chore(java/eks): refresh sample code and set Amazon EKS version as 1.31 (#1130)

Author: guessi

java/eks/fargate-cluster/cdk.json

@@ -30,7 +30,6 @@
     "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
     "@aws-cdk/core:enablePartitionLiterals": true,
     "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
-    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
     "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
     "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
     "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
@@ -55,6 +54,27 @@
     "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
     "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
     "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
-    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+    "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+    "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+    "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+    "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+    "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true,
+    "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true,
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true
   }
 }

java/eks/fargate-cluster/pom.xml

@@ -9,7 +9,8 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <cdk.version>2.115.0</cdk.version>
+        <cdk.version>2.175.1</cdk.version>
+        <kubectl.version>2.0.0</kubectl.version>
         <constructs.version>[10.0.0,11.0.0)</constructs.version>
         <junit.version>5.7.1</junit.version>
     </properties>
@@ -22,6 +23,12 @@
             <version>${cdk.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>software.amazon.awscdk</groupId>
+            <artifactId>cdk-lambda-layer-kubectl-v31</artifactId>
+            <version>${kubectl.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>software.constructs</groupId>
             <artifactId>constructs</artifactId>

java/eks/fargate-cluster/src/main/java/com/amazonaws/cdk/EksFargateStack.java

@@ -2,7 +2,7 @@
 
 import software.amazon.awscdk.CfnOutput;
 import software.amazon.awscdk.Stack;
-import software.amazon.awscdk.lambdalayer.kubectl.KubectlLayer;
+import software.amazon.awscdk.cdk.lambdalayer.kubectl.v31.KubectlV31Layer;
 import software.amazon.awscdk.services.ec2.SubnetSelection;
 import software.amazon.awscdk.services.ec2.SubnetType;
 import software.amazon.awscdk.services.eks.*;
@@ -43,9 +43,9 @@ public EksFargateStack(final Construct scope, final String id, final EksFargateP
                 .mastersRole(clusterAdminRole)
                 .role(clusterAdminRole)
                 .endpointAccess(EndpointAccess.PUBLIC)
-                .version(KubernetesVersion.V1_28)
+                .version(KubernetesVersion.V1_31)
                 .vpc(props.getVpc())
-                .kubectlLayer(new KubectlLayer(this, "KubectlLayer"))
+                .kubectlLayer(new KubectlV31Layer(this, "KubectlLayer"))
                 .vpcSubnets(List.of(SubnetSelection.builder()
                         .subnetType(SubnetType.PRIVATE_WITH_EGRESS)
                         .build()))
@@ -65,15 +65,14 @@ public EksFargateStack(final Construct scope, final String id, final EksFargateP
         new CfnAddon(this, "eks-vpc-cni-addon", CfnAddonProps.builder()
                 .clusterName(eksCluster.getClusterName())
                 .addonName("vpc-cni")
-                .addonVersion("v1.16.0-eksbuild.1")
+                .addonVersion("v1.19.2-eksbuild.1")
                 .resolveConflicts("OVERWRITE")
-
                 .build());
 
         new CfnAddon(this, "eks-kube-proxy-addon", CfnAddonProps.builder()
                 .clusterName(eksCluster.getClusterName())
                 .addonName("kube-proxy")
-                .addonVersion("v1.28.4-eksbuild.1")
+                .addonVersion("v1.31.3-eksbuild.2")
                 .resolveConflicts("OVERWRITE")
                 .build());
 

java/eks/fargate-cluster/src/test/java/com/amazonaws/cdk/EksFargateStackTest.java

@@ -56,7 +56,7 @@ void testEksCluster() {
       Map.of(
         "Config", Map.of(
           "name", "SampleCluster",
-          "version", "1.28"
+          "version", "1.31"
         )
       )
     ), 1);

java/eks/fargate-cluster/src/test/resources/com/amazonaws/cdk/EksFargateStackExpected.json

@@ -384,7 +384,7 @@
         },
         "Config": {
           "name": "SampleCluster",
-          "version": "1.28",
+          "version": "1.31",
           "roleArn": {
             "Fn::GetAtt": [
               "EksClusterAdminRoleD3CAEBD0",
@@ -751,7 +751,7 @@
       "Type": "AWS::EKS::Addon",
       "Properties": {
         "AddonName": "vpc-cni",
-        "AddonVersion": "v1.16.0-eksbuild.1",
+        "AddonVersion": "v1.19.2-eksbuild.1",
         "ClusterName": {
           "Ref": "EksFargateCluster07FC3D2B"
         },
@@ -765,7 +765,7 @@
       "Type": "AWS::EKS::Addon",
       "Properties": {
         "AddonName": "kube-proxy",
-        "AddonVersion": "v1.28.4-eksbuild.1",
+        "AddonVersion": "v1.31.3-eksbuild.2",
         "ClusterName": {
           "Ref": "EksFargateCluster07FC3D2B"
         },

java/eks/private-cluster/README.md

@@ -95,12 +95,10 @@ For other packages or tools like `kubectl`, create an S3 bucket accessible from
 Sample cloudshell session:
 
 ```
-[cloudshell-user@ip-10-2-84-204 ~]$ curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.28.5/2024-01-04/bin/linux/amd64/kubectl
-% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                Dload  Upload   Total   Spent    Left  Speed
-100 47.5M  100 47.5M    0     0  7975k      0  0:00:06  0:00:06 --:--:-- 10.4M
-[cloudshell-user@ip-10-2-84-204 ~]$ aws s3 cp kubectl s3://my-bucket/kubectl-1.28.5
-upload: ./kubectl to s3://my-bucket/kubectl-1.28.5          
+[cloudshell-user@ip-10-2-84-204 ~]$ curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.31.4/2025-01-10/bin/darwin/amd64/kubectl
+
+[cloudshell-user@ip-10-2-84-204 ~]$ aws s3 cp kubectl s3://my-bucket/kubectl-1.31.4
+upload: ./kubectl to s3://my-bucket/kubectl-1.31.4
 ```
 
