CDK-Lib EKS Constructs - Private repo support for artifacts #26842
Labels
@aws-cdk/aws-eks
Related to Amazon Elastic Kubernetes Service
effort/small
Small work item – less than a day of effort
feature-request
A feature should be added or improved.
p2
Comments
elarsson1
added
feature-request
github-actions
bot
added
the
@aws-cdk/aws-eks
peterwoodworth
added
p2
effort/small
|
Makes sense, thanks for the request. |
|
We can add a property to customize that URL. |
|
As a workaround, you can use escape hatches: const cluster = new eks.Cluster(this, 'Cluster', {
version: eks.KubernetesVersion.V1_27,
albController: {
version: eks.AlbControllerVersion.V2_2_3,
}
});
const albHelmChart = cluster.albController?.node.defaultChild as eks.HelmChart
const albCr = albHelmChart.node.defaultChild?.node.defaultChild as cdk.CfnResource
albCr.addPropertyOverride('Repository', '<my-company-repository>') |
|
+1. Thank you @elarsson1 for raising this issue. We are definitely looking forward to a clean and easy solution as you have described. |
|
+1 Currently I have to host the image and helm chart package in ECR (privately), and add_helm_chart to the cluster to do this. Not even sure if some configurations are being missed going in this direction, versus using the construct's |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
Allow customers to specify private repositories for external artifacts referenced by AWS provided constructs. For example, the AWS Load Balancer Controller construct directly references the public GitHub repo for its Helm chart:
https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-eks/lib/alb-controller.ts#L273
Use Case
Security sensitive customers have requirements for all software artifacts to be sourced from internal vetted repos, that may take additional measures to ensure artifacts are immutable, and that consumption from upstream is vetted through organization required security checks. They cannot have.a deployment trigger a system to pull artifacts directly from a source on the internet.
Proposed Solution
Expose artifact URLs as configuration instead of hard coding them in construct libraries. Allow customers to override the artifact URL with a local URL or OCI compliant repository for supported artifacts, such as container images or Helm charts.
Other Information
No response
Acknowledgements
CDK version used
2.92
Environment details (OS name and version, etc.)
Amazon Linux 2
The text was updated successfully, but these errors were encountered: