FargateCluster

class aws_cdk.aws_eks.FargateCluster(scope, id, *, default_profile=None, core_dns_compute_type=None, endpoint_access=None, kubectl_environment=None, kubectl_layer=None, masters_role=None, output_masters_role_arn=None, version, cluster_name=None, output_cluster_name=None, output_config_command=None, role=None, security_group=None, vpc=None, vpc_subnets=None)

Bases: aws_cdk.aws_eks.Cluster

(experimental) Defines an EKS cluster that runs entirely on AWS Fargate.

The cluster is created with a default Fargate Profile that matches the “default” and “kube-system” namespaces. You can add additional profiles using addFargateProfile.

Stability

experimental

Parameters
  • scope (Construct) –

  • id (str) –

  • default_profile (Optional[FargateProfileOptions]) – (experimental) Fargate Profile to create along with the cluster. Default: - A profile called “default” with ‘default’ and ‘kube-system’ selectors will be created if this is left undefined.

  • core_dns_compute_type (Optional[CoreDnsComputeType]) – (experimental) Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. Default: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE)

  • endpoint_access (Optional[EndpointAccess]) – (experimental) Configure access to the Kubernetes API server endpoint.. Default: EndpointAccess.PUBLIC_AND_PRIVATE

  • kubectl_environment (Optional[Mapping[str, str]]) – (experimental) Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. Default: - No environment variables.

  • kubectl_layer (Optional[ILayerVersion]) – (experimental) An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI. By default, the provider will use the layer included in the “aws-lambda-layer-kubectl” SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:: const layer = new lambda.LayerVersion(this, ‘kubectl-layer’, { code: lambda.Code.fromAsset(${__dirname}/layer.zip)), compatibleRuntimes: [lambda.Runtime.PROVIDED] }) Default: - the layer provided by the aws-lambda-layer-kubectl SAR app.

  • masters_role (Optional[IRole]) – (experimental) An IAM role that will be added to the system:masters Kubernetes RBAC group. Default: - a role that assumable by anyone with permissions in the same account will automatically be defined

  • output_masters_role_arn (Optional[bool]) – (experimental) Determines whether a CloudFormation output with the ARN of the “masters” IAM role will be synthesized (if mastersRole is specified). Default: false

  • version (KubernetesVersion) – (experimental) The Kubernetes version to run in the cluster.

  • cluster_name (Optional[str]) – (experimental) Name for the cluster. Default: - Automatically generated name

  • output_cluster_name (Optional[bool]) – (experimental) Determines whether a CloudFormation output with the name of the cluster will be synthesized. Default: false

  • output_config_command (Optional[bool]) – (experimental) Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. Default: true

  • role (Optional[IRole]) – (experimental) Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Default: - A role is automatically created for you

  • security_group (Optional[ISecurityGroup]) – (experimental) Security Group to use for Control Plane ENIs. Default: - A security group is automatically created

  • vpc (Optional[IVpc]) – (experimental) The VPC in which to create the Cluster. Default: - a VPC with default configuration will be created and can be accessed through cluster.vpc.

  • vpc_subnets (Optional[List[SubnetSelection]]) – (experimental) Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following:: vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] Default: - All public and private subnets

Stability

experimental

Methods

add_auto_scaling_group_capacity(id, *, instance_type, bootstrap_enabled=None, bootstrap_options=None, machine_image_type=None, map_role=None, allow_all_outbound=None, associate_public_ip_address=None, auto_scaling_group_name=None, block_devices=None, cooldown=None, desired_capacity=None, group_metrics=None, health_check=None, ignore_unmodified_size_properties=None, instance_monitoring=None, key_name=None, max_capacity=None, max_instance_lifetime=None, min_capacity=None, notifications=None, notifications_topic=None, replacing_update_min_successful_instances_percent=None, resource_signal_count=None, resource_signal_timeout=None, rolling_update_configuration=None, signals=None, spot_price=None, update_policy=None, update_type=None, vpc_subnets=None)

(experimental) Add nodes to this EKS cluster.

The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.

Note that if you specify updateType: RollingUpdate or updateType: ReplacingUpdate, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for updateType is None, which means only new instances will be launched using the new AMI.

Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. In addition, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

Parameters
  • id (str) –

  • instance_type (InstanceType) – (experimental) Instance type of the instances to start.

  • bootstrap_enabled (Optional[bool]) – (experimental) Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke /etc/eks/bootstrap.sh) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to false and manually invoke autoscalingGroup.addUserData(). Default: true

  • bootstrap_options (Optional[BootstrapOptions]) – (experimental) EKS node bootstrapping options. Default: - none

  • machine_image_type (Optional[MachineImageType]) – (experimental) Machine image type. Default: MachineImageType.AMAZON_LINUX_2

  • map_role (Optional[bool]) – (experimental) Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to true if the cluster has kubectl disabled. Default: - true if the cluster has kubectl enabled (which is the default).

  • allow_all_outbound (Optional[bool]) – Whether the instances can initiate connections to anywhere by default. Default: true

  • associate_public_ip_address (Optional[bool]) – Whether instances in the Auto Scaling Group should have public IP addresses associated with them. Default: - Use subnet setting.

  • auto_scaling_group_name (Optional[str]) – The name of the Auto Scaling group. This name must be unique per Region per account. Default: - Auto generated by CloudFormation

  • block_devices (Optional[List[BlockDevice]]) – Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. Default: - Uses the block device mapping of the AMI

  • cooldown (Optional[Duration]) – Default scaling cooldown for this AutoScalingGroup. Default: Duration.minutes(5)

  • desired_capacity (Union[int, float, None]) – Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. Default: minCapacity, and leave unchanged during deployment

  • group_metrics (Optional[List[GroupMetrics]]) – Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use GroupMetrics.all() Group metrics are reported in a granularity of 1 minute at no additional charge. Default: - no group metrics will be reported

  • health_check (Optional[HealthCheck]) – Configuration for health checks. Default: - HealthCheck.ec2 with no grace period

  • ignore_unmodified_size_properties (Optional[bool]) – If the ASG has scheduled actions, don’t reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. Default: true

  • instance_monitoring (Optional[Monitoring]) – Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. Default: - Monitoring.DETAILED

  • key_name (Optional[str]) – Name of SSH keypair to grant access to instances. Default: - No SSH access will be possible.

  • max_capacity (Union[int, float, None]) – Maximum number of instances in the fleet. Default: desiredCapacity

  • max_instance_lifetime (Optional[Duration]) – The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. Default: none

  • min_capacity (Union[int, float, None]) – Minimum number of instances in the fleet. Default: 1

  • notifications (Optional[List[NotificationConfiguration]]) – Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). Default: - No fleet change notifications will be sent.

  • notifications_topic (Optional[ITopic]) – (deprecated) SNS topic to send notifications about fleet changes. Default: - No fleet change notifications will be sent.

  • replacing_update_min_successful_instances_percent (Union[int, float, None]) – (deprecated) Configuration for replacing updates. Only used if updateType == UpdateType.ReplacingUpdate. Specifies how many instances must signal success for the update to succeed. Default: minSuccessfulInstancesPercent

  • resource_signal_count (Union[int, float, None]) – (deprecated) How many ResourceSignal calls CloudFormation expects before the resource is considered created. Default: 1 if resourceSignalTimeout is set, 0 otherwise

  • resource_signal_timeout (Optional[Duration]) – (deprecated) The length of time to wait for the resourceSignalCount. The maximum value is 43200 (12 hours). Default: Duration.minutes(5) if resourceSignalCount is set, N/A otherwise

  • rolling_update_configuration (Optional[RollingUpdateConfiguration]) – (deprecated) Configuration for rolling updates. Only used if updateType == UpdateType.RollingUpdate. Default: - RollingUpdateConfiguration with defaults.

  • signals (Optional[Signals]) – Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke cfn-signal with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml Default: - Do not wait for signals

  • spot_price (Optional[str]) – The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. Default: none

  • update_policy (Optional[UpdatePolicy]) – What to do when an AutoScalingGroup’s instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. Default: - UpdatePolicy.rollingUpdate() if using init, UpdatePolicy.none() otherwise

  • update_type (Optional[UpdateType]) – (deprecated) What to do when an AutoScalingGroup’s instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. Default: UpdateType.None

  • vpc_subnets (Optional[SubnetSelection]) – Where to place instances within the VPC. Default: - All Private subnets.

Stability

experimental

Return type

AutoScalingGroup

add_cdk8s_chart(id, chart)

(experimental) Defines a CDK8s chart in this cluster.

Parameters
  • id (str) – logical id of this chart.

  • chart (Construct) – the cdk8s chart.

Return type

KubernetesManifest

Returns

a KubernetesManifest construct representing the chart.

Stability

experimental

add_fargate_profile(id, *, selectors, fargate_profile_name=None, pod_execution_role=None, subnet_selection=None, vpc=None)

(experimental) Adds a Fargate profile to this cluster.

Parameters
  • id (str) – the id of this profile.

  • selectors (List[Selector]) – (experimental) The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors.

  • fargate_profile_name (Optional[str]) – (experimental) The name of the Fargate profile. Default: - generated

  • pod_execution_role (Optional[IRole]) – (experimental) The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. Default: - a role will be automatically created

  • subnet_selection (Optional[SubnetSelection]) – (experimental) Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. Default: - all private subnets of the VPC are selected.

  • vpc (Optional[IVpc]) – (experimental) The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using subnetSelection. Default: - all private subnets used by theEKS cluster

See

https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html

Stability

experimental

Return type

FargateProfile

add_helm_chart(id, *, chart, create_namespace=None, namespace=None, release=None, repository=None, timeout=None, values=None, version=None, wait=None)

(experimental) Defines a Helm chart in this cluster.

Parameters
  • id (str) – logical id of this chart.

  • chart (str) – (experimental) The name of the chart.

  • create_namespace (Optional[bool]) – (experimental) create namespace if not exist. Default: true

  • namespace (Optional[str]) – (experimental) The Kubernetes namespace scope of the requests. Default: default

  • release (Optional[str]) – (experimental) The name of the release. Default: - If no release name is given, it will use the last 53 characters of the node’s unique id.

  • repository (Optional[str]) – (experimental) The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ Default: - No repository will be used, which means that the chart needs to be an absolute URL.

  • timeout (Optional[Duration]) – (experimental) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. Default: Duration.minutes(5)

  • values (Optional[Mapping[str, Any]]) – (experimental) The values to be used by the chart. Default: - No values are provided to the chart.

  • version (Optional[str]) – (experimental) The chart version to install. Default: - If this is not specified, the latest version is installed

  • wait (Optional[bool]) – (experimental) Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. Default: - Helm will not wait before marking release as successful

Return type

HelmChart

Returns

a HelmChart construct

Stability

experimental

add_manifest(id, *manifest)

(experimental) Defines a Kubernetes resource in this cluster.

The manifest will be applied/deleted using kubectl as needed.

Parameters
  • id (str) – logical id of this manifest.

  • manifest (Any) – a list of Kubernetes resource specifications.

Return type

KubernetesManifest

Returns

a KubernetesResource object.

Stability

experimental

add_nodegroup_capacity(id, *, ami_type=None, desired_size=None, disk_size=None, force_update=None, instance_type=None, labels=None, launch_template_spec=None, max_size=None, min_size=None, nodegroup_name=None, node_role=None, release_version=None, remote_access=None, subnets=None, tags=None)

(experimental) Add managed nodegroup to this Amazon EKS cluster.

This method will create a new managed nodegroup and add into the capacity.

Parameters
  • id (str) – The ID of the nodegroup.

  • ami_type (Optional[NodegroupAmiType]) – (experimental) The AMI type for your node group. Default: - auto-determined from the instanceType property.

  • desired_size (Union[int, float, None]) – (experimental) The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create minSize instances. Default: 2

  • disk_size (Union[int, float, None]) – (experimental) The root device disk size (in GiB) for your node group instances. Default: 20

  • force_update (Optional[bool]) – (experimental) Force the update if the existing node group’s pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. Default: true

  • instance_type (Optional[InstanceType]) – (experimental) The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is t3.medium. If you choose a GPU instance type, be sure to specify the AL2_x86_64_GPU with the amiType parameter. Default: t3.medium

  • labels (Optional[Mapping[str, str]]) – (experimental) The Kubernetes labels to be applied to the nodes in the node group when they are created. Default: - None

  • launch_template_spec (Optional[LaunchTemplateSpec]) – (experimental) Launch template specification used for the nodegroup. Default: - no launch template

  • max_size (Union[int, float, None]) – (experimental) The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. Default: - desiredSize

  • min_size (Union[int, float, None]) – (experimental) The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. Default: 1

  • nodegroup_name (Optional[str]) – (experimental) Name of the Nodegroup. Default: - resource ID

  • node_role (Optional[IRole]) – (experimental) The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. Default: - None. Auto-generated if not specified.

  • release_version (Optional[str]) – (experimental) The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, 1.14.7-YYYYMMDD). Default: - The latest available AMI version for the node group’s current Kubernetes version is used.