 ## Accessing the EKS cluster with kubectl
@@ -118,7 +116,7 @@ Test the access to the EKS cluster. Get pods and nodes
 ```
 [ssm-user@ip-10-0-0-240 ~]$ kubectl get nodes
 NAME                                           STATUS   ROLES    AGE   VERSION
-ip-10-0-0-60.ap-southeast-1.compute.internal   Ready    <none>   19h   v1.28.5-eks-5e0fdde
+ip-10-0-0-60.ap-southeast-1.compute.internal   Ready    <none>   19h   v1.31.0-eks-a737599
 
 [ssm-user@ip-10-0-0-240 ~]$ kubectl get pods -A
 NAMESPACE     NAME                       READY   STATUS    RESTARTS        AGE
@@ -131,4 +129,4 @@ kube-system   kube-proxy-m9ms4           1/1     Running   1 (4h39m ago)   19h
 ## Cleanup
 ```
 cdk destroy
-```
+```

java/eks/private-cluster/cdk.json

@@ -30,7 +30,6 @@
     "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
     "@aws-cdk/core:enablePartitionLiterals": true,
     "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
-    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
     "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
     "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
     "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
@@ -55,6 +54,27 @@
     "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
     "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
     "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
-    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
+    "@aws-cdk/aws-cloudwatch-actions:changeLambdaPermissionLogicalIdForLambdaAction": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeysDefaultValueToFalse": true,
+    "@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2": true,
+    "@aws-cdk/aws-kms:reduceCrossAccountRegionPolicyScope": true,
+    "@aws-cdk/aws-eks:nodegroupNameAttribute": true,
+    "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
+    "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
+    "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature": false,
+    "@aws-cdk/aws-ecs:disableEcsImdsBlocking": true,
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true,
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": true,
+    "@aws-cdk/aws-ec2:ec2SumTImeoutEnabled": true,
+    "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true,
+    "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true,
+    "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true,
+    "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true,
+    "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true,
+    "@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault": true,
+    "@aws-cdk/aws-route53-targets:userPoolDomainNameMethodWithoutCustomResource": true
   }
 }

java/eks/private-cluster/pom.xml

@@ -9,7 +9,8 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <cdk.version>2.122.0</cdk.version>
+        <cdk.version>2.175.1</cdk.version>
+        <kubectl.version>2.0.0</kubectl.version>
         <constructs.version>[10.0.0,11.0.0)</constructs.version>
         <junit.version>5.7.1</junit.version>
     </properties>
@@ -44,6 +45,12 @@
             <version>${cdk.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>software.amazon.awscdk</groupId>
+            <artifactId>cdk-lambda-layer-kubectl-v31</artifactId>
+            <version>${kubectl.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>software.constructs</groupId>
             <artifactId>constructs</artifactId>

java/eks/private-cluster/src/main/java/com/amazonaws/cdk/examples/EksPrivateClusterStack.java

@@ -4,7 +4,7 @@
 import java.util.Map;
 import software.amazon.awscdk.Stack;
 import software.amazon.awscdk.StackProps;
-import software.amazon.awscdk.lambdalayer.kubectl.KubectlLayer;
+import software.amazon.awscdk.cdk.lambdalayer.kubectl.v31.KubectlV31Layer;
 import software.amazon.awscdk.services.autoscaling.AutoScalingGroup;
 import software.amazon.awscdk.services.ec2.BastionHostLinux;
 import software.amazon.awscdk.services.ec2.BlockDevice;
@@ -89,12 +89,12 @@ private void createEksCluster(Role clusterAdmin) {
     this.cluster =
         Cluster.Builder.create(this, "eks")
             .vpc(vpc)
-            .version(KubernetesVersion.V1_28)
+            .version(KubernetesVersion.V1_31)
             .vpcSubnets(
                 List.of(SubnetSelection.builder().subnetType(SubnetType.PRIVATE_ISOLATED).build()))
             .endpointAccess(EndpointAccess.PRIVATE)
             .clusterName("eks-private")
-            .kubectlLayer(new KubectlLayer(this, "kubectl-layer"))
+            .kubectlLayer(new KubectlV31Layer(this, "KubectlLayer"))
             .defaultCapacity(0)
             .mastersRole(clusterAdmin)
             .placeClusterHandlerInVpc(true)

java/eks/private-cluster/src/test/java/com/amazonaws/cdk/examples/EksPrivateClusterStackTest.java

@@ -29,7 +29,7 @@ public void testEksClusterNameVersion() {
                 "Config",
                 Map.of(
                     "name", "eks-private",
-                    "version", "1.28"))),
+                    "version", "1.31"))),
         1);
   }