feat: initial ipv6 eks cluster TDE-915

.gitignore

@@ -1,3 +1,4 @@
 node_modules/
 dist/
-cdk.out/
+cdk.out/
+cdk.context.json

config/cdk.ts

@@ -5,7 +5,7 @@ import { LinzEksCluster } from './eks/cluster';
 const app = new App();
 
 async function main(): Promise<void> {
-  new LinzEksCluster(app, 'Workflows', { env: { region: 'ap-southeast-2' } });
+  new LinzEksCluster(app, 'Workflows', { env: { region: 'ap-southeast-2', account: process.env.CDK_DEFAULT_ACCOUNT } });
 
   app.synth();
 }

config/eks/cluster.ts

@@ -1,10 +1,72 @@
-import { Stack, StackProps } from 'aws-cdk-lib';
+import { KubectlV27Layer } from '@aws-cdk/lambda-layer-kubectl-v27';
+import { Duration, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
+import { InstanceType, IVpc, SubnetType, Vpc } from 'aws-cdk-lib/aws-ec2';
+import { Cluster, ClusterLoggingTypes, IpFamily, KubernetesVersion, NodegroupAmiType } from 'aws-cdk-lib/aws-eks';
+import { Role } from 'aws-cdk-lib/aws-iam';
+import { BlockPublicAccess, Bucket } from 'aws-cdk-lib/aws-s3';
 import { Construct } from 'constructs';
 
 interface EksClusterProps extends StackProps {}
 
 export class LinzEksCluster extends Stack {
+  /** Version of EKS to use, this must be aligned to the `kubectlLayer` */
+  version = KubernetesVersion.V1_27;
+  /** Argo needs a temporary bucket to store objects */
+  tempBucket: Bucket;
+
+  vpc: IVpc;
+
+  cluster: Cluster;
+
   constructor(scope: Construct, id: string, props: EksClusterProps) {
     super(scope, id, props);
+
+    this.tempBucket = new Bucket(this, 'Scratch', {
+      /** linz-workflows-scratch */
+      bucketName: `linz-${id.toLowerCase()}-scratch`,
+      removalPolicy: RemovalPolicy.RETAIN,
+      blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+      lifecycleRules: [
+        {
+          /** All artifacts are deleted after 90 days */
+          expiration: Duration.days(90),
+          /** This bucket is not used for multipart uploads so clean them up quickly */
+          abortIncompleteMultipartUploadAfter: Duration.days(3),
+        },
+      ],
+    });
+
+    this.vpc = Vpc.fromLookup(this, 'Vpc', { tags: { BaseVPC: 'true' } });
+
+    this.cluster = new Cluster(this, `Eks${id}`, {
+      clusterName: id,
+      version: this.version,
+      vpc: this.vpc,
+      defaultCapacity: 0,
+      vpcSubnets: [{ subnetType: SubnetType.PRIVATE_WITH_EGRESS }],
+      /** This must align to Cluster version: {@link version} */
+      kubectlLayer: new KubectlV27Layer(this, 'KubeCtlLayer'),
+      /** To prevent IP exhaustion when running huge workflows run using ipv6 */
+      ipFamily: IpFamily.IP_V6,
+      clusterLogging: [ClusterLoggingTypes.API, ClusterLoggingTypes.CONTROLLER_MANAGER, ClusterLoggingTypes.SCHEDULER],
+    });
+
+    const nodeGroup = this.cluster.addNodegroupCapacity('ClusterDefault', {
+      /**
+       * c6i.large: ~$70/month, t3.small: ~$12/month.
+       * Compare instance types and costs at https://instances.vantage.sh/
+       * Instances are requested in order listed.
+       * https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types
+       **/
+      instanceTypes: ['c6i.large', 'c6a.large'].map((f) => new InstanceType(f)),
+      minSize: 2,
+      amiType: NodegroupAmiType.BOTTLEROCKET_X86_64,
+      subnets: { subnetType: SubnetType.PRIVATE_WITH_EGRESS },
+    });
+    this.tempBucket.grantReadWrite(nodeGroup.role);
+
+    // Grant the AWS Admin user ability to view the cluster
+    const accountAdminRole = Role.fromRoleName(this, 'AccountAdminRole', 'AccountAdminRole');
+    this.cluster.awsAuth.addMastersRole(accountAdminRole);
   }
 }