  • remote_access (Optional[NodegroupRemoteAccess]) – (experimental) The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) Default: - disabled

  • subnets (Optional[SubnetSelection]) – (experimental) The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. kubernetes.io/cluster/CLUSTER_NAME with a value of shared, where CLUSTER_NAME is replaced with the name of your cluster. Default: - private subnets

  • tags (Optional[Mapping[str, str]]) – (experimental) The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. Default: - None

See

https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html

Stability

experimental

Return type

Nodegroup

add_service_account(id, *, name=None, namespace=None)

(experimental) Creates a new service account with corresponding IAM Role (IRSA).

Parameters
  • id (str) –

  • name (Optional[str]) – (experimental) The name of the service account. Default: - If no name is given, it will use the id of the resource.

  • namespace (Optional[str]) – (experimental) The namespace of the service account. Default: “default”

Stability

experimental

Return type

ServiceAccount

connect_auto_scaling_group_capacity(auto_scaling_group, *, bootstrap_enabled=None, bootstrap_options=None, machine_image_type=None, map_role=None)

(experimental) Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.

The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance’s launch configuration.

Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

Prefer to use addAutoScalingGroupCapacity if possible.

Parameters
  • auto_scaling_group (AutoScalingGroup) – [disable-awslint:ref-via-interface].

  • bootstrap_enabled (Optional[bool]) – (experimental) Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke /etc/eks/bootstrap.sh) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to false and manually invoke autoscalingGroup.addUserData(). Default: true

  • bootstrap_options (Optional[BootstrapOptions]) – (experimental) Allows options for node bootstrapping through EC2 user data. Default: - default options

  • machine_image_type (Optional[MachineImageType]) – (experimental) Allow options to specify different machine image type. Default: MachineImageType.AMAZON_LINUX_2

  • map_role (Optional[bool]) – (experimental) Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to true if the cluster has kubectl disabled. Default: - true if the cluster has kubectl enabled (which is the default).

See

https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html

Stability

experimental

Return type

None

get_service_load_balancer_address(service_name, *, namespace=None, timeout=None)

(experimental) Fetch the load balancer address of a service of type ‘LoadBalancer’.

Parameters
  • service_name (str) – The name of the service.

  • namespace (Optional[str]) – (experimental) The namespace the service belongs to. Default: ‘default’

  • timeout (Optional[Duration]) – (experimental) Timeout for waiting on the load balancer address. Default: Duration.minutes(5)

Stability

experimental

Return type

str

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

admin_role

(experimental) An IAM role with administrative permissions to create or update the cluster.

This role also has systems:master permissions.

Stability

experimental

Return type

Role

aws_auth

(experimental) Lazily creates the AwsAuth resource, which manages AWS authentication mapping.

Stability

experimental

Return type

AwsAuth

cluster_arn

(experimental) The AWS generated ARN for the Cluster resource.

Stability

experimental

Example:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
arn:aws:eks:us-west-2666666666666cluster / prod
Return type

str

cluster_certificate_authority_data

(experimental) The certificate-authority-data for your cluster.

Stability

experimental

Return type

str

cluster_encryption_config_key_arn

(experimental) Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Stability

experimental

Return type

str

cluster_endpoint

(experimental) The endpoint URL for the Cluster.

This is the URL inside the kubeconfig file to use with kubectl

Stability

experimental

Example:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
https:
Return type

str

cluster_name

(experimental) The Name of the created EKS Cluster.

Stability

experimental

Return type

str

cluster_open_id_connect_issuer

(experimental) If this cluster is kubectl-enabled, returns the OpenID Connect issuer.

This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock CfnCluster), this is undefined.

Stability

experimental

Attribute

true

Return type

str

cluster_open_id_connect_issuer_url

(experimental) If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.

This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock CfnCluster), this is undefined.

Stability

experimental

Attribute

true

Return type

str

cluster_security_group_id

(experimental) The cluster security group that was created by Amazon EKS for the cluster.

Stability

experimental

Return type

str

connections

(experimental) Manages connection rules (Security Group Rules) for the cluster.

Stability

experimental

Memberof

Cluster

Type

{ec2.Connections}

Return type

Connections

default_capacity

(experimental) The auto scaling group that hosts the default capacity for this cluster.

This will be undefined if the defaultCapacityType is not EC2 or defaultCapacityType is EC2 but default capacity is set to 0.

Stability

experimental

Return type

Optional[AutoScalingGroup]

default_nodegroup

(experimental) The node group that hosts the default capacity for this cluster.

This will be undefined if the defaultCapacityType is EC2 or defaultCapacityType is NODEGROUP but default capacity is set to 0.

Stability

experimental

Return type

Optional[Nodegroup]

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type

ResourceEnvironment

kubectl_environment

(experimental) Custom environment variables when running kubectl against this cluster.

Default
  • no additional environment variables

Stability

experimental

Return type

Optional[Mapping[str, str]]

kubectl_layer

(experimental) The AWS Lambda layer that contains kubectl, helm and the AWS CLI.

If undefined, a SAR app that contains this layer will be used.

Stability

experimental

Return type

Optional[ILayerVersion]

kubectl_private_subnets

(experimental) Subnets to host the kubectl compute resources.

Default

  • If not specified, the k8s endpoint is expected to be accessible

publicly.

Stability

experimental

Return type

Optional[List[ISubnet]]

kubectl_role

(experimental) An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

Stability

experimental

Return type

Optional[IRole]

kubectl_security_group

(experimental) A security group to use for kubectl execution.

Default

  • If not specified, the k8s endpoint is expected to be accessible

publicly.

Stability

experimental

Return type

Optional[ISecurityGroup]

node

The construct tree node associated with this construct.

Return type

ConstructNode

open_id_connect_provider

(experimental) An OpenIdConnectProvider resource associated with this cluster, and which can be used to link this cluster to AWS IAM.

A provider will only be defined if this property is accessed (lazy initialization).

Stability

experimental

Return type

IOpenIdConnectProvider

role

(experimental) IAM role assumed by the EKS Control Plane.

Stability

experimental

Return type

IRole

stack

The stack in which this resource is defined.

Return type

Stack

vpc

(experimental) The VPC in which this Cluster was created.

Stability

experimental

Return type

IVpc

Static Methods

classmethod from_cluster_attributes(scope, id, *, cluster_name, cluster_certificate_authority_data=None, cluster_encryption_config_key_arn=None, cluster_endpoint=None, cluster_security_group_id=None, kubectl_environment=None, kubectl_layer=None, kubectl_private_subnet_ids=None, kubectl_role_arn=None, kubectl_security_group_id=None, open_id_connect_provider=None, security_group_ids=None, vpc=None)

(experimental) Import an existing cluster.

Parameters
  • scope (Construct) – the construct scope, in most cases ‘this’.

  • id (str) – the id or name to import as.

  • cluster_name (str) – (experimental) The physical name of the Cluster.

  • cluster_certificate_authority_data (Optional[str]) – (experimental) The certificate-authority-data for your cluster. Default: - if not specified cluster.clusterCertificateAuthorityData will throw an error

  • cluster_encryption_config_key_arn (Optional[str]) – (experimental) Amazon Resource Name (ARN) or alias of the customer master key (CMK). Default: - if not specified cluster.clusterEncryptionConfigKeyArn will throw an error

  • cluster_endpoint (Optional[str]) – (experimental) The API Server endpoint URL. Default: - if not specified cluster.clusterEndpoint will throw an error.

  • cluster_security_group_id (Optional[str]) – (experimental) The cluster security group that was created by Amazon EKS for the cluster. Default: - if not specified cluster.clusterSecurityGroupId will throw an error

  • kubectl_environment (Optional[Mapping[str, str]]) – (experimental) Environment variables to use when running kubectl against this cluster. Default: - no additional variables

  • kubectl_layer (Optional[ILayerVersion]) – (experimental) An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI. By default, the provider will use the layer included in the “aws-lambda-layer-kubectl” SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:: const layer = new lambda.LayerVersion(this, ‘kubectl-layer’, { code: lambda.Code.fromAsset(${__dirname}/layer.zip)), compatibleRuntimes: [lambda.Runtime.PROVIDED] }); Or you can use the standard layer like this (with options to customize the version and SAR application ID): `ts const layer = new eks.KubectlLayer(this, 'KubectlLayer'); Default: - the layer provided by the ``aws-lambda-layer-kubectl SAR app.

  • kubectl_private_subnet_ids (Optional[List[str]]) – (experimental) Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • kubectl_role_arn (Optional[str]) – (experimental) An IAM role with cluster administrator and “system:masters” permissions. Default: - if not specified, it not be possible to issue kubectl commands against an imported cluster.

  • kubectl_security_group_id (Optional[str]) – (experimental) A security group to use for kubectl execution. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • open_id_connect_provider (Optional[IOpenIdConnectProvider]) – (experimental) An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider Default: - if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

  • security_group_ids (Optional[List[str]]) – (experimental) Additional security groups associated with this cluster. Default: - if not specified, no additional security groups will be considered in cluster.connections.

  • vpc (Optional[IVpc]) – (experimental) The VPC in which this Cluster was created. Default: - if not specified cluster.vpc will throw an error

Stability

experimental

Return type

ICluster

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool