Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
cdk8s-aws-cdk
Advanced tools
AWS CDK Adapter for cdk8s allows you to define AWS CDK constructs within a cdk8s application. The AWS resources will be provisioned using the [AWS Controllers for Kubernetes](https://aws-controllers-k8s.github.io/community/docs/community/overview/).
AWS CDK Adapter for cdk8s allows you to define AWS CDK constructs within a cdk8s application. The AWS resources will be provisioned using the AWS Controllers for Kubernetes.
This project is in very early alpha stages of development and is subject to frequent breaking changes.
In you Kubernetes cluster, install the appropriate ACK controllers, depending on which resources you want to provision.
Install the adapter and the AWS CDK in your cdk8s project.
npm install cdk8s-aws-cdk aws-cdk-lib
The adapter provides a special Chart
, that allows defining AWS CDK resources. You must extend this chart,
in place of the normal cdk8s.Chart
object.
import * as awscdkadapter from 'cdk8s-aws-cdk'
import * as k from 'cdk8s';
import * as kplus from 'cdk8s-plus-24';
import { aws_s3 as s3 } from 'aws-cdk-lib';
export class MyChart extends awscdkadapter.Chart {
constructor(scope: Construct, id: string, props: k.ChartProps = {}) {
super(scope, id, props);
// define an s3 bucket with aws-cdk
new s3.Bucket(this, 'Bucket');
// define a kubernetes deployment with cdk8s+
new kplus.Deployment(this, 'Deployment', {
containers: [{ image: 'image' }],
});
}
}
Synthesizing this chart will produce:
apiVersion: apps/v1
kind: Deployment
metadata:
name: s3sample-deployment-c828e7a5
spec:
minReadySeconds: 0
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
cdk8s.io/metadata.addr: S3Sample-Deployment-c8c2c08d
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
cdk8s.io/metadata.addr: S3Sample-Deployment-c8c2c08d
spec:
automountServiceAccountToken: true
containers:
- image: image
imagePullPolicy: Always
name: main
securityContext:
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: false
dnsPolicy: ClusterFirst
securityContext:
fsGroupChangePolicy: Always
runAsNonRoot: false
setHostnameAsFQDN: false
---
apiVersion: s3.services.k8s.aws/v1alpha1
kind: Bucket
metadata:
name: s3sample-bucket83908e77-c80d1127
spec:
name: s3sample-bucket83908e77-c80d1127
You can then apply this manifest to the cluster by any means.
The are quite a few limitations at the moment.
There are two layers of resource coverage that are involved in the process:
The adapter maps every AWS CDK resource to its corresponding ACK resource. This means resources that aren't currently supported by ACK cannot be defined.
For resources that are supported by ACK, this adapter contains mappers that can do the translation. Not all supported resources have been mapped yet, the built-in mapped resources are:
If your application contains additional resources, that are supported by ACK but haven't been mapped by the adapter, you can register customer mappers:
First you implement a custom mapper:
import * as awscdkadapter from 'cdk8s-aws-cdk'
export class KmsKeyMapper extends awscdkadapter.CloudFormationResourceMapper {
/**
* @see CloudFormationResourceMapper.type
*/
public readonly type: string = 'AWS::KMS::Key';
// implement the additional required methods and properties
...
}
Then you register it:
import * as awscdkadapter from 'cdk8s-aws-cdk'
import * as k from 'cdk8s';
import { aws_kms as kms } from 'aws-cdk-lib';
export class MyChart extends awscdkadapter.Chart {
constructor(scope: Construct, id: string, props: k.ChartProps = {}) {
super(scope, id, props);
this.registerMapper(new KmsKeyMapper(this))
// now you can define a kms key
new kms.Key(this, 'Key');
}
}
CDK Tokens that represent CloudFormation attributes (i.e Fn::GetAttr
) can be used as Kubernetes environment variables
when defining containers, but they cannot be used for anything else.
For example, you can pass an attribute to a container like so:
const dbInstance = new rds.DatabaseInstance(...);
const container = deployment.addContainer(...);
container.env.addVariable('DB_ADDRESS', kplus.EnvValue.fromValue(dbInstance.dbInstanceEndpointAddress))
But you cannot pass the same attribute to, for example, lambda function environment variables:
const dbInstance = new rds.DatabaseInstance(...);
const func = new lambda.Function(...);
func.addEnvironment('DB_ADDRESS', dbInstance.dbInstanceEndpointAddress);
This is because attribute mapping is implemented by exporting them using ACK Field Exports. These field exports can only be imported in a select number of resources, and currently the adapter only supports kubernetes environment variables.
AWS CDK assets are currently not supported.
FAQs
AWS CDK Adapter for cdk8s allows you to define AWS CDK constructs within a cdk8s application. The AWS resources will be provisioned using the [AWS Controllers for Kubernetes](https://aws-controllers-k8s.github.io/community/docs/community/overview/).
The npm package cdk8s-aws-cdk receives a total of 18 weekly downloads. As such, cdk8s-aws-cdk popularity was classified as not popular.
We found that cdk8s-aws-cdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.