# AWS CDK Resolver
The `AwsCdkResolver` is able to resolve any [`CfnOutput`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.CfnOutput.html)
defined by your AWS CDK application. In this example, we create an S3 `Bucket` with the AWS CDK, and pass its (deploy time generated)
name as an environment variable to a Kubernetes `CronJob` resource.
```python
import * as aws from 'aws-cdk-lib';
import * as k8s from 'cdk8s';
import * as kplus from 'cdk8s-plus-27';
import { AwsCdkResolver } from '@cdk8s/awscdk-resolver';
const awsApp = new aws.App();
const stack = new aws.Stack(awsApp, 'aws');
const k8sApp = new k8s.App({ resolvers: [new AwsCdkResolver()] });
const manifest = new k8s.Chart(k8sApp, 'Manifest');
const bucket = new aws.aws_s3.Bucket(stack, 'Bucket');
const bucketName = new aws.CfnOutput(stack, 'BucketName', {
value: bucket.bucketName,
});
new kplus.CronJob(manifest, 'CronJob', {
schedule: k8s.Cron.daily(),
containers: [{
image: 'job',
envVariables: {
// directly passing the value of the `CfnOutput` containing
// the deploy time bucket name
BUCKET_NAME: kplus.EnvValue.fromValue(bucketName.value),
}
}]
});
awsApp.synth();
k8sApp.synth();
```
During cdk8s synthesis, the custom resolver will detect that `bucketName.value` is not a concrete value,
but rather a value of a `CfnOutput`. It will then perform AWS service calls in order to fetch the
actual value from the deployed infrastructure in your account. This means that in order
for `cdk8s synth` to succeed, it must be executed *after* the AWS CDK resources
have been deployed. So your deployment workflow should (conceptually) be:
1. `cdk deploy`
2. `cdk8s synth`
> Note that the `AwsCdkResolver` is **only** able to fetch tokens that have a `CfnOutput` defined for them.
##### Permissions
Since running `cdk8s synth` will now require performing AWS service calls, it must have access
to a set of AWS credentials. Following are the set of actions the credentials must allow:
* `cloudformation:DescribeStacks`
Note that the actions cdk8s require are far more scoped down than those normally required for the
deployment of AWS CDK applications. It is therefore recommended to not reuse the same set of credentials,
and instead create a scoped down `ReadOnly` role dedicated for cdk8s resolvers.
## Cross Repository Workflow
As we've seen, your `cdk8s` application needs access to the objects defined in your cloud application. If both applications
are defined within the same file, this is trivial to achieve. If they are in different files, a simple `import` statement will suffice.
However, what if the applications are managed in two separate repositories? This makes it a little trickier, but still possible.
In this scenario, `cdk.ts` in the AWS CDK application, stored in a dedicated repository.
```python
import * as aws from 'aws-cdk-lib';
const awsApp = new aws.App();
const stack = new aws.Stack(awsApp, 'aws');
const bucket = new aws.aws_s3.Bucket(stack, 'Bucket');
const bucketName = new aws.CfnOutput(stack, 'BucketName', {
value: bucket.bucketName,
});
awsApp.synth();
```
In order for the `cdk8s` application to have cross repository access, the AWS CDK object instances that we want to expose need to be available
via a package repository. To do this, break up the AWS CDK application into the following files:
`app.ts`
```python
import * as aws from 'aws-cdk-lib';
const awsApp = new aws.App();
const stack = new aws.Stack(awsApp, 'aws');
const bucket = new aws.aws_s3.Bucket(stack, 'Bucket');
// export the thing we want to have available for cdk8s applications
export const bucketName = new aws.CfnOutput(stack, 'BucketName', {
value: bucket.bucketName,
});
// note that we don't call awsApp.synth here
```
`main.ts`
```python
import { awsApp } from './app.ts'
awsApp.synth();
```
Now, publish the `app.ts` file to a package manager, so that your `cdk8s` application can install and import it.
This approach might be somewhat counter intuitive, because normally we only publish classes to the package manager,
not instances. Indeed, these types of applications introduce a new use-case that requires the sharing of instances.
Conceptually, this is no different than writing state<sup>*</sup> to an SSM parameter or an S3 bucket, and it allows us to remain
in the boundaries of our programming language, and the typing guarantees it provides.
> <sup>*</sup> Actually, we are only publishing instructions for fetching state, not the state itself.
Assuming `app.ts` was published as the `my-cdk-app` package, our `cdk8s` application will now look like so:
```python
import * as k8s from 'cdk8s';
import * as kplus from 'cdk8s-plus-27';
// import the desired instance from the AWS CDK app.
import { bucketName } from 'my-cdk-app';
import { AwsCdkResolver } from '@cdk8s/awscdk-resolver';
const k8sApp = new k8s.App({ resolvers: [new AwsCdkResolver()] });
const manifest = new k8s.Chart(k8sApp, 'Manifest');
new kplus.CronJob(manifest, 'CronJob', {
schedule: k8s.Cron.daily(),
containers: [{
image: 'job',
envVariables: {
// directly passing the value of the `CfnOutput` containing
// the deploy time bucket name
BUCKET_NAME: kplus.EnvValue.fromValue(bucketName.value),
}
}]
});
k8sApp.synth();
```
Raw data
{
"_id": null,
"home_page": "https://github.com/cdk8s-team/cdk8s-awscdk-resolver.git",
"name": "cdk8s-awscdk-resolver",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/c7/b2/54a44e3f76d560a3b27d6d369382450e19f3b34970ec7c2ee462c06c50c0/cdk8s-awscdk-resolver-0.0.99.tar.gz",
"platform": null,
"description": "# AWS CDK Resolver\n\nThe `AwsCdkResolver` is able to resolve any [`CfnOutput`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.CfnOutput.html)\ndefined by your AWS CDK application. In this example, we create an S3 `Bucket` with the AWS CDK, and pass its (deploy time generated)\nname as an environment variable to a Kubernetes `CronJob` resource.\n\n```python\nimport * as aws from 'aws-cdk-lib';\nimport * as k8s from 'cdk8s';\nimport * as kplus from 'cdk8s-plus-27';\n\nimport { AwsCdkResolver } from '@cdk8s/awscdk-resolver';\n\nconst awsApp = new aws.App();\nconst stack = new aws.Stack(awsApp, 'aws');\n\nconst k8sApp = new k8s.App({ resolvers: [new AwsCdkResolver()] });\nconst manifest = new k8s.Chart(k8sApp, 'Manifest');\n\nconst bucket = new aws.aws_s3.Bucket(stack, 'Bucket');\nconst bucketName = new aws.CfnOutput(stack, 'BucketName', {\n value: bucket.bucketName,\n});\n\nnew kplus.CronJob(manifest, 'CronJob', {\n schedule: k8s.Cron.daily(),\n containers: [{\n image: 'job',\n envVariables: {\n // directly passing the value of the `CfnOutput` containing\n // the deploy time bucket name\n BUCKET_NAME: kplus.EnvValue.fromValue(bucketName.value),\n }\n }]\n});\n\nawsApp.synth();\nk8sApp.synth();\n```\n\nDuring cdk8s synthesis, the custom resolver will detect that `bucketName.value` is not a concrete value,\nbut rather a value of a `CfnOutput`. It will then perform AWS service calls in order to fetch the\nactual value from the deployed infrastructure in your account. This means that in order\nfor `cdk8s synth` to succeed, it must be executed *after* the AWS CDK resources\nhave been deployed. So your deployment workflow should (conceptually) be:\n\n1. `cdk deploy`\n2. `cdk8s synth`\n\n> Note that the `AwsCdkResolver` is **only** able to fetch tokens that have a `CfnOutput` defined for them.\n\n##### Permissions\n\nSince running `cdk8s synth` will now require performing AWS service calls, it must have access\nto a set of AWS credentials. Following are the set of actions the credentials must allow:\n\n* `cloudformation:DescribeStacks`\n\nNote that the actions cdk8s require are far more scoped down than those normally required for the\ndeployment of AWS CDK applications. It is therefore recommended to not reuse the same set of credentials,\nand instead create a scoped down `ReadOnly` role dedicated for cdk8s resolvers.\n\n## Cross Repository Workflow\n\nAs we've seen, your `cdk8s` application needs access to the objects defined in your cloud application. If both applications\nare defined within the same file, this is trivial to achieve. If they are in different files, a simple `import` statement will suffice.\nHowever, what if the applications are managed in two separate repositories? This makes it a little trickier, but still possible.\n\nIn this scenario, `cdk.ts` in the AWS CDK application, stored in a dedicated repository.\n\n```python\nimport * as aws from 'aws-cdk-lib';\n\nconst awsApp = new aws.App();\nconst stack = new aws.Stack(awsApp, 'aws');\n\nconst bucket = new aws.aws_s3.Bucket(stack, 'Bucket');\nconst bucketName = new aws.CfnOutput(stack, 'BucketName', {\n value: bucket.bucketName,\n});\n\nawsApp.synth();\n```\n\nIn order for the `cdk8s` application to have cross repository access, the AWS CDK object instances that we want to expose need to be available\nvia a package repository. To do this, break up the AWS CDK application into the following files:\n\n`app.ts`\n\n```python\nimport * as aws from 'aws-cdk-lib';\n\nconst awsApp = new aws.App();\nconst stack = new aws.Stack(awsApp, 'aws');\n\nconst bucket = new aws.aws_s3.Bucket(stack, 'Bucket');\n// export the thing we want to have available for cdk8s applications\nexport const bucketName = new aws.CfnOutput(stack, 'BucketName', {\n value: bucket.bucketName,\n});\n\n// note that we don't call awsApp.synth here\n```\n\n`main.ts`\n\n```python\nimport { awsApp } from './app.ts'\n\nawsApp.synth();\n```\n\nNow, publish the `app.ts` file to a package manager, so that your `cdk8s` application can install and import it.\nThis approach might be somewhat counter intuitive, because normally we only publish classes to the package manager,\nnot instances. Indeed, these types of applications introduce a new use-case that requires the sharing of instances.\nConceptually, this is no different than writing state<sup>*</sup> to an SSM parameter or an S3 bucket, and it allows us to remain\nin the boundaries of our programming language, and the typing guarantees it provides.\n\n> <sup>*</sup> Actually, we are only publishing instructions for fetching state, not the state itself.\n\nAssuming `app.ts` was published as the `my-cdk-app` package, our `cdk8s` application will now look like so:\n\n```python\nimport * as k8s from 'cdk8s';\nimport * as kplus from 'cdk8s-plus-27';\n\n// import the desired instance from the AWS CDK app.\nimport { bucketName } from 'my-cdk-app';\n\nimport { AwsCdkResolver } from '@cdk8s/awscdk-resolver';\n\nconst k8sApp = new k8s.App({ resolvers: [new AwsCdkResolver()] });\nconst manifest = new k8s.Chart(k8sApp, 'Manifest');\n\nnew kplus.CronJob(manifest, 'CronJob', {\n schedule: k8s.Cron.daily(),\n containers: [{\n image: 'job',\n envVariables: {\n // directly passing the value of the `CfnOutput` containing\n // the deploy time bucket name\n BUCKET_NAME: kplus.EnvValue.fromValue(bucketName.value),\n }\n }]\n});\n\nk8sApp.synth();\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "@cdk8s/awscdk-resolver",
"version": "0.0.99",
"project_urls": {
"Homepage": "https://github.com/cdk8s-team/cdk8s-awscdk-resolver.git",
"Source": "https://github.com/cdk8s-team/cdk8s-awscdk-resolver.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "41dd82b419bd3c9413a5e8a287b08efd06b83e1cc9619fa542d99e2c1a93b37c",
"md5": "7926f691d1e9a3d2f82f6083faec494e",
"sha256": "a990ea87ddb84cf3e21d101e83f27970e49245c27673a1aaeb53236f123d7589"
},
"downloads": -1,
"filename": "cdk8s_awscdk_resolver-0.0.99-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7926f691d1e9a3d2f82f6083faec494e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 983960,
"upload_time": "2024-05-11T06:12:50",
"upload_time_iso_8601": "2024-05-11T06:12:50.552766Z",
"url": "https://files.pythonhosted.org/packages/41/dd/82b419bd3c9413a5e8a287b08efd06b83e1cc9619fa542d99e2c1a93b37c/cdk8s_awscdk_resolver-0.0.99-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c7b254a44e3f76d560a3b27d6d369382450e19f3b34970ec7c2ee462c06c50c0",
"md5": "f7f96728569dfea926f946d4657fbc76",
"sha256": "492cb4fa043f63c71b9f3bfad6edc5233e6e18fb0af0d9bd8e04afc9e0609efd"
},
"downloads": -1,
"filename": "cdk8s-awscdk-resolver-0.0.99.tar.gz",
"has_sig": false,
"md5_digest": "f7f96728569dfea926f946d4657fbc76",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 985642,
"upload_time": "2024-05-11T06:12:53",
"upload_time_iso_8601": "2024-05-11T06:12:53.266072Z",
"url": "https://files.pythonhosted.org/packages/c7/b2/54a44e3f76d560a3b27d6d369382450e19f3b34970ec7c2ee462c06c50c0/cdk8s-awscdk-resolver-0.0.99.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-11 06:12:53",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cdk8s-team",
"github_project": "cdk8s-awscdk-resolver",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk8s-awscdk-resolver"
}
JSON
