Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 83c4c36

Browse filesBrowse files
colifrancolifran
authored
feat(eks): alb controller include versions 2.4.2 - 2.5.1 (#25330)
## Motivation: We should provide users with all available ALB controller versions for use with aws-eks. This change does not prohibit users from using previous ALB controller versions. Instead, this adds support for versions 2.4.2 - 2.5.1. Previous ALB controller versions can be specified by using the static "of" method as part of the AlbControllerVersion class, e.g., AlbControllerVersion.of(). ## Testing: Updated existing ALB controller integrity test to use ALB controller version 2.5.1. Closes #25307 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 25bd120 commit 83c4c36
Copy full SHA for 83c4c36

17 files changed

+2006
-32
lines changed

‎packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json

Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller-test.template.json
+22-2Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1368,6 +1368,26 @@
13681368
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*"
13691369
]
13701370
},
1371+
{
1372+
"Action": "elasticloadbalancing:AddTags",
1373+
"Condition": {
1374+
"StringEquals": {
1375+
"elasticloadbalancing:CreateAction": [
1376+
"CreateTargetGroup",
1377+
"CreateLoadBalancer"
1378+
]
1379+
},
1380+
"Null": {
1381+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
1382+
}
1383+
},
1384+
"Effect": "Allow",
1385+
"Resource": [
1386+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
1387+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
1388+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
1389+
]
1390+
},
13711391
{
13721392
"Action": [
13731393
"elasticloadbalancing:DeregisterTargets",
@@ -1454,7 +1474,7 @@
14541474
},
14551475
"Release": "aws-load-balancer-controller",
14561476
"Chart": "aws-load-balancer-controller",
1457-
"Version": "1.4.1",
1477+
"Version": "1.5.2",
14581478
"Wait": true,
14591479
"Timeout": "900s",
14601480
"Values": {
@@ -1473,7 +1493,7 @@
14731493
{
14741494
"Ref": "Vpc8378EB38"
14751495
},
1476-
"\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.4.1\"}}"
1496+
"\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.5.1\"}}"
14771497
]
14781498
]
14791499
},

‎packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/tree.json

Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.js.snapshot/tree.json
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3385,6 +3385,26 @@
33853385
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*"
33863386
]
33873387
},
3388+
{
3389+
"Action": "elasticloadbalancing:AddTags",
3390+
"Condition": {
3391+
"StringEquals": {
3392+
"elasticloadbalancing:CreateAction": [
3393+
"CreateTargetGroup",
3394+
"CreateLoadBalancer"
3395+
]
3396+
},
3397+
"Null": {
3398+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
3399+
}
3400+
},
3401+
"Effect": "Allow",
3402+
"Resource": [
3403+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
3404+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
3405+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
3406+
]
3407+
},
33883408
{
33893409
"Action": [
33903410
"elasticloadbalancing:DeregisterTargets",

‎packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.ts

Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.alb-controller.ts
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ class EksClusterAlbControllerStack extends Stack {
2020
vpc,
2121
...getClusterVersionConfig(this),
2222
albController: {
23-
version: eks.AlbControllerVersion.V2_4_1,
23+
version: eks.AlbControllerVersion.V2_5_1,
2424
},
2525
});
2626

‎packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json

Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/aws-cdk-eks-cluster-inference-test.template.json
+22-2Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1703,6 +1703,26 @@
17031703
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*"
17041704
]
17051705
},
1706+
{
1707+
"Action": "elasticloadbalancing:AddTags",
1708+
"Condition": {
1709+
"StringEquals": {
1710+
"elasticloadbalancing:CreateAction": [
1711+
"CreateTargetGroup",
1712+
"CreateLoadBalancer"
1713+
]
1714+
},
1715+
"Null": {
1716+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
1717+
}
1718+
},
1719+
"Effect": "Allow",
1720+
"Resource": [
1721+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
1722+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
1723+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
1724+
]
1725+
},
17061726
{
17071727
"Action": [
17081728
"elasticloadbalancing:DeregisterTargets",
@@ -1809,7 +1829,7 @@
18091829
},
18101830
"Release": "aws-load-balancer-controller",
18111831
"Chart": "aws-load-balancer-controller",
1812-
"Version": "1.4.1",
1832+
"Version": "1.5.2",
18131833
"Wait": true,
18141834
"Timeout": "900s",
18151835
"Values": {
@@ -1828,7 +1848,7 @@
18281848
{
18291849
"Ref": "Vpc8378EB38"
18301850
},
1831-
"\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.4.1\"}}"
1851+
"\",\"image\":{\"repository\":\"602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller\",\"tag\":\"v2.5.1\"}}"
18321852
]
18331853
]
18341854
},

‎packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/tree.json

Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.js.snapshot/tree.json
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3842,6 +3842,26 @@
38423842
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*"
38433843
]
38443844
},
3845+
{
3846+
"Action": "elasticloadbalancing:AddTags",
3847+
"Condition": {
3848+
"StringEquals": {
3849+
"elasticloadbalancing:CreateAction": [
3850+
"CreateTargetGroup",
3851+
"CreateLoadBalancer"
3852+
]
3853+
},
3854+
"Null": {
3855+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
3856+
}
3857+
},
3858+
"Effect": "Allow",
3859+
"Resource": [
3860+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
3861+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
3862+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
3863+
]
3864+
},
38453865
{
38463866
"Action": [
38473867
"elasticloadbalancing:DeregisterTargets",

‎packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.ts

Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-inference.ts
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ class EksClusterInferenceStack extends Stack {
1717
vpc,
1818
...getClusterVersionConfig(this),
1919
albController: {
20-
version: eks.AlbControllerVersion.V2_4_1,
20+
version: eks.AlbControllerVersion.V2_5_1,
2121
},
2222
});
2323

‎packages/aws-cdk-lib/aws-eks/README.md

Copy file name to clipboardExpand all lines: packages/aws-cdk-lib/aws-eks/README.md
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -518,7 +518,7 @@ The default value is `eks.EndpointAccess.PUBLIC_AND_PRIVATE`. Which means the cl
518518

519519
### Alb Controller
520520

521-
Some Kubernetes resources are commonly implemented on AWS with the help of the [ALB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/).
521+
Some Kubernetes resources are commonly implemented on AWS with the help of the [ALB Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.5/).
522522

523523
From the docs:
524524

‎packages/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.2.json

Copy file name to clipboard
+219Lines changed: 219 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,219 @@
1+
{
2+
"Version": "2012-10-17",
3+
"Statement": [
4+
{
5+
"Effect": "Allow",
6+
"Action": [
7+
"iam:CreateServiceLinkedRole"
8+
],
9+
"Resource": "*",
10+
"Condition": {
11+
"StringEquals": {
12+
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
13+
}
14+
}
15+
},
16+
{
17+
"Effect": "Allow",
18+
"Action": [
19+
"ec2:DescribeAccountAttributes",
20+
"ec2:DescribeAddresses",
21+
"ec2:DescribeAvailabilityZones",
22+
"ec2:DescribeInternetGateways",
23+
"ec2:DescribeVpcs",
24+
"ec2:DescribeVpcPeeringConnections",
25+
"ec2:DescribeSubnets",
26+
"ec2:DescribeSecurityGroups",
27+
"ec2:DescribeInstances",
28+
"ec2:DescribeNetworkInterfaces",
29+
"ec2:DescribeTags",
30+
"ec2:GetCoipPoolUsage",
31+
"ec2:DescribeCoipPools",
32+
"elasticloadbalancing:DescribeLoadBalancers",
33+
"elasticloadbalancing:DescribeLoadBalancerAttributes",
34+
"elasticloadbalancing:DescribeListeners",
35+
"elasticloadbalancing:DescribeListenerCertificates",
36+
"elasticloadbalancing:DescribeSSLPolicies",
37+
"elasticloadbalancing:DescribeRules",
38+
"elasticloadbalancing:DescribeTargetGroups",
39+
"elasticloadbalancing:DescribeTargetGroupAttributes",
40+
"elasticloadbalancing:DescribeTargetHealth",
41+
"elasticloadbalancing:DescribeTags"
42+
],
43+
"Resource": "*"
44+
},
45+
{
46+
"Effect": "Allow",
47+
"Action": [
48+
"cognito-idp:DescribeUserPoolClient",
49+
"acm:ListCertificates",
50+
"acm:DescribeCertificate",
51+
"iam:ListServerCertificates",
52+
"iam:GetServerCertificate",
53+
"waf-regional:GetWebACL",
54+
"waf-regional:GetWebACLForResource",
55+
"waf-regional:AssociateWebACL",
56+
"waf-regional:DisassociateWebACL",
57+
"wafv2:GetWebACL",
58+
"wafv2:GetWebACLForResource",
59+
"wafv2:AssociateWebACL",
60+
"wafv2:DisassociateWebACL",
61+
"shield:GetSubscriptionState",
62+
"shield:DescribeProtection",
63+
"shield:CreateProtection",
64+
"shield:DeleteProtection"
65+
],
66+
"Resource": "*"
67+
},
68+
{
69+
"Effect": "Allow",
70+
"Action": [
71+
"ec2:AuthorizeSecurityGroupIngress",
72+
"ec2:RevokeSecurityGroupIngress"
73+
],
74+
"Resource": "*"
75+
},
76+
{
77+
"Effect": "Allow",
78+
"Action": [
79+
"ec2:CreateSecurityGroup"
80+
],
81+
"Resource": "*"
82+
},
83+
{
84+
"Effect": "Allow",
85+
"Action": [
86+
"ec2:CreateTags"
87+
],
88+
"Resource": "arn:aws:ec2:*:*:security-group/*",
89+
"Condition": {
90+
"StringEquals": {
91+
"ec2:CreateAction": "CreateSecurityGroup"
92+
},
93+
"Null": {
94+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
95+
}
96+
}
97+
},
98+
{
99+
"Effect": "Allow",
100+
"Action": [
101+
"ec2:CreateTags",
102+
"ec2:DeleteTags"
103+
],
104+
"Resource": "arn:aws:ec2:*:*:security-group/*",
105+
"Condition": {
106+
"Null": {
107+
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
108+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
109+
}
110+
}
111+
},
112+
{
113+
"Effect": "Allow",
114+
"Action": [
115+
"ec2:AuthorizeSecurityGroupIngress",
116+
"ec2:RevokeSecurityGroupIngress",
117+
"ec2:DeleteSecurityGroup"
118+
],
119+
"Resource": "*",
120+
"Condition": {
121+
"Null": {
122+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
123+
}
124+
}
125+
},
126+
{
127+
"Effect": "Allow",
128+
"Action": [
129+
"elasticloadbalancing:CreateLoadBalancer",
130+
"elasticloadbalancing:CreateTargetGroup"
131+
],
132+
"Resource": "*",
133+
"Condition": {
134+
"Null": {
135+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
136+
}
137+
}
138+
},
139+
{
140+
"Effect": "Allow",
141+
"Action": [
142+
"elasticloadbalancing:CreateListener",
143+
"elasticloadbalancing:DeleteListener",
144+
"elasticloadbalancing:CreateRule",
145+
"elasticloadbalancing:DeleteRule"
146+
],
147+
"Resource": "*"
148+
},
149+
{
150+
"Effect": "Allow",
151+
"Action": [
152+
"elasticloadbalancing:AddTags",
153+
"elasticloadbalancing:RemoveTags"
154+
],
155+
"Resource": [
156+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
157+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
158+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
159+
],
160+
"Condition": {
161+
"Null": {
162+
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
163+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
164+
}
165+
}
166+
},
167+
{
168+
"Effect": "Allow",
169+
"Action": [
170+
"elasticloadbalancing:AddTags",
171+
"elasticloadbalancing:RemoveTags"
172+
],
173+
"Resource": [
174+
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
175+
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
176+
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
177+
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
178+
]
179+
},
180+
{
181+
"Effect": "Allow",
182+
"Action": [
183+
"elasticloadbalancing:ModifyLoadBalancerAttributes",
184+
"elasticloadbalancing:SetIpAddressType",
185+
"elasticloadbalancing:SetSecurityGroups",
186+
"elasticloadbalancing:SetSubnets",
187+
"elasticloadbalancing:DeleteLoadBalancer",
188+
"elasticloadbalancing:ModifyTargetGroup",
189+
"elasticloadbalancing:ModifyTargetGroupAttributes",
190+
"elasticloadbalancing:DeleteTargetGroup"
191+
],
192+
"Resource": "*",
193+
"Condition": {
194+
"Null": {
195+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
196+
}
197+
}
198+
},
199+
{
200+
"Effect": "Allow",
201+
"Action": [
202+
"elasticloadbalancing:RegisterTargets",
203+
"elasticloadbalancing:DeregisterTargets"
204+
],
205+
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
206+
},
207+
{
208+
"Effect": "Allow",
209+
"Action": [
210+
"elasticloadbalancing:SetWebAcl",
211+
"elasticloadbalancing:ModifyListener",
212+
"elasticloadbalancing:AddListenerCertificates",
213+
"elasticloadbalancing:RemoveListenerCertificates",
214+
"elasticloadbalancing:ModifyRule"
215+
],
216+
"Resource": "*"
217+
}
218+
]
219+
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.