-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcluster-stack.ts
More file actions
69 lines (61 loc) · 3.85 KB
/
cluster-stack.ts
File metadata and controls
69 lines (61 loc) · 3.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import { Stack, CfnOutput } from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as eks from 'aws-cdk-lib/aws-eks';
import * as iam from 'aws-cdk-lib/aws-iam';
import * as ssm from 'aws-cdk-lib/aws-ssm';
import { Construct } from 'constructs';
import { StackCommonProps, SSM_PREFIX, CLUSTER_NAME } from '../../config';
export class EksClusterStack extends Stack {
constructor(scope: Construct, id: string, props: StackCommonProps) {
super(scope, id, props);
const vpcId = this.node.tryGetContext('vpcId') || ssm.StringParameter.valueFromLookup(this, `${SSM_PREFIX}/vpc-id`);
const vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId: vpcId });
const clusterAdmin = new iam.Role(this, 'cluster-admin-role', {
assumedBy: new iam.AccountRootPrincipal()
});
const clusterRole = new iam.Role(this, 'cluster-role', {
roleName: `EksClusterRole-${id}`,
assumedBy: new iam.ServicePrincipal("eks.amazonaws.com"),
});
clusterRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSServicePolicy"));
clusterRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSClusterPolicy"));
const clusterName = `${CLUSTER_NAME}-${props.stage}`;
const cluster = new eks.Cluster(this, 'eks-cluster', {
clusterName: clusterName,
tags: {
Stage: props.stage,
Name: clusterName,
},
mastersRole: clusterAdmin,
role: clusterRole,
version: eks.KubernetesVersion.V1_21,
vpc: vpc,
defaultCapacity: 0,
// albController: {
// version: eks.AlbControllerVersion.V2_4_1,
// },
clusterLogging: [
eks.ClusterLoggingTypes.API,
eks.ClusterLoggingTypes.SCHEDULER
],
});
const certParam = new ssm.StringParameter(this, 'ssmClutsterCertificateAuthority',
{ parameterName: `/${clusterName}/cluster-certificate-authority`, stringValue: cluster.clusterCertificateAuthorityData });
const openIdConnectProviderArn = new ssm.StringParameter(this, 'ssmOpenIdConnectProviderArn',
{ parameterName: `/${clusterName}/openid-connect-provider-arn`, stringValue: cluster.openIdConnectProvider.openIdConnectProviderArn });
const kubectlRole = new ssm.StringParameter(this, 'ssmKubectlRole',
{ parameterName: `/${clusterName}/kubectl-role-arn`, stringValue: cluster.kubectlRole?.roleArn as string });
new CfnOutput(this, 'SSMClutsterCertificateAuthority', { value: certParam.parameterName });
new CfnOutput(this, 'SSMopenIdConnectProviderArn', { value: openIdConnectProviderArn.parameterName });
new CfnOutput(this, 'SSMopenIdConnectProviderArnValue', { value: openIdConnectProviderArn.stringValue });
new CfnOutput(this, 'SSMKubectlRoleArnValue', { value: kubectlRole.stringValue });
new CfnOutput(this, 'WebConsoleUrl', { value: `https://${this.region}.console.aws.amazon.com/eks/home?region=us-east-1#/clusters/${cluster.clusterName}` });
new CfnOutput(this, 'ClusterName', { value: cluster.clusterName });
new CfnOutput(this, 'ClusterArn', { value: cluster.clusterArn });
new CfnOutput(this, 'ClusterEndpoint', { value: cluster.clusterEndpoint });
new CfnOutput(this, 'ClusterSecurityGroupId', { value: cluster.clusterSecurityGroupId });
new CfnOutput(this, 'ClusterEncryptionConfigKeyArn', { value: cluster.clusterEncryptionConfigKeyArn });
new CfnOutput(this, 'ClusterOpenIdConnectIssuer', { value: cluster.clusterOpenIdConnectIssuer });
new CfnOutput(this, 'ClusterOpenIdConnectIssuerUrl', { value: cluster.clusterOpenIdConnectIssuerUrl });
}
}