diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts index 2015d5098c88c..346f5e049ac3c 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts @@ -69,6 +69,11 @@ export class ClusterResource extends Construct { : '*' }); + this.creationRole.addToPolicy(new iam.PolicyStatement({ + actions: [ 'ec2:DescribeSubnets' ], + resources: [ '*' ], + })); + this.creationRole.addToPolicy(new iam.PolicyStatement({ actions: [ 'eks:CreateCluster', 'eks:DescribeCluster', 'eks:DeleteCluster', 'eks:UpdateClusterVersion', 'eks:UpdateClusterConfig', 'eks:CreateFargateProfile' ], resources: [ resourceArn ] diff --git a/packages/@aws-cdk/aws-eks/lib/fargate-cluster.ts b/packages/@aws-cdk/aws-eks/lib/fargate-cluster.ts index e21dee40c4586..a3a2fc8a5e618 100644 --- a/packages/@aws-cdk/aws-eks/lib/fargate-cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/fargate-cluster.ts @@ -1,10 +1,18 @@ import { Construct } from '@aws-cdk/core'; import { Cluster, ClusterOptions, CoreDnsComputeType } from './cluster'; +import { FargateProfileOptions } from './fargate-profile'; /** * Configuration props for EKS Fargate. */ export interface FargateClusterProps extends ClusterOptions { + /** + * Fargate Profile to create along with the cluster. + * + * @default - A profile called "default" with 'default' and 'kube-system' + * selectors will be created if this is left undefined. + */ + readonly defaultProfile?: FargateProfileOptions; } /** @@ -23,11 +31,14 @@ export class FargateCluster extends Cluster { coreDnsComputeType: props.coreDnsComputeType ?? CoreDnsComputeType.FARGATE }); - this.addFargateProfile('default', { - selectors: [ - { namespace: 'default' }, - { namespace: 'kube-system' }, - ] - }); + this.addFargateProfile( + props.defaultProfile?.fargateProfileName ?? (props.defaultProfile ? 'custom' : 'default'), + props.defaultProfile ?? { + selectors: [ + {namespace: 'default'}, + {namespace: 'kube-system'}, + ] + } + ); } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json index 779c964bddc3b..8e76ef61755d6 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.defaults.expected.json @@ -723,6 +723,11 @@ ] } }, + { + "Action": "ec2:DescribeSubnets", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json index bcc04594f2db3..34f9e252e5ac1 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.lit.expected.json @@ -723,6 +723,11 @@ ] } }, + { + "Action": "ec2:DescribeSubnets", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json index 6b880e52c9e2f..d5e94e595dc89 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-fargate.expected.json @@ -734,6 +734,11 @@ ] } }, + { + "Action": "ec2:DescribeSubnets", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json index 02bf4410c3ffb..7d8d07c5f30b1 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-helm.lit.expected.json @@ -587,6 +587,11 @@ ] } }, + { + "Action": "ec2:DescribeSubnets", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json index 58873aafb258a..934696a13c66f 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-kubectl.lit.expected.json @@ -587,6 +587,11 @@ ] } }, + { + "Action": "ec2:DescribeSubnets", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json index 927ea01b5b314..704bb807f4959 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-spot.expected.json @@ -561,6 +561,11 @@ ] } }, + { + "Action": "ec2:DescribeSubnets", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/test.cluster.ts b/packages/@aws-cdk/aws-eks/test/test.cluster.ts index 3f00ab7cde4a1..5127af9e1c7f2 100644 --- a/packages/@aws-cdk/aws-eks/test/test.cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/test.cluster.ts @@ -669,6 +669,11 @@ export = { ] } }, + { + Action: "ec2:DescribeSubnets", + Effect: "Allow", + Resource: "*", + }, { Action: [ "eks:CreateCluster", @@ -757,6 +762,11 @@ export = { ] } }, + { + Action: "ec2:DescribeSubnets", + Effect: "Allow", + Resource: "*", + }, { Action: [ "eks:CreateCluster", diff --git a/packages/@aws-cdk/aws-eks/test/test.fargate.ts b/packages/@aws-cdk/aws-eks/test/test.fargate.ts index 1860557145b67..dc8d1d94126a4 100644 --- a/packages/@aws-cdk/aws-eks/test/test.fargate.ts +++ b/packages/@aws-cdk/aws-eks/test/test.fargate.ts @@ -129,7 +129,7 @@ export = { test.done(); }, - 'fails if therer are no selectors or if there are more than 5'(test: Test) { + 'fails if there are no selectors or if there are more than 5'(test: Test) { // GIVEN const stack = new Stack(); const cluster = new eks.Cluster(stack, 'MyCluster'); @@ -185,5 +185,70 @@ export = { } })); test.done(); + }, + + 'can create FargateCluster with a custom profile'(test: Test) { + // GIVEN + const stack = new Stack(); + + // WHEN + new eks.FargateCluster(stack, 'FargateCluster', { + defaultProfile: { + fargateProfileName: 'my-app', selectors: [{namespace: 'foo'}, {namespace: 'bar'}] + } + }); + + // THEN + expect(stack).to(haveResource('Custom::AWSCDK-EKS-FargateProfile', { + Config: { + clusterName: { + Ref: "FargateCluster019F03E8" + }, + fargateProfileName: "my-app", + podExecutionRoleArn: { + "Fn::GetAtt": [ + "FargateClusterfargateprofilemyappPodExecutionRole875B4635", + "Arn" + ] + }, + selectors: [ + { namespace: "foo" }, + { namespace: "bar" } + ] + } + })); + test.done(); + }, + + 'custom profile name is "custom" if no custom profile name is provided'(test: Test) { + // GIVEN + const stack = new Stack(); + + // WHEN + new eks.FargateCluster(stack, 'FargateCluster', { + defaultProfile: { + selectors: [{namespace: 'foo'}, {namespace: 'bar'}] + } + }); + + // THEN + expect(stack).to(haveResource('Custom::AWSCDK-EKS-FargateProfile', { + Config: { + clusterName: { + Ref: "FargateCluster019F03E8" + }, + podExecutionRoleArn: { + "Fn::GetAtt": [ + "FargateClusterfargateprofilecustomPodExecutionRoleDB415F19", + "Arn" + ] + }, + selectors: [ + { namespace: "foo" }, + { namespace: "bar" } + ] + } + })); + test.done(); } -}; \ No newline at end of file +};