@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)", date="2023-01-25T18:29:09.923Z") public class Cluster extends Resource implements ICluster
This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.
Example:
Vpc vpc; Cluster.Builder.create(this, "HelloEKS") .version(KubernetesVersion.V1_21) .vpc(vpc) .vpcSubnets(List.of(SubnetSelection.builder().subnetType(SubnetType.PRIVATE_WITH_NAT).build())) .build();
Modifier and Type | Class and Description |
---|---|
static class |
Cluster.Builder
A fluent builder for
Cluster . |
ICluster.Jsii$Default, ICluster.Jsii$Proxy
Modifier | Constructor and Description |
---|---|
protected |
Cluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
Cluster(software.amazon.jsii.JsiiObjectRef objRef) |
|
Cluster(software.constructs.Construct scope,
java.lang.String id,
ClusterProps props)
Initiates an EKS Cluster with the supplied arguments.
|
Modifier and Type | Method and Description |
---|---|
AutoScalingGroup |
addAutoScalingGroupCapacity(java.lang.String id,
AutoScalingGroupCapacityOptions options)
Add nodes to this EKS cluster.
|
KubernetesManifest |
addCdk8sChart(java.lang.String id,
software.constructs.Construct chart)
Defines a CDK8s chart in this cluster.
|
KubernetesManifest |
addCdk8sChart(java.lang.String id,
software.constructs.Construct chart,
KubernetesManifestOptions options)
Defines a CDK8s chart in this cluster.
|
FargateProfile |
addFargateProfile(java.lang.String id,
FargateProfileOptions options)
Adds a Fargate profile to this cluster.
|
HelmChart |
addHelmChart(java.lang.String id,
HelmChartOptions options)
Defines a Helm chart in this cluster.
|
KubernetesManifest |
addManifest(java.lang.String id,
java.util.Map<java.lang.String,java.lang.Object>... manifest)
Defines a Kubernetes resource in this cluster.
|
Nodegroup |
addNodegroupCapacity(java.lang.String id)
Add managed nodegroup to this Amazon EKS cluster.
|
Nodegroup |
addNodegroupCapacity(java.lang.String id,
NodegroupOptions options)
Add managed nodegroup to this Amazon EKS cluster.
|
ServiceAccount |
addServiceAccount(java.lang.String id)
Creates a new service account with corresponding IAM Role (IRSA).
|
ServiceAccount |
addServiceAccount(java.lang.String id,
ServiceAccountOptions options)
Creates a new service account with corresponding IAM Role (IRSA).
|
void |
connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup,
AutoScalingGroupOptions options)
Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
|
static ICluster |
fromClusterAttributes(software.constructs.Construct scope,
java.lang.String id,
ClusterAttributes attrs)
Import an existing cluster.
|
Role |
getAdminRole()
An IAM role with administrative permissions to create or update the cluster.
|
AlbController |
getAlbController()
The ALB Controller construct defined for this cluster.
|
AwsAuth |
getAwsAuth()
Lazily creates the AwsAuth resource, which manages AWS authentication mapping.
|
java.lang.String |
getClusterArn()
The AWS generated ARN for the Cluster resource.
|
java.lang.String |
getClusterCertificateAuthorityData()
The certificate-authority-data for your cluster.
|
java.lang.String |
getClusterEncryptionConfigKeyArn()
Amazon Resource Name (ARN) or alias of the customer master key (CMK).
|
java.lang.String |
getClusterEndpoint()
The endpoint URL for the Cluster.
|
ISecurityGroup |
getClusterHandlerSecurityGroup()
A security group to associate with the Cluster Handler's Lambdas.
|
java.lang.String |
getClusterName()
The Name of the created EKS Cluster.
|
java.lang.String |
getClusterOpenIdConnectIssuer()
If this cluster is kubectl-enabled, returns the OpenID Connect issuer.
|
java.lang.String |
getClusterOpenIdConnectIssuerUrl()
If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.
|
ISecurityGroup |
getClusterSecurityGroup()
The cluster security group that was created by Amazon EKS for the cluster.
|
java.lang.String |
getClusterSecurityGroupId()
The id of the cluster security group that was created by Amazon EKS for the cluster.
|
Connections |
getConnections()
Manages connection rules (Security Group Rules) for the cluster.
|
AutoScalingGroup |
getDefaultCapacity()
The auto scaling group that hosts the default capacity for this cluster.
|
Nodegroup |
getDefaultNodegroup()
The node group that hosts the default capacity for this cluster.
|
java.lang.String |
getIngressLoadBalancerAddress(java.lang.String ingressName)
Fetch the load balancer address of an ingress backed by a load balancer.
|
java.lang.String |
getIngressLoadBalancerAddress(java.lang.String ingressName,
IngressLoadBalancerAddressOptions options)
Fetch the load balancer address of an ingress backed by a load balancer.
