ClusterAttributes

class aws_cdk.aws_eks.ClusterAttributes(*, cluster_certificate_authority_data=None, cluster_encryption_config_key_arn=None, cluster_endpoint=None, cluster_handler_security_group_id=None, cluster_name, cluster_security_group_id=None, kubectl_environment=None, kubectl_lambda_role=None, kubectl_layer=None, kubectl_memory=None, kubectl_private_subnet_ids=None, kubectl_role_arn=None, kubectl_security_group_id=None, on_event_layer=None, open_id_connect_provider=None, prune=None, security_group_ids=None, vpc=None)

Bases: object

Attributes for EKS clusters.

Parameters
  • cluster_certificate_authority_data (Optional[str]) – The certificate-authority-data for your cluster. Default: - if not specified cluster.clusterCertificateAuthorityData will throw an error

  • cluster_encryption_config_key_arn (Optional[str]) – Amazon Resource Name (ARN) or alias of the customer master key (CMK). Default: - if not specified cluster.clusterEncryptionConfigKeyArn will throw an error

  • cluster_endpoint (Optional[str]) – The API Server endpoint URL. Default: - if not specified cluster.clusterEndpoint will throw an error.

  • cluster_handler_security_group_id (Optional[str]) – A security group id to associate with the Cluster Handler’s Lambdas. The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API. Default: - No security group.

  • cluster_name (str) – The physical name of the Cluster.

  • cluster_security_group_id (Optional[str]) – The cluster security group that was created by Amazon EKS for the cluster. Default: - if not specified cluster.clusterSecurityGroupId will throw an error

  • kubectl_environment (Optional[Mapping[str, str]]) – Environment variables to use when running kubectl against this cluster. Default: - no additional variables

  • kubectl_lambda_role (Optional[IRole]) – An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the system:masters Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.

  • kubectl_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables:: helm/helm kubectl/kubectl awscli/aws Default: - a layer bundled with this module.

  • kubectl_memory (Optional[Size]) – Amount of memory to allocate to the provider’s lambda function. Default: Size.gibibytes(1)

  • kubectl_private_subnet_ids (Optional[Sequence[str]]) – Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • kubectl_role_arn (Optional[str]) – An IAM role with cluster administrator and “system:masters” permissions. Default: - if not specified, it not be possible to issue kubectl commands against an imported cluster.

  • kubectl_security_group_id (Optional[str]) – A security group to use for kubectl execution. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • on_event_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes the NPM dependency proxy-agent. This layer is used by the onEvent handler to route AWS SDK requests through a proxy. The handler expects the layer to include the following node_modules:: proxy-agent Default: - a layer bundled with this module.

  • open_id_connect_provider (Optional[IOpenIdConnectProvider]) – An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider Default: - if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

  • prune (Optional[bool]) – Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch. Default: true

  • security_group_ids (Optional[Sequence[str]]) – Additional security groups associated with this cluster. Default: - if not specified, no additional security groups will be considered in cluster.connections.

  • vpc (Optional[IVpc]) – The VPC in which this Cluster was created. Default: - if not specified cluster.vpc will throw an error

Example:

# cluster is of type Cluster
# asg is of type AutoScalingGroup

imported_cluster = eks.Cluster.from_cluster_attributes(self, "ImportedCluster",
    cluster_name=cluster.cluster_name,
    cluster_security_group_id=cluster.cluster_security_group_id
)

imported_cluster.connect_auto_scaling_group_capacity(asg)

Attributes

cluster_certificate_authority_data

The certificate-authority-data for your cluster.

Default

  • if not specified cluster.clusterCertificateAuthorityData will

throw an error

Return type

Optional[str]

cluster_encryption_config_key_arn

Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Default

  • if not specified cluster.clusterEncryptionConfigKeyArn will

throw an error

Return type

Optional[str]

cluster_endpoint

The API Server endpoint URL.

Default
  • if not specified cluster.clusterEndpoint will throw an error.

Return type

Optional[str]

cluster_handler_security_group_id

A security group id to associate with the Cluster Handler’s Lambdas.

The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.

Default
  • No security group.

Return type

Optional[str]

cluster_name

The physical name of the Cluster.

Return type

str

cluster_security_group_id

The cluster security group that was created by Amazon EKS for the cluster.

Default

  • if not specified cluster.clusterSecurityGroupId will throw an

error

Return type

Optional[str]

kubectl_environment

Environment variables to use when running kubectl against this cluster.

Default
  • no additional variables

Return type

Optional[Mapping[str, str]]

kubectl_lambda_role

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Default

  • if not specified, the default role created by a lambda function will

be used.

Return type

Optional[IRole]

kubectl_layer

An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI.

This layer is used by the kubectl handler to apply manifests and install helm charts.

The handler expects the layer to include the following executables:

helm/helm
kubectl/kubectl
awscli/aws
Default
  • a layer bundled with this module.

Return type

Optional[ILayerVersion]

kubectl_memory

Amount of memory to allocate to the provider’s lambda function.

Default

Size.gibibytes(1)

Return type

Optional[Size]

kubectl_private_subnet_ids

Subnets to host the kubectl compute resources.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default
  • k8s endpoint is expected to be accessible publicly

Return type

Optional[List[str]]

kubectl_role_arn

masters” permissions.

Default

  • if not specified, it not be possible to issue kubectl commands

against an imported cluster.

Type

An IAM role with cluster administrator and “system

Return type

Optional[str]

kubectl_security_group_id

A security group to use for kubectl execution.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default
  • k8s endpoint is expected to be accessible publicly

Return type

Optional[str]

on_event_layer

An AWS Lambda Layer which includes the NPM dependency proxy-agent.

This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

The handler expects the layer to include the following node_modules:

proxy-agent
Default
  • a layer bundled with this module.

Return type

Optional[ILayerVersion]

open_id_connect_provider

An Open ID Connect provider for this cluster that can be used to configure service accounts.

You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider

Default
  • if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

Return type

Optional[IOpenIdConnectProvider]

prune

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Default

true

Return type

Optional[bool]

security_group_ids

Additional security groups associated with this cluster.

Default

  • if not specified, no additional security groups will be

considered in cluster.connections.

Return type

Optional[List[str]]

vpc

The VPC in which this Cluster was created.

Default
  • if not specified cluster.vpc will throw an error

Return type

Optional[IVpc]