Add support for updating remote network configs in EKS Cluster resource

Author: abhay-krishna

packages/@aws-cdk/custom-resource-handlers/lib/aws-eks/cluster-resource-handler/cluster.ts

@@ -195,7 +195,7 @@ export class ClusterResourceHandler extends ResourceHandler {
       return this.updateClusterVersion(this.newProps.version);
     }
 
-    if (updates.updateLogging || updates.updateAccess || updates.updateVpc || updates.updateAuthMode) {
+    if (updates.updateLogging || updates.updateAccess || updates.updateVpc || updates.updateAuthMode || updates.updateRemoteNetworkConfig) {
       const config: EKS.UpdateClusterConfigCommandInput = {
         name: this.clusterName,
       };
@@ -262,6 +262,10 @@ export class ClusterResourceHandler extends ResourceHandler {
         };
       }
 
+      if (updates.updateRemoteNetworkConfig) {
+        config.remoteNetworkConfig = this.newProps.remoteNetworkConfig;
+      }
+
       const updateResponse = await this.eks.updateClusterConfig(config);
 
       return { EksUpdateId: updateResponse.update?.id };
@@ -415,6 +419,7 @@ interface UpdateMap {
   updateBootstrapClusterCreatorAdminPermissions: boolean; // accessConfig.bootstrapClusterCreatorAdminPermissions
   updateVpc: boolean; // resourcesVpcConfig.subnetIds and securityGroupIds
   updateTags: boolean; // tags
+  updateRemoteNetworkConfig: boolean; // remoteNetworkConfig
 }
 
 function analyzeUpdate(oldProps: Partial<EKS.CreateClusterCommandInput>, newProps: EKS.CreateClusterCommandInput): UpdateMap {
@@ -431,6 +436,9 @@ function analyzeUpdate(oldProps: Partial<EKS.CreateClusterCommandInput>, newProp
   const newAccessConfig = newProps.accessConfig || {};
   const oldAccessConfig = oldProps.accessConfig || {};
 
+  const oldRemoteNetworkConfig = oldProps.remoteNetworkConfig || {};
+  const newRemoteNetworkConfig = newProps.remoteNetworkConfig || {};
+
   return {
     replaceName: newProps.name !== oldProps.name,
     updateVpc:
@@ -448,6 +456,7 @@ function analyzeUpdate(oldProps: Partial<EKS.CreateClusterCommandInput>, newProp
     updateBootstrapClusterCreatorAdminPermissions: JSON.stringify(newAccessConfig.bootstrapClusterCreatorAdminPermissions) !==
       JSON.stringify(oldAccessConfig.bootstrapClusterCreatorAdminPermissions),
     updateTags: JSON.stringify(newProps.tags) !== JSON.stringify(oldProps.tags),
+    updateRemoteNetworkConfig: !compareRemoteNetworkConfigs(oldRemoteNetworkConfig, newRemoteNetworkConfig),
   };
 }
 
@@ -482,3 +491,54 @@ function getTagsToRemove<T extends Record<string, string>>(oldTags: T, newTags:
 
   return missingKeys;
 }
+
+function compareRemoteNetworkConfigs(
+  oldConfig?: EKS.RemoteNetworkConfigRequest | undefined,
+  newConfig?: EKS.RemoteNetworkConfigRequest | undefined,
+): boolean {
+  if (!oldConfig && !newConfig) {
+    return true;
+  }
+
+  if (!oldConfig || !newConfig) {
+    return false;
+  }
+
+  const nodeNetworksEqual = compareNetworkArrays(
+    oldConfig.remoteNodeNetworks,
+    newConfig.remoteNodeNetworks,
+  );
+
+  const podNetworksEqual = compareNetworkArrays(
+    oldConfig.remotePodNetworks,
+    newConfig.remotePodNetworks,
+  );
+
+  return nodeNetworksEqual && podNetworksEqual;
+}
+
+function compareNetworkArrays(
+  oldNetworks?: (EKS.RemoteNodeNetwork | EKS.RemotePodNetwork)[] | undefined,
+  newNetworks?: (EKS.RemoteNodeNetwork | EKS.RemotePodNetwork)[] | undefined,
+): boolean {
+  if (!oldNetworks && !newNetworks) {
+    return true;
+  }
+
+  if (!oldNetworks || !newNetworks) {
+    return false;
+  }
+
+  if (oldNetworks.length !== newNetworks.length) {
+    return false;
+  }
+
+  const oldCidrs = oldNetworks.flatMap(network => network.cidrs || []).sort();
+  const newCidrs = newNetworks.flatMap(network => network.cidrs || []).sort();
+
+  if (oldCidrs.length !== newCidrs.length) {
+    return false;
+  }
+
+  return oldCidrs.every((cidr, index) => cidr === newCidrs[index]);
+}

packages/@aws-cdk/custom-resource-handlers/package.json

@@ -41,7 +41,7 @@
     "@aws-sdk/client-route-53": "3.632.0",
     "@aws-sdk/client-cloudwatch-logs": "3.632.0",
     "@aws-sdk/client-dynamodb": "3.632.0",
-    "@aws-sdk/client-eks": "3.632.0",
+    "@aws-sdk/client-eks": "3.779.0",
     "@aws-sdk/client-sts": "3.632.0",
     "@smithy/node-http-handler": "3.3.3",
     "@smithy/util-stream": "3.3.4",