|
java.util.Map<java.lang.String,java.lang.String> |
getKubectlEnvironment()
Custom environment variables when running `kubectl` against this cluster.
|
IRole |
getKubectlLambdaRole()
An IAM role that can perform kubectl operations against this cluster.
|
ILayerVersion |
getKubectlLayer()
The AWS Lambda layer that contains `kubectl`, `helm` and the AWS CLI.
|
Size |
getKubectlMemory()
The amount of memory allocated to the kubectl provider's lambda function.
|
java.util.List<ISubnet> |
getKubectlPrivateSubnets()
Subnets to host the `kubectl` compute resources.
|
IRole |
getKubectlRole()
An IAM role that can perform kubectl operations against this cluster.
|
ISecurityGroup |
getKubectlSecurityGroup()
A security group to use for `kubectl` execution.
|
ILayerVersion |
getOnEventLayer()
The AWS Lambda layer that contains the NPM dependency `proxy-agent`.
|
IOpenIdConnectProvider |
getOpenIdConnectProvider()
An `OpenIdConnectProvider` resource associated with this cluster, and which can be used to link this cluster to AWS IAM.
|
java.lang.Boolean |
getPrune()
Determines if Kubernetes resources can be pruned automatically.
|
IRole |
getRole()
IAM role assumed by the EKS Control Plane.
|
java.lang.String |
getServiceLoadBalancerAddress(java.lang.String serviceName)
Fetch the load balancer address of a service of type 'LoadBalancer'.
|
java.lang.String |
getServiceLoadBalancerAddress(java.lang.String serviceName,
ServiceLoadBalancerAddressOptions options)
Fetch the load balancer address of a service of type 'LoadBalancer'.
|
IVpc |
getVpc()
The VPC in which this Cluster was created.
|
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getKubectlProvider
applyRemovalPolicy, getEnv, getStack
getNode
protected Cluster(software.amazon.jsii.JsiiObjectRef objRef)
protected Cluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public Cluster(software.constructs.Construct scope, java.lang.String id, ClusterProps props)
scope
- a Construct, most likely a cdk.Stack created. This parameter is required.id
- the id of the Construct to create. This parameter is required.props
- properties in the IClusterProps interface. This parameter is required.public static ICluster fromClusterAttributes(software.constructs.Construct scope, java.lang.String id, ClusterAttributes attrs)
scope
- the construct scope, in most cases 'this'. This parameter is required.id
- the id or name to import as. This parameter is required.attrs
- the cluster properties to use for importing information. This parameter is required.public AutoScalingGroup addAutoScalingGroupCapacity(java.lang.String id, AutoScalingGroupCapacityOptions options)
The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.
Note that if you specify updateType: RollingUpdate
or updateType: ReplacingUpdate
, your nodes might be replaced at deploy
time without notice in case the recommended AMI for your machine image type has been updated by AWS.
The default behavior for updateType
is None
, which means only new instances will be launched using the new AMI.
Spot instances will be labeled lifecycle=Ec2Spot
and tainted with PreferNoSchedule
.
In addition, the spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
id
- This parameter is required.options
- This parameter is required.public KubernetesManifest addCdk8sChart(java.lang.String id, software.constructs.Construct chart, KubernetesManifestOptions options)
addCdk8sChart
in interface ICluster
id
- logical id of this chart. This parameter is required.chart
- the cdk8s chart. This parameter is required.options
- public KubernetesManifest addCdk8sChart(java.lang.String id, software.constructs.Construct chart)
addCdk8sChart
in interface ICluster
id
- logical id of this chart. This parameter is required.chart
- the cdk8s chart. This parameter is required.public FargateProfile addFargateProfile(java.lang.String id, FargateProfileOptions options)
id
- the id of this profile. This parameter is required.options
- profile options. This parameter is required.public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options)
addHelmChart
in interface ICluster
id
- logical id of this chart. This parameter is required.options
- options of this chart. This parameter is required.public KubernetesManifest addManifest(java.lang.String id, java.util.Map<java.lang.String,java.lang.Object>... manifest)
The manifest will be applied/deleted using kubectl as needed.
addManifest
in interface ICluster
id
- logical id of this manifest. This parameter is required.manifest
- a list of Kubernetes resource specifications. This parameter is required.public Nodegroup addNodegroupCapacity(java.lang.String id, NodegroupOptions options)
This method will create a new managed nodegroup and add into the capacity.
id
- The ID of the nodegroup. This parameter is required.options
- options for creating a new nodegroup.public Nodegroup addNodegroupCapacity(java.lang.String id)
This method will create a new managed nodegroup and add into the capacity.
id
- The ID of the nodegroup. This parameter is required.public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options)
addServiceAccount
in interface ICluster
id
- This parameter is required.options
- public ServiceAccount addServiceAccount(java.lang.String id)
addServiceAccount
in interface ICluster
id
- This parameter is required.public void connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options)
The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.
Spot instances will be labeled lifecycle=Ec2Spot
and tainted with PreferNoSchedule
.
If kubectl is enabled, the
spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
Prefer to use addAutoScalingGroupCapacity
if possible.
connectAutoScalingGroupCapacity
in interface ICluster
autoScalingGroup
- [disable-awslint:ref-via-interface]. This parameter is required.options
- options for adding auto scaling groups, like customizing the bootstrap script. This parameter is required.public java.lang.String getIngressLoadBalancerAddress(java.lang.String ingressName, IngressLoadBalancerAddressOptions options)
ingressName
- The name of the ingress. This parameter is required.options
- Additional operation options.public java.lang.String getIngressLoadBalancerAddress(java.lang.String ingressName)
ingressName
- The name of the ingress. This parameter is required.public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName, ServiceLoadBalancerAddressOptions options)
serviceName
- The name of the service. This parameter is required.options
- Additional operation options.public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName)
serviceName
- The name of the service. This parameter is required.public Role getAdminRole()
This role also has systems:master
permissions.
public AwsAuth getAwsAuth()
public java.lang.String getClusterArn()
For example, arn:aws:eks:us-west-2:666666666666:cluster/prod
getClusterArn
in interface ICluster
public java.lang.String getClusterCertificateAuthorityData()
getClusterCertificateAuthorityData
in interface ICluster
public java.lang.String getClusterEncryptionConfigKeyArn()
getClusterEncryptionConfigKeyArn
in interface ICluster
public java.lang.String getClusterEndpoint()
This is the URL inside the kubeconfig file to use with kubectl
For example, https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
getClusterEndpoint
in interface ICluster
public java.lang.String getClusterName()
getClusterName
in interface ICluster
public java.lang.String getClusterOpenIdConnectIssuer()
This is because the values is only be retrieved by the API and not exposed
by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the
stock CfnCluster
), this is undefined
.
public java.lang.String getClusterOpenIdConnectIssuerUrl()
This is because the values is only be retrieved by the API and not exposed
by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the
stock CfnCluster
), this is undefined
.
public ISecurityGroup getClusterSecurityGroup()
getClusterSecurityGroup
in interface ICluster
public java.lang.String getClusterSecurityGroupId()
getClusterSecurityGroupId
in interface ICluster
public Connections getConnections()
getConnections
in interface IConnectable
public IOpenIdConnectProvider getOpenIdConnectProvider()
A provider will only be defined if this property is accessed (lazy initialization).
getOpenIdConnectProvider
in interface ICluster
public java.lang.Boolean getPrune()
public IRole getRole()
public IVpc getVpc()
public AlbController getAlbController()
Will be undefined if albController
wasn't configured.
public ISecurityGroup getClusterHandlerSecurityGroup()
The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires placeClusterHandlerInVpc
to be set to true.
Default: - No security group.
getClusterHandlerSecurityGroup
in interface ICluster
public AutoScalingGroup getDefaultCapacity()
This will be undefined
if the defaultCapacityType
is not EC2
or
defaultCapacityType
is EC2
but default capacity is set to 0.
public Nodegroup getDefaultNodegroup()
This will be undefined
if the defaultCapacityType
is EC2
or
defaultCapacityType
is NODEGROUP
but default capacity is set to 0.
public java.util.Map<java.lang.String,java.lang.String> getKubectlEnvironment()
getKubectlEnvironment
in interface ICluster
public IRole getKubectlLambdaRole()
The role should be mapped to the system:masters
Kubernetes RBAC role.
This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
Default: - if not specified, the default role created by a lambda function will be used.
getKubectlLambdaRole
in interface ICluster
public ILayerVersion getKubectlLayer()
If undefined, a SAR app that contains this layer will be used.
getKubectlLayer
in interface ICluster
public Size getKubectlMemory()
getKubectlMemory
in interface ICluster
public java.util.List<ISubnet> getKubectlPrivateSubnets()
Default: - If not specified, the k8s endpoint is expected to be accessible publicly.
getKubectlPrivateSubnets
in interface ICluster
public IRole getKubectlRole()
The role should be mapped to the system:masters
Kubernetes RBAC role.
getKubectlRole
in interface ICluster
public ISecurityGroup getKubectlSecurityGroup()
Default: - If not specified, the k8s endpoint is expected to be accessible publicly.
getKubectlSecurityGroup
in interface ICluster
public ILayerVersion getOnEventLayer()
If undefined, a SAR app that contains this layer will be used.
getOnEventLayer
in interface ICluster