sparse-intern-71089
11/24/2021, 5:31 PMworried-city-86458
11/24/2021, 5:34 PM// cluster
Logger.LogDebug("Creating eks cluster");
var cluster = new Cluster($"{awsEksPrefix}-cluster",
new ClusterArgs
{
EnabledClusterLogTypes = AwsConfig.Eks.LogTypes,
RoleArn = clusterRole.Arn,
Version = K8sConfig.Version,
VpcConfig = new ClusterVpcConfigArgs
{
EndpointPrivateAccess = true,
SubnetIds = Output.All(publicSubnetIds, privateSubnetIds).Flatten()
}
},
new CustomResourceOptions { Protect = true, Provider = awsProvider });
ClusterName = cluster.Name;
KubeConfig = deployerRoleArn.Apply(roleArn => cluster.GetKubeConfig(EnvName, roleArn));
var clusterSgId = cluster.VpcConfig.Apply(config => config.ClusterSecurityGroupId!);
// root ca thumbprint; <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html>
var issuer = cluster.Identities.Apply(identities => identities[0].Oidcs[0].Issuer!);
var certificates = issuer.Apply(url => GetCertificate.InvokeAsync(new GetCertificateArgs { Url = url, VerifyChain = true }));
var rootCAThumbprint = certificates.Apply(chain => chain.Certificates[0].Sha1Fingerprint);
// oidc provider
Logger.LogDebug("Creating oidc provider");
var oidcProvider = new OpenIdConnectProvider($"{awsEksPrefix}-oidc",
new OpenIdConnectProviderArgs
{
ClientIdLists = { "<http://sts.amazonaws.com|sts.amazonaws.com>" },
Url = issuer,
ThumbprintLists = { rootCAThumbprint }
},
new CustomResourceOptions { Provider = awsProvider });
OidcArn = oidcProvider.Arn;
OidcUrl = oidcProvider.Url;
busy-helicopter-97413
11/24/2021, 6:24 PMworried-city-86458
11/24/2021, 6:39 PM