├── .github ├── pull_request_template.md └── workflows │ ├── stale.yml │ ├── build.yml │ └── release.yml ├── version.json ├── cdk8s.yaml ├── src ├── index.ts ├── cert-manager.ts ├── envvar-ins.ts ├── integ.default.ts ├── imports │ └── aws-load-balancer-controller-v2 │ │ ├── mvc.yaml │ │ └── crd.yaml ├── alb-ingress-controller.ts ├── alb-controller-policy.ts └── aws-load-balancer-controller.ts ├── .mergify.yml ├── .npmignore ├── test └── alb-controller.test.ts ├── tsconfig.eslint.json ├── tsconfig.jest.json ├── .gitignore ├── .gitattributes ├── .projenrc.js ├── .projen ├── deps.json └── tasks.json ├── package.json ├── CHANGELOG.md ├── .eslintrc.json ├── README.md ├── LICENSE ├── get_helm.sh └── API.md /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | Fixes # -------------------------------------------------------------------------------- /version.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "1.0.3" 3 | } 4 | -------------------------------------------------------------------------------- /cdk8s.yaml: -------------------------------------------------------------------------------- 1 | language: typescript 2 | app: node ./lib/integ.default.js 3 | imports: 4 | - k8s -------------------------------------------------------------------------------- /src/index.ts: -------------------------------------------------------------------------------- 1 | export * from './aws-load-balancer-controller'; 2 | export * from './alb-ingress-controller'; 3 | export * from './alb-controller-policy'; 4 | export * from './envvar-ins'; 5 | export * from './cert-manager'; -------------------------------------------------------------------------------- /src/cert-manager.ts: -------------------------------------------------------------------------------- 1 | import * as fs from 'fs'; 2 | import * as path from 'path'; 3 | import * as yaml from 'js-yaml'; 4 | export class CertManager { 5 | public static certManagerConfig(): any { 6 | let certManagerConfigManifest = yaml.safeLoadAll(fs.readFileSync(path.join(__dirname, '../cert/cert-manager.yaml')).toString()); 7 | return certManagerConfigManifest; 8 | } 9 | } -------------------------------------------------------------------------------- /.mergify.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | pull_request_rules: 4 | - name: Automatic merge on approval and successful build 5 | actions: 6 | merge: 7 | method: squash 8 | commit_message: title+body 9 | strict: smart 10 | strict_method: merge 11 | delete_head_branch: {} 12 | conditions: 13 | - "#approved-reviews-by>=1" 14 | - -label~=(do-not-merge) 15 | - status-success=build 16 | -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | /.projen/ 3 | /test-reports/ 4 | junit.xml 5 | /coverage/ 6 | /dist/changelog.md 7 | /dist/version.txt 8 | /.mergify.yml 9 | /test/ 10 | /src/ 11 | !/lib/ 12 | !/lib/**/*.js 13 | !/lib/**/*.d.ts 14 | dist 15 | /tsconfig.json 16 | /.github/ 17 | /.vscode/ 18 | /.idea/ 19 | /.projenrc.js 20 | tsconfig.tsbuildinfo 21 | /tsconfig.jest.json 22 | /.eslintrc.json 23 | /tsconfig.eslint.json 24 | !.jsii 25 | cdk.out 26 | cdk.context.json 27 | image 28 | yarn-error.log 29 | coverage 30 | -------------------------------------------------------------------------------- /src/envvar-ins.ts: -------------------------------------------------------------------------------- 1 | export interface EnvVar { 2 | /** 3 | * Name of the environment variable. Must be a C_IDENTIFIER. 4 | * 5 | * @schema io.k8s.api.core.v1.EnvVar#name 6 | */ 7 | readonly name: string; 8 | 9 | /** 10 | * Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". 11 | * 12 | * @default . 13 | * @schema io.k8s.api.core.v1.EnvVar#value 14 | */ 15 | readonly value?: string; 16 | } -------------------------------------------------------------------------------- /test/alb-controller.test.ts: -------------------------------------------------------------------------------- 1 | import { Chart, Testing } from 'cdk8s'; 2 | import { AlbIngressController, AwsLoadBalancerController } from '../src/index'; 3 | test('AlbIngressController', () => { 4 | const app = Testing.app(); 5 | const chart = new Chart(app, 'test'); 6 | new AlbIngressController(chart, 'AlbIngressController', { 7 | clusterName: 'TestClusterName', 8 | args: [ 9 | '--test=123', 10 | ], 11 | env: [ 12 | { 13 | name: 'testEnv', 14 | value: '12345', 15 | }, 16 | ], 17 | replicas: 0, 18 | }); 19 | }); 20 | 21 | test('AwsLoadBalancerController', () => { 22 | const app = Testing.app(); 23 | const chart = new Chart(app, 'test'); 24 | new AwsLoadBalancerController(chart, 'AwsLoadBalancerController', { 25 | clusterName: 'TestClusterName', 26 | }); 27 | }); -------------------------------------------------------------------------------- /src/integ.default.ts: -------------------------------------------------------------------------------- 1 | import { App, Chart } from 'cdk8s'; 2 | import { Construct } from 'constructs'; 3 | import { AlbIngressController, AwsLoadBalancerController } from './index'; 4 | 5 | export class MyChart extends Chart { 6 | constructor(scope: Construct, name: string) { 7 | super(scope, name); 8 | new AlbIngressController(this, 'AlbIngressController', { 9 | clusterName: 'TestClusterName', 10 | args: [ 11 | '--test=123', 12 | ], 13 | env: [ 14 | { 15 | name: 'testEnv', 16 | value: '12345', 17 | }, 18 | ], 19 | replicas: 0, 20 | }); 21 | new AwsLoadBalancerController(this, 'AwsLoadController', { 22 | clusterName: 'TestClusterName', 23 | chartVersion: '1.2.3', 24 | namespace: 'kube-system', 25 | }); 26 | } 27 | } 28 | const app = new App(); 29 | new MyChart(app, 'test'); 30 | app.synth(); -------------------------------------------------------------------------------- /tsconfig.eslint.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "alwaysStrict": true, 4 | "declaration": true, 5 | "experimentalDecorators": true, 6 | "inlineSourceMap": true, 7 | "inlineSources": true, 8 | "lib": [ 9 | "es2018" 10 | ], 11 | "module": "CommonJS", 12 | "noEmitOnError": false, 13 | "noFallthroughCasesInSwitch": true, 14 | "noImplicitAny": true, 15 | "noImplicitReturns": true, 16 | "noImplicitThis": true, 17 | "noUnusedLocals": true, 18 | "noUnusedParameters": true, 19 | "resolveJsonModule": true, 20 | "strict": true, 21 | "strictNullChecks": true, 22 | "strictPropertyInitialization": true, 23 | "stripInternal": true, 24 | "target": "ES2018" 25 | }, 26 | "include": [ 27 | ".projenrc.js", 28 | "src/**/*.ts", 29 | "test/**/*.ts" 30 | ], 31 | "exclude": [ 32 | "node_modules" 33 | ], 34 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 35 | } 36 | -------------------------------------------------------------------------------- /tsconfig.jest.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "alwaysStrict": true, 4 | "declaration": true, 5 | "experimentalDecorators": true, 6 | "inlineSourceMap": true, 7 | "inlineSources": true, 8 | "lib": [ 9 | "es2018" 10 | ], 11 | "module": "CommonJS", 12 | "noEmitOnError": false, 13 | "noFallthroughCasesInSwitch": true, 14 | "noImplicitAny": true, 15 | "noImplicitReturns": true, 16 | "noImplicitThis": true, 17 | "noUnusedLocals": true, 18 | "noUnusedParameters": true, 19 | "resolveJsonModule": true, 20 | "strict": true, 21 | "strictNullChecks": true, 22 | "strictPropertyInitialization": true, 23 | "stripInternal": true, 24 | "target": "ES2018" 25 | }, 26 | "include": [ 27 | ".projenrc.js", 28 | "src/**/*.ts", 29 | "test/**/*.ts" 30 | ], 31 | "exclude": [ 32 | "node_modules" 33 | ], 34 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 35 | } 36 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | !/.gitattributes 3 | !/.projen/tasks.json 4 | !/.projen/deps.json 5 | !/.github/workflows/stale.yml 6 | !/package.json 7 | !/LICENSE 8 | !/.npmignore 9 | logs 10 | *.log 11 | npm-debug.log* 12 | yarn-debug.log* 13 | yarn-error.log* 14 | lerna-debug.log* 15 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 16 | pids 17 | *.pid 18 | *.seed 19 | *.pid.lock 20 | lib-cov 21 | *.lcov 22 | .nyc_output 23 | build/Release 24 | node_modules/ 25 | jspm_packages/ 26 | *.tsbuildinfo 27 | .eslintcache 28 | *.tgz 29 | .yarn-integrity 30 | .cache 31 | !/.projenrc.js 32 | /test-reports/ 33 | junit.xml 34 | /coverage/ 35 | !/.github/workflows/build.yml 36 | /dist/changelog.md 37 | /dist/version.txt 38 | !/.mergify.yml 39 | !/.github/pull_request_template.md 40 | !/test/ 41 | !/src/ 42 | /lib 43 | /dist/ 44 | !/tsconfig.jest.json 45 | !/.eslintrc.json 46 | !/tsconfig.eslint.json 47 | .jsii 48 | tsconfig.json 49 | !/API.md 50 | cdk.out 51 | cdk.context.json 52 | image 53 | yarn-error.log 54 | coverage 55 | !/.github/workflows/release.yml 56 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | *.snap linguist-generated 4 | /.eslintrc.json linguist-generated 5 | /.gitattributes linguist-generated 6 | /.github/pull_request_template.md linguist-generated 7 | /.github/workflows/build.yml linguist-generated 8 | /.github/workflows/release.yml linguist-generated 9 | /.github/workflows/stale.yml linguist-generated 10 | /.gitignore linguist-generated 11 | /.mergify.yml linguist-generated 12 | /.npmignore linguist-generated 13 | /.projen/** linguist-generated 14 | /.projen/deps.json linguist-generated 15 | /.projen/tasks.json linguist-generated 16 | /LICENSE linguist-generated 17 | /package.json linguist-generated 18 | /tsconfig.eslint.json linguist-generated 19 | /tsconfig.jest.json linguist-generated 20 | /yarn.lock linguist-generated -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: stale 4 | on: 5 | schedule: 6 | - cron: 0 1 * * * 7 | workflow_dispatch: {} 8 | jobs: 9 | stale: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | issues: write 13 | pull-requests: write 14 | steps: 15 | - uses: actions/stale@v4 16 | with: 17 | days-before-stale: -1 18 | days-before-close: -1 19 | days-before-pr-stale: 14 20 | days-before-pr-close: 2 21 | stale-pr-message: This pull request is now marked as stale because it hasn't 22 | seen activity for a while. Add a comment or it will be closed soon. 23 | close-pr-message: Closing this pull request as it hasn't seen activity for a 24 | while. Please add a comment @mentioning a maintainer to reopen. 25 | stale-pr-label: stale 26 | days-before-issue-stale: 60 27 | days-before-issue-close: 7 28 | stale-issue-message: This issue is now marked as stale because it hasn't seen 29 | activity for a while. Add a comment or it will be closed soon. 30 | close-issue-message: Closing this issue as it hasn't seen activity for a while. 31 | Please add a comment @mentioning a maintainer to reopen. 32 | stale-issue-label: stale 33 | -------------------------------------------------------------------------------- /src/imports/aws-load-balancer-controller-v2/mvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1beta1 2 | kind: MutatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert 6 | creationTimestamp: null 7 | labels: 8 | app.kubernetes.io/name: aws-load-balancer-controller 9 | name: aws-load-balancer-webhook 10 | webhooks: 11 | - clientConfig: 12 | caBundle: Cg== 13 | service: 14 | name: aws-load-balancer-webhook-service 15 | namespace: kube-system 16 | path: /mutate-v1-pod 17 | failurePolicy: Fail 18 | name: mpod.elbv2.k8s.aws 19 | namespaceSelector: 20 | matchExpressions: 21 | - key: elbv2.k8s.aws/pod-readiness-gate-inject 22 | operator: In 23 | values: 24 | - enabled 25 | rules: 26 | - apiGroups: 27 | - "" 28 | apiVersions: 29 | - v1 30 | operations: 31 | - CREATE 32 | resources: 33 | - pods 34 | sideEffects: None 35 | - clientConfig: 36 | caBundle: Cg== 37 | service: 38 | name: aws-load-balancer-webhook-service 39 | namespace: kube-system 40 | path: /mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding 41 | failurePolicy: Fail 42 | name: mtargetgroupbinding.elbv2.k8s.aws 43 | rules: 44 | - apiGroups: 45 | - elbv2.k8s.aws 46 | apiVersions: 47 | - v1beta1 48 | operations: 49 | - CREATE 50 | - UPDATE 51 | resources: 52 | - targetgroupbindings 53 | sideEffects: None -------------------------------------------------------------------------------- /.projenrc.js: -------------------------------------------------------------------------------- 1 | const { ConstructLibrary, DependenciesUpgradeMechanism, ScheduleInterval } = require('projen'); 2 | const { DependabotScheduleInterval } = require('projen/lib/github'); 3 | const PROJECT_DESCRIPTION = 'cdk8s-aws-load-balancer-controller is an CDK8S construct library that provides AWS Alb Load Balancer Controller Configure.'; 4 | const CDK_VERSION = '^1.113.0'; 5 | const CDK8S_VERSION = '1.0.0-beta.10'; 6 | const CONSTRCUTS_VERSION = '^3.3.147'; 7 | const project = new ConstructLibrary({ 8 | description: PROJECT_DESCRIPTION, 9 | authorAddress: 'guan840912@gmail.com', 10 | authorName: 'Neil Kuan', 11 | name: 'cdk8s-aws-load-balancer-controller', 12 | repository: 'https://github.com/neilkuan/cdk8s-aws-load-balancer-controller.git', 13 | keywords: ['aws', 'cdk8s', 'aws-load-balancer-controller'], 14 | defaultReleaseBranch: 'main', 15 | catalog: { 16 | twitter: 'neil_kuan', 17 | announce: false, 18 | }, 19 | minNodeVersion: '14.15.0', 20 | python: { 21 | distName: 'cdk8s-aws-load-balancer-controller', 22 | module: 'cdk8s_aws_load_balancer_controller', 23 | }, 24 | peerDeps: [ 25 | `constructs@${CONSTRCUTS_VERSION}`, 26 | `@aws-cdk/aws-iam@${CDK_VERSION}`, 27 | `@aws-cdk/core@${CDK_VERSION}`, 28 | `cdk8s@${CDK8S_VERSION}`, 29 | ], 30 | devDeps: [ 31 | '@types/js-yaml@^3.12.5', 32 | 'js-yaml@^3.14.0', 33 | // `cdk8s@${CDK8S_VERSION}`, 34 | // `constructs@${CONSTRCUTS_VERSION}`, 35 | // `@aws-cdk/aws-iam@${CDK_VERSION}`, 36 | // `@aws-cdk/core@${CDK_VERSION}`, 37 | ], 38 | bundledDeps: [ 39 | '@types/js-yaml@^3.12.5', 40 | 'js-yaml@^3.14.0', 41 | ], 42 | depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow({ 43 | workflow: false, 44 | }), 45 | workflowBootstrapSteps: [ 46 | { 47 | name: 'Install Helm', 48 | id: 'install_helm', 49 | run: `curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 50 | chmod 700 get_helm.sh 51 | ./get_helm.sh 52 | helm repo add eks https://aws.github.io/eks-charts 53 | helm repo update`, 54 | }, 55 | ], 56 | }); 57 | 58 | const common_exclude = ['cdk.out', 'cdk.context.json', 'image', 'yarn-error.log', 'coverage']; 59 | project.gitignore.exclude(...common_exclude); 60 | 61 | project.npmignore.exclude(...common_exclude); 62 | project.synth(); -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: build 4 | on: 5 | pull_request: {} 6 | workflow_dispatch: {} 7 | jobs: 8 | build: 9 | runs-on: ubuntu-latest 10 | permissions: 11 | checks: write 12 | contents: write 13 | actions: write 14 | env: 15 | CI: "true" 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v2 19 | with: 20 | ref: ${{ github.event.pull_request.head.ref }} 21 | repository: ${{ github.event.pull_request.head.repo.full_name }} 22 | - name: Set git identity 23 | run: |- 24 | git config user.name "Automation" 25 | git config user.email "github-actions@github.com" 26 | - name: Install Helm 27 | id: install_helm 28 | run: >- 29 | curl -fsSL -o get_helm.sh 30 | https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 31 | 32 | chmod 700 get_helm.sh 33 | 34 | ./get_helm.sh 35 | 36 | helm repo add eks https://aws.github.io/eks-charts 37 | 38 | helm repo update 39 | - name: Setup Node.js 40 | uses: actions/setup-node@v2.2.0 41 | with: 42 | node-version: 14.15.0 43 | - name: Install dependencies 44 | run: yarn install --check-files --frozen-lockfile 45 | - name: build 46 | run: npx projen build 47 | - name: Check for changes 48 | id: git_diff 49 | run: git diff --exit-code || echo "::set-output name=has_changes::true" 50 | - if: steps.git_diff.outputs.has_changes 51 | name: Commit and push changes (if changed) 52 | run: 'git add . && git commit -m "chore: self mutation" && git push origin 53 | HEAD:${{ github.event.pull_request.head.ref }}' 54 | - if: steps.git_diff.outputs.has_changes 55 | name: Update status check (if changed) 56 | run: gh api -X POST /repos/${{ github.event.pull_request.head.repo.full_name 57 | }}/check-runs -F name="build" -F head_sha="$(git rev-parse HEAD)" -F 58 | status="completed" -F conclusion="success" 59 | env: 60 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 61 | - if: steps.git_diff.outputs.has_changes 62 | name: Cancel workflow (if changed) 63 | run: gh api -X POST /repos/${{ github.event.pull_request.head.repo.full_name 64 | }}/actions/runs/${{ github.run_id }}/cancel 65 | env: 66 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 67 | container: 68 | image: jsii/superchain 69 | -------------------------------------------------------------------------------- /.projen/deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": [ 3 | { 4 | "name": "@aws-cdk/aws-iam", 5 | "version": "1.113.0", 6 | "type": "build" 7 | }, 8 | { 9 | "name": "@aws-cdk/core", 10 | "version": "1.113.0", 11 | "type": "build" 12 | }, 13 | { 14 | "name": "@types/jest", 15 | "type": "build" 16 | }, 17 | { 18 | "name": "@types/js-yaml", 19 | "version": "^3.12.5", 20 | "type": "build" 21 | }, 22 | { 23 | "name": "@types/node", 24 | "version": "^14.15.0", 25 | "type": "build" 26 | }, 27 | { 28 | "name": "@typescript-eslint/eslint-plugin", 29 | "type": "build" 30 | }, 31 | { 32 | "name": "@typescript-eslint/parser", 33 | "type": "build" 34 | }, 35 | { 36 | "name": "cdk8s", 37 | "version": "1.0.0-beta.10", 38 | "type": "build" 39 | }, 40 | { 41 | "name": "constructs", 42 | "version": "3.3.147", 43 | "type": "build" 44 | }, 45 | { 46 | "name": "eslint", 47 | "type": "build" 48 | }, 49 | { 50 | "name": "eslint-import-resolver-node", 51 | "type": "build" 52 | }, 53 | { 54 | "name": "eslint-import-resolver-typescript", 55 | "type": "build" 56 | }, 57 | { 58 | "name": "eslint-plugin-import", 59 | "type": "build" 60 | }, 61 | { 62 | "name": "jest", 63 | "type": "build" 64 | }, 65 | { 66 | "name": "jest-junit", 67 | "version": "^12", 68 | "type": "build" 69 | }, 70 | { 71 | "name": "js-yaml", 72 | "version": "^3.14.0", 73 | "type": "build" 74 | }, 75 | { 76 | "name": "jsii", 77 | "type": "build" 78 | }, 79 | { 80 | "name": "jsii-diff", 81 | "type": "build" 82 | }, 83 | { 84 | "name": "jsii-docgen", 85 | "type": "build" 86 | }, 87 | { 88 | "name": "jsii-pacmak", 89 | "type": "build" 90 | }, 91 | { 92 | "name": "json-schema", 93 | "type": "build" 94 | }, 95 | { 96 | "name": "npm-check-updates", 97 | "version": "^11", 98 | "type": "build" 99 | }, 100 | { 101 | "name": "projen", 102 | "type": "build" 103 | }, 104 | { 105 | "name": "standard-version", 106 | "version": "^9", 107 | "type": "build" 108 | }, 109 | { 110 | "name": "ts-jest", 111 | "type": "build" 112 | }, 113 | { 114 | "name": "typescript", 115 | "type": "build" 116 | }, 117 | { 118 | "name": "@types/js-yaml", 119 | "version": "^3.12.5", 120 | "type": "bundled" 121 | }, 122 | { 123 | "name": "js-yaml", 124 | "version": "^3.14.0", 125 | "type": "bundled" 126 | }, 127 | { 128 | "name": "@aws-cdk/aws-iam", 129 | "version": "^1.113.0", 130 | "type": "peer" 131 | }, 132 | { 133 | "name": "@aws-cdk/core", 134 | "version": "^1.113.0", 135 | "type": "peer" 136 | }, 137 | { 138 | "name": "cdk8s", 139 | "version": "1.0.0-beta.10", 140 | "type": "peer" 141 | }, 142 | { 143 | "name": "constructs", 144 | "version": "^3.3.147", 145 | "type": "peer" 146 | } 147 | ], 148 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 149 | } 150 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: release 4 | on: 5 | push: 6 | branches: 7 | - main 8 | workflow_dispatch: {} 9 | jobs: 10 | release: 11 | runs-on: ubuntu-latest 12 | permissions: 13 | contents: write 14 | outputs: 15 | latest_commit: ${{ steps.git_remote.outputs.latest_commit }} 16 | env: 17 | CI: "true" 18 | steps: 19 | - name: Checkout 20 | uses: actions/checkout@v2 21 | with: 22 | fetch-depth: 0 23 | - name: Set git identity 24 | run: |- 25 | git config user.name "Automation" 26 | git config user.email "github-actions@github.com" 27 | - name: Install Helm 28 | id: install_helm 29 | run: >- 30 | curl -fsSL -o get_helm.sh 31 | https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 32 | 33 | chmod 700 get_helm.sh 34 | 35 | ./get_helm.sh 36 | 37 | helm repo add eks https://aws.github.io/eks-charts 38 | 39 | helm repo update 40 | - name: Setup Node.js 41 | uses: actions/setup-node@v2.2.0 42 | with: 43 | node-version: 14.15.0 44 | - name: Install dependencies 45 | run: yarn install --check-files --frozen-lockfile 46 | - name: release 47 | run: npx projen release 48 | - name: Check for new commits 49 | id: git_remote 50 | run: echo ::set-output name=latest_commit::"$(git ls-remote origin -h ${{ 51 | github.ref }} | cut -f1)" 52 | - name: Upload artifact 53 | if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} 54 | uses: actions/upload-artifact@v2.1.1 55 | with: 56 | name: dist 57 | path: dist 58 | container: 59 | image: jsii/superchain 60 | release_github: 61 | name: Publish to GitHub Releases 62 | needs: release 63 | runs-on: ubuntu-latest 64 | permissions: 65 | contents: write 66 | if: needs.release.outputs.latest_commit == github.sha 67 | steps: 68 | - name: Download build artifacts 69 | uses: actions/download-artifact@v2 70 | with: 71 | name: dist 72 | path: dist 73 | - name: Release 74 | run: gh release create v$(cat dist/version.txt) -R ${{ github.repository }} -F 75 | dist/changelog.md -t v$(cat dist/version.txt) 76 | env: 77 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 78 | release_npm: 79 | name: Publish to npm 80 | needs: release 81 | runs-on: ubuntu-latest 82 | permissions: 83 | contents: read 84 | if: needs.release.outputs.latest_commit == github.sha 85 | steps: 86 | - name: Download build artifacts 87 | uses: actions/download-artifact@v2 88 | with: 89 | name: dist 90 | path: dist 91 | - name: Release 92 | run: npx -p jsii-release@latest jsii-release-npm 93 | env: 94 | NPM_DIST_TAG: latest 95 | NPM_REGISTRY: registry.npmjs.org 96 | NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 97 | container: 98 | image: jsii/superchain 99 | release_pypi: 100 | name: Publish to PyPI 101 | needs: release 102 | runs-on: ubuntu-latest 103 | permissions: 104 | contents: read 105 | if: needs.release.outputs.latest_commit == github.sha 106 | steps: 107 | - name: Download build artifacts 108 | uses: actions/download-artifact@v2 109 | with: 110 | name: dist 111 | path: dist 112 | - name: Release 113 | run: npx -p jsii-release@latest jsii-release-pypi 114 | env: 115 | TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} 116 | TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} 117 | container: 118 | image: jsii/superchain 119 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdk8s-aws-load-balancer-controller", 3 | "description": "cdk8s-aws-load-balancer-controller is an CDK8S construct library that provides AWS Alb Load Balancer Controller Configure.", 4 | "repository": { 5 | "type": "git", 6 | "url": "https://github.com/neilkuan/cdk8s-aws-load-balancer-controller.git" 7 | }, 8 | "scripts": { 9 | "clobber": "npx projen clobber", 10 | "compile": "npx projen compile", 11 | "test:compile": "npx projen test:compile", 12 | "test": "npx projen test", 13 | "build": "npx projen build", 14 | "test:watch": "npx projen test:watch", 15 | "test:update": "npx projen test:update", 16 | "bump": "npx projen bump", 17 | "unbump": "npx projen unbump", 18 | "publish:github": "npx projen publish:github", 19 | "upgrade": "npx projen upgrade", 20 | "upgrade-projen": "npx projen upgrade-projen", 21 | "default": "npx projen default", 22 | "watch": "npx projen watch", 23 | "package": "npx projen package", 24 | "eslint": "npx projen eslint", 25 | "compat": "npx projen compat", 26 | "publish:npm": "npx projen publish:npm", 27 | "publish:pypi": "npx projen publish:pypi", 28 | "docgen": "npx projen docgen", 29 | "release": "npx projen release", 30 | "projen": "npx projen" 31 | }, 32 | "author": { 33 | "name": "Neil Kuan", 34 | "email": "guan840912@gmail.com", 35 | "organization": false 36 | }, 37 | "devDependencies": { 38 | "@aws-cdk/aws-iam": "1.113.0", 39 | "@aws-cdk/core": "1.113.0", 40 | "@types/jest": "^26.0.24", 41 | "@types/js-yaml": "^3.12.5", 42 | "@types/node": "^14.15.0", 43 | "@typescript-eslint/eslint-plugin": "^4.28.4", 44 | "@typescript-eslint/parser": "^4.28.4", 45 | "cdk8s": "1.0.0-beta.10", 46 | "constructs": "3.3.147", 47 | "eslint": "^7.31.0", 48 | "eslint-import-resolver-node": "^0.3.4", 49 | "eslint-import-resolver-typescript": "^2.4.0", 50 | "eslint-plugin-import": "^2.23.4", 51 | "jest": "^27.0.6", 52 | "jest-junit": "^12", 53 | "js-yaml": "^3.14.0", 54 | "jsii": "^1.31.0", 55 | "jsii-diff": "^1.31.0", 56 | "jsii-docgen": "^3.2.2", 57 | "jsii-pacmak": "^1.31.0", 58 | "json-schema": "^0.3.0", 59 | "npm-check-updates": "^11", 60 | "projen": "^0.27.6", 61 | "standard-version": "^9", 62 | "ts-jest": "^27.0.4", 63 | "typescript": "^4.3.5" 64 | }, 65 | "peerDependencies": { 66 | "@aws-cdk/aws-iam": "^1.113.0", 67 | "@aws-cdk/core": "^1.113.0", 68 | "cdk8s": "1.0.0-beta.10", 69 | "constructs": "^3.3.147" 70 | }, 71 | "dependencies": { 72 | "@types/js-yaml": "^3.12.5", 73 | "js-yaml": "^3.14.0" 74 | }, 75 | "bundledDependencies": [ 76 | "@types/js-yaml", 77 | "js-yaml" 78 | ], 79 | "keywords": [ 80 | "aws", 81 | "aws-load-balancer-controller", 82 | "cdk", 83 | "cdk8s" 84 | ], 85 | "engines": { 86 | "node": ">= 14.15.0" 87 | }, 88 | "main": "lib/index.js", 89 | "license": "Apache-2.0", 90 | "version": "0.0.0", 91 | "jest": { 92 | "testMatch": [ 93 | "**/__tests__/**/*.ts?(x)", 94 | "**/?(*.)+(spec|test).ts?(x)" 95 | ], 96 | "clearMocks": true, 97 | "collectCoverage": true, 98 | "coverageReporters": [ 99 | "json", 100 | "lcov", 101 | "clover", 102 | "text" 103 | ], 104 | "coverageDirectory": "coverage", 105 | "coveragePathIgnorePatterns": [ 106 | "/node_modules/" 107 | ], 108 | "testPathIgnorePatterns": [ 109 | "/node_modules/" 110 | ], 111 | "watchPathIgnorePatterns": [ 112 | "/node_modules/" 113 | ], 114 | "reporters": [ 115 | "default", 116 | [ 117 | "jest-junit", 118 | { 119 | "outputDirectory": "test-reports" 120 | } 121 | ] 122 | ], 123 | "preset": "ts-jest", 124 | "globals": { 125 | "ts-jest": { 126 | "tsconfig": "tsconfig.jest.json" 127 | } 128 | } 129 | }, 130 | "types": "lib/index.d.ts", 131 | "stability": "stable", 132 | "jsii": { 133 | "outdir": "dist", 134 | "targets": { 135 | "python": { 136 | "distName": "cdk8s-aws-load-balancer-controller", 137 | "module": "cdk8s_aws_load_balancer_controller" 138 | } 139 | }, 140 | "tsc": { 141 | "outDir": "lib", 142 | "rootDir": "src" 143 | } 144 | }, 145 | "awscdkio": { 146 | "twitter": "neil_kuan", 147 | "announce": false 148 | }, 149 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 150 | } -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. 