eks: Make kubectl property required in EKS cluster

[xazhao]

Describe the feature

Currently in EKS cluster construct, kubectlLayer is an optional property. If not specified, CDK will use a default layer of kubectl v20. This default version is outdated because earliest kubernete version EKS supports (extended support) now is 1.24. See https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html. It shouldn't use any default version actually.

And because of the default version, aws-cdk-lib has a dependency on "@aws-cdk/asset-kubectl-v20". It uses an old version of helm which is impacted by CVE-2024-24790.

Use Case

When I uses CDK, whether I use EKS Cluster construct or not, @aws-cdk/asset-kubectl-v20 will always be in my dependencies.

Proposed Solution

Make kubectlLayer property of EKS Cluster construct required from optional.

Yes it is a BREAKING CHANGE. People who uses EKS Cluster without providing kubectlLayer will see a synth error. But the default version is already very outdated and shouldn't be used anymore. And removing the dependency and not setting up default version is a better solution in the long term.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

v2.177.0

Environment details (OS name and version, etc.)

MacOs