AWS Controller for Kubernetes Add-on¶
This add-on installs aws-controller-8s.
AWS Controllers for Kubernetes (ACK) lets you define and use AWS service resources directly from Kubernetes. With ACK, you can take advantage of AWS managed services for your Kubernetes applications without needing to define resources outside of the cluster or run services that provide supporting capabilities like databases or message queues within the cluster.
ACK is an open source project built with ❤️ by AWS. The project is composed of many source code repositories containing a common runtime, a code generator, common testing tools and Kubernetes custom controllers for individual AWS service APIs.
Usage¶
Pattern # 1 : This installs AWS Controller for Kubernetes for IAM ACK Controller. This uses all default parameters for installation of the IAM Controller.
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';
const app = new cdk.App();
const addOn = new blueprints.addons.AckAddOn({
serviceName: AckServiceName.IAM,
}),
const blueprint = blueprints.EksBlueprint.builder()
.version("auto")
.addOns(addOn)
.build(app, 'my-stack-name');
Pattern # 2 : This installs AWS Controller for Kubernetes for EC2 ACK controller using service name internally referencing service mapping values for helm options. After Installing this EC2 ACK Controller, the instructions in Provision ACK Resource can be used to provision EC2 namespaces
SecurityGroupresources required for creating Amazon RDS database as an example.
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';
const app = new cdk.App();
const addOn = new blueprints.addons.AckAddOn({
id: "ec2-ack", // Having this field is important if you are using multiple iterations of this Addon.
createNamespace: false, //This is essential if you are using multiple iterations of this Addon to run in same namespace.
serviceName: AckServiceName.EC2 // This value can be references from supported service section below,
}),
const blueprint = blueprints.EksBlueprint.builder()
.version("auto")
.addOns(addOn)
.build(app, 'my-stack-name');
Pattern # 3 : This installs AWS Controller for Kubernetes for S3 ACK controller with user specified values. After Installing this S3 ACK Controller, the instructions in Provision ACK Resource can be used to provision Amazon S3 resources using the S3 ACK controller as an example.
import * as cdk from 'aws-cdk-lib';
import * as iam from "aws-cdk-lib/aws-iam";
import * as blueprints from '@aws-quickstart/eks-blueprints';
const app = new cdk.App();
const addOn = new blueprints.addons.AckAddOn({
id: "s3-ack",
serviceName: AckServiceName.S3,
name: "s3-chart",
chart: "s3-chart",
version: "v0.1.1",
release: "s3-chart",
repository: "oci://public.ecr.aws/aws-controllers-k8s/s3-chart",
managedPolicyName: "AmazonS3FullAccess",
inlinePolicyStatements: [
iam.PolicyStatement.fromJson({
"Sid": "S3AllPermission",
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}),
iam.PolicyStatement.fromJson({
"Sid": "S3ReplicationPassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "s3.amazonaws.com"
}
},
"Action": "iam:PassRole",
"Resource": "*",
"Effect": "Allow"
})
],
createNamespace: false,
saName: "s3-chart"
})
const blueprint = blueprints.EksBlueprint.builder()
.version("auto")
.addOns(addOn)
.build(app, 'my-stack-name');
Configuration Options¶
id: Unique identifier of the Addon especially if you are using ACK Addon multiple timesserviceName: Name of the service and this is mandatoryname: Name of the ACK Chartchart: Chart Name of the ACK Chartversion: Version of the ACK Chartrelease: Release Name of the ACK Chartrepository: Repository URI of the specific ACK ChartmanagedPolicyName: Policy Name required to be added to the IAM role for that ACKinlinePolicyStatements: Inline Policy Statements required to be added to the IAM role for that ACKcreateNamespace: (boolean) This should be false if you are using for the second timesaName: Name to create the service account.values: Arbitrary values to pass to the chart- Standard helm configuration options.
Validation¶
To validate that ack-controller-k8s is installed properly in the cluster, check if the namespace is created and pods are running in the ack-system namespace.
Verify if the namespace is created correctly
kubectl get all -n ack-system
NAME READY STATUS RESTARTS AGE
pod/iam-chart-64c8fd7f6-wpb5k 1/1 Running 0 34m
pod/rds-chart-5f6f5b8fc7-hp55l 1/1 Running 0 5m26s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/iam-chart 1/1 1 1 35m
deployment.apps/rds-chart 1/1 1 1 5m36s
NAME DESIRED CURRENT READY AGE
replicaset.apps/iam-chart-64c8fd7f6 1 1 1 35m
replicaset.apps/rds-chart-5f6f5b8fc7 1 1 1 5m36s
aws-controller-8s references¶
Please refer to following aws-controller-8s references for more information : - ACK Workshop - ECR Gallery for ACK - ACK GitHub
Supported AWS Services by ACK Addon¶
You can use this ACK Addon today to provision resources for below mentioned 22 AWS services:
- ACM
- ACMPCA
- APIGATEWAYV2
- APPLICATIONAUTOSCALING
- CLOUDTRAIL
- CLOUDWATCH
- CLOUDWATCHLOGS
- DYNAMODB
- EC2
- ECR
- EMRCONTAINERS
- EKS
- ELASTICACHE
- ELASTICSEARCHSERVICE
- EVENTBRIDGE
- IAM
- KAFKA
- KINESIS
- KMS
- LAMBDA
- MEMORYDB
- MQ
- OPENSEARCHSERVICE
- PIPES
- PROMETHEUSSERVICE
- RDS
- ROUTE53
- ROUTE53RESOLVER
- S3
- SAGEMAKER
- SECRETSMANAGER
- SFN
- SNS
- SQS
We highly recommend you to contribute to this ACK Addon whenever there is a newer service or new version of supported service by this Addon is published to ECR Gallery for ACK.