Feature/import clusters

examples/teams/team-troi/index.ts

@@ -30,7 +30,7 @@ export class TeamTroi implements Team {
         new cdk.CfnOutput(stack, this.name + '-sa-iam-role', { value: sa.role.roleArn });
     }
 
-    setupNamespacePolicies(cluster: eks.Cluster) : eks.KubernetesManifest {
+    setupNamespacePolicies(cluster: eks.ICluster) : eks.KubernetesManifest {
         const quotaName = this.name + "-quota";
         return cluster.addManifest(quotaName, {
             apiVersion: 'v1',

lib/addons/aws-batch-on-eks/index.ts

@@ -1,13 +1,16 @@
+import assert = require("assert");
 import { ClusterAddOn, ClusterInfo } from "../../spi";
 import { Stack } from "aws-cdk-lib";
+import { Cluster } from "aws-cdk-lib/aws-eks";
 import { CfnServiceLinkedRole, IRole, Role } from "aws-cdk-lib/aws-iam";
 import { Construct } from "constructs";
 
 const BATCH = 'aws-batch';
 
 export class AwsBatchAddOn implements ClusterAddOn {
   deploy(clusterInfo: ClusterInfo): Promise<Construct> {
-    const cluster = clusterInfo.cluster;
+    assert(clusterInfo.cluster instanceof Cluster, "AwsBatchAddOn cannot be used with imported clusters");
+    const cluster: Cluster = clusterInfo.cluster;
     const roleNameforBatch = 'AWSServiceRoleForBatch';
     const slrCheck = Role.fromRoleName(cluster.stack, 'BatchServiceLinkedRole', roleNameforBatch);
 

lib/addons/aws-node-termination-handler/index.ts

@@ -1,6 +1,6 @@
 import { AutoScalingGroup, LifecycleHook, LifecycleTransition } from 'aws-cdk-lib/aws-autoscaling';
 import { QueueHook } from 'aws-cdk-lib/aws-autoscaling-hooktargets';
-import { Cluster, ServiceAccount } from 'aws-cdk-lib/aws-eks';
+import { ICluster, ServiceAccount } from 'aws-cdk-lib/aws-eks';
 import { EventPattern, Rule } from 'aws-cdk-lib/aws-events';
 import { SqsQueue } from 'aws-cdk-lib/aws-events-targets';
 import * as iam from 'aws-cdk-lib/aws-iam';
@@ -122,7 +122,7 @@ export class AwsNodeTerminationHandlerAddOn extends HelmAddOn {
    * @param asgCapacity
    * @returns Helm values
    */
-    private configureQueueMode(cluster: Cluster, serviceAccount: ServiceAccount, asgCapacity: AutoScalingGroup[], karpenter: Promise<Construct> | undefined): any {
+    private configureQueueMode(cluster: ICluster, serviceAccount: ServiceAccount, asgCapacity: AutoScalingGroup[], karpenter: Promise<Construct> | undefined): any {
         const queue = new Queue(cluster.stack, "aws-nth-queue", {
             retentionPeriod: Duration.minutes(5)
         });

lib/addons/emr-on-eks/index.ts

@@ -1,12 +1,14 @@
+import assert = require("assert");
 import { ClusterAddOn, ClusterInfo } from "../../spi";
 import { Stack } from "aws-cdk-lib";
+import { Cluster } from "aws-cdk-lib/aws-eks";
 import { CfnServiceLinkedRole, IRole, Role } from "aws-cdk-lib/aws-iam";
 import { Construct } from "constructs";
 
 export class EmrEksAddOn implements ClusterAddOn {
   deploy(clusterInfo: ClusterInfo): Promise<Construct> {
-    const cluster = clusterInfo.cluster;
-
+    assert(clusterInfo.cluster instanceof Cluster, "EmrEksAddOn cannot be used with imported clusters as it requires changes to the cluster authentication.");
+    const cluster: Cluster = clusterInfo.cluster;
 
     /*
     * Create the service role used by EMR on EKS 
@@ -35,6 +37,5 @@ export class EmrEksAddOn implements ClusterAddOn {
     );
 
     return Promise.resolve(emrOnEksSlr);
-
   }
 }

lib/addons/karpenter/index.ts

@@ -137,7 +137,8 @@ export class KarpenterAddOn extends HelmAddOn {
 
     @conflictsWith('ClusterAutoScalerAddOn')
     deploy(clusterInfo: ClusterInfo): Promise<Construct> {
-        const cluster = clusterInfo.cluster;
+        assert(clusterInfo.cluster instanceof Cluster, "KarpenterAddOn cannot be used with imported clusters as it requires changes to the cluster authentication.");
+        const cluster : Cluster = clusterInfo.cluster;
         const endpoint = cluster.clusterEndpoint;
         const name = cluster.clusterName;
 

lib/spi/types.ts

@@ -1,7 +1,7 @@
 import * as assert from "assert";
 import * as cdk from 'aws-cdk-lib';
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
-import { Cluster, FargateProfile, KubernetesVersion, Nodegroup } from 'aws-cdk-lib/aws-eks';
+import * as eks from 'aws-cdk-lib/aws-eks';
 import { Construct, IConstruct } from 'constructs';
 import { ResourceProvider } from '.';
 import { EksBlueprintProps } from '../stacks';
@@ -129,8 +129,8 @@ export class ClusterInfo {
      * Constructor for ClusterInfo
      * @param props
      */
-    constructor(readonly cluster: Cluster, readonly version: KubernetesVersion,
-        readonly nodeGroups?: Nodegroup[], readonly autoscalingGroups?: AutoScalingGroup[], readonly fargateProfiles?: FargateProfile[]) {
+    constructor(readonly cluster: eks.ICluster, readonly version: eks.KubernetesVersion,
+        readonly nodeGroups?: eks.Nodegroup[], readonly autoscalingGroups?: AutoScalingGroup[], readonly fargateProfiles?: eks.FargateProfile[]) {
         this.cluster = cluster;
         this.provisionedAddOns = new Map<string, Construct>();
         this.scheduledAddOns = new Map<string, Promise<Construct>>();

lib/teams/emr-on-eks-team.ts

@@ -1,4 +1,4 @@
-import { Cluster } from "aws-cdk-lib/aws-eks";
+import { ICluster } from "aws-cdk-lib/aws-eks";
 import { FederatedPrincipal, IManagedPolicy, ManagedPolicy, PolicyStatement, Role } from "aws-cdk-lib/aws-iam";
 import { Aws, CfnJson, CfnOutput, CfnTag } from "aws-cdk-lib";
 import * as nsutils from '../utils/namespace-utils';
@@ -187,7 +187,7 @@ export class EmrEksTeam extends ApplicationTeam {
    * @param name Name of the IAM role
    * @returns Role
    */
-  private createExecutionRole(cluster: Cluster, policy: IManagedPolicy, namespace: string, name: string): Role {
+  private createExecutionRole(cluster: ICluster, policy: IManagedPolicy, namespace: string, name: string): Role {
 
     const stack = cluster.stack;
 

lib/teams/team.ts

@@ -1,11 +1,12 @@
 import { CfnOutput } from 'aws-cdk-lib';
-import { KubernetesManifest, ServiceAccount } from 'aws-cdk-lib/aws-eks';
+import { Cluster, KubernetesManifest, ServiceAccount } from 'aws-cdk-lib/aws-eks';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import { IRole } from "aws-cdk-lib/aws-iam";
 import { CsiSecretProps, SecretProviderClass } from '../addons/secrets-store/csi-driver-provider-aws-secrets';
 import { ClusterInfo, Team, Values } from '../spi';
 import { applyYamlFromDir } from '../utils/yaml-utils';
 import { DefaultTeamRoles } from './default-team-roles';
+import { logger } from '../utils';
 
 /**
  * Team properties.
@@ -115,8 +116,14 @@ export class ApplicationTeam implements Team {
     }
 
     protected defaultSetupAccess(clusterInfo: ClusterInfo) {
-        const props = this.teamProps;
-        const awsAuth = clusterInfo.cluster.awsAuth;
+        const props = this.teamProps;        
+
+        if(!(clusterInfo.cluster instanceof Cluster)) {
+            logger.warn(`Team ${props.name} has cluster access updates that are not supported with imported clusters` );
+            return;
+        }
+        const eksCluster : Cluster = clusterInfo.cluster;
+        const awsAuth = eksCluster.awsAuth;
 
         const users = this.teamProps.users ?? [];
         const teamRole = this.getOrCreateRole(clusterInfo, users, props.userRoleArn);
@@ -132,15 +139,20 @@ export class ApplicationTeam implements Team {
      * @param clusterInfo 
      */
     protected defaultSetupAdminAccess(clusterInfo: ClusterInfo) {
-        const props = this.teamProps;
-        const awsAuth = clusterInfo.cluster.awsAuth;
+        const props = this.teamProps;        
+
+        if(!(clusterInfo.cluster instanceof Cluster)) {
+            logger.warn(`Team ${props.name} has cluster access updates that are not supported with imported clusters` );
+            return;
+        }
         const admins = this.teamProps.users ?? [];
         const adminRole = this.getOrCreateRole(clusterInfo, admins, props.userRoleArn);
 
         new CfnOutput(clusterInfo.cluster.stack, props.name + ' team admin ', { value: adminRole ? adminRole.roleArn : "none" });
 
         if (adminRole) {
-            awsAuth.addMastersRole(adminRole, this.teamProps.name);
+            const eksCluster: Cluster = clusterInfo.cluster;
+            eksCluster.awsAuth.addMastersRole(adminRole, this.teamProps.name);
         }
     }
 

lib/utils/cluster-utils.ts

@@ -9,7 +9,7 @@ import { ClusterInfo } from "../spi";
 const CONTROL_PLANE_LOG_TYPES = ['api','audit','authenticator','controllerManager','scheduler'];
 
 // Enables logs for the cluster.
-export function setupClusterLogging(stack: Stack, cluster: eks.Cluster, enableLogTypes: string[]): void {
+export function setupClusterLogging(stack: Stack, cluster: eks.ICluster, enableLogTypes: string[]): void {
 	if(!enableLogTypes.every(val => CONTROL_PLANE_LOG_TYPES.includes(val))){
 		throw new Error('You have included an invalid Control Plane Log Type.');
 	}

lib/utils/namespace-utils.ts

@@ -11,7 +11,7 @@ import { Values } from "../spi";
   * @param prune 
   * @returns KubernetesManifest
   */
-export function createNamespace(name: string, cluster: eks.Cluster, overwrite?: boolean, prune?: boolean, annotations?: Values, labels? : Values) {
+export function createNamespace(name: string, cluster: eks.ICluster, overwrite?: boolean, prune?: boolean, annotations?: Values, labels? : Values) {
     return new KubernetesManifest(cluster.stack, `${name}-namespace-struct`, {
         cluster: cluster,
         manifest: [{

lib/utils/sa-utils.ts

@@ -1,4 +1,4 @@
-import { Cluster, ServiceAccount } from "aws-cdk-lib/aws-eks";
+import { ICluster, ServiceAccount } from "aws-cdk-lib/aws-eks";
 import { CfnJson, Names } from "aws-cdk-lib";
 import * as eks from "aws-cdk-lib/aws-eks";
 import * as iam from "aws-cdk-lib/aws-iam";
@@ -9,7 +9,7 @@ import { Construct } from 'constructs';
  * @param clusterInfo 
  * @returns sa
  */
-export function createServiceAccount(cluster: Cluster, name: string, namespace: string, policyDocument: iam.PolicyDocument): ServiceAccount {
+export function createServiceAccount(cluster: ICluster, name: string, namespace: string, policyDocument: iam.PolicyDocument): ServiceAccount {
     const policy = new iam.ManagedPolicy(cluster, `${name}-managed-policy`, {
         document: policyDocument
     });
@@ -18,7 +18,7 @@ export function createServiceAccount(cluster: Cluster, name: string, namespace:
 
 }
 
-export function createServiceAccountWithPolicy(cluster: Cluster, name: string, namespace: string, ...policies: iam.IManagedPolicy[]): ServiceAccount {
+export function createServiceAccountWithPolicy(cluster: ICluster, name: string, namespace: string, ...policies: iam.IManagedPolicy[]): ServiceAccount {
     const sa = cluster.addServiceAccount(`${name}-sa`, {
         name: name,
         namespace: namespace

lib/utils/yaml-utils.ts

@@ -11,7 +11,7 @@ import * as yaml from 'js-yaml';
  * @param cluster 
  * @param namespaceManifest 
  */
-export function applyYamlFromDir(dir: string, cluster: eks.Cluster, namespaceManifest: KubernetesManifest): void {
+export function applyYamlFromDir(dir: string, cluster: eks.ICluster, namespaceManifest: KubernetesManifest): void {
     fs.readdirSync(dir, { encoding: 'utf8' }).forEach((file, index) => {
         if (file.split('.').pop() == 'yaml') {
             const data = fs.readFileSync(dir + file, 'utf8');