fix: remove namespace creation logic from sa and add common-component…

…s to internal-system (#14)
smallcase · May 18, 2022 · d96b017 · d96b017
1 parent d477b9d
commit d96b017
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 29 deletions.
diff --git a/API.md b/API.md
@@ -67,7 +67,7 @@ new EKSCluster(scope: Construct, id: string, props: EKSClusterProps)
 ##### `addServiceAccountWithIamRole` <a name="@smallcase/cdk-eks-cluster-module.EKSCluster.addServiceAccountWithIamRole"></a>
 
 ```typescript
-public addServiceAccountWithIamRole(serviceAccountName: string, serviceAccountNamespace: string, policy: any, saNamespaceCreate?: boolean)
+public addServiceAccountWithIamRole(serviceAccountName: string, serviceAccountNamespace: string, policy: any)
 ```
 
 ###### `serviceAccountName`<sup>Required</sup> <a name="@smallcase/cdk-eks-cluster-module.EKSCluster.parameter.serviceAccountName"></a>
@@ -88,12 +88,6 @@ public addServiceAccountWithIamRole(serviceAccountName: string, serviceAccountNa
 
 ---
 
-###### `saNamespaceCreate`<sup>Optional</sup> <a name="@smallcase/cdk-eks-cluster-module.EKSCluster.parameter.saNamespaceCreate"></a>
-
-- *Type:* `boolean`
-
----
-
 
 #### Properties <a name="Properties"></a>
 
@@ -352,6 +346,16 @@ public readonly fargetProfiles: FargetProfile[];
 
 ---
 
+##### `namespaces`<sup>Optional</sup> <a name="@smallcase/cdk-eks-cluster-module.ClusterConfig.property.namespaces"></a>
+
+```typescript
+public readonly namespaces: {[ key: string ]: NamespaceSpec};
+```
+
+- *Type:* {[ key: string ]: [`@smallcase/cdk-eks-cluster-module.NamespaceSpec`](#@smallcase/cdk-eks-cluster-module.NamespaceSpec)}
+
+---
+
 ##### `publicAllowAccess`<sup>Optional</sup> <a name="@smallcase/cdk-eks-cluster-module.ClusterConfig.property.publicAllowAccess"></a>
 
 ```typescript
@@ -552,6 +556,36 @@ import { InternalMap } from '@smallcase/cdk-eks-cluster-module'
 const internalMap: InternalMap = { ... }
 ```
 
+### NamespaceSpec <a name="@smallcase/cdk-eks-cluster-module.NamespaceSpec"></a>
+
+#### Initializer <a name="[object Object].Initializer"></a>
+
+```typescript
+import { NamespaceSpec } from '@smallcase/cdk-eks-cluster-module'
+
+const namespaceSpec: NamespaceSpec = { ... }
+```
+
+##### `annotations`<sup>Optional</sup> <a name="@smallcase/cdk-eks-cluster-module.NamespaceSpec.property.annotations"></a>
+
+```typescript
+public readonly annotations: InternalMap;
+```
+
+- *Type:* [`@smallcase/cdk-eks-cluster-module.InternalMap`](#@smallcase/cdk-eks-cluster-module.InternalMap)
+
+---
+
+##### `labels`<sup>Optional</sup> <a name="@smallcase/cdk-eks-cluster-module.NamespaceSpec.property.labels"></a>
+
+```typescript
+public readonly labels: InternalMap;
+```
+
+- *Type:* [`@smallcase/cdk-eks-cluster-module.InternalMap`](#@smallcase/cdk-eks-cluster-module.InternalMap)
+
+---
+
 ### NodeGroupConfig <a name="@smallcase/cdk-eks-cluster-module.NodeGroupConfig"></a>
 
 #### Initializer <a name="[object Object].Initializer"></a>

diff --git a/src/constructs/eks-cluster.ts b/src/constructs/eks-cluster.ts
@@ -25,6 +25,10 @@ export interface FargetProfile {
   readonly labels?: InternalMap;
 }
 
+export interface NamespaceSpec {
+  readonly annotations?: InternalMap;
+  readonly labels?: InternalMap;
+}
 export interface NodeGroupConfig {
   readonly name: string;
   readonly instanceTypes: ec2.InstanceType[];
@@ -55,6 +59,7 @@ export interface ClusterConfig {
   readonly defaultCapacity: number;
   readonly subnets: InternalMap;
   readonly publicAllowAccess?: string[];
+  readonly namespaces?: Record<string, NamespaceSpec>;
   readonly teamMembers: string[];
   readonly albControllerVersion?: eks.AlbControllerVersion;
   readonly teamExistingRolePermission?: Record<string, string>;
@@ -152,7 +157,27 @@ export class EKSCluster extends Construct {
             },
           ],
     });
-    this.cluster;
+    if (props.clusterConfig.namespaces != undefined) {
+      let namespaces: Map<string, NamespaceSpec> = ObjToStrMap(props.clusterConfig.namespaces);
+      namespaces.forEach((namespaceSpec, name)=> {
+        new eks.KubernetesManifest(this, `${name}-namespaces`, {
+          overwrite: true,
+          cluster: this.cluster,
+          manifest: [
+            {
+              kind: 'Namespace',
+              apiVersion: 'v1',
+              metadata: {
+                name: name,
+                labels: namespaceSpec.labels ?? {},
+                annotations: namespaceSpec.annotations ?? {},
+              },
+
+            },
+          ],
+        });
+      });
+    }
     // Attach IAM Policy to cluster role (required for VPC SG)
     // https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
     const clusterRole = iam.Role.fromRoleArn(this, 'clusterRole', this.cluster.role.roleArn);
@@ -402,24 +427,7 @@ export class EKSCluster extends Construct {
     });
   }
 
-  public addServiceAccountWithIamRole(serviceAccountName: string, serviceAccountNamespace: string, policy: any, saNamespaceCreate?: boolean ) {
-    var create = saNamespaceCreate ?? false;
-    if (create) {
-      new eks.KubernetesManifest(this, `${serviceAccountName}-ns`, {
-        overwrite: true,
-        cluster: this.cluster,
-        manifest: [
-          {
-            kind: 'Namespace',
-            apiVersion: 'v1',
-            metadata: {
-              name: serviceAccountNamespace,
-            },
-          },
-        ],
-      });
-    }
-
+  public addServiceAccountWithIamRole(serviceAccountName: string, serviceAccountNamespace: string, policy: any) {
     const sa = new eks.ServiceAccount(this, serviceAccountName, {
       cluster: this.cluster,
       name: serviceAccountName,
@@ -539,7 +547,7 @@ export class EKSCluster extends Construct {
           chartReleaseName: 'private-external-dns',
           chartVersion: '1.9.0',
           helmRepository: 'https://kubernetes-sigs.github.io/external-dns/',
-          namespace: 'kube-system',
+          namespace: 'internal-system',
           helmValues: {
             extraArgs: [
               '--aws-zone-type=private',
@@ -560,7 +568,7 @@ export class EKSCluster extends Construct {
           chartReleaseName: 'public-external-dns',
           chartVersion: '1.9.0',
           helmRepository: 'https://kubernetes-sigs.github.io/external-dns/',
-          namespace: 'kube-system',
+          namespace: 'internal-system',
           helmValues: {
             extraArgs: [
               '--aws-zone-type=public',
@@ -580,7 +588,7 @@ export class EKSCluster extends Construct {
           chartName: 'cluster-autoscaler',
           chartVersion: '9.18.0',
           helmRepository: 'https://kubernetes.github.io/autoscaler',
-          namespace: 'kube-system',
+          namespace: 'internal-system',
           helmValues: {
             autoDiscovery: {
               clusterName: clusterName,