Update kit cp installation with helm and install kit operator DP resources (#44)

* Update kit cp installation with helm and install kit operator DP resources

Co-authored-by: Harish Kuna <[email protected]>

Author: hakuna-matatah

testbed/addons/construct.ts

@@ -3,6 +3,7 @@ import * as eks from '@aws-cdk/aws-eks'
 import { AWSLoadBalancerController } from './awslb/construct'
 import { Flux, RepositoryProps } from './flux/construct'
 import { Karpenter } from './karpenter/construct'
+import { Kit } from './kit/construct'
 
 export interface AddonsProps {
   cluster: eks.Cluster
@@ -26,5 +27,9 @@ export class Addons extends cdk.Construct {
     new Karpenter(this, 'karpenter', {
       cluster: props.cluster
     })
+
+    new Kit(this, 'kit', {
+      cluster: props.cluster
+    })
   }
 }

testbed/addons/flux/construct.ts

@@ -35,7 +35,7 @@ export class Flux extends cdk.Construct {
                     // we can adjust this later if we want to be more aggressive
                     interval: '5m0s',
                     ref: {
-                        branch: value.branch ?? "main",
+                        branch: value.branch ?? "testbed",
                     },
                     secretRef: {
                         name: 'github-key'

testbed/addons/kit/construct.ts

@@ -0,0 +1,97 @@
+import cdk = require('@aws-cdk/core')
+import eks = require('@aws-cdk/aws-eks')
+import iam = require('@aws-cdk/aws-iam')
+
+export interface KitProps {
+    cluster: eks.Cluster
+}
+
+export class Kit extends cdk.Construct {
+    constructor(scope: cdk.Construct, id: string, props: KitProps) {
+        super(scope, id)
+        const namespace = "kit"
+        const ns = props.cluster.addManifest('kit-namespace', {
+            apiVersion: 'v1',
+            kind: 'Namespace',
+            metadata: {
+                name: namespace
+            }
+        })
+
+        // Controller Role
+        const sa = props.cluster.addServiceAccount('kit-controller-sa', {
+            name: "kit-controller",
+            namespace: namespace
+        })
+        sa.node.addDependency(ns)
+        sa.role.attachInlinePolicy(new iam.Policy(this, 'kit-controller-policy', {
+            statements: [
+                new iam.PolicyStatement({
+                    resources: ['*'],
+                    actions: [
+                        // Write Operations
+                        "ec2:CreateTags",
+                        "ec2:CreateLaunchTemplate",
+                        "ec2:CreateLaunchTemplateVersion",
+                        "ec2:DeleteLaunchTemplate",
+                        "ec2:RunInstances",
+                        "iam:passRole",
+                        "autoscaling:CreateOrUpdateTags",
+                        "autoscaling:CreateAutoScalingGroup",
+                        "autoscaling:DeleteAutoScalingGroup",
+                        "autoscaling:UpdateAutoScalingGroup",
+                        "autoscaling:SetDesiredCapacity",
+                        //Read Operations
+                        "ec2:DescribeInstances",
+                        "ec2:DescribeLaunchTemplates",
+                        "ec2:DescribeLaunchTemplateVersions",
+                        "ec2:DescribeSubnets",
+                        "ssm:GetParameter",
+                        "autoscaling:DescribeAutoScalingGroups"]
+                }),
+            ],
+        }))
+
+        // Node Role
+        const nodeRole = new iam.Role(this, 'kit-node-role', {
+            assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+            managedPolicies: [
+                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSWorkerNodePolicy'),
+                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryReadOnly'),
+                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKS_CNI_Policy'),
+                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore')
+            ]
+        })
+
+        props.cluster.awsAuth.addRoleMapping(nodeRole, {
+            username: 'system:node:{{EC2PrivateDNSName}}',
+            groups: ['system:bootstrappers', 'system:nodes']
+        })
+
+        new iam.CfnInstanceProfile(this, 'kit-instance-profile', {
+            roles: [nodeRole.roleName],
+            instanceProfileName: `KitNodeInstanceProfile-${props.cluster.clusterName}`
+        })
+
+        // Install kit
+        const chart = props.cluster.addHelmChart('kit', {
+            chart: 'kit',
+            release: 'kit',
+            version: 'v0.0.1',
+            repository: 'https://github.com/awslabs/kubernetes-iteration-toolkit/tree/main/operator/charts/kit-operator',
+            namespace: namespace,
+            createNamespace: false,
+            values: {
+                'serviceAccount': {
+                    'create': false,
+                    'name': sa.serviceAccountName,
+                    'annotations': {
+                        'eks.amazonaws.com/role-arn': sa.role.roleArn
+                    }
+                },
+
+            }
+        })
+        chart.node.addDependency(ns)
+    }
+}

testbed/addons/kit/kustomization.yaml

@@ -57,18 +57,3 @@ spec:
     kind: GitRepository
     name: testbed
   validation: client
-
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
-kind: Kustomization
-metadata:
-  name: kit-operator
-  namespace: default
-spec:
-  interval: 5m0s
-  path: ./testbed/addons/kit
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: testbed
-  validation: client