps; -import software.amazon.awscdk.lambdalayer.kubectl.KubectlLayer; +import software.amazon.awscdk.cdk.lambdalayer.kubectl.v31.KubectlV31Layer; import software.amazon.awscdk.services.autoscaling.AutoScalingGroup; import software.amazon.awscdk.services.ec2.BastionHostLinux; import software.amazon.awscdk.services.ec2.BlockDevice; @@ -89,12 +89,12 @@ private void createEksCluster(Role clusterAdmin) { this.cluster = Cluster.Builder.create(this, "eks") .vpc(vpc) - .version(KubernetesVersion.V1_28) + .version(KubernetesVersion.V1_31) .vpcSubnets( List.of(SubnetSelection.builder().subnetType(SubnetType.PRIVATE_ISOLATED).build())) .endpointAccess(EndpointAccess.PRIVATE) .clusterName("eks-private") - .kubectlLayer(new KubectlLayer(this, "kubectl-layer")) + .kubectlLayer(new KubectlV31Layer(this, "KubectlLayer")) .defaultCapacity(0) .mastersRole(clusterAdmin) .placeClusterHandlerInVpc(true) diff --git a/java/eks/private-cluster/src/test/java/com/amazonaws/cdk/examples/EksPrivateClusterStackTest.java b/java/eks/private-cluster/src/test/java/com/amazonaws/cdk/examples/EksPrivateClusterStackTest.java index 1f05e4faca..9923f0d824 100644 --- a/java/eks/private-cluster/src/test/java/com/amazonaws/cdk/examples/EksPrivateClusterStackTest.java +++ b/java/eks/private-cluster/src/test/java/com/amazonaws/cdk/examples/EksPrivateClusterStackTest.java @@ -29,7 +29,7 @@ public void testEksClusterNameVersion() { "Config", Map.of( "name", "eks-private", - "version", "1.28"))), + "version", "1.31"))), 1); }