constructor()

in testbed/addons/karpenter/construct.ts [10:102]

• 83 lines of code
• 1 McCabe index (conditional complexity)

    constructor(scope: cdk.Construct, id: string, props: KarpenterProps) {
        super(scope, id)
        const namespace = "karpenter"
        const ns = props.cluster.addManifest('namespace', {
            apiVersion: 'v1',
            kind: 'Namespace',
            metadata: {
                name: namespace
            }
        })

        // Controller Role
        const sa = props.cluster.addServiceAccount('karpenter-controller-sa', {
            name: "karpenter",
            namespace: namespace
        })
        sa.node.addDependency(ns)
        sa.role.attachInlinePolicy(new iam.Policy(this, 'karpenter-controller-policy', {
            statements: [
                new iam.PolicyStatement({
                    resources: ['*'],
                    actions: ["ec2:CreateLaunchTemplate", "ec2:CreateFleet", "ec2:RunInstances",
                        "ec2:CreateTags", "iam:PassRole", "ec2:TerminateInstances", "ec2:DescribeLaunchTemplates",
                        "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets",
                        "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeAvailabilityZones",
                        "ssm:GetParameter"],
                }),
            ],
        }))

        // Node Role
        const nodeRole = new iam.Role(this, 'karpenter-node-role', {
            assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
            managedPolicies: [
                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSWorkerNodePolicy'),
                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryReadOnly'),
                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKS_CNI_Policy'),
                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore')
            ]
        })

        props.cluster.awsAuth.addRoleMapping(nodeRole, {
            username: 'system:node:{{EC2PrivateDNSName}}',
            groups: ['system:bootstrappers', 'system:nodes']
        })

        new iam.CfnInstanceProfile(this, 'karpenter-instance-profile', {
            roles: [nodeRole.roleName],
            instanceProfileName: `KarpenterNodeInstanceProfile-${props.cluster.clusterName}`
        })

        // Install Karpenter
        const chart = props.cluster.addHelmChart('karpenter', {
            chart: 'karpenter',
            release: 'karpenter',
            version: 'v0.4.1',
            repository: 'https://charts.karpenter.sh',
            namespace: namespace,
            createNamespace: false,
            values: {
                'serviceAccount': {
                    'create': false,
                    'name': sa.serviceAccountName,
                    'annotations': {
                        'eks.amazonaws.com/role-arn': sa.role.roleArn
                    }
                }
            }
        })
        chart.node.addDependency(ns)

        //Karp Provisioner for kit
        props.cluster.addManifest("default-provisioner", {
            apiVersion: 'karpenter.sh/v1alpha5',
            kind: 'Provisioner',
            metadata: {
                name: 'default',
            },
            spec: {
                provider: {
                    instanceProfile: `KarpenterNodeInstanceProfile-${props.cluster.clusterName}`,
                    cluster: {
                        name: props.cluster.clusterName,
                        endpoint: props.cluster.clusterEndpoint,
                    },
                    subnetSelector: {
                        "kit/hostcluster": `${props.cluster.clusterName}-controlplane`
                    }
                },
                ttlSecondsAfterEmpty: 30,
            }
        }).node.addDependency(chart)
    }