Merge branch 'main' into merge-back/2.48.0

Author: mergify[bot]

package.json

@@ -91,6 +91,8 @@
       "@aws-cdk/aws-cognito/punycode/**",
       "@aws-cdk/aws-ecr-assets/minimatch",
       "@aws-cdk/aws-ecr-assets/minimatch/**",
+      "@aws-cdk/aws-eks/semver",
+      "@aws-cdk/aws-eks/semver/**",
       "@aws-cdk/aws-eks/yaml",
       "@aws-cdk/aws-eks/yaml/**",
       "@aws-cdk/aws-events-targets/aws-sdk",

packages/@aws-cdk/aws-eks/README.md

@@ -676,7 +676,11 @@ The kubectl handler uses `kubectl`, `helm` and the `aws` CLI in order to
 interact with the cluster. These are bundled into AWS Lambda layers included in
 the `@aws-cdk/lambda-layer-awscli` and `@aws-cdk/lambda-layer-kubectl` modules.
 
-The version of kubectl used must be compatible wtih the Kubernetes version of the cluster. kubectl is supported within one minor version (older or newer) of Kubernetes (see [Kubernetes version skew policy](https://kubernetes.io/releases/version-skew-policy/#kubectl)). Only version 1.20 of kubectl is available in `aws-cdk-lib`. If you need a different version, you will need to use one of the `@aws-cdk/lambda-layer-kubectlvXY` packages.
+The version of kubectl used must be compatible with the Kubernetes version of the
+cluster. kubectl is supported within one minor version (older or newer) of Kubernetes
+(see [Kubernetes version skew policy](https://kubernetes.io/releases/version-skew-policy/#kubectl)).
+Only version 1.20 of kubectl is available in `aws-cdk-lib`. If you need a different
+version, you will need to use one of the `@aws-cdk/lambda-layer-kubectlvXY` packages.
 
 ```ts
 import { KubectlV22Layer } from '@aws-cdk/lambda-layer-kubectl-v22';
@@ -685,7 +689,6 @@ const cluster = new eks.Cluster(this, 'hello-eks', {
   version: eks.KubernetesVersion.V1_22,
   kubectlLayer: new KubectlV22Layer(this, 'kubectl'),
 });
-
 ```
 
 You can also specify a custom `lambda.LayerVersion` if you wish to use a

packages/@aws-cdk/aws-eks/lib/cluster.ts

@@ -8,6 +8,7 @@ import * as lambda from '@aws-cdk/aws-lambda';
 import * as ssm from '@aws-cdk/aws-ssm';
 import { Annotations, CfnOutput, CfnResource, IResource, Resource, Stack, Tags, Token, Duration, Size } from '@aws-cdk/core';
 import { Construct, Node } from 'constructs';
+import * as semver from 'semver';
 import * as YAML from 'yaml';
 import { AlbController, AlbControllerOptions } from './alb-controller';
 import { AwsAuth } from './aws-auth';
@@ -853,6 +854,15 @@ export class KubernetesVersion {
    */
   public static readonly V1_22 = KubernetesVersion.of('1.22');
 
+  /**
+   * Kubernetes version 1.23
+   *
+   * When creating a `Cluster` with this version, you need to also specify the
+   * `kubectlLayer` property with a `KubectlV23Layer` from
+   * `@aws-cdk/lambda-layer-kubectl-v23`.
+   */
+  public static readonly V1_23 = KubernetesVersion.of('1.23');
+
   /**
    * Custom cluster version
    * @param version custom version number
@@ -1372,8 +1382,9 @@ export class Cluster extends ClusterBase {
     this.prune = props.prune ?? true;
     this.vpc = props.vpc || new ec2.Vpc(this, 'DefaultVpc');
 
-    if (props.version === KubernetesVersion.V1_22 && !props.kubectlLayer) {
-      Annotations.of(this).addWarning(`You created a cluster with Kubernetes Version ${props.version} without specifying the kubectlLayer property. This may cause failures as the kubectl version provided with aws-cdk-lib is 1.20, which is only guaranteed to be compatible with Kubernetes versions 1.19-1.21. Please provide a kubectlLayer from @aws-cdk/lambda-layer-kubectl-v22.`);
+    const kubectlVersion = new semver.SemVer(`${props.version.version}.0`);
+    if (semver.gte(kubectlVersion, '1.22.0') && !props.kubectlLayer) {
+      Annotations.of(this).addWarning(`You created a cluster with Kubernetes Version ${props.version.version} without specifying the kubectlLayer property. This may cause failures as the kubectl version provided with aws-cdk-lib is 1.20, which is only guaranteed to be compatible with Kubernetes versions 1.19-1.21. Please provide a kubectlLayer from @aws-cdk/lambda-layer-kubectl-v${kubectlVersion.minor}.`);
     };
     this.version = props.version;
     this.kubectlLambdaRole = props.kubectlLambdaRole ? props.kubectlLambdaRole : undefined;
@@ -2300,7 +2311,7 @@ export enum CoreDnsComputeType {
   /**
    * Deploy CoreDNS on Fargate-managed instances.
    */
-  FARGATE = 'fargate'
+  FARGATE = 'fargate',
 }
 
 /**
@@ -2314,7 +2325,7 @@ export enum DefaultCapacityType {
   /**
    * EC2 autoscaling group
    */
-  EC2
+  EC2,
 }
 
 /**
@@ -2328,7 +2339,7 @@ export enum MachineImageType {
   /**
    * Bottlerocket AMI
    */
-  BOTTLEROCKET
+  BOTTLEROCKET,
 }
 
 function nodeTypeForInstanceType(instanceType: ec2.InstanceType) {

packages/@aws-cdk/aws-eks/lib/kubectl-handler/get/__init__.py

@@ -75,9 +75,9 @@ def kubectl(args):
     while retry > 0:
         try:
             cmd = [ 'kubectl', '--kubeconfig', kubeconfig ] + args
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            output = subprocess.check_output(cmd, stderr=subprocess.PIPE)
         except subprocess.CalledProcessError as exc:
-            output = exc.output
+            output = exc.output + exc.stderr
             if b'i/o timeout' in output and retry > 0:
                 logger.info("kubectl timed out, retries left: %s" % retry)
                 retry = retry - 1

packages/@aws-cdk/aws-eks/package.json

@@ -80,8 +80,8 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@aws-cdk/lambda-layer-kubectl-v22": "2.0.0",
-    "aws-cdk-lib": "2.47.0",
+    "@aws-cdk/lambda-layer-kubectl-v23": "^2.0.0",
+    "aws-cdk-lib": "^2.47.0",
     "@aws-cdk/assertions": "0.0.0",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/integ-runner": "0.0.0",
@@ -95,6 +95,7 @@
     "aws-sdk": "^2.1211.0",
     "cdk8s": "^2.5.28",
     "cdk8s-plus-21": "^2.0.0-beta.12",
+    "cdk8s-plus-23": "2.0.2",
     "jest": "^27.5.1",
     "sinon": "^9.2.4"
   },
@@ -112,9 +113,11 @@
     "@aws-cdk/lambda-layer-kubectl": "0.0.0",
     "@aws-cdk/lambda-layer-node-proxy-agent": "0.0.0",
     "constructs": "^10.0.0",
+    "semver": "^7.3.8",
     "yaml": "1.10.2"
   },
   "bundledDependencies": [
+    "semver",
     "yaml"
   ],
   "homepage": "https://github.com/aws/aws-cdk",

packages/@aws-cdk/aws-eks/test/alb-controller.integ.snapshot/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/apply/__init__.py renamed to packages/@aws-cdk/aws-eks/test/alb-controller.integ.snapshot/asset.1f175bea1cef6137d882d0090f49e27e44bbb46a678a86fd5d6fb29ade070a33/apply/__init__.py

@@ -75,9 +75,9 @@ def kubectl(args):
     while retry > 0:
         try:
             cmd = [ 'kubectl', '--kubeconfig', kubeconfig ] + args
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            output = subprocess.check_output(cmd, stderr=subprocess.PIPE)
         except subprocess.CalledProcessError as exc:
-            output = exc.output
+            output = exc.output + exc.stderr
             if b'i/o timeout' in output and retry > 0:
                 logger.info("kubectl timed out, retries left: %s" % retry)
                 retry = retry - 1