feat(lambda-layer-kubectl): depend on @awscdk/asset-kubectl-v20 and reduce aws-cdk-lib size

[kaizencc]

This PR reduces the size of aws-cdk-lib by 25.6 MB, by extracting the lambda-layer-kubectl/lib/layer.zip file to a separate package that aws-cdk-lib will directly depend on.

This change also reduce the complexity of the build in the aws-cdk repo because the process of building the layer.zip inside of a Docker container has also been extracted to the separate package. See https://github.com/cdklabs/awscdk-asset-kubectl/tree/kubectl-v20/main

---

All Submissions:

• Have you followed the guidelines in our Contributing guide?

Adding new Unconventional Dependencies:

• This PR adds new unconventional dependencies following the process described here

New Features

• Have you added the new feature to an integration test?
  • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[madeline-k]

Looks good to me!

[TheRealAmazonKendra]

It doesn't seem to be showing the actual build logs here properly, but it looks like you need to add the yarn.lock changes:

Error: ERROR! Dependency @aws-cdk/asset-kubectl-v20@^2.1.0 from @aws-cdk/lambda-layer-kubectl not present in yarn.lock. Please run 'yarn install' and try again!
--
493 | at errorIfNotInYarnLock (/codebuild/output/src846888144/src/github.com/aws/aws-cdk/scripts/check-yarn-lock.js:45:13)
494 | at /codebuild/output/src846888144/src/github.com/aws/aws-cdk/scripts/check-yarn-lock.js:51:77
495 | at Array.forEach (<anonymous>)
496 | at /codebuild/output/src846888144/src/github.com/aws/aws-cdk/scripts/check-yarn-lock.js:51:42
497 | at Array.forEach (<anonymous>)
498 | at main (/codebuild/output/src846888144/src/github.com/aws/aws-cdk/scripts/check-yarn-lock.js:49:12)
499 |  
500 | [Container] 2022/11/02 16:31:14 Command did not exit successfully /bin/bash ./build.sh exit status 1
501 | [Container] 2022/11/02 16:31:14 Phase complete: BUILD State: FAILED
502 | [Container] 2022/11/02 16:31:14 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: /bin/bash ./build.sh. Reason: exit status 1
503 | [Container] 2022/11/02 16:31:14 Entering phase POST_BUILD
504 | [Container] 2022/11/02 16:31:14 Phase complete: POST_BUILD State: SUCCEEDED
505 | [Container] 2022/11/02 16:31:14 Phase context status code:  Message:

[madeline-k]

Wait, shouldn't this also modify aws-cdk-lib's package.json?

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.

[TheRealAmazonKendra]

Pretty sure because of #22716 you'll just need to rebase and rerun yarn integ --update-on-failed

[kaizencc]

3 tests were in need of update in stepfunctions-tasks, because they use a CDK construct that depends on lambda-layer-kubectl, and we updated the asset hash for the layer. cdk deploy has a normal default of rollback: true, but our test runner defaults to rollback: false. According to @corymhall, this is because of the assertion stack; we want them all to run even if some of them fail. There are no assertions here, so I feel safe turning on rollback: true.

However, calling this out: with rollback: false, the update workflow fails with Replacement type updates not supported on stack with disable-rollback on the KubectlLayer. It looks like on update, the different asset hash requires replacement of the lambda layer. And any sort of replacement is not allowed when rollback: false, a rule that comes from cloudformation and not the resource itself. I think we should be okay with this, but I definitely want a second opinion. @madeline-k, @rix0rrr, what do you think?

[kaizencc]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

addressed

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: b959b97
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).