software.amazon.awscdk.services.eks

Class Cluster

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.eks.Cluster

All Implemented Interfaces:

IConstruct, IDependable, IResource, IConnectable, ICluster

Direct Known Subclasses:

FargateCluster

@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
           date="2023-01-25T18:29:09.923Z")
public class Cluster
extends Resource
implements ICluster

A Cluster represents a managed Kubernetes Service (EKS).

This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.

Example:

 Vpc vpc;
 Cluster.Builder.create(this, "HelloEKS")
         .version(KubernetesVersion.V1_21)
         .vpc(vpc)
         .vpcSubnets(List.of(SubnetSelection.builder().subnetType(SubnetType.PRIVATE_WITH_NAT).build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Cluster.Builder A fluent builder for Cluster.

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.eks.ICluster

ICluster.Jsii$Default, ICluster.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Cluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Cluster(software.amazon.jsii.JsiiObjectRef objRef)
	Cluster(software.constructs.Construct scope, java.lang.String id, ClusterProps props) Initiates an EKS Cluster with the supplied arguments.

Method Summary

Modifier and Type	Method and Description
AutoScalingGroup	addAutoScalingGroupCapacity(java.lang.String id, AutoScalingGroupCapacityOptions options) Add nodes to this EKS cluster.
KubernetesManifest	addCdk8sChart(java.lang.String id, software.constructs.Construct chart) Defines a CDK8s chart in this cluster.
KubernetesManifest	addCdk8sChart(java.lang.String id, software.constructs.Construct chart, KubernetesManifestOptions options) Defines a CDK8s chart in this cluster.
FargateProfile	addFargateProfile(java.lang.String id, FargateProfileOptions options) Adds a Fargate profile to this cluster.
HelmChart	addHelmChart(java.lang.String id, HelmChartOptions options) Defines a Helm chart in this cluster.
KubernetesManifest	addManifest(java.lang.String id, java.util.Map<java.lang.String,java.lang.Object>... manifest) Defines a Kubernetes resource in this cluster.
Nodegroup	addNodegroupCapacity(java.lang.String id) Add managed nodegroup to this Amazon EKS cluster.
Nodegroup	addNodegroupCapacity(java.lang.String id, NodegroupOptions options) Add managed nodegroup to this Amazon EKS cluster.
ServiceAccount	addServiceAccount(java.lang.String id) Creates a new service account with corresponding IAM Role (IRSA).
ServiceAccount	addServiceAccount(java.lang.String id, ServiceAccountOptions options) Creates a new service account with corresponding IAM Role (IRSA).
void	connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options) Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
static ICluster	fromClusterAttributes(software.constructs.Construct scope, java.lang.String id, ClusterAttributes attrs) Import an existing cluster.
Role	getAdminRole() An IAM role with administrative permissions to create or update the cluster.
AlbController	getAlbController() The ALB Controller construct defined for this cluster.
AwsAuth	getAwsAuth() Lazily creates the AwsAuth resource, which manages AWS authentication mapping.
java.lang.String	getClusterArn() The AWS generated ARN for the Cluster resource.
java.lang.String	getClusterCertificateAuthorityData() The certificate-authority-data for your cluster.
java.lang.String	getClusterEncryptionConfigKeyArn() Amazon Resource Name (ARN) or alias of the customer master key (CMK).
java.lang.String	getClusterEndpoint() The endpoint URL for the Cluster.
ISecurityGroup	getClusterHandlerSecurityGroup() A security group to associate with the Cluster Handler's Lambdas.
java.lang.String	getClusterName() The Name of the created EKS Cluster.
java.lang.String	getClusterOpenIdConnectIssuer() If this cluster is kubectl-enabled, returns the OpenID Connect issuer.
java.lang.String	getClusterOpenIdConnectIssuerUrl() If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.
ISecurityGroup	getClusterSecurityGroup() The cluster security group that was created by Amazon EKS for the cluster.
java.lang.String	getClusterSecurityGroupId() The id of the cluster security group that was created by Amazon EKS for the cluster.
Connections	getConnections() Manages connection rules (Security Group Rules) for the cluster.
AutoScalingGroup	getDefaultCapacity() The auto scaling group that hosts the default capacity for this cluster.
Nodegroup	getDefaultNodegroup() The node group that hosts the default capacity for this cluster.
java.lang.String	getIngressLoadBalancerAddress(java.lang.String ingressName) Fetch the load balancer address of an ingress backed by a load balancer.
java.lang.String	getIngressLoadBalancerAddress(java.lang.String ingressName, IngressLoadBalancerAddressOptions options) Fetch the load balancer address of an ingress backed by a load balancer.
java.util.Map<java.lang.String,java.lang.String>	getKubectlEnvironment() Custom environment variables when running `kubectl` against this cluster.
IRole	getKubectlLambdaRole() An IAM role that can perform kubectl operations against this cluster.
ILayerVersion	getKubectlLayer() The AWS Lambda layer that contains `kubectl`, `helm` and the AWS CLI.
Size	getKubectlMemory() The amount of memory allocated to the kubectl provider's lambda function.
java.util.List<ISubnet>	getKubectlPrivateSubnets() Subnets to host the `kubectl` compute resources.
IRole	getKubectlRole() An IAM role that can perform kubectl operations against this cluster.
ISecurityGroup	getKubectlSecurityGroup() A security group to use for `kubectl` execution.
ILayerVersion	getOnEventLayer() The AWS Lambda layer that contains the NPM dependency `proxy-agent`.
IOpenIdConnectProvider	getOpenIdConnectProvider() An `OpenIdConnectProvider` resource associated with this cluster, and which can be used to link this cluster to AWS IAM.
java.lang.Boolean	getPrune() Determines if Kubernetes resources can be pruned automatically.
IRole	getRole() IAM role assumed by the EKS Control Plane.
java.lang.String	getServiceLoadBalancerAddress(java.lang.String serviceName) Fetch the load balancer address of a service of type 'LoadBalancer'.
java.lang.String	getServiceLoadBalancerAddress(java.lang.String serviceName, ServiceLoadBalancerAddressOptions options) Fetch the load balancer address of a service of type 'LoadBalancer'.
IVpc	getVpc() The VPC in which this Cluster was created.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.services.eks.ICluster

getKubectlProvider

Methods inherited from interface software.amazon.awscdk.core.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Constructor Detail

Cluster

protected Cluster(software.amazon.jsii.JsiiObjectRef objRef)

Cluster

protected Cluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Cluster

public Cluster(software.constructs.Construct scope,
               java.lang.String id,
               ClusterProps props)

Initiates an EKS Cluster with the supplied arguments.

Parameters:

scope - a Construct, most likely a cdk.Stack created. This parameter is required.

id - the id of the Construct to create. This parameter is required.

props - properties in the IClusterProps interface. This parameter is required.

Method Detail

fromClusterAttributes

public static ICluster fromClusterAttributes(software.constructs.Construct scope,
                                             java.lang.String id,
                                             ClusterAttributes attrs)

Import an existing cluster.

Parameters:

scope - the construct scope, in most cases 'this'. This parameter is required.

id - the id or name to import as. This parameter is required.

attrs - the cluster properties to use for importing information. This parameter is required.

addAutoScalingGroupCapacity

public AutoScalingGroup addAutoScalingGroupCapacity(java.lang.String id,
                                                    AutoScalingGroupCapacityOptions options)

Add nodes to this EKS cluster.

The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.

Note that if you specify updateType: RollingUpdate or updateType: ReplacingUpdate, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for updateType is None, which means only new instances will be launched using the new AMI.

Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. In addition, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

Parameters:

id - This parameter is required.

options - This parameter is required.

addCdk8sChart

public KubernetesManifest addCdk8sChart(java.lang.String id,
                                        software.constructs.Construct chart,
                                        KubernetesManifestOptions options)

Defines a CDK8s chart in this cluster.

Specified by:

addCdk8sChart in interface ICluster

Parameters:

id - logical id of this chart. This parameter is required.

chart - the cdk8s chart. This parameter is required.

options -

Returns:

a `KubernetesManifest` construct representing the chart.

addCdk8sChart

public KubernetesManifest addCdk8sChart(java.lang.String id,
                                        software.constructs.Construct chart)

Defines a CDK8s chart in this cluster.

Specified by:

addCdk8sChart in interface ICluster

Parameters:

id - logical id of this chart. This parameter is required.

chart - the cdk8s chart. This parameter is required.

Returns:

a `KubernetesManifest` construct representing the chart.

addFargateProfile

public FargateProfile addFargateProfile(java.lang.String id,
                                        FargateProfileOptions options)

Adds a Fargate profile to this cluster.

Parameters:

id - the id of this profile. This parameter is required.

options - profile options. This parameter is required.

See Also:

https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html

addHelmChart

public HelmChart addHelmChart(java.lang.String id,
                              HelmChartOptions options)

Defines a Helm chart in this cluster.

Specified by:

addHelmChart in interface ICluster

Parameters:

id - logical id of this chart. This parameter is required.

options - options of this chart. This parameter is required.

Returns:

a `HelmChart` construct

addManifest

public KubernetesManifest addManifest(java.lang.String id,
                                      java.util.Map<java.lang.String,java.lang.Object>... manifest)

Defines a Kubernetes resource in this cluster.

The manifest will be applied/deleted using kubectl as needed.

Specified by:

addManifest in interface ICluster

Parameters:

id - logical id of this manifest. This parameter is required.

manifest - a list of Kubernetes resource specifications. This parameter is required.

Returns:

a `KubernetesResource` object.

addNodegroupCapacity

public Nodegroup addNodegroupCapacity(java.lang.String id,
                                      NodegroupOptions options)

Add managed nodegroup to this Amazon EKS cluster.

This method will create a new managed nodegroup and add into the capacity.

Parameters:

id - The ID of the nodegroup. This parameter is required.

options - options for creating a new nodegroup.

See Also:

https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html

addNodegroupCapacity

public Nodegroup addNodegroupCapacity(java.lang.String id)

Add managed nodegroup to this Amazon EKS cluster.

This method will create a new managed nodegroup and add into the capacity.

Parameters:

id - The ID of the nodegroup. This parameter is required.

See Also:

https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html

addServiceAccount

public ServiceAccount addServiceAccount(java.lang.String id,
                                        ServiceAccountOptions options)

Creates a new service account with corresponding IAM Role (IRSA).

Specified by:

addServiceAccount in interface ICluster

Parameters:

id - This parameter is required.

options -

addServiceAccount

public ServiceAccount addServiceAccount(java.lang.String id)

Creates a new service account with corresponding IAM Role (IRSA).

Specified by:

addServiceAccount in interface ICluster

Parameters:

id - This parameter is required.

connectAutoScalingGroupCapacity

public void connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup,
                                            AutoScalingGroupOptions options)

Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.

The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.

Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

Prefer to use addAutoScalingGroupCapacity if possible.

Specified by:

connectAutoScalingGroupCapacity in interface ICluster

Parameters:

autoScalingGroup - [disable-awslint:ref-via-interface]. This parameter is required.

options - options for adding auto scaling groups, like customizing the bootstrap script. This parameter is required.

See Also:

https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html

getIngressLoadBalancerAddress

public java.lang.String getIngressLoadBalancerAddress(java.lang.String ingressName,
                                                      IngressLoadBalancerAddressOptions options)

Fetch the load balancer address of an ingress backed by a load balancer.

Parameters:

ingressName - The name of the ingress. This parameter is required.

options - Additional operation options.

getIngressLoadBalancerAddress

public java.lang.String getIngressLoadBalancerAddress(java.lang.String ingressName)

Fetch the load balancer address of an ingress backed by a load balancer.

Parameters:

ingressName - The name of the ingress. This parameter is required.

getServiceLoadBalancerAddress

public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName,
                                                      ServiceLoadBalancerAddressOptions options)

Fetch the load balancer address of a service of type 'LoadBalancer'.

Parameters:

serviceName - The name of the service. This parameter is required.

options - Additional operation options.

getServiceLoadBalancerAddress

public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName)

Fetch the load balancer address of a service of type 'LoadBalancer'.

Parameters:

serviceName - The name of the service. This parameter is required.

getAdminRole

public Role getAdminRole()

An IAM role with administrative permissions to create or update the cluster.

This role also has systems:master permissions.

getAwsAuth

public AwsAuth getAwsAuth()

Lazily creates the AwsAuth resource, which manages AWS authentication mapping.

getClusterArn

public java.lang.String getClusterArn()

The AWS generated ARN for the Cluster resource.

For example, arn:aws:eks:us-west-2:666666666666:cluster/prod

Specified by:

getClusterArn in interface ICluster

getClusterCertificateAuthorityData

public java.lang.String getClusterCertificateAuthorityData()

The certificate-authority-data for your cluster.

Specified by:

getClusterCertificateAuthorityData in interface ICluster

getClusterEncryptionConfigKeyArn

public java.lang.String getClusterEncryptionConfigKeyArn()

Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Specified by:

getClusterEncryptionConfigKeyArn in interface ICluster

getClusterEndpoint

public java.lang.String getClusterEndpoint()

The endpoint URL for the Cluster.

This is the URL inside the kubeconfig file to use with kubectl

For example, https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com

Specified by:

getClusterEndpoint in interface ICluster

getClusterName

public java.lang.String getClusterName()

The Name of the created EKS Cluster.

Specified by:

getClusterName in interface ICluster

getClusterOpenIdConnectIssuer

public java.lang.String getClusterOpenIdConnectIssuer()

If this cluster is kubectl-enabled, returns the OpenID Connect issuer.

This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock CfnCluster), this is undefined.

getClusterOpenIdConnectIssuerUrl

public java.lang.String getClusterOpenIdConnectIssuerUrl()

If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.

This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock CfnCluster), this is undefined.

getClusterSecurityGroup

public ISecurityGroup getClusterSecurityGroup()

The cluster security group that was created by Amazon EKS for the cluster.

Specified by:

getClusterSecurityGroup in interface ICluster

getClusterSecurityGroupId

public java.lang.String getClusterSecurityGroupId()

The id of the cluster security group that was created by Amazon EKS for the cluster.

Specified by:

getClusterSecurityGroupId in interface ICluster

getConnections

public Connections getConnections()

Manages connection rules (Security Group Rules) for the cluster.

Specified by:

getConnections in interface IConnectable

getOpenIdConnectProvider

public IOpenIdConnectProvider getOpenIdConnectProvider()

An `OpenIdConnectProvider` resource associated with this cluster, and which can be used to link this cluster to AWS IAM.

A provider will only be defined if this property is accessed (lazy initialization).

Specified by:

getOpenIdConnectProvider in interface ICluster

getPrune

public java.lang.Boolean getPrune()

Determines if Kubernetes resources can be pruned automatically.

Specified by:

getPrune in interface ICluster

getRole

public IRole getRole()

IAM role assumed by the EKS Control Plane.

getVpc

public IVpc getVpc()

The VPC in which this Cluster was created.

Specified by:

getVpc in interface ICluster

getAlbController

public AlbController getAlbController()

The ALB Controller construct defined for this cluster.

Will be undefined if albController wasn't configured.

getClusterHandlerSecurityGroup

public ISecurityGroup getClusterHandlerSecurityGroup()

A security group to associate with the Cluster Handler's Lambdas.

The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.

Requires placeClusterHandlerInVpc to be set to true.

Default: - No security group.

Specified by:

getClusterHandlerSecurityGroup in interface ICluster

getDefaultCapacity

public AutoScalingGroup getDefaultCapacity()

The auto scaling group that hosts the default capacity for this cluster.

This will be undefined if the defaultCapacityType is not EC2 or defaultCapacityType is EC2 but default capacity is set to 0.

getDefaultNodegroup

public Nodegroup getDefaultNodegroup()

The node group that hosts the default capacity for this cluster.

This will be undefined if the defaultCapacityType is EC2 or defaultCapