Merge branch 'master' into feature/timeout-option-helm-charts

aws · Jun 10, 2020 · 0437823 · 0437823
2 parents 6bb46ee + 1e78a68
commit 0437823
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 1 deletion.
diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts
@@ -331,6 +331,12 @@ export class Cluster extends Resource implements ICluster {
    */
   public readonly defaultNodegroup?: Nodegroup;
 
+  /**
+   * If the cluster has one (or more) FargateProfiles associated, this array
+   * will hold a reference to each.
+   */
+  private readonly _fargateProfiles: FargateProfile[] = [];
+
   /**
    * If this cluster is kubectl-enabled, returns the `ClusterResource` object
    * that manages it. If this cluster is not kubectl-enabled (i.e. uses the
@@ -757,6 +763,18 @@ export class Cluster extends Resource implements ICluster {
     return this.stack.node.tryFindChild(uid) as KubectlProvider || new KubectlProvider(this.stack, uid);
   }
 
+  /**
+   * Internal API used by `FargateProfile` to keep inventory of Fargate profiles associated with
+   * this cluster, for the sake of ensuring the profiles are created sequentially.
+   *
+   * @returns the list of FargateProfiles attached to this cluster, including the one just attached.
+   * @internal
+   */
+  public _attachFargateProfile(fargateProfile: FargateProfile): FargateProfile[] {
+    this._fargateProfiles.push(fargateProfile);
+    return this._fargateProfiles;
+  }
+
   /**
    * Installs the AWS spot instance interrupt handler on the cluster if it's not
    * already added.

diff --git a/packages/@aws-cdk/aws-eks/lib/fargate-profile.ts b/packages/@aws-cdk/aws-eks/lib/fargate-profile.ts
@@ -180,6 +180,14 @@ export class FargateProfile extends Construct implements ITaggable {
     this.fargateProfileArn = resource.getAttString('fargateProfileArn');
     this.fargateProfileName = resource.ref;
 
+    // Fargate profiles must be created sequentially. If other profile(s) already
+    // exist on the same cluster, create a dependency to force sequential creation.
+    const clusterFargateProfiles = props.cluster._attachFargateProfile(this);
+    if (clusterFargateProfiles.length > 1) {
+      const previousProfile = clusterFargateProfiles[clusterFargateProfiles.length - 2];
+      resource.node.addDependency(previousProfile);
+    }
+
     // map the fargate pod execution role to the relevant groups in rbac
     // see https://github.com/aws/aws-cdk/issues/7981
     props.cluster.awsAuth.addRoleMapping(role, {

diff --git a/packages/@aws-cdk/aws-eks/test/test.fargate.ts b/packages/@aws-cdk/aws-eks/test/test.fargate.ts
@@ -1,4 +1,4 @@
-import { expect, haveResource } from '@aws-cdk/assert';
+import { expect, haveResource, ResourcePart } from '@aws-cdk/assert';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
 import { Stack, Tag } from '@aws-cdk/core';
@@ -252,6 +252,49 @@ export = {
     test.done();
   },
 
+  'multiple Fargate profiles added to a cluster are processed sequentially'(test: Test) {
+    // GIVEN
+    const stack = new Stack();
+    const cluster = new eks.Cluster(stack, 'MyCluster');
+
+    // WHEN
+    cluster.addFargateProfile('MyProfile1', {
+      selectors: [ { namespace: 'namespace1' } ],
+    });
+    cluster.addFargateProfile('MyProfile2', {
+      selectors: [ { namespace: 'namespace2' } ],
+    });
+
+    // THEN
+    expect(stack).to(haveResource('Custom::AWSCDK-EKS-FargateProfile', {
+      Config: {
+        clusterName: { Ref: 'MyCluster8AD82BF8' },
+        podExecutionRoleArn: { 'Fn::GetAtt': [ 'MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37', 'Arn' ] },
+        selectors: [ { namespace: 'namespace1' } ],
+      },
+    }));
+    expect(stack).to(haveResource('Custom::AWSCDK-EKS-FargateProfile', {
+      Properties: {
+        ServiceToken: { 'Fn::GetAtt': [
+          'awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454',
+          'Outputs.awscdkawseksClusterResourceProviderframeworkonEventEA97AA31Arn',
+        ]},
+        AssumeRoleArn: { 'Fn::GetAtt': [ 'MyClusterCreationRoleB5FA4FF3', 'Arn' ] },
+        Config: {
+          clusterName: { Ref: 'MyCluster8AD82BF8' },
+          podExecutionRoleArn: { 'Fn::GetAtt': [ 'MyClusterfargateprofileMyProfile2PodExecutionRoleD1151CCF', 'Arn' ] },
+          selectors: [ { namespace: 'namespace2' } ],
+        },
+      },
+      DependsOn: [
+        'MyClusterfargateprofileMyProfile1PodExecutionRole794E9E37',
+        'MyClusterfargateprofileMyProfile1879D501A',
+      ],
+    }, ResourcePart.CompleteDefinition));
+
+    test.done();
+  },
+
   'fargate role is added to RBAC'(test: Test) {
     // GIVEN
     const stack = new Stack();