Small fixes to ACK lab

manifests/modules/automation/controlplanes/ack/.workshop/cleanup.sh

@@ -4,4 +4,4 @@ logmessage "Deleting resources created by ACK..."
 
 delete-all-if-crd-exists tables.dynamodb.services.k8s.aws
 
-uninstall-helm-chart ack-dynamodb ack-dynamodb-chart
+uninstall-helm-chart ack-dynamodb ack-system

manifests/modules/automation/controlplanes/ack/.workshop/terraform/main.tf

@@ -87,7 +87,7 @@ module "iam_assumable_role_ack" {
   role_name                     = "${var.addon_context.eks_cluster_id}-ack-controller"
   provider_url                  = var.addon_context.eks_oidc_issuer_url
   role_policy_arns              = [aws_iam_policy.ack_dynamo.arn]
-  oidc_fully_qualified_subjects = ["system:serviceaccount:ack-dynamodb:ack-ddb-sa"]
+  oidc_fully_qualified_subjects = ["system:serviceaccount:ack-system:ack-dynamodb-controller"]
 
   tags = var.tags
 }

manifests/modules/automation/controlplanes/ack/.workshop/terraform/outputs.tf

@@ -1,8 +1,9 @@
 output "environment_variables" {
   description = "Environment variables to be added to the IDE shell"
   value = {
-    CARTS_IAM_ROLE = module.iam_assumable_role_carts.iam_role_arn,
+    CARTS_IAM_ROLE      = module.iam_assumable_role_carts.iam_role_arn,
     DYNAMODB_POLICY_ARN = aws_iam_policy.ack_dynamo.arn
-    ACK_IAM_ROLE=module.iam_assumable_role_ack.iam_role_arn,
+    ACK_IAM_ROLE        = module.iam_assumable_role_ack.iam_role_arn,
+    DYNAMO_ACK_VERSION  = var.dynamo_ack_version
   }
 }

manifests/modules/automation/controlplanes/ack/.workshop/terraform/vars.tf

@@ -33,3 +33,10 @@ variable "resources_precreated" {
   description = "Have expensive resources been created already"
   type        = bool
 }
+
+variable "dynamo_ack_version" {
+  description = "The version of Dynamo ACK to use"
+  type        = string
+  # renovate: datasource=github-releases depName=aws-controllers-k8s/dynamodb-controller
+  default = "1.2.14"
+}

package.json

@@ -15,7 +15,7 @@
     "format:fix": "prettier -w .",
     "markdown:check": "markdownlint-cli2 'website/docs/**/*.md'",
     "lint": "yarn links:check && yarn format:check && yarn markdown:check && yarn spelling:check",
-    "lint:staged": "yarn lint-staged"
+    "lint:staged": "yarn lint-staged --no-stash"
   },
   "author": "",
   "license": "Apache-2.0",

website/docs/automation/controlplanes/ack/introduction.md

@@ -5,29 +5,25 @@ sidebar_position: 3
 
 Each ACK service controller is packaged into a separate container image that is published in a public repository corresponding to an individual ACK service controller. For each AWS service that we wish to provision, resources for the corresponding controller must be installed in the Amazon EKS cluster. Helm charts and official container images for ACK are available [here](https://gallery.ecr.aws/aws-controllers-k8s).
 
-In this section, since we will be working with Amazon DynamoDB ACK, we first need to install the ACK controller by using the Helm chart. As we ran the prepare-environment earlier, a role with proper permision is created for the ACK controller. Now let's create a service account and associate it with that role.
-```bash
-$ kubectl create ns ack-dynamodb
-$ kubectl create sa ack-ddb-sa --namespace ack-dynamodb
-$ kubectl annotate serviceaccount -n  ack-dynamodb ack-ddb-sa \
-  eks.amazonaws.com/role-arn=$ACK_IAM_ROLE --overwrite
-```
+In this section, since we'll be working with Amazon DynamoDB ACK, we first need to install that ACK controller by using the Helm chart:
 
-Next, let us install the DynamoDB ACK controller by using the following commends: 
 ```bash
 $ aws ecr-public get-login-password --region us-east-1 | \
-helm registry login --username AWS --password-stdin public.ecr.aws
-$ helm install -n ack-dynamodb ack  \
+  helm registry login --username AWS --password-stdin public.ecr.aws
+
+$ helm install ack-dynamodb  \
   oci://public.ecr.aws/aws-controllers-k8s/dynamodb-chart \
-  --version=1.1.1  \
+  --version=${DYNAMO_ACK_VERSION} \
+  --namespace ack-system --create-namespace \
   --set=aws.region=$AWS_REGION \
-  --set serviceAccount.create=false \
-  --set serviceAccount.name=ack-ddb-sa
+  --set "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"="$ACK_IAM_ROLE" \
+  --wait
 ```
 
-Once the controller is installed, it is running as a deployment in ack-dynamodb namespace. To see what's under the hood, lets run the below.
+The controller will be running as a deployment in the `ack-system` namespace:
 
 ```bash
-$ kubectl get deployment  -n ack-dynamodb
+$ kubectl get deployment -n ack-system
+NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
+ack-dynamodb-dynamodb-chart   1/1     1            1           13s
 ```
-

website/docs/automation/controlplanes/ack/provision-resources.md

@@ -14,7 +14,7 @@ manifests/modules/automation/controlplanes/ack/dynamodb/dynamodb-create.yaml
 ```
 
 :::info
-Keen observers will notice that the YAML Spec closely resembles the API endpoints and calls for DynamoDB, including familiar fields such as `tableName` and `attributeDefinitions`.
+Keen observers will notice that the YAML specification closely resembles the [API signature](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) for DynamoDB, including familiar fields such as `tableName` and `attributeDefinitions`.
 :::
 
 Now, let's apply these updates to the cluster: