constructor()

in packages/constructs/L3/dataops/dataops-nifi-l3-construct/lib/dataops-nifi-l3-construct.ts [240:384]

• 130 lines of code
• 9 McCabe index (conditional complexity)

  constructor(scope: Construct, id: string, props: NifiL3ConstructProps) {
    super(scope, id, props);
    this.props = props;

    this.projectKmsKey = MdaaKmsKey.fromKeyArn(this.scope, 'project-kms', this.props.kmsArn);

    const vpc = Vpc.fromVpcAttributes(this, 'vpc', {
      vpcId: this.props.nifi.vpcId,
      availabilityZones: ['dummy'],
    });

    const subnets = Object.entries(this.props.nifi.subnetIds).map(entry => {
      return Subnet.fromSubnetId(this, `subnet-${entry[0]}`, entry[1]);
    });

    const clusterSecurityGroupProps: MdaaSecurityGroupProps = {
      securityGroupName: 'eks',
      vpc: vpc,
      addSelfReferenceRule: true,
      naming: props.naming,
      allowAllOutbound: true,
      ingressRules: props.nifi.eksSecurityGroupIngressRules,
    };
    const clusterSecurityGroup = new MdaaSecurityGroup(scope, 'cluster-sg', clusterSecurityGroupProps);

    const [privateCaArn, privateCa] = this.createAcmPca();
    const hostedZone = this.createHostedZone(vpc);
    const eksCluster = this.createEksCluster(vpc, subnets, this.projectKmsKey, clusterSecurityGroup, privateCaArn);

    const servicesFargateProfile = eksCluster.addFargateProfile('services-fargate-profile', {
      fargateProfileName: 'services',
      selectors: [
        {
          namespace: NifiL3Construct.EXTERNAL_DNS_NAMESPACE,
        },
        {
          namespace: NifiL3Construct.EXTERNAL_SECRETS_NAMESPACE,
        },
        {
          namespace: NifiL3Construct.CERT_MANAGER_NAMESPACE,
        },
        {
          namespace: NifiL3Construct.ZOOKEEPER_NAMESPACE,
        },
        {
          namespace: NifiL3Construct.REGISTRY_NAMESPACE,
        },
      ],
    });
    const nifiNamespaces = Object.entries(props.nifi.clusters || {}).map(cluster => {
      return {
        namespace: `nifi-${cluster[0]}`,
      };
    });
    if (nifiNamespaces.length > 0) {
      const nifiFargateProfile = eksCluster.addFargateProfile('nifi-fargate-profile', {
        fargateProfileName: 'nifi',
        selectors: nifiNamespaces,
      });

      const externalSecretsNamespaceManifest = eksCluster.addNamespace(
        new cdk8s.App(),
        'external-secrets-namespace',
        NifiL3Construct.EXTERNAL_SECRETS_NAMESPACE,
        clusterSecurityGroup,
      );
      externalSecretsNamespaceManifest.node.addDependency(servicesFargateProfile);
      const externalSecretsReadyCmd = this.addExternalSecrets(eksCluster, externalSecretsNamespaceManifest);

      const externalSecretsDnsManifest = eksCluster.addNamespace(
        new cdk8s.App(),
        'external-dns-namespace',
        NifiL3Construct.EXTERNAL_DNS_NAMESPACE,
        clusterSecurityGroup,
      );
      externalSecretsDnsManifest.node.addDependency(servicesFargateProfile);
      const externalDnsReady = this.addExternalDns(hostedZone, eksCluster, externalSecretsDnsManifest);

      const certManagerNamespaceManifest = eksCluster.addNamespace(
        new cdk8s.App(),
        'cert-manager-namespace',
        NifiL3Construct.CERT_MANAGER_NAMESPACE,
        clusterSecurityGroup,
      );
      certManagerNamespaceManifest.node.addDependency(servicesFargateProfile);
      const certManagerReady = this.addCertManager(eksCluster, certManagerNamespaceManifest);
      certManagerReady.node.addDependency(externalSecretsReadyCmd);

      const [caIssuerManifest, caIssuerCdk8sChart] = this.addCA(eksCluster, certManagerNamespaceManifest, privateCa);
      caIssuerManifest.node.addDependency(certManagerReady);

      const registryHostname = this.props.nifi.registry ? `nifi-registry.${hostedZone.zoneName}` : undefined;
      const registryUrl =
        this.props.nifi.registry && registryHostname
          ? `https://${registryHostname}:${this.props.nifi.registry?.httpsPort || 8443}`
          : undefined;

      const [zkManifest, zkK8sChart, zkSecurityGroup] = this.addZookeeper(
        vpc,
        subnets,
        this.projectKmsKey,
        eksCluster,
        hostedZone,
        caIssuerCdk8sChart,
        servicesFargateProfile,
      );
      zkManifest.node.addDependency(externalSecretsReadyCmd);
      zkManifest.node.addDependency(externalDnsReady);
      zkManifest.node.addDependency(caIssuerManifest);
      zkManifest.node.addDependency(certManagerReady);

      const nifiManagerImage = this.createNifiManagerImage();

      const nifiClusters = this.addNifiClusters({
        eksCluster: eksCluster,
        vpc: vpc,
        subnets: subnets,
        hostedZone: hostedZone,
        zkK8sChart: zkK8sChart,
        caIssuerCdk8sChart: caIssuerCdk8sChart,
        zkSecurityGroup: zkSecurityGroup,
        dependencies: [externalDnsReady, externalSecretsReadyCmd, certManagerReady, caIssuerManifest],
        nifiManagerImage: nifiManagerImage,
        registryUrl: registryUrl,
        fargateProfile: nifiFargateProfile,
      });

      if (this.props.nifi.registry && registryHostname) {
        this.addRegistry({
          registryProps: this.props.nifi.registry,
          vpc: vpc,
          subnets: subnets,
          kmsKey: this.projectKmsKey,
          eksCluster: eksCluster,
          registryHostname: registryHostname,
          hostedZone,
          caIssuerCdk8sChart,
          nifiClusters,
          nifiManagerImageUri: nifiManagerImage.imageUri,
          dependencies: [externalDnsReady, externalSecretsReadyCmd, certManagerReady, caIssuerManifest],
          fargateProfile: servicesFargateProfile,
        });
      }
    }
  }