fix: create namespaces

Co-authored-by: Andreas Forster <andreas.forster@pepperize.com>
pepperize · Apr 21, 2022 · a752db0 · a752db0
1 parent a7c225c
commit a752db0
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 8 deletions.
diff --git a/src/cloudwatch-metrics.ts b/src/cloudwatch-metrics.ts
@@ -21,18 +21,27 @@ export class CloudwatchMetrics extends Construct {
 
     const namespace = props.namespace ?? "metrics";
 
+    const namespaceManifest = props.cluster.addManifest("Namespace", {
+      apiVersion: "v1",
+      kind: "Namespace",
+      metadata: {
+        name: namespace,
+      },
+    });
+
     const serviceAccount = new eks.ServiceAccount(this, "ServiceAccount", {
       cluster: props.cluster,
       name: "metrics-sa",
       namespace: namespace,
     });
-
+    serviceAccount.node.addDependency(namespaceManifest);
     serviceAccount.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("CloudWatchAgentServerPolicy"));
 
     // https://artifacthub.io/packages/helm/aws/aws-for-fluent-bit
     const chart = new eks.HelmChart(this, "Chart", {
       cluster: props.cluster,
       namespace: namespace,
+      createNamespace: false,
       repository: "https://aws.github.io/eks-charts",
       chart: "aws-cloudwatch-metrics",
       release: "aws-cloudwatch-metrics",
@@ -44,6 +53,6 @@ export class CloudwatchMetrics extends Construct {
         },
       },
     });
-    chart.node.addDependency(serviceAccount);
+    chart.node.addDependency(serviceAccount, namespaceManifest);
   }
 }
diff --git a/src/external-dns.ts b/src/external-dns.ts
@@ -18,6 +18,14 @@ export class ExternalDns extends Construct {
 
     const namespace = props.namespace ?? "dns";
 
+    const namespaceManifest = props.cluster.addManifest("Namespace", {
+      apiVersion: "v1",
+      kind: "Namespace",
+      metadata: {
+        name: namespace,
+      },
+    });
+
     if (props.hostedZoneIds.length == 0) {
       Annotations.of(this).addError("No hostedZoneId given for external-dns");
     }
@@ -28,6 +36,7 @@ export class ExternalDns extends Construct {
       name: "external-dns-sa",
       namespace: namespace,
     });
+    serviceAccount.node.addDependency(namespaceManifest);
     serviceAccount.addToPrincipalPolicy(
       new iam.PolicyStatement({
         actions: ["route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets"],
@@ -45,10 +54,11 @@ export class ExternalDns extends Construct {
 
     const chart = new eks.HelmChart(this, "Chart", {
       cluster: props.cluster,
+      namespace: namespace,
+      createNamespace: false,
       repository: "https://charts.bitnami.com/bitnami",
       chart: "external-dns",
       release: "external-dns",
-      namespace: namespace,
       version: "6.1.8",
       values: {
         zoneIdFilters: [props.hostedZoneIds],
@@ -58,6 +68,6 @@ export class ExternalDns extends Construct {
         },
       },
     });
-    chart.node.addDependency(serviceAccount);
+    chart.node.addDependency(serviceAccount, namespaceManifest);
   }
 }
diff --git a/src/external-secrets.ts b/src/external-secrets.ts
@@ -19,12 +19,21 @@ export class ExternalSecrets extends Construct {
 
     const namespace = props.namespace ?? "secrets";
 
+    const namespaceManifest = props.cluster.addManifest("Namespace", {
+      apiVersion: "v1",
+      kind: "Namespace",
+      metadata: {
+        name: namespace,
+      },
+    });
+
     // https://external-secrets.io/v0.5.1/provider-aws-secrets-manager/#aws-authentication
     const serviceAccount = new eks.ServiceAccount(this, "ServiceAccount", {
       cluster: props.cluster,
       name: "external-secrets-sa",
       namespace,
     });
+    serviceAccount.node.addDependency(namespaceManifest);
     serviceAccount.addToPrincipalPolicy(
       new iam.PolicyStatement({
         effect: iam.Effect.ALLOW,
@@ -42,10 +51,11 @@ export class ExternalSecrets extends Construct {
     // https://artifacthub.io/packages/helm/external-secrets-operator/external-secrets
     const chart = new eks.HelmChart(this, "Chart", {
       cluster: props.cluster,
+      namespace: namespace,
+      createNamespace: false,
       repository: "https://charts.external-secrets.io",
       chart: "external-secrets",
       release: "external-secrets",
-      namespace: namespace,
       version: "0.5.1",
       values: {
         serviceAccount: {
@@ -54,6 +64,6 @@ export class ExternalSecrets extends Construct {
         },
       },
     });
-    chart.node.addDependency(serviceAccount);
+    chart.node.addDependency(serviceAccount, namespaceManifest);
   }
 }
diff --git a/src/fluent-bit.ts b/src/fluent-bit.ts
@@ -17,18 +17,27 @@ export class FluentBit extends Construct {
 
     const namespace = props.namespace ?? "logging";
 
+    const namespaceManifest = props.cluster.addManifest("Namespace", {
+      apiVersion: "v1",
+      kind: "Namespace",
+      metadata: {
+        name: namespace,
+      },
+    });
+
     const serviceAccount = new eks.ServiceAccount(this, "ServiceAccount", {
       cluster: props.cluster,
       name: "fluent-bit-sa",
       namespace: namespace,
     });
-
+    serviceAccount.node.addDependency(namespaceManifest);
     serviceAccount.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("CloudWatchAgentServerPolicy"));
 
     // https://artifacthub.io/packages/helm/aws/aws-for-fluent-bit
     const chart = new eks.HelmChart(this, "Chart", {
       cluster: props.cluster,
       namespace: namespace,
+      createNamespace: false,
       repository: "https://aws.github.io/eks-charts",
       chart: "aws-for-fluent-bit",
       release: "aws-for-fluent-bit",
@@ -52,6 +61,6 @@ export class FluentBit extends Construct {
         },
       },
     });
-    chart.node.addDependency(serviceAccount);
+    chart.node.addDependency(serviceAccount, namespaceManifest);
   }
 }