4 | 5 | ### 1.0.3 (2021-03-21) 6 | 7 | ### [1.0.2](https://github.com/guan840912/cdk8s-aws-load-balancer-controller/compare/v1.0.1...v1.0.2) (2020-12-01) 8 | 9 | ### [1.0.1](https://github.com/guan840912/cdk8s-aws-load-balancer-controller/compare/v1.0.0...v1.0.1) (2020-11-24) 10 | 11 | ## [1.0.0](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.31...v1.0.0) (2020-11-23) 12 | 13 | 14 | ### Features 15 | 16 | * awsloadbalancecontroller V2 ([91d442a](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/91d442aa5dc8d5b66ac6669fe87e78519acdb443)) 17 | 18 | ### [0.0.31](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.30...v0.0.31) (2020-11-23) 19 | 20 | ### [0.0.30](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.29...v0.0.30) (2020-11-22) 21 | 22 | 23 | ### Bug Fixes 24 | 25 | * namespace to default ([eae4af9](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/eae4af90ec8b0259f2b0ab675a37caa1e690581d)) 26 | 27 | ### [0.0.29](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.28...v0.0.29) (2020-11-22) 28 | 29 | 30 | ### Bug Fixes 31 | 32 | * v2 releaseName ([652fab7](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/652fab7e286a92d06a6243d449e4c77f324ea911)) 33 | 34 | ### [0.0.28](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.27...v0.0.28) (2020-11-22) 35 | 36 | ### [0.0.27](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.26...v0.0.27) (2020-11-08) 37 | 38 | 39 | ### Bug Fixes 40 | 41 | * update v2 policy ([a77135b](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/a77135bd5b76cc8512977fbc5446828675e443a0)) 42 | 43 | ### [0.0.26](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.25...v0.0.26) (2020-11-03) 44 | 45 | 46 | ### Bug Fixes 47 | 48 | * **cert:** fix cert path not found ([3151e0e](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/3151e0e6f436cf5731ee8a032f1bc6e3367391ff)) 49 | 50 | ### [0.0.25](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.24...v0.0.25) (2020-11-02) 51 | 52 | 53 | ### Features 54 | 55 | * cert-manager static function ([d6910e4](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/d6910e479383385ad03f5bb74535c67254c99ebd)) 56 | 57 | ### [0.0.24](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.23...v0.0.24) (2020-11-02) 58 | 59 | 60 | ### Features 61 | 62 | * cert-manager & aws-load-balancer-v2 ([3ba6d9d](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/3ba6d9d7c1c0a762a42789d7ea01c62634a0abfc)) 63 | 64 | ### [0.0.23](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.22...v0.0.23) (2020-10-31) 65 | 66 | 67 | ### Features 68 | 69 | * update aws-load-balance iam policy v2 ([94028c1](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/94028c15bce6cbcf6bfdc2095bc262b4a40a8298)) 70 | 71 | ### 0.0.22 (2020-10-30) 72 | 73 | ### 0.0.21 (2020-10-29) 74 | 75 | ### 0.0.20 (2020-10-28) 76 | 77 | ### 0.0.19 (2020-10-27) 78 | 79 | ### 0.0.18 (2020-10-26) 80 | 81 | ### 0.0.17 (2020-10-26) 82 | 83 | ### [0.0.16](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.15...v0.0.16) (2020-10-25) 84 | 85 | 86 | ### Features 87 | 88 | * AwsLoadBalancePolicy class ,do not use 0.0.15 ([ff025a2](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/ff025a21b0e8be3df863627fbbaf9ae11a7a2abd)) 89 | 90 | ### [0.0.15](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.12...v0.0.15) (2020-10-25) 91 | 92 | 93 | ### Features 94 | 95 | * AwsLoadBalancePolicy class ([8f8ae6a](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/8f8ae6a9947c371ebb90db957ce94899cf81c5f9)) 96 | * AwsLoadBalancePolicy class & fix role type ([0b779c5](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/commit/0b779c5599ed1b2fa6b4d4596bf83583b3d8df03)) 97 | 98 | ### 0.0.14 (2020-10-22) 99 | 100 | ### 0.0.13 (2020-10-21) 101 | 102 | ### 0.0.12 (2020-10-20) 103 | 104 | ### 0.0.11 (2020-10-20) 105 | 106 | ### 0.0.10 (2020-10-19) 107 | 108 | ### 0.0.9 (2020-10-15) 109 | 110 | ### 0.0.8 (2020-10-14) 111 | 112 | ### [0.0.7](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.5...v0.0.7) (2020-10-13) 113 | 114 | ### 0.0.6 (2020-10-13) 115 | 116 | ### [0.0.5](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.4...v0.0.5) (2020-10-13) 117 | 118 | ### [0.0.4](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.3...v0.0.4) (2020-10-13) 119 | 120 | ### [0.0.3](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.2...v0.0.3) (2020-10-12) 121 | 122 | ### [0.0.2](https://github.com/guan840912/cdk8s-aws-alb-ingress-controller/compare/v0.0.1...v0.0.2) (2020-10-12) 123 | 124 | ### 0.0.1 (2020-10-12) 125 | -------------------------------------------------------------------------------- /.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "env": { 3 | "jest": true, 4 | "node": true 5 | }, 6 | "root": true, 7 | "plugins": [ 8 | "@typescript-eslint", 9 | "import" 10 | ], 11 | "parser": "@typescript-eslint/parser", 12 | "parserOptions": { 13 | "ecmaVersion": 2018, 14 | "sourceType": "module", 15 | "project": "./tsconfig.eslint.json" 16 | }, 17 | "extends": [ 18 | "plugin:import/typescript" 19 | ], 20 | "settings": { 21 | "import/parsers": { 22 | "@typescript-eslint/parser": [ 23 | ".ts", 24 | ".tsx" 25 | ] 26 | }, 27 | "import/resolver": { 28 | "node": {}, 29 | "typescript": { 30 | "project": "./tsconfig.eslint.json" 31 | } 32 | } 33 | }, 34 | "ignorePatterns": [ 35 | "*.js", 36 | "!.projenrc.js", 37 | "*.d.ts", 38 | "node_modules/", 39 | "*.generated.ts", 40 | "coverage" 41 | ], 42 | "rules": { 43 | "indent": [ 44 | "off" 45 | ], 46 | "@typescript-eslint/indent": [ 47 | "error", 48 | 2 49 | ], 50 | "quotes": [ 51 | "error", 52 | "single", 53 | { 54 | "avoidEscape": true 55 | } 56 | ], 57 | "comma-dangle": [ 58 | "error", 59 | "always-multiline" 60 | ], 61 | "comma-spacing": [ 62 | "error", 63 | { 64 | "before": false, 65 | "after": true 66 | } 67 | ], 68 | "no-multi-spaces": [ 69 | "error", 70 | { 71 | "ignoreEOLComments": false 72 | } 73 | ], 74 | "array-bracket-spacing": [ 75 | "error", 76 | "never" 77 | ], 78 | "array-bracket-newline": [ 79 | "error", 80 | "consistent" 81 | ], 82 | "object-curly-spacing": [ 83 | "error", 84 | "always" 85 | ], 86 | "object-curly-newline": [ 87 | "error", 88 | { 89 | "multiline": true, 90 | "consistent": true 91 | } 92 | ], 93 | "object-property-newline": [ 94 | "error", 95 | { 96 | "allowAllPropertiesOnSameLine": true 97 | } 98 | ], 99 | "keyword-spacing": [ 100 | "error" 101 | ], 102 | "brace-style": [ 103 | "error", 104 | "1tbs", 105 | { 106 | "allowSingleLine": true 107 | } 108 | ], 109 | "space-before-blocks": [ 110 | "error" 111 | ], 112 | "curly": [ 113 | "error", 114 | "multi-line", 115 | "consistent" 116 | ], 117 | "@typescript-eslint/member-delimiter-style": [ 118 | "error" 119 | ], 120 | "semi": [ 121 | "error", 122 | "always" 123 | ], 124 | "max-len": [ 125 | "error", 126 | { 127 | "code": 150, 128 | "ignoreUrls": true, 129 | "ignoreStrings": true, 130 | "ignoreTemplateLiterals": true, 131 | "ignoreComments": true, 132 | "ignoreRegExpLiterals": true 133 | } 134 | ], 135 | "quote-props": [ 136 | "error", 137 | "consistent-as-needed" 138 | ], 139 | "@typescript-eslint/no-require-imports": [ 140 | "error" 141 | ], 142 | "import/no-extraneous-dependencies": [ 143 | "error", 144 | { 145 | "devDependencies": [ 146 | "**/test/**", 147 | "**/build-tools/**" 148 | ], 149 | "optionalDependencies": false, 150 | "peerDependencies": true 151 | } 152 | ], 153 | "import/no-unresolved": [ 154 | "error" 155 | ], 156 | "import/order": [ 157 | "warn", 158 | { 159 | "groups": [ 160 | "builtin", 161 | "external" 162 | ], 163 | "alphabetize": { 164 | "order": "asc", 165 | "caseInsensitive": true 166 | } 167 | } 168 | ], 169 | "no-duplicate-imports": [ 170 | "error" 171 | ], 172 | "no-shadow": [ 173 | "off" 174 | ], 175 | "@typescript-eslint/no-shadow": [ 176 | "error" 177 | ], 178 | "key-spacing": [ 179 | "error" 180 | ], 181 | "no-multiple-empty-lines": [ 182 | "error" 183 | ], 184 | "@typescript-eslint/no-floating-promises": [ 185 | "error" 186 | ], 187 | "no-return-await": [ 188 | "off" 189 | ], 190 | "@typescript-eslint/return-await": [ 191 | "error" 192 | ], 193 | "no-trailing-spaces": [ 194 | "error" 195 | ], 196 | "dot-notation": [ 197 | "error" 198 | ], 199 | "no-bitwise": [ 200 | "error" 201 | ], 202 | "@typescript-eslint/member-ordering": [ 203 | "error", 204 | { 205 | "default": [ 206 | "public-static-field", 207 | "public-static-method", 208 | "protected-static-field", 209 | "protected-static-method", 210 | "private-static-field", 211 | "private-static-method", 212 | "field", 213 | "constructor", 214 | "method" 215 | ] 216 | } 217 | ] 218 | }, 219 | "overrides": [ 220 | { 221 | "files": [ 222 | ".projenrc.js" 223 | ], 224 | "rules": { 225 | "@typescript-eslint/no-require-imports": "off", 226 | "import/no-extraneous-dependencies": "off" 227 | } 228 | } 229 | ] 230 | } 231 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![NPM version](https://badge.fury.io/js/cdk8s-aws-load-balancer-controller.svg)](https://badge.fury.io/js/cdk8s-aws-load-balancer-controller) 2 | [![PyPI version](https://badge.fury.io/py/cdk8s-aws-load-balancer-controller.svg)](https://badge.fury.io/py/cdk8s-aws-load-balancer-controller) 3 | ![Release](https://github.com/neilkuan/cdk8s-aws-load-balancer-controller/workflows/Release/badge.svg) 4 | 5 | ![Downloads](https://img.shields.io/badge/-DOWNLOADS:-brightgreen?color=gray) 6 | ![npm](https://img.shields.io/npm/dt/cdk8s-aws-load-balancer-controller?label=npm&color=orange) 7 | ![PyPI](https://img.shields.io/pypi/dm/cdk8s-aws-load-balancer-controller?label=pypi&color=blue) 8 | 9 | # cdk8s-aws-load-balancer-controller 10 | > [cdk8s aws load balancer controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller) constructs for cdk8s 11 | 12 | This project was formerly known as "CDK AWS ALB Ingress Controller", I just rename it to be "CDK AWS Load Balancer Controller". 13 | 14 | Basic implementation of a [aws load balancer controller](https://github.com/kubernetes-sigs/aws-load-balancer-controller) construct for cdk8s. Contributions are welcome! 15 | 16 | ## Before Usage need to install helm 17 | ```bash 18 | curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 19 | chmod 700 get_helm.sh 20 | ./get_helm.sh 21 | ``` 22 | 23 | ## Usage 24 | ```bash 25 | npm i cdk8s-aws-load-balancer-controller 26 | npm i cdk8s 27 | or 28 | yarn add cdk8s-aws-load-balancer-controller 29 | yarn add cdk8s 30 | ``` 31 | 32 | ### AWS Load Balance Controller V1 33 | ```ts 34 | import { App, Chart } from 'cdk8s'; 35 | import { Construct } from 'constructs'; 36 | import { AlbIngressController } from 'cdk8s-aws-load-balancer-controller'; 37 | 38 | export class MyChart extends Chart { 39 | constructor(scope: Construct, name: string) { 40 | super(scope, name); 41 | new AlbIngressController(this, 'albingresscntroller', { 42 | clusterName: 'EKScluster', 43 | }); 44 | } 45 | } 46 | const app = new App(); 47 | new MyChart(app, 'testcdk8s'); 48 | app.synth(); 49 | ``` 50 | 51 | ### AWS Load Balance Controller V2 52 | ```ts 53 | import { App, Chart } from 'cdk8s'; 54 | import { AwsLoadBalancerController } from 'cdk8s-aws-load-balancer-controller'; 55 | import * as constructs from 'constructs'; 56 | 57 | export interface MyChartProps { 58 | readonly clusterName: string; 59 | } 60 | 61 | export class MyChart extends Chart { 62 | readonly deploymentName: string; 63 | readonly deploymentNameSpace: string; 64 | constructor(scope: Construct, name: string, props: MyChartProps) { 65 | super(scope, name); 66 | const alb = new AwsLoadBalancerController(this, 'alb', { 67 | clusterName: props.clusterName, 68 | createServiceAccount: false, 69 | }); 70 | this.deploymentName = alb.deploymentName; 71 | this.deploymentNameSpace = alb.namespace; 72 | } 73 | } 74 | const app = new App(); 75 | new MyChart(app, 'testcdk8s'); 76 | app.synth(); 77 | ``` 78 | 79 | ### AWS Load Balance Controller V2 specific Namespace. 80 | ```ts 81 | import { App, Chart } from 'cdk8s'; 82 | import { AwsLoadBalancerController } from 'cdk8s-aws-load-balancer-controller'; 83 | import * as constructs from 'constructs'; 84 | 85 | export interface MyChartProps { 86 | readonly clusterName: string; 87 | } 88 | 89 | export class MyChart extends Chart { 90 | readonly deploymentName: string; 91 | readonly deploymentNameSpace: string; 92 | constructor(scope: Construct, name: string, props: MyChartProps) { 93 | super(scope, name); 94 | const alb = new AwsLoadBalancerController(this, 'alb', { 95 | clusterName: props.clusterName, 96 | createServiceAccount: false, 97 | namespace: 'kube-system', 98 | }); 99 | this.deploymentName = alb.deploymentName; 100 | this.deploymentNameSpace = alb.namespace; 101 | } 102 | } 103 | const app = new App(); 104 | new MyChart(app, 'testcdk8s'); 105 | app.synth(); 106 | ``` 107 | 108 | # Featrue For Add IAM Policy. 109 | - For IRSA add IAM Policy version 1. 110 | ```ts 111 | // CDK APP like eks_cluster.ts 112 | import { AwsLoadBalancePolicy, VersionsLists } from 'cdk8s-aws-load-balancer-controller'; 113 | import * as eks from '@aws-cdk/aws-eks'; 114 | const cluster = new eks.Cluster(this, 'MyK8SCluster', { 115 | defaultCapacity: 0, 116 | mastersRole: clusterAdmin, 117 | version: eks.KubernetesVersion.V1_18, 118 | }); 119 | 120 | const albServiceAccount = cluster.addServiceAccount('alb-ingress-controller', { 121 | name: 'alb-ingress-controller', 122 | namespace: 'kube-system', 123 | }); 124 | // will help you add policy to IAM Role . 125 | AwsLoadBalancePolicy.addPolicy(VersionsLists.AWS_LOAD_BALANCER_CONTROLLER_POLICY_V1, albServiceAccount); 126 | ``` 127 | 128 | - For IRSA add IAM Policy version 2. 129 | ```ts 130 | // CDK APP like eks_cluster.ts 131 | import { AwsLoadBalancePolicy, VersionsLists } from 'cdk8s-aws-load-balancer-controller'; 132 | import * as eks from '@aws-cdk/aws-eks'; 133 | const cluster = new eks.Cluster(this, 'MyK8SCluster', { 134 | defaultCapacity: 0, 135 | mastersRole: clusterAdmin, 136 | version: eks.KubernetesVersion.V1_18, 137 | }); 138 | 139 | const sa = new eks.ServiceAccount(this, 'albserviceaccount', { 140 | cluster: cluster, 141 | name: 'aws-load-balancer-controller', 142 | }); 143 | AwsLoadBalancePolicy.addPolicy(VersionsLists.AWS_LOAD_BALANCER_CONTROLLER_POLICY_V2, sa ); 144 | 145 | ``` 146 | 147 | Also can see [example repo 1](https://github.com/neilkuan/cdk8s-cdk-example) 148 | or [example repo 2](https://github.com/neilkuan/eks-mgng-tagging-name.git) work with aws cdk. 149 | ## License 150 | 151 | Distributed under the [Apache 2.0](./LICENSE) license. -------------------------------------------------------------------------------- /src/alb-ingress-controller.ts: -------------------------------------------------------------------------------- 1 | import { Construct } from 'constructs'; 2 | import { EnvVar } from './envvar-ins'; 3 | import * as k8s from './imports/k8s'; 4 | 5 | export interface AlbIngressControllerOptions { 6 | /** 7 | * Extra labels to associate with resources. 8 | * @default - none 9 | */ 10 | readonly labels?: { [name: string]: string }; 11 | /** 12 | * Default Namespace for alb-ingress-controller. 13 | * @default - kube-system 14 | */ 15 | readonly namespace?: string ; 16 | /** 17 | * Kubernetes Cluster Name for alb-ingress-controller. 18 | * @default - None 19 | */ 20 | readonly clusterName: string ; 21 | /** 22 | * Default Service Account Name for alb-ingress-controller. 23 | * @default - alb-ingress-controller 24 | */ 25 | readonly serviceAccountName?: string; 26 | /** 27 | * Default image for alb-ingress-controller. 28 | * @default - docker.io/amazon/aws-alb-ingress-controller:v1.1.9 29 | */ 30 | readonly image?: string; 31 | /** 32 | * Another Args for alb-ingress-controller. 33 | * @default - None 34 | */ 35 | readonly args?: string[]; 36 | /** 37 | * Another Args for alb-ingress-controller. 38 | * @default - None 39 | */ 40 | readonly env?: EnvVar[]; 41 | /** 42 | * Replicas for alb-ingress-controller. 43 | * @default - 1 44 | */ 45 | readonly replicas?: number; 46 | } 47 | /** 48 | * Generate alb-ingress-controller config yaml. 49 | * see https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/master/docs/examples 50 | */ 51 | export class AlbIngressController extends Construct { 52 | /** 53 | * Service Account Name for alb-ingress-controller. 54 | */ 55 | public readonly serviceAccountName: string; 56 | /** 57 | * Kubernetes Cluster Name for alb-ingress-controller. 58 | */ 59 | public readonly clusterName: string; 60 | /** 61 | * Kubernetes Deployment Name for alb-ingress-controller. 62 | */ 63 | public readonly deploymentName: string; 64 | /** 65 | * Namespace for alb-ingress-controller. 66 | * @default - kube-system 67 | */ 68 | public readonly namespace: string ; 69 | constructor(scope: Construct, id: string, options: AlbIngressControllerOptions) { 70 | super(scope, id); 71 | this.serviceAccountName = options.serviceAccountName ?? 'alb-ingress-controller'; 72 | this.deploymentName = 'alb-ingress-controller'; 73 | this.clusterName = options.clusterName; 74 | this.namespace = options.namespace ?? 'kube-system'; 75 | new k8s.ClusterRole(this, 'alb-ingress-controller-clusterole', { 76 | metadata: { 77 | labels: { 78 | 'app.kubernetes.io/name': 'alb-ingress-controller', 79 | ...options.labels, 80 | }, 81 | name: 'alb-ingress-controller', 82 | }, 83 | rules: [ 84 | { 85 | apiGroups: ['', 'extensions'], 86 | resources: ['configmaps', 'endpoints', 'events', 'ingresses', 'ingresses/status', 'services', 'pods/status'], 87 | verbs: ['create', 'get', 'list', 'update', 'watch', 'patch'], 88 | }, 89 | { 90 | apiGroups: ['', 'extensions'], 91 | resources: ['nodes', 'pods', 'secrets', 'services', 'namespaces'], 92 | verbs: ['get', 'list', 'watch'], 93 | }, 94 | ], 95 | }); 96 | 97 | new k8s.ClusterRoleBinding(this, 'alb-ingress-controller-clusterole-binding', { 98 | metadata: { 99 | labels: { 100 | 'app.kubernetes.io/name': 'alb-ingress-controller', 101 | ...options.labels, 102 | }, 103 | name: 'alb-ingress-controller', 104 | }, 105 | roleRef: { 106 | apiGroup: 'rbac.authorization.k8s.io', 107 | kind: 'ClusterRole', 108 | name: 'alb-ingress-controller', 109 | }, 110 | subjects: [ 111 | { 112 | kind: 'ServiceAccount', 113 | namespace: this.namespace, 114 | name: this.serviceAccountName, 115 | }, 116 | ], 117 | }); 118 | 119 | new k8s.ServiceAccount(this, 'alb-ingress-controller-sa', { 120 | metadata: { 121 | name: this.serviceAccountName, 122 | namespace: this.namespace, 123 | }, 124 | }); 125 | new k8s.Deployment(this, 'alb-ingress-controller-deployment', { 126 | metadata: { 127 | labels: { 128 | 'app.kubernetes.io/name': 'alb-ingress-controller', 129 | ...options.labels, 130 | }, 131 | namespace: this.namespace, 132 | name: this.deploymentName, 133 | }, 134 | spec: { 135 | replicas: options?.replicas ?? 1, 136 | selector: { 137 | matchLabels: { 138 | 'app.kubernetes.io/name': 'alb-ingress-controller', 139 | ...options.labels, 140 | }, 141 | }, 142 | template: { 143 | metadata: { 144 | labels: { 145 | 'app.kubernetes.io/name': 'alb-ingress-controller', 146 | ...options.labels, 147 | }, 148 | }, 149 | spec: { 150 | containers: [{ 151 | name: 'alb-ingress-controller', 152 | image: options?.image ?? 'docker.io/amazon/aws-alb-ingress-controller:v1.1.9', 153 | args: this.argsFunc(options.args), 154 | env: this.envFunc(options.env), 155 | }], 156 | serviceAccountName: `${this.serviceAccountName}`, 157 | }, 158 | }, 159 | }, 160 | }); 161 | } 162 | private argsFunc(args?: string[]):string[] { 163 | const defaultArgs = ['--ingress-class=alb', `--cluster-name=${this.clusterName}`]; 164 | if (args) { 165 | args.forEach(e => defaultArgs.push(e)); 166 | } 167 | return defaultArgs; 168 | } 169 | private envFunc(envSet?: EnvVar[] | undefined):EnvVar[] | undefined { 170 | return envSet; 171 | } 172 | } -------------------------------------------------------------------------------- /src/imports/aws-load-balancer-controller-v2/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.4.0 6 | creationTimestamp: null 7 | labels: 8 | app.kubernetes.io/name: aws-load-balancer-controller 9 | name: targetgroupbindings.elbv2.k8s.aws 10 | spec: 11 | additionalPrinterColumns: 12 | - JSONPath: .spec.serviceRef.name 13 | description: The Kubernetes Service's name 14 | name: SERVICE-NAME 15 | type: string 16 | - JSONPath: .spec.serviceRef.port 17 | description: The Kubernetes Service's port 18 | name: SERVICE-PORT 19 | type: string 20 | - JSONPath: .spec.targetType 21 | description: The AWS TargetGroup's TargetType 22 | name: TARGET-TYPE 23 | type: string 24 | - JSONPath: .spec.targetGroupARN 25 | description: The AWS TargetGroup's Amazon Resource Name 26 | name: ARN 27 | priority: 1 28 | type: string 29 | - JSONPath: .metadata.creationTimestamp 30 | name: AGE 31 | type: date 32 | group: elbv2.k8s.aws 33 | names: 34 | categories: 35 | - all 36 | kind: TargetGroupBinding 37 | listKind: TargetGroupBindingList 38 | plural: targetgroupbindings 39 | singular: targetgroupbinding 40 | scope: Namespaced 41 | subresources: 42 | status: {} 43 | validation: 44 | openAPIV3Schema: 45 | description: TargetGroupBinding is the Schema for the TargetGroupBinding API 46 | properties: 47 | apiVersion: 48 | description: 'APIVersion defines the versioned schema of this representation 49 | of an object. Servers should convert recognized schemas to the latest 50 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 51 | type: string 52 | kind: 53 | description: 'Kind is a string value representing the REST resource this 54 | object represents. Servers may infer this from the endpoint the client 55 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 56 | type: string 57 | metadata: 58 | type: object 59 | spec: 60 | description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding 61 | properties: 62 | networking: 63 | description: networking provides the networking setup for ELBV2 LoadBalancer 64 | to access targets in TargetGroup. 65 | properties: 66 | ingress: 67 | description: List of ingress rules to allow ELBV2 LoadBalancer to 68 | access targets in TargetGroup. 69 | items: 70 | properties: 71 | from: 72 | description: List of peers which should be able to access 73 | the targets in TargetGroup. At least one NetworkingPeer 74 | should be specified. 75 | items: 76 | description: NetworkingPeer defines the source/destination 77 | peer for networking rules. 78 | properties: 79 | ipBlock: 80 | description: IPBlock defines an IPBlock peer. If specified, 81 | none of the other fields can be set. 82 | properties: 83 | cidr: 84 | description: CIDR is the network CIDR. Both IPV4 85 | or IPV6 CIDR are accepted. 86 | type: string 87 | required: 88 | - cidr 89 | type: object 90 | securityGroup: 91 | description: SecurityGroup defines a SecurityGroup peer. 92 | If specified, none of the other fields can be set. 93 | properties: 94 | groupID: 95 | description: GroupID is the EC2 SecurityGroupID. 96 | type: string 97 | required: 98 | - groupID 99 | type: object 100 | type: object 101 | type: array 102 | ports: 103 | description: List of ports which should be made accessible 104 | on the targets in TargetGroup. If ports is empty or unspecified, 105 | it defaults to all ports with TCP. 106 | items: 107 | properties: 108 | port: 109 | anyOf: 110 | - type: integer 111 | - type: string 112 | description: The port which traffic must match. When 113 | NodePort endpoints(instance TargetType) is used, this 114 | must be a numerical port. When Port endpoints(ip TargetType) 115 | is used, this can be either numerical or named port 116 | on pods. if port is unspecified, it defaults to all 117 | ports. 118 | x-kubernetes-int-or-string: true 119 | protocol: 120 | description: The protocol which traffic must match. 121 | If protocol is unspecified, it defaults to TCP. 122 | enum: 123 | - TCP 124 | - UDP 125 | type: string 126 | type: object 127 | type: array 128 | required: 129 | - from 130 | - ports 131 | type: object 132 | type: array 133 | type: object 134 | serviceRef: 135 | description: serviceRef is a reference to a Kubernetes Service and ServicePort. 136 | properties: 137 | name: 138 | description: Name is the name of the Service. 139 | type: string 140 | port: 141 | anyOf: 142 | - type: integer 143 | - type: string 144 | description: Port is the port of the ServicePort. 145 | x-kubernetes-int-or-string: true 146 | required: 147 | - name 148 | - port 149 | type: object 150 | targetGroupARN: 151 | description: targetGroupARN is the Amazon Resource Name (ARN) for the 152 | TargetGroup. 153 | type: string 154 | targetType: 155 | description: targetType is the TargetType of TargetGroup. If unspecified, 156 | it will be automatically inferred. 157 | enum: 158 | - instance 159 | - ip 160 | type: string 161 | required: 162 | - serviceRef 163 | - targetGroupARN 164 | type: object 165 | status: 166 | description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding 167 | properties: 168 | observedGeneration: 169 | description: The generation observed by the TargetGroupBinding controller. 170 | format: int64 171 | type: integer 172 | type: object 173 | type: object 174 | version: v1alpha1 175 | versions: 176 | - name: v1alpha1 177 | served: true 178 | storage: false 179 | - name: v1beta1 180 | served: true 181 | storage: true 182 | status: 183 | acceptedNames: 184 | kind: "" 185 | plural: "" 186 | conditions: [] 187 | storedVersions: [] -------------------------------------------------------------------------------- /.projen/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | "tasks": { 3 | "clobber": { 4 | "name": "clobber", 5 | "description": "hard resets to HEAD of origin and cleans the local repo", 6 | "env": { 7 | "BRANCH": "$(git branch --show-current)" 8 | }, 9 | "steps": [ 10 | { 11 | "exec": "git checkout -b scratch", 12 | "name": "save current HEAD in \"scratch\" branch" 13 | }, 14 | { 15 | "exec": "git checkout $BRANCH" 16 | }, 17 | { 18 | "exec": "git fetch origin", 19 | "name": "fetch latest changes from origin" 20 | }, 21 | { 22 | "exec": "git reset --hard origin/$BRANCH", 23 | "name": "hard reset to origin commit" 24 | }, 25 | { 26 | "exec": "git clean -fdx", 27 | "name": "clean all untracked files" 28 | }, 29 | { 30 | "say": "ready to rock! (unpushed commits are under the \"scratch\" branch)" 31 | } 32 | ], 33 | "condition": "git diff --exit-code > /dev/null" 34 | }, 35 | "compile": { 36 | "name": "compile", 37 | "description": "Only compile", 38 | "steps": [ 39 | { 40 | "exec": "jsii --silence-warnings=reserved-word --no-fix-peer-dependencies" 41 | }, 42 | { 43 | "spawn": "docgen" 44 | } 45 | ] 46 | }, 47 | "test:compile": { 48 | "name": "test:compile", 49 | "description": "compiles the test code", 50 | "steps": [ 51 | { 52 | "exec": "tsc --noEmit --project tsconfig.jest.json" 53 | } 54 | ] 55 | }, 56 | "test": { 57 | "name": "test", 58 | "description": "Run tests", 59 | "steps": [ 60 | { 61 | "exec": "rm -fr lib/" 62 | }, 63 | { 64 | "spawn": "test:compile" 65 | }, 66 | { 67 | "exec": "jest --passWithNoTests --all --updateSnapshot --coverageProvider=v8" 68 | }, 69 | { 70 | "spawn": "eslint" 71 | } 72 | ] 73 | }, 74 | "build": { 75 | "name": "build", 76 | "description": "Full release build (test+compile)", 77 | "steps": [ 78 | { 79 | "exec": "npx projen" 80 | }, 81 | { 82 | "spawn": "test" 83 | }, 84 | { 85 | "spawn": "compile" 86 | }, 87 | { 88 | "spawn": "package" 89 | } 90 | ] 91 | }, 92 | "test:watch": { 93 | "name": "test:watch", 94 | "description": "Run jest in watch mode", 95 | "steps": [ 96 | { 97 | "exec": "jest --watch" 98 | } 99 | ] 100 | }, 101 | "test:update": { 102 | "name": "test:update", 103 | "description": "Update jest snapshots", 104 | "steps": [ 105 | { 106 | "exec": "jest --updateSnapshot" 107 | } 108 | ] 109 | }, 110 | "bump": { 111 | "name": "bump", 112 | "description": "Bumps version based on latest git tag and generates a changelog entry", 113 | "env": { 114 | "OUTFILE": "package.json", 115 | "CHANGELOG": "dist/changelog.md", 116 | "BUMPFILE": "dist/version.txt" 117 | }, 118 | "steps": [ 119 | { 120 | "builtin": "release/bump-version" 121 | } 122 | ], 123 | "condition": "! git log --oneline -1 | grep -q \"chore(release):\"" 124 | }, 125 | "unbump": { 126 | "name": "unbump", 127 | "description": "Restores version to 0.0.0", 128 | "env": { 129 | "OUTFILE": "package.json", 130 | "CHANGELOG": "dist/changelog.md", 131 | "BUMPFILE": "dist/version.txt" 132 | }, 133 | "steps": [ 134 | { 135 | "builtin": "release/reset-version" 136 | } 137 | ] 138 | }, 139 | "publish:github": { 140 | "name": "publish:github", 141 | "description": "Publish this package to GitHub Releases", 142 | "requiredEnv": [ 143 | "GITHUB_TOKEN" 144 | ], 145 | "steps": [ 146 | { 147 | "exec": "gh release create v$(cat dist/version.txt) -R ${{ github.repository }} -F dist/changelog.md -t v$(cat dist/version.txt)" 148 | } 149 | ] 150 | }, 151 | "upgrade": { 152 | "name": "upgrade", 153 | "description": "upgrade dependencies", 154 | "env": { 155 | "CI": "0" 156 | }, 157 | "steps": [ 158 | { 159 | "exec": "npm-check-updates --upgrade --target=minor --reject='projen'" 160 | }, 161 | { 162 | "exec": "yarn install --check-files" 163 | }, 164 | { 165 | "exec": "yarn upgrade @aws-cdk/aws-iam @aws-cdk/core @types/jest @types/js-yaml @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser cdk8s constructs eslint eslint-import-resolver-node eslint-import-resolver-typescript eslint-plugin-import jest jest-junit js-yaml jsii jsii-diff jsii-docgen jsii-pacmak json-schema npm-check-updates standard-version ts-jest typescript @types/js-yaml js-yaml @aws-cdk/aws-iam @aws-cdk/core cdk8s constructs" 166 | }, 167 | { 168 | "exec": "npx projen" 169 | } 170 | ] 171 | }, 172 | "upgrade-projen": { 173 | "name": "upgrade-projen", 174 | "description": "upgrade projen", 175 | "env": { 176 | "CI": "0" 177 | }, 178 | "steps": [ 179 | { 180 | "exec": "npm-check-updates --upgrade --target=minor --filter='projen'" 181 | }, 182 | { 183 | "exec": "yarn install --check-files" 184 | }, 185 | { 186 | "exec": "yarn upgrade projen" 187 | }, 188 | { 189 | "exec": "npx projen" 190 | } 191 | ] 192 | }, 193 | "default": { 194 | "name": "default", 195 | "steps": [ 196 | { 197 | "exec": "node .projenrc.js" 198 | } 199 | ] 200 | }, 201 | "watch": { 202 | "name": "watch", 203 | "description": "Watch & compile in the background", 204 | "steps": [ 205 | { 206 | "exec": "jsii -w --silence-warnings=reserved-word --no-fix-peer-dependencies" 207 | } 208 | ] 209 | }, 210 | "package": { 211 | "name": "package", 212 | "description": "Create an npm tarball", 213 | "steps": [ 214 | { 215 | "exec": "jsii-pacmak" 216 | } 217 | ] 218 | }, 219 | "eslint": { 220 | "name": "eslint", 221 | "description": "Runs eslint against the codebase", 222 | "steps": [ 223 | { 224 | "exec": "eslint --ext .ts,.tsx --fix --no-error-on-unmatched-pattern src test build-tools .projenrc.js" 225 | } 226 | ] 227 | }, 228 | "compat": { 229 | "name": "compat", 230 | "description": "Perform API compatibility check against latest version", 231 | "steps": [ 232 | { 233 | "exec": "jsii-diff npm:$(node -p \"require('./package.json').name\") -k --ignore-file .compatignore || (echo \"\nUNEXPECTED BREAKING CHANGES: add keys such as 'removed:constructs.Node.of' to .compatignore to skip.\n\" && exit 1)" 234 | } 235 | ] 236 | }, 237 | "publish:npm": { 238 | "name": "publish:npm", 239 | "description": "Publish this package to npm", 240 | "env": { 241 | "NPM_DIST_TAG": "latest", 242 | "NPM_REGISTRY": "registry.npmjs.org" 243 | }, 244 | "requiredEnv": [ 245 | "NPM_TOKEN" 246 | ], 247 | "steps": [ 248 | { 249 | "exec": "npx -p jsii-release@latest jsii-release-npm" 250 | } 251 | ] 252 | }, 253 | "publish:pypi": { 254 | "name": "publish:pypi", 255 | "description": "Publish this package to PyPI", 256 | "requiredEnv": [ 257 | "TWINE_USERNAME", 258 | "TWINE_PASSWORD" 259 | ], 260 | "steps": [ 261 | { 262 | "exec": "npx -p jsii-release@latest jsii-release-pypi" 263 | } 264 | ] 265 | }, 266 | "docgen": { 267 | "name": "docgen", 268 | "description": "Generate API.md from .jsii manifest", 269 | "steps": [ 270 | { 271 | "exec": "jsii-docgen" 272 | } 273 | ] 274 | }, 275 | "release": { 276 | "name": "release", 277 | "description": "Prepare a release from \"main\" branch", 278 | "env": { 279 | "RELEASE": "true" 280 | }, 281 | "steps": [ 282 | { 283 | "exec": "rm -fr dist" 284 | }, 285 | { 286 | "spawn": "bump" 287 | }, 288 | { 289 | "spawn": "build" 290 | }, 291 | { 292 | "spawn": "unbump" 293 | }, 294 | { 295 | "exec": "git diff --ignore-space-at-eol --exit-code" 296 | } 297 | ] 298 | } 299 | }, 300 | "env": { 301 | "PATH": "$(npx -c \"node -e \\\"console.log(process.env.PATH)\\\"\")" 302 | }, 303 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 304 | } 305 | -------------------------------------------------------------------------------- /src/alb-controller-policy.ts: -------------------------------------------------------------------------------- 1 | import * as iam from '@aws-cdk/aws-iam'; 2 | export enum VersionsLists { 3 | /* 4 | * AWS Load Balancer Controller Policy Version 1 for version less version 2.0.0. 5 | */ 6 | AWS_LOAD_BALANCER_CONTROLLER_POLICY_V1 = 'v1', 7 | /* 8 | * AWS Load Balancer Controller Policy Version 2 for version after version 2.0.0 (include 2.0.0). 9 | */ 10 | AWS_LOAD_BALANCER_CONTROLLER_POLICY_V2 = 'v2', 11 | } 12 | export const awsLoadBalancerControllerPolicyV1 = { 13 | actions: [ 14 | 'acm:DescribeCertificate', 15 | 'acm:ListCertificates', 16 | 'acm:GetCertificate', 17 | 'ec2:AuthorizeSecurityGroupIngress', 18 | 'ec2:CreateSecurityGroup', 19 | 'ec2:CreateTags', 20 | 'ec2:DeleteTags', 21 | 'ec2:DeleteSecurityGroup', 22 | 'ec2:DescribeAccountAttributes', 23 | 'ec2:DescribeAddresses', 24 | 'ec2:DescribeInstances', 25 | 'ec2:DescribeInstanceStatus', 26 | 'ec2:DescribeInternetGateways', 27 | 'ec2:DescribeNetworkInterfaces', 28 | 'ec2:DescribeSecurityGroups', 29 | 'ec2:DescribeSubnets', 30 | 'ec2:DescribeTags', 31 | 'ec2:DescribeVpcs', 32 | 'ec2:ModifyInstanceAttribute', 33 | 'ec2:ModifyNetworkInterfaceAttribute', 34 | 'ec2:RevokeSecurityGroupIngress', 35 | 'elasticloadbalancing:AddListenerCertificates', 36 | 'elasticloadbalancing:AddTags', 37 | 'elasticloadbalancing:CreateListener', 38 | 'elasticloadbalancing:CreateLoadBalancer', 39 | 'elasticloadbalancing:CreateRule', 40 | 'elasticloadbalancing:CreateTargetGroup', 41 | 'elasticloadbalancing:DeleteListener', 42 | 'elasticloadbalancing:DeleteLoadBalancer', 43 | 'elasticloadbalancing:DeleteRule', 44 | 'elasticloadbalancing:DeleteTargetGroup', 45 | 'elasticloadbalancing:DeregisterTargets', 46 | 'elasticloadbalancing:DescribeListenerCertificates', 47 | 'elasticloadbalancing:DescribeListeners', 48 | 'elasticloadbalancing:DescribeLoadBalancers', 49 | 'elasticloadbalancing:DescribeLoadBalancerAttributes', 50 | 'elasticloadbalancing:DescribeRules', 51 | 'elasticloadbalancing:DescribeSSLPolicies', 52 | 'elasticloadbalancing:DescribeTags', 53 | 'elasticloadbalancing:DescribeTargetGroups', 54 | 'elasticloadbalancing:DescribeTargetGroupAttributes', 55 | 'elasticloadbalancing:DescribeTargetHealth', 56 | 'elasticloadbalancing:ModifyListener', 57 | 'elasticloadbalancing:ModifyLoadBalancerAttributes', 58 | 'elasticloadbalancing:ModifyRule', 59 | 'elasticloadbalancing:ModifyTargetGroup', 60 | 'elasticloadbalancing:ModifyTargetGroupAttributes', 61 | 'elasticloadbalancing:RegisterTargets', 62 | 'elasticloadbalancing:RemoveListenerCertificates', 63 | 'elasticloadbalancing:RemoveTags', 64 | 'elasticloadbalancing:SetIpAddressType', 65 | 'elasticloadbalancing:SetSecurityGroups', 66 | 'elasticloadbalancing:SetSubnets', 67 | 'elasticloadbalancing:SetWebAcl', 68 | 'iam:CreateServiceLinkedRole', 69 | 'iam:GetServerCertificate', 70 | 'iam:ListServerCertificates', 71 | 'cognito-idp:DescribeUserPoolClient', 72 | 'waf-regional:GetWebACLForResource', 73 | 'waf-regional:GetWebACL', 74 | 'waf-regional:AssociateWebACL', 75 | 'waf-regional:DisassociateWebACL', 76 | 'tag:GetResources', 77 | 'tag:TagResources', 78 | 'waf:GetWebACL', 79 | 'wafv2:GetWebACL', 80 | 'wafv2:GetWebACLForResource', 81 | 'wafv2:AssociateWebACL', 82 | 'wafv2:DisassociateWebACL', 83 | 'shield:DescribeProtection', 84 | 'shield:GetSubscriptionState', 85 | 'shield:DeleteProtection', 86 | 'shield:CreateProtection', 87 | 'shield:DescribeSubscription', 88 | ], 89 | resources: ['*'], 90 | }; 91 | 92 | 93 | export const awsLoadBalancerControllerPolicyV2 = [ 94 | { 95 | Effect: 'Allow', 96 | Action: [ 97 | 'iam:CreateServiceLinkedRole', 98 | 'ec2:DescribeAccountAttributes', 99 | 'ec2:DescribeAddresses', 100 | 'ec2:DescribeAvailabilityZones', 101 | 'ec2:DescribeInternetGateways', 102 | 'ec2:DescribeVpcs', 103 | 'ec2:DescribeSubnets', 104 | 'ec2:DescribeSecurityGroups', 105 | 'ec2:DescribeInstances', 106 | 'ec2:DescribeNetworkInterfaces', 107 | 'ec2:DescribeTags', 108 | 'ec2:GetCoipPoolUsage', 109 | 'ec2:DescribeCoipPools', 110 | 'elasticloadbalancing:DescribeLoadBalancers', 111 | 'elasticloadbalancing:DescribeLoadBalancerAttributes', 112 | 'elasticloadbalancing:DescribeListeners', 113 | 'elasticloadbalancing:DescribeListenerCertificates', 114 | 'elasticloadbalancing:DescribeSSLPolicies', 115 | 'elasticloadbalancing:DescribeRules', 116 | 'elasticloadbalancing:DescribeTargetGroups', 117 | 'elasticloadbalancing:DescribeTargetGroupAttributes', 118 | 'elasticloadbalancing:DescribeTargetHealth', 119 | 'elasticloadbalancing:DescribeTags', 120 | ], 121 | Resource: '*', 122 | }, 123 | { 124 | Effect: 'Allow', 125 | Action: [ 126 | 'cognito-idp:DescribeUserPoolClient', 127 | 'acm:ListCertificates', 128 | 'acm:DescribeCertificate', 129 | 'iam:ListServerCertificates', 130 | 'iam:GetServerCertificate', 131 | 'waf-regional:GetWebACL', 132 | 'waf-regional:GetWebACLForResource', 133 | 'waf-regional:AssociateWebACL', 134 | 'waf-regional:DisassociateWebACL', 135 | 'wafv2:GetWebACL', 136 | 'wafv2:GetWebACLForResource', 137 | 'wafv2:AssociateWebACL', 138 | 'wafv2:DisassociateWebACL', 139 | 'shield:GetSubscriptionState', 140 | 'shield:DescribeProtection', 141 | 'shield:CreateProtection', 142 | 'shield:DeleteProtection', 143 | ], 144 | Resource: '*', 145 | }, 146 | { 147 | Effect: 'Allow', 148 | Action: [ 149 | 'ec2:AuthorizeSecurityGroupIngress', 150 | 'ec2:RevokeSecurityGroupIngress', 151 | ], 152 | Resource: '*', 153 | }, 154 | { 155 | Effect: 'Allow', 156 | Action: [ 157 | 'ec2:CreateSecurityGroup', 158 | ], 159 | Resource: '*', 160 | }, 161 | { 162 | Effect: 'Allow', 163 | Action: [ 164 | 'ec2:CreateTags', 165 | ], 166 | Resource: 'arn:aws:ec2:*:*:security-group/*', 167 | Condition: { 168 | StringEquals: { 169 | 'ec2:CreateAction': 'CreateSecurityGroup', 170 | }, 171 | Null: { 172 | 'aws:RequestTag/elbv2.k8s.aws/cluster': 'false', 173 | }, 174 | }, 175 | }, 176 | { 177 | Effect: 'Allow', 178 | Action: [ 179 | 'ec2:CreateTags', 180 | 'ec2:DeleteTags', 181 | ], 182 | Resource: 'arn:aws:ec2:*:*:security-group/*', 183 | Condition: { 184 | Null: { 185 | 'aws:RequestTag/elbv2.k8s.aws/cluster': 'true', 186 | 'aws:ResourceTag/elbv2.k8s.aws/cluster': 'false', 187 | }, 188 | }, 189 | }, 190 | { 191 | Effect: 'Allow', 192 | Action: [ 193 | 'ec2:AuthorizeSecurityGroupIngress', 194 | 'ec2:RevokeSecurityGroupIngress', 195 | 'ec2:DeleteSecurityGroup', 196 | ], 197 | Resource: '*', 198 | Condition: { 199 | Null: { 200 | 'aws:ResourceTag/elbv2.k8s.aws/cluster': 'false', 201 | }, 202 | }, 203 | }, 204 | { 205 | Effect: 'Allow', 206 | Action: [ 207 | 'elasticloadbalancing:CreateLoadBalancer', 208 | 'elasticloadbalancing:CreateTargetGroup', 209 | ], 210 | Resource: '*', 211 | Condition: { 212 | Null: { 213 | 'aws:RequestTag/elbv2.k8s.aws/cluster': 'false', 214 | }, 215 | }, 216 | }, 217 | { 218 | Effect: 'Allow', 219 | Action: [ 220 | 'elasticloadbalancing:CreateListener', 221 | 'elasticloadbalancing:DeleteListener', 222 | 'elasticloadbalancing:CreateRule', 223 | 'elasticloadbalancing:DeleteRule', 224 | ], 225 | Resource: '*', 226 | }, 227 | { 228 | Effect: 'Allow', 229 | Action: [ 230 | 'elasticloadbalancing:AddTags', 231 | 'elasticloadbalancing:RemoveTags', 232 | ], 233 | Resource: [ 234 | 'arn:aws:elasticloadbalancing:*:*:targetgroup/*/*', 235 | 'arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*', 236 | 'arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*', 237 | ], 238 | Condition: { 239 | Null: { 240 | 'aws:RequestTag/elbv2.k8s.aws/cluster': 'true', 241 | 'aws:ResourceTag/elbv2.k8s.aws/cluster': 'false', 242 | }, 243 | }, 244 | }, 245 | { 246 | Effect: 'Allow', 247 | Action: [ 248 | 'elasticloadbalancing:AddTags', 249 | 'elasticloadbalancing:RemoveTags', 250 | ], 251 | Resource: [ 252 | 'arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*', 253 | 'arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*', 254 | 'arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*', 255 | 'arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*', 256 | ], 257 | }, 258 | { 259 | Effect: 'Allow', 260 | Action: [ 261 | 'elasticloadbalancing:ModifyLoadBalancerAttributes', 262 | 'elasticloadbalancing:SetIpAddressType', 263 | 'elasticloadbalancing:SetSecurityGroups', 264 | 'elasticloadbalancing:SetSubnets', 265 | 'elasticloadbalancing:DeleteLoadBalancer', 266 | 'elasticloadbalancing:ModifyTargetGroup', 267 | 'elasticloadbalancing:ModifyTargetGroupAttributes', 268 | 'elasticloadbalancing:DeleteTargetGroup', 269 | ], 270 | Resource: '*', 271 | Condition: { 272 | Null: { 273 | 'aws:ResourceTag/elbv2.k8s.aws/cluster': 'false', 274 | }, 275 | }, 276 | }, 277 | { 278 | Effect: 'Allow', 279 | Action: [ 280 | 'elasticloadbalancing:RegisterTargets', 281 | 'elasticloadbalancing:DeregisterTargets', 282 | ], 283 | Resource: 'arn:aws:elasticloadbalancing:*:*:targetgroup/*/*', 284 | }, 285 | { 286 | Effect: 'Allow', 287 | Action: [ 288 | 'elasticloadbalancing:SetWebAcl', 289 | 'elasticloadbalancing:ModifyListener', 290 | 'elasticloadbalancing:AddListenerCertificates', 291 | 'elasticloadbalancing:RemoveListenerCertificates', 292 | 'elasticloadbalancing:ModifyRule', 293 | ], 294 | Resource: '*', 295 | }, 296 | ]; 297 | 298 | /** 299 | * awsLoadBalancePolicy class ,help you add policy to your Iam Role for service account. 300 | */ 301 | export class AwsLoadBalancePolicy { 302 | public static addPolicy(version: string, role: any) :void { 303 | if (version == 'v1') { 304 | role.addToPrincipalPolicy(new iam.PolicyStatement( awsLoadBalancerControllerPolicyV1 )); 305 | } else if (version == 'v2') { 306 | awsLoadBalancerControllerPolicyV2.forEach(element => { 307 | role.addToPrincipalPolicy(iam.PolicyStatement.fromJson(element)); 308 | }); 309 | } 310 | } 311 | }; -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /get_helm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright The Helm Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # The install script is based off of the MIT-licensed script from glide, 18 | # the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get 19 | 20 | : ${BINARY_NAME:="helm"} 21 | : ${USE_SUDO:="true"} 22 | : ${DEBUG:="false"} 23 | : ${VERIFY_CHECKSUM:="true"} 24 | : ${VERIFY_SIGNATURES:="false"} 25 | : ${HELM_INSTALL_DIR:="/usr/local/bin"} 26 | : ${GPG_PUBRING:="pubring.kbx"} 27 | 28 | HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)" 29 | HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)" 30 | HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)" 31 | HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)" 32 | 33 | # initArch discovers the architecture for this system. 34 | initArch() { 35 | ARCH=$(uname -m) 36 | case $ARCH in 37 | armv5*) ARCH="armv5";; 38 | armv6*) ARCH="armv6";; 39 | armv7*) ARCH="arm";; 40 | aarch64) ARCH="arm64";; 41 | x86) ARCH="386";; 42 | x86_64) ARCH="amd64";; 43 | i686) ARCH="386";; 44 | i386) ARCH="386";; 45 | esac 46 | } 47 | 48 | # initOS discovers the operating system for this system. 49 | initOS() { 50 | OS=$(echo `uname`|tr '[:upper:]' '[:lower:]') 51 | 52 | case "$OS" in 53 | # Minimalist GNU for Windows 54 | mingw*) OS='windows';; 55 | esac 56 | } 57 | 58 | # runs the given command as root (detects if we are root already) 59 | runAsRoot() { 60 | if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then 61 | sudo "${@}" 62 | else 63 | "${@}" 64 | fi 65 | } 66 | 67 | # verifySupported checks that the os/arch combination is supported for 68 | # binary builds, as well whether or not necessary tools are present. 69 | verifySupported() { 70 | local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-ppc64le\nlinux-s390x\nwindows-amd64" 71 | if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then 72 | echo "No prebuilt binary for ${OS}-${ARCH}." 73 | echo "To build from source, go to https://github.com/helm/helm" 74 | exit 1 75 | fi 76 | 77 | if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then 78 | echo "Either curl or wget is required" 79 | exit 1 80 | fi 81 | 82 | if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then 83 | echo "In order to verify checksum, openssl must first be installed." 84 | echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment." 85 | exit 1 86 | fi 87 | 88 | if [ "${VERIFY_SIGNATURES}" == "true" ]; then 89 | if [ "${HAS_GPG}" != "true" ]; then 90 | echo "In order to verify signatures, gpg must first be installed." 91 | echo "Please install gpg or set VERIFY_SIGNATURES=false in your environment." 92 | exit 1 93 | fi 94 | if [ "${OS}" != "linux" ]; then 95 | echo "Signature verification is currently only supported on Linux." 96 | echo "Please set VERIFY_SIGNATURES=false or verify the signatures manually." 97 | exit 1 98 | fi 99 | fi 100 | } 101 | 102 | # checkDesiredVersion checks if the desired version is available. 103 | checkDesiredVersion() { 104 | if [ "x$DESIRED_VERSION" == "x" ]; then 105 | # Get tag from release URL 106 | local latest_release_url="https://github.com/helm/helm/releases" 107 | if [ "${HAS_CURL}" == "true" ]; then 108 | TAG=$(curl -Ls $latest_release_url | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}') 109 | elif [ "${HAS_WGET}" == "true" ]; then 110 | TAG=$(wget $latest_release_url -O - 2>&1 | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | grep -v no-underline | head -n 1 | cut -d '"' -f 2 | awk '{n=split($NF,a,"/");print a[n]}' | awk 'a !~ $0{print}; {a=$0}') 111 | fi 112 | else 113 | TAG=$DESIRED_VERSION 114 | fi 115 | } 116 | 117 | # checkHelmInstalledVersion checks which version of helm is installed and 118 | # if it needs to be changed. 119 | checkHelmInstalledVersion() { 120 | if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then 121 | local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}") 122 | if [[ "$version" == "$TAG" ]]; then 123 | echo "Helm ${version} is already ${DESIRED_VERSION:-latest}" 124 | return 0 125 | else 126 | echo "Helm ${TAG} is available. Changing from version ${version}." 127 | return 1 128 | fi 129 | else 130 | return 1 131 | fi 132 | } 133 | 134 | # downloadFile downloads the latest binary package and also the checksum 135 | # for that binary. 136 | downloadFile() { 137 | HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz" 138 | DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST" 139 | CHECKSUM_URL="$DOWNLOAD_URL.sha256" 140 | HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)" 141 | HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST" 142 | HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256" 143 | echo "Downloading $DOWNLOAD_URL" 144 | if [ "${HAS_CURL}" == "true" ]; then 145 | curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE" 146 | curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE" 147 | elif [ "${HAS_WGET}" == "true" ]; then 148 | wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL" 149 | wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL" 150 | fi 151 | } 152 | 153 | # verifyFile verifies the SHA256 checksum of the binary package 154 | # and the GPG signatures for both the package and checksum file 155 | # (depending on settings in environment). 156 | verifyFile() { 157 | if [ "${VERIFY_CHECKSUM}" == "true" ]; then 158 | verifyChecksum 159 | fi 160 | if [ "${VERIFY_SIGNATURES}" == "true" ]; then 161 | verifySignatures 162 | fi 163 | } 164 | 165 | # installFile installs the Helm binary. 166 | installFile() { 167 | HELM_TMP="$HELM_TMP_ROOT/$BINARY_NAME" 168 | mkdir -p "$HELM_TMP" 169 | tar xf "$HELM_TMP_FILE" -C "$HELM_TMP" 170 | HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/helm" 171 | echo "Preparing to install $BINARY_NAME into ${HELM_INSTALL_DIR}" 172 | runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR/$BINARY_NAME" 173 | echo "$BINARY_NAME installed into $HELM_INSTALL_DIR/$BINARY_NAME" 174 | } 175 | 176 | # verifyChecksum verifies the SHA256 checksum of the binary package. 177 | verifyChecksum() { 178 | printf "Verifying checksum... " 179 | local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}') 180 | local expected_sum=$(cat ${HELM_SUM_FILE}) 181 | if [ "$sum" != "$expected_sum" ]; then 182 | echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting." 183 | exit 1 184 | fi 185 | echo "Done." 186 | } 187 | 188 | # verifySignatures obtains the latest KEYS file from GitHub main branch 189 | # as well as the signature .asc files from the specific GitHub release, 190 | # then verifies that the release artifacts were signed by a maintainer's key. 191 | verifySignatures() { 192 | printf "Verifying signatures... " 193 | local keys_filename="KEYS" 194 | local github_keys_url="https://raw.githubusercontent.com/helm/helm/main/${keys_filename}" 195 | if [ "${HAS_CURL}" == "true" ]; then 196 | curl -SsL "${github_keys_url}" -o "${HELM_TMP_ROOT}/${keys_filename}" 197 | elif [ "${HAS_WGET}" == "true" ]; then 198 | wget -q -O "${HELM_TMP_ROOT}/${keys_filename}" "${github_keys_url}" 199 | fi 200 | local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg" 201 | local gpg_homedir="${HELM_TMP_ROOT}/gnupg" 202 | mkdir -p -m 0700 "${gpg_homedir}" 203 | local gpg_stderr_device="/dev/null" 204 | if [ "${DEBUG}" == "true" ]; then 205 | gpg_stderr_device="/dev/stderr" 206 | fi 207 | gpg --batch --quiet --homedir="${gpg_homedir}" --import "${HELM_TMP_ROOT}/${keys_filename}" 2> "${gpg_stderr_device}" 208 | gpg --batch --no-default-keyring --keyring "${gpg_homedir}/${GPG_PUBRING}" --export > "${gpg_keyring}" 209 | local github_release_url="https://github.com/helm/helm/releases/download/${TAG}" 210 | if [ "${HAS_CURL}" == "true" ]; then 211 | curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 212 | curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 213 | elif [ "${HAS_WGET}" == "true" ]; then 214 | wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 215 | wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 216 | fi 217 | local error_text="If you think this might be a potential security issue," 218 | error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md" 219 | local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') 220 | if [[ ${num_goodlines_sha} -lt 2 ]]; then 221 | echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!" 222 | echo -e "${error_text}" 223 | exit 1 224 | fi 225 | local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)') 226 | if [[ ${num_goodlines_tar} -lt 2 ]]; then 227 | echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!" 228 | echo -e "${error_text}" 229 | exit 1 230 | fi 231 | echo "Done." 232 | } 233 | 234 | # fail_trap is executed if an error occurs. 235 | fail_trap() { 236 | result=$? 237 | if [ "$result" != "0" ]; then 238 | if [[ -n "$INPUT_ARGUMENTS" ]]; then 239 | echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS" 240 | help 241 | else 242 | echo "Failed to install $BINARY_NAME" 243 | fi 244 | echo -e "\tFor support, go to https://github.com/helm/helm." 245 | fi 246 | cleanup 247 | exit $result 248 | } 249 | 250 | # testVersion tests the installed client to make sure it is working. 251 | testVersion() { 252 | set +e 253 | HELM="$(command -v $BINARY_NAME)" 254 | if [ "$?" = "1" ]; then 255 | echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?' 256 | exit 1 257 | fi 258 | set -e 259 | } 260 | 261 | # help provides possible cli installation arguments 262 | help () { 263 | echo "Accepted cli arguments are:" 264 | echo -e "\t[--help|-h ] ->> prints this help" 265 | echo -e "\t[--version|-v ] . When not defined it fetches the latest release from GitHub" 266 | echo -e "\te.g. --version v3.0.0 or -v canary" 267 | echo -e "\t[--no-sudo] ->> install without sudo" 268 | } 269 | 270 | # cleanup temporary files to avoid https://github.com/helm/helm/issues/2977 271 | cleanup() { 272 | if [[ -d "${HELM_TMP_ROOT:-}" ]]; then 273 | rm -rf "$HELM_TMP_ROOT" 274 | fi 275 | } 276 | 277 | # Execution 278 | 279 | #Stop execution on any error 280 | trap "fail_trap" EXIT 281 | set -e 282 | 283 | # Set debug if desired 284 | if [ "${DEBUG}" == "true" ]; then 285 | set -x 286 | fi 287 | 288 | # Parsing input arguments (if any) 289 | export INPUT_ARGUMENTS="${@}" 290 | set -u 291 | while [[ $# -gt 0 ]]; do 292 | case $1 in 293 | '--version'|-v) 294 | shift 295 | if [[ $# -ne 0 ]]; then 296 | export DESIRED_VERSION="${1}" 297 | else 298 | echo -e "Please provide the desired version. e.g. --version v3.0.0 or -v canary" 299 | exit 0 300 | fi 301 | ;; 302 | '--no-sudo') 303 | USE_SUDO="false" 304 | ;; 305 | '--help'|-h) 306 | help 307 | exit 0 308 | ;; 309 | *) exit 1 310 | ;; 311 | esac 312 | shift 313 | done 314 | set +u 315 | 316 | initArch 317 | initOS 318 | verifySupported 319 | checkDesiredVersion 320 | if ! checkHelmInstalledVersion; then 321 | downloadFile 322 | verifyFile 323 | installFile 324 | fi 325 | testVersion 326 | cleanup 327 | -------------------------------------------------------------------------------- /API.md: -------------------------------------------------------------------------------- 1 | # API Reference 2 | 3 | ## Constructs 4 | 5 | ### AlbIngressController 6 | 7 | Generate alb-ingress-controller config yaml. 8 | 9 | see https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/master/docs/examples 10 | 11 | #### Initializers 12 | 13 | ```typescript 14 | import { AlbIngressController } from 'cdk8s-aws-load-balancer-controller' 15 | 16 | new AlbIngressController(scope: Construct, id: string, options: AlbIngressControllerOptions) 17 | ``` 18 | 19 | ##### `scope`Required 20 | 21 | - *Type:* [`constructs.Construct`](#constructs.Construct) 22 | 23 | --- 24 | 25 | ##### `id`Required 26 | 27 | - *Type:* `string` 28 | 29 | --- 30 | 31 | ##### `options`Required 32 | 33 | - *Type:* [`cdk8s-aws-load-balancer-controller.AlbIngressControllerOptions`](#cdk8s-aws-load-balancer-controller.AlbIngressControllerOptions) 34 | 35 | --- 36 | 37 | 38 | 39 | #### Properties 40 | 41 | ##### `clusterName`Required 42 | 43 | - *Type:* `string` 44 | 45 | Kubernetes Cluster Name for alb-ingress-controller. 46 | 47 | --- 48 | 49 | ##### `deploymentName`Required 50 | 51 | - *Type:* `string` 52 | 53 | Kubernetes Deployment Name for alb-ingress-controller. 54 | 55 | --- 56 | 57 | ##### `namespace`Required 58 | 59 | - *Type:* `string` 60 | - *Default:* kube-system 61 | 62 | Namespace for alb-ingress-controller. 63 | 64 | --- 65 | 66 | ##### `serviceAccountName`Required 67 | 68 | - *Type:* `string` 69 | 70 | Service Account Name for alb-ingress-controller. 71 | 72 | --- 73 | 74 | 75 | ### AwsLoadBalancerController 76 | 77 | Generate aws-load-balancer-controller config yaml. 78 | 79 | see https://github.com/kubernetes-sigs/aws-aws-load-balancer-controller/blob/master/docs/install/v2_0_0_full.yaml 80 | 81 | #### Initializers 82 | 83 | ```typescript 84 | import { AwsLoadBalancerController } from 'cdk8s-aws-load-balancer-controller' 85 | 86 | new AwsLoadBalancerController(scope: Construct, id: string, options: AwsLoadBalancerControllerOptions) 87 | ``` 88 | 89 | ##### `scope`Required 90 | 91 | - *Type:* [`constructs.Construct`](#constructs.Construct) 92 | 93 | --- 94 | 95 | ##### `id`Required 96 | 97 | - *Type:* `string` 98 | 99 | --- 100 | 101 | ##### `options`Required 102 | 103 | - *Type:* [`cdk8s-aws-load-balancer-controller.AwsLoadBalancerControllerOptions`](#cdk8s-aws-load-balancer-controller.AwsLoadBalancerControllerOptions) 104 | 105 | --- 106 | 107 | 108 | 109 | #### Properties 110 | 111 | ##### `chartVersion`Required 112 | 113 | - *Type:* `string` 114 | - *Default:* latest Helm Chart version. 115 | 116 | Helm Chart Version for aws-load-balancer-controller. 117 | 118 | --- 119 | 120 | ##### `clusterName`Required 121 | 122 | - *Type:* `string` 123 | 124 | Kubernetes Cluster Name for aws-load-balancer-controller. 125 | 126 | --- 127 | 128 | ##### `deploymentName`Required 129 | 130 | - *Type:* `string` 131 | 132 | Kubernetes Deployment Name for aws-load-balancer-controller. 133 | 134 | --- 135 | 136 | ##### `namespace`Required 137 | 138 | - *Type:* `string` 139 | - *Default:* default 140 | 141 | Namespace for aws-load-balancer-controller. 142 | 143 | --- 144 | 145 | ##### `serviceAccountName`Required 146 | 147 | - *Type:* `string` 148 | 149 | Service Account Name for aws-load-balancer-controller. 150 | 151 | --- 152 | 153 | 154 | ## Structs 155 | 156 | ### AlbIngressControllerOptions 157 | 158 | #### Initializer 159 | 160 | ```typescript 161 | import { AlbIngressControllerOptions } from 'cdk8s-aws-load-balancer-controller' 162 | 163 | const albIngressControllerOptions: AlbIngressControllerOptions = { ... } 164 | ``` 165 | 166 | ##### `clusterName`Required 167 | 168 | - *Type:* `string` 169 | - *Default:* None 170 | 171 | Kubernetes Cluster Name for alb-ingress-controller. 172 | 173 | --- 174 | 175 | ##### `args`Optional 176 | 177 | - *Type:* `string`[] 178 | - *Default:* None 179 | 180 | Another Args for alb-ingress-controller. 181 | 182 | --- 183 | 184 | ##### `env`Optional 185 | 186 | - *Type:* [`cdk8s-aws-load-balancer-controller.EnvVar`](#cdk8s-aws-load-balancer-controller.EnvVar)[] 187 | - *Default:* None 188 | 189 | Another Args for alb-ingress-controller. 190 | 191 | --- 192 | 193 | ##### `image`Optional 194 | 195 | - *Type:* `string` 196 | - *Default:* docker.io/amazon/aws-alb-ingress-controller:v1.1.9 197 | 198 | Default image for alb-ingress-controller. 199 | 200 | --- 201 | 202 | ##### `labels`Optional 203 | 204 | - *Type:* {[ key: string ]: `string`} 205 | - *Default:* none 206 | 207 | Extra labels to associate with resources. 208 | 209 | --- 210 | 211 | ##### `namespace`Optional 212 | 213 | - *Type:* `string` 214 | - *Default:* kube-system 215 | 216 | Default Namespace for alb-ingress-controller. 217 | 218 | --- 219 | 220 | ##### `replicas`Optional 221 | 222 | - *Type:* `number` 223 | - *Default:* 1 224 | 225 | Replicas for alb-ingress-controller. 226 | 227 | --- 228 | 229 | ##### `serviceAccountName`Optional 230 | 231 | - *Type:* `string` 232 | - *Default:* alb-ingress-controller 233 | 234 | Default Service Account Name for alb-ingress-controller. 235 | 236 | --- 237 | 238 | ### AwsLoadBalancerControllerOptions 239 | 240 | #### Initializer 241 | 242 | ```typescript 243 | import { AwsLoadBalancerControllerOptions } from 'cdk8s-aws-load-balancer-controller' 244 | 245 | const awsLoadBalancerControllerOptions: AwsLoadBalancerControllerOptions = { ... } 246 | ``` 247 | 248 | ##### `clusterName`Required 249 | 250 | - *Type:* `string` 251 | - *Default:* None 252 | 253 | Kubernetes Cluster Name for aws-load-balancer-controller. 254 | 255 | --- 256 | 257 | ##### `chartVersion`Optional 258 | 259 | - *Type:* `string` 260 | - *Default:* latest Helm Chart version. 261 | 262 | Helm Chart Version for aws-load-balancer-controller. 263 | 264 | --- 265 | 266 | ##### `createServiceAccount`Optional 267 | 268 | - *Type:* `boolean` 269 | - *Default:* true 270 | 271 | service account for aws-load-balancer-controller. 272 | 273 | --- 274 | 275 | ##### `namespace`Optional 276 | 277 | - *Type:* `string` 278 | - *Default:* default 279 | 280 | Namespace for aws-load-balancer-controller. 281 | 282 | --- 283 | 284 | ### EnvVar 285 | 286 | #### Initializer 287 | 288 | ```typescript 289 | import { EnvVar } from 'cdk8s-aws-load-balancer-controller' 290 | 291 | const envVar: EnvVar = { ... } 292 | ``` 293 | 294 | ##### `name`Required 295 | 296 | - *Type:* `string` 297 | 298 | Name of the environment variable. 299 | 300 | Must be a C_IDENTIFIER. 301 | 302 | --- 303 | 304 | ##### `value`Optional 305 | 306 | - *Type:* `string` 307 | - *Default:* . 308 | 309 | Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. 310 | 311 | If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". 312 | 313 | --- 314 | 315 | ## Classes 316 | 317 | ### AwsLoadBalancePolicy 318 | 319 | awsLoadBalancePolicy class ,help you add policy to your Iam Role for service account. 320 | 321 | #### Initializers 322 | 323 | ```typescript 324 | import { AwsLoadBalancePolicy } from 'cdk8s-aws-load-balancer-controller' 325 | 326 | new AwsLoadBalancePolicy() 327 | ``` 328 | 329 | 330 | #### Static Functions 331 | 332 | ##### `addPolicy` 333 | 334 | ```typescript 335 | import { AwsLoadBalancePolicy } from 'cdk8s-aws-load-balancer-controller' 336 | 337 | AwsLoadBalancePolicy.addPolicy(version: string, role: any) 338 | ``` 339 | 340 | ###### `version`Required 341 | 342 | - *Type:* `string` 343 | 344 | --- 345 | 346 | ###### `role`Required 347 | 348 | - *Type:* `any` 349 | 350 | --- 351 | 352 | 353 | 354 | ### CertManager 355 | 356 | #### Initializers 357 | 358 | ```typescript 359 | import { CertManager } from 'cdk8s-aws-load-balancer-controller' 360 | 361 | new CertManager() 362 | ``` 363 | 364 | 365 | #### Static Functions 366 | 367 | ##### `certManagerConfig` 368 | 369 | ```typescript 370 | import { CertManager } from 'cdk8s-aws-load-balancer-controller' 371 | 372 | CertManager.certManagerConfig() 373 | ``` 374 | 375 | 376 | 377 | 378 | ## Enums 379 | 380 | ### VersionsLists 381 | 382 | #### `AWS_LOAD_BALANCER_CONTROLLER_POLICY_V1` 383 | 384 | --- 385 | 386 | 387 | #### `AWS_LOAD_BALANCER_CONTROLLER_POLICY_V2` 388 | 389 | --- 390 | 391 | -------------------------------------------------------------------------------- /src/aws-load-balancer-controller.ts: -------------------------------------------------------------------------------- 1 | import * as cdk8s from 'cdk8s'; 2 | import { Construct } from 'constructs'; 3 | 4 | 5 | export interface AwsLoadBalancerControllerOptions { 6 | /** 7 | * Kubernetes Cluster Name for aws-load-balancer-controller. 8 | * @default - None 9 | */ 10 | readonly clusterName: string ; 11 | 12 | /** 13 | * service account for aws-load-balancer-controller. 14 | * 15 | * @default - true 16 | */ 17 | readonly createServiceAccount?: boolean; 18 | 19 | /** 20 | * Namespace for aws-load-balancer-controller. 21 | * @default - default 22 | */ 23 | readonly namespace?: string; 24 | 25 | /** 26 | * Helm Chart Version for aws-load-balancer-controller. 27 | * @default - latest Helm Chart version. 28 | */ 29 | readonly chartVersion?: string; 30 | } 31 | /** 32 | * Generate aws-load-balancer-controller config yaml. 33 | * see https://github.com/kubernetes-sigs/aws-aws-load-balancer-controller/blob/master/docs/install/v2_0_0_full.yaml 34 | */ 35 | export class AwsLoadBalancerController extends Construct { 36 | /** 37 | * Service Account Name for aws-load-balancer-controller. 38 | */ 39 | public readonly serviceAccountName: string; 40 | /** 41 | * Kubernetes Cluster Name for aws-load-balancer-controller. 42 | */ 43 | public readonly clusterName: string; 44 | /** 45 | * Kubernetes Deployment Name for aws-load-balancer-controller. 46 | */ 47 | public readonly deploymentName: string; 48 | /** 49 | * Namespace for aws-load-balancer-controller. 50 | * @default - default 51 | */ 52 | public readonly namespace: string; 53 | /** 54 | * Helm Chart Version for aws-load-balancer-controller. 55 | * @default - latest Helm Chart version. 56 | */ 57 | public readonly chartVersion: string; 58 | constructor(scope: Construct, id: string, options: AwsLoadBalancerControllerOptions) { 59 | super(scope, id); 60 | this.serviceAccountName = 'aws-load-balancer-controller'; 61 | this.deploymentName = 'aws-load-balancer-controller'; 62 | this.clusterName = options.clusterName; 63 | this.namespace = options.namespace ?? 'default'; 64 | this.chartVersion = options.chartVersion ?? ''; 65 | // ingressclassparams elbv2 k8s aws CRD. 66 | new cdk8s.ApiObject(this, 'aws-load-balancer-controller-ingclassparams-crd', { 67 | apiVersion: 'apiextensions.k8s.io/v1', 68 | kind: 'CustomResourceDefinition', 69 | metadata: { 70 | annotations: { 71 | 'controller-gen.kubebuilder.io/version': 'v0.5.0', 72 | }, 73 | creationTimestamp: null, 74 | name: 'ingressclassparams.elbv2.k8s.aws', 75 | }, 76 | spec: { 77 | group: 'elbv2.k8s.aws', 78 | names: { 79 | kind: 'IngressClassParams', 80 | listKind: 'IngressClassParamsList', 81 | plural: 'ingressclassparams', 82 | singular: 'ingressclassparams', 83 | }, 84 | scope: 'Cluster', 85 | versions: [ 86 | { 87 | additionalPrinterColumns: [ 88 | { 89 | description: 'The Ingress Group name', 90 | jsonPath: '.spec.group.name', 91 | name: 'GROUP-NAME', 92 | type: 'string', 93 | }, 94 | { 95 | description: 'The AWS Load Balancer scheme', 96 | jsonPath: '.spec.scheme', 97 | name: 'SCHEME', 98 | type: 'string', 99 | }, 100 | { 101 | description: 'The AWS Load Balancer ipAddressType', 102 | jsonPath: '.spec.ipAddressType', 103 | name: 'IP-ADDRESS-TYPE', 104 | type: 'string', 105 | }, 106 | { 107 | jsonPath: '.metadata.creationTimestamp', 108 | name: 'AGE', 109 | type: 'date', 110 | }, 111 | ], 112 | name: 'v1beta1', 113 | schema: { 114 | openAPIV3Schema: { 115 | description: 'IngressClassParams is the Schema for the IngressClassParams API', 116 | properties: { 117 | apiVersion: { 118 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources', 119 | type: 'string', 120 | }, 121 | kind: { 122 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds', 123 | type: 'string', 124 | }, 125 | metadata: { 126 | type: 'object', 127 | }, 128 | spec: { 129 | description: 'IngressClassParamsSpec defines the desired state of IngressClassParams', 130 | properties: { 131 | group: { 132 | description: 'Group defines the IngressGroup for all Ingresses that belong to IngressClass with this IngressClassParams.', 133 | properties: { 134 | name: { 135 | description: 'Name is the name of IngressGroup.', 136 | type: 'string', 137 | }, 138 | }, 139 | required: [ 140 | 'name', 141 | ], 142 | type: 'object', 143 | }, 144 | ipAddressType: { 145 | description: 'IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams.', 146 | enum: [ 147 | 'ipv4', 148 | 'dualstack', 149 | ], 150 | type: 'string', 151 | }, 152 | namespaceSelector: { 153 | description: 'NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams. * if absent or present but empty, it selects all namespaces.', 154 | properties: { 155 | matchExpressions: { 156 | description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.', 157 | items: { 158 | description: 'A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.', 159 | properties: { 160 | key: { 161 | description: 'key is the label key that the selector applies to.', 162 | type: 'string', 163 | }, 164 | operator: { 165 | description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", 166 | type: 'string', 167 | }, 168 | values: { 169 | description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.', 170 | items: { 171 | type: 'string', 172 | }, 173 | type: 'array', 174 | }, 175 | }, 176 | required: [ 177 | 'key', 178 | 'operator', 179 | ], 180 | type: 'object', 181 | }, 182 | type: 'array', 183 | }, 184 | matchLabels: { 185 | additionalProperties: { 186 | type: 'string', 187 | }, 188 | description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.', 189 | type: 'object', 190 | }, 191 | }, 192 | type: 'object', 193 | }, 194 | scheme: { 195 | description: 'Scheme defines the scheme for all Ingresses that belong to IngressClass with this IngressClassParams.', 196 | enum: [ 197 | 'internal', 198 | 'internet-facing', 199 | ], 200 | type: 'string', 201 | }, 202 | tags: { 203 | description: 'Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams.', 204 | items: { 205 | description: 'Tag defines a AWS Tag on resources.', 206 | properties: { 207 | key: { 208 | description: 'The key of the tag.', 209 | type: 'string', 210 | }, 211 | value: { 212 | description: 'The value of the tag.', 213 | type: 'string', 214 | }, 215 | }, 216 | required: [ 217 | 'key', 218 | 'value', 219 | ], 220 | type: 'object', 221 | }, 222 | type: 'array', 223 | }, 224 | }, 225 | type: 'object', 226 | }, 227 | }, 228 | type: 'object', 229 | }, 230 | }, 231 | served: true, 232 | storage: true, 233 | subresources: {}, 234 | }, 235 | ], 236 | }, 237 | }); 238 | 239 | // targetgroupbindings elbv2 k8s aws CRD. 240 | new cdk8s.ApiObject(this, 'aws-load-balancer-controller-tgbinding-crd', { 241 | apiVersion: 'apiextensions.k8s.io/v1', 242 | kind: 'CustomResourceDefinition', 243 | metadata: { 244 | annotations: { 245 | 'controller-gen.kubebuilder.io/version': 'v0.5.0', 246 | }, 247 | creationTimestamp: null, 248 | name: 'targetgroupbindings.elbv2.k8s.aws', 249 | }, 250 | spec: { 251 | group: 'elbv2.k8s.aws', 252 | names: { 253 | kind: 'TargetGroupBinding', 254 | listKind: 'TargetGroupBindingList', 255 | plural: 'targetgroupbindings', 256 | singular: 'targetgroupbinding', 257 | }, 258 | scope: 'Namespaced', 259 | versions: [ 260 | { 261 | additionalPrinterColumns: [ 262 | { 263 | description: "The Kubernetes Service's name", 264 | jsonPath: '.spec.serviceRef.name', 265 | name: 'SERVICE-NAME', 266 | type: 'string', 267 | }, 268 | { 269 | description: "The Kubernetes Service's port", 270 | jsonPath: '.spec.serviceRef.port', 271 | name: 'SERVICE-PORT', 272 | type: 'string', 273 | }, 274 | { 275 | description: "The AWS TargetGroup's TargetType", 276 | jsonPath: '.spec.targetType', 277 | name: 'TARGET-TYPE', 278 | type: 'string', 279 | }, 280 | { 281 | description: "The AWS TargetGroup's Amazon Resource Name", 282 | jsonPath: '.spec.targetGroupARN', 283 | name: 'ARN', 284 | priority: 1, 285 | type: 'string', 286 | }, 287 | { 288 | jsonPath: '.metadata.creationTimestamp', 289 | name: 'AGE', 290 | type: 'date', 291 | }, 292 | ], 293 | name: 'v1alpha1', 294 | schema: { 295 | openAPIV3Schema: { 296 | description: 'TargetGroupBinding is the Schema for the TargetGroupBinding API', 297 | properties: { 298 | apiVersion: { 299 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources', 300 | type: 'string', 301 | }, 302 | kind: { 303 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds', 304 | type: 'string', 305 | }, 306 | metadata: { 307 | type: 'object', 308 | }, 309 | spec: { 310 | description: 'TargetGroupBindingSpec defines the desired state of TargetGroupBinding', 311 | properties: { 312 | networking: { 313 | description: 'networking provides the networking setup for ELBV2 LoadBalancer to access targets in TargetGroup.', 314 | properties: { 315 | ingress: { 316 | description: 'List of ingress rules to allow ELBV2 LoadBalancer to access targets in TargetGroup.', 317 | items: { 318 | properties: { 319 | from: { 320 | description: 'List of peers which should be able to access the targets in TargetGroup. At least one NetworkingPeer should be specified.', 321 | items: { 322 | description: 'NetworkingPeer defines the source/destination peer for networking rules.', 323 | properties: { 324 | ipBlock: { 325 | description: 'IPBlock defines an IPBlock peer. If specified, none of the other fields can be set.', 326 | properties: { 327 | cidr: { 328 | description: 'CIDR is the network CIDR. Both IPV4 or IPV6 CIDR are accepted.', 329 | type: 'string', 330 | }, 331 | }, 332 | required: [ 333 | 'cidr', 334 | ], 335 | type: 'object', 336 | }, 337 | securityGroup: { 338 | description: 'SecurityGroup defines a SecurityGroup peer. If specified, none of the other fields can be set.', 339 | properties: { 340 | groupID: { 341 | description: 'GroupID is the EC2 SecurityGroupID.', 342 | type: 'string', 343 | }, 344 | }, 345 | required: [ 346 | 'groupID', 347 | ], 348 | type: 'object', 349 | }, 350 | }, 351 | type: 'object', 352 | }, 353 | type: 'array', 354 | }, 355 | ports: { 356 | description: 'List of ports which should be made accessible on the targets in TargetGroup. If ports is empty or unspecified, it defaults to all ports with TCP.', 357 | items: { 358 | properties: { 359 | port: { 360 | 'anyOf': [ 361 | { 362 | type: 'integer', 363 | }, 364 | { 365 | type: 'string', 366 | }, 367 | ], 368 | 'description': 'The port which traffic must match. When NodePort endpoints(instance TargetType) is used, this must be a numerical port. When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods. if port is unspecified, it defaults to all ports.', 369 | 'x-kubernetes-int-or-string': true, 370 | }, 371 | protocol: { 372 | description: 'The protocol which traffic must match. If protocol is unspecified, it defaults to TCP.', 373 | enum: [ 374 | 'TCP', 375 | 'UDP', 376 | ], 377 | type: 'string', 378 | }, 379 | }, 380 | type: 'object', 381 | }, 382 | type: 'array', 383 | }, 384 | }, 385 | required: [ 386 | 'from', 387 | 'ports', 388 | ], 389 | type: 'object', 390 | }, 391 | type: 'array', 392 | }, 393 | }, 394 | type: 'object', 395 | }, 396 | serviceRef: { 397 | description: 'serviceRef is a reference to a Kubernetes Service and ServicePort.', 398 | properties: { 399 | name: { 400 | description: 'Name is the name of the Service.', 401 | type: 'string', 402 | }, 403 | port: { 404 | 'anyOf': [ 405 | { 406 | type: 'integer', 407 | }, 408 | { 409 | type: 'string', 410 | }, 411 | ], 412 | 'description': 'Port is the port of the ServicePort.', 413 | 'x-kubernetes-int-or-string': true, 414 | }, 415 | }, 416 | required: [ 417 | 'name', 418 | 'port', 419 | ], 420 | type: 'object', 421 | }, 422 | targetGroupARN: { 423 | description: 'targetGroupARN is the Amazon Resource Name (ARN) for the TargetGroup.', 424 | type: 'string', 425 | }, 426 | targetType: { 427 | description: 'targetType is the TargetType of TargetGroup. If unspecified, it will be automatically inferred.', 428 | enum: [ 429 | 'instance', 430 | 'ip', 431 | ], 432 | type: 'string', 433 | }, 434 | }, 435 | required: [ 436 | 'serviceRef', 437 | 'targetGroupARN', 438 | ], 439 | type: 'object', 440 | }, 441 | status: { 442 | description: 'TargetGroupBindingStatus defines the observed state of TargetGroupBinding', 443 | properties: { 444 | observedGeneration: { 445 | description: 'The generation observed by the TargetGroupBinding controller.', 446 | format: 'int64', 447 | type: 'integer', 448 | }, 449 | }, 450 | type: 'object', 451 | }, 452 | }, 453 | type: 'object', 454 | }, 455 | }, 456 | served: true, 457 | storage: false, 458 | subresources: { 459 | status: {}, 460 | }, 461 | }, 462 | { 463 | additionalPrinterColumns: [ 464 | { 465 | description: "The Kubernetes Service's name", 466 | jsonPath: '.spec.serviceRef.name', 467 | name: 'SERVICE-NAME', 468 | type: 'string', 469 | }, 470 | { 471 | description: "The Kubernetes Service's port", 472 | jsonPath: '.spec.serviceRef.port', 473 | name: 'SERVICE-PORT', 474 | type: 'string', 475 | }, 476 | { 477 | description: "The AWS TargetGroup's TargetType", 478 | jsonPath: '.spec.targetType', 479 | name: 'TARGET-TYPE', 480 | type: 'string', 481 | }, 482 | { 483 | description: "The AWS TargetGroup's Amazon Resource Name", 484 | jsonPath: '.spec.targetGroupARN', 485 | name: 'ARN', 486 | priority: 1, 487 | type: 'string', 488 | }, 489 | { 490 | jsonPath: '.metadata.creationTimestamp', 491 | name: 'AGE', 492 | type: 'date', 493 | }, 494 | ], 495 | name: 'v1beta1', 496 | schema: { 497 | openAPIV3Schema: { 498 | description: 'TargetGroupBinding is the Schema for the TargetGroupBinding API', 499 | properties: { 500 | apiVersion: { 501 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources', 502 | type: 'string', 503 | }, 504 | kind: { 505 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds', 506 | type: 'string', 507 | }, 508 | metadata: { 509 | type: 'object', 510 | }, 511 | spec: { 512 | description: 'TargetGroupBindingSpec defines the desired state of TargetGroupBinding', 513 | properties: { 514 | networking: { 515 | description: 'networking defines the networking rules to allow ELBV2 LoadBalancer to access targets in TargetGroup.', 516 | properties: { 517 | ingress: { 518 | description: 'List of ingress rules to allow ELBV2 LoadBalancer to access targets in TargetGroup.', 519 | items: { 520 | description: "NetworkingIngressRule defines a particular set of traffic that is allowed to access TargetGroup's targets.", 521 | properties: { 522 | from: { 523 | description: 'List of peers which should be able to access the targets in TargetGroup. At least one NetworkingPeer should be specified.', 524 | items: { 525 | description: 'NetworkingPeer defines the source/destination peer for networking rules.', 526 | properties: { 527 | ipBlock: { 528 | description: 'IPBlock defines an IPBlock peer. If specified, none of the other fields can be set.', 529 | properties: { 530 | cidr: { 531 | description: 'CIDR is the network CIDR. Both IPV4 or IPV6 CIDR are accepted.', 532 | type: 'string', 533 | }, 534 | }, 535 | required: [ 536 | 'cidr', 537 | ], 538 | type: 'object', 539 | }, 540 | securityGroup: { 541 | description: 'SecurityGroup defines a SecurityGroup peer. If specified, none of the other fields can be set.', 542 | properties: { 543 | groupID: { 544 | description: 'GroupID is the EC2 SecurityGroupID.', 545 | type: 'string', 546 | }, 547 | }, 548 | required: [ 549 | 'groupID', 550 | ], 551 | type: 'object', 552 | }, 553 | }, 554 | type: 'object', 555 | }, 556 | type: 'array', 557 | }, 558 | ports: { 559 | description: 'List of ports which should be made accessible on the targets in TargetGroup. If ports is empty or unspecified, it defaults to all ports with TCP.', 560 | items: { 561 | description: 'NetworkingPort defines the port and protocol for networking rules.', 562 | properties: { 563 | port: { 564 | 'anyOf': [ 565 | { 566 | type: 'integer', 567 | }, 568 | { 569 | type: 'string', 570 | }, 571 | ], 572 | 'description': 'The port which traffic must match. When NodePort endpoints(instance TargetType) is used, this must be a numerical port. When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods. if port is unspecified, it defaults to all ports.', 573 | 'x-kubernetes-int-or-string': true, 574 | }, 575 | protocol: { 576 | description: 'The protocol which traffic must match. If protocol is unspecified, it defaults to TCP.', 577 | enum: [ 578 | 'TCP', 579 | 'UDP', 580 | ], 581 | type: 'string', 582 | }, 583 | }, 584 | type: 'object', 585 | }, 586 | type: 'array', 587 | }, 588 | }, 589 | required: [ 590 | 'from', 591 | 'ports', 592 | ], 593 | type: 'object', 594 | }, 595 | type: 'array', 596 | }, 597 | }, 598 | type: 'object', 599 | }, 600 | nodeSelector: { 601 | description: 'node selector for instance type target groups to only register certain nodes', 602 | properties: { 603 | matchExpressions: { 604 | description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.', 605 | items: { 606 | description: 'A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.', 607 | properties: { 608 | key: { 609 | description: 'key is the label key that the selector applies to.', 610 | type: 'string', 611 | }, 612 | operator: { 613 | description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", 614 | type: 'string', 615 | }, 616 | values: { 617 | description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.', 618 | items: { 619 | type: 'string', 620 | }, 621 | type: 'array', 622 | }, 623 | }, 624 | required: [ 625 | 'key', 626 | 'operator', 627 | ], 628 | type: 'object', 629 | }, 630 | type: 'array', 631 | }, 632 | matchLabels: { 633 | additionalProperties: { 634 | type: 'string', 635 | }, 636 | description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.', 637 | type: 'object', 638 | }, 639 | }, 640 | type: 'object', 641 | }, 642 | serviceRef: { 643 | description: 'serviceRef is a reference to a Kubernetes Service and ServicePort.', 644 | properties: { 645 | name: { 646 | description: 'Name is the name of the Service.', 647 | type: 'string', 648 | }, 649 | port: { 650 | 'anyOf': [ 651 | { 652 | type: 'integer', 653 | }, 654 | { 655 | type: 'string', 656 | }, 657 | ], 658 | 'description': 'Port is the port of the ServicePort.', 659 | 'x-kubernetes-int-or-string': true, 660 | }, 661 | }, 662 | required: [ 663 | 'name', 664 | 'port', 665 | ], 666 | type: 'object', 667 | }, 668 | targetGroupARN: { 669 | description: 'targetGroupARN is the Amazon Resource Name (ARN) for the TargetGroup.', 670 | minLength: 1, 671 | type: 'string', 672 | }, 673 | targetType: { 674 | description: 'targetType is the TargetType of TargetGroup. If unspecified, it will be automatically inferred.', 675 | enum: [ 676 | 'instance', 677 | 'ip', 678 | ], 679 | type: 'string', 680 | }, 681 | }, 682 | required: [ 683 | 'serviceRef', 684 | 'targetGroupARN', 685 | ], 686 | type: 'object', 687 | }, 688 | status: { 689 | description: 'TargetGroupBindingStatus defines the observed state of TargetGroupBinding', 690 | properties: { 691 | observedGeneration: { 692 | description: 'The generation observed by the TargetGroupBinding controller.', 693 | format: 'int64', 694 | type: 'integer', 695 | }, 696 | }, 697 | type: 'object', 698 | }, 699 | }, 700 | type: 'object', 701 | }, 702 | }, 703 | served: true, 704 | storage: true, 705 | subresources: { 706 | status: {}, 707 | }, 708 | }, 709 | ], 710 | }, 711 | }); 712 | new cdk8s.Helm(this, 'helmawsLoadBalancerController', { 713 | chart: 'eks/aws-load-balancer-controller', 714 | releaseName: 'aws-load-balancer-controller', 715 | helmFlags: ['--namespace', this.namespace, '--version', this.chartVersion], 716 | values: { 717 | clusterName: options.clusterName, 718 | serviceAccount: { 719 | create: options.createServiceAccount ?? true, 720 | name: this.serviceAccountName, 721 | }, 722 | }, 723 | }); 724 | } 725 | } --------------------------------------------------------------------------------