chore(eks): add warning to make kubectlLayer property required in the future

[xazhao]

Reason for this change

kubectlLayer property in EKS Cluster is currently optional. If not provided, it will use a very outdated version (1.20). This default outdated version adds a outdated dependency to CDK which should be removed.

However, we can't simply update the version because it will be a breaking change. To avoid this issue happening again, we can send a warning first then we can do a one-time breaking change to make the property required.

Another reason is the synth error (users have to provide the property) is better than we upgrading the version silently which may lead to some unexpected behavior.

Description of changes

Update warning to let customers know this property will become required in 2025 Jan.

Description of how you validated changes

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[kaizencc]

@xazhao i'm curious why you've decided on this path over a feature flag?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.80%. Comparing base (93ff387) to head (3794711).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #32483   +/-   ##
=======================================
  Coverage   78.80%   78.80%           
=======================================
  Files         108      108           
  Lines        7159     7159           
  Branches     1319     1319           
=======================================
  Hits         5642     5642           
  Misses       1332     1332           
  Partials      185      185           

Flag	Coverage Δ
suite.unit	78.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	78.80% <ø> (ø)

[xazhao]

@xazhao i'm curious why you've decided on this path over a feature flag?

The issue is the default version bundled an outdated dependency in CDK ("@aws-cdk/asset-kubectl-v20": "^2.1.3").

This dependency uses helm version 3.8.1 which is related to this CVE https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-HELM-7219926

Using a feature flag will still keep the dependency.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should look at the reason for the failure and decide if the pull request needs to be fixed or if you want to requeue it.

If you want to requeue this pull request, you need to post a comment with the text: @mergifyio requeue

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[GavinZZ]

@mergify update

[mergify]

update

❌ Mergify doesn't have permission to update

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/request-cli-integ-test.yml without workflows permission

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 3794711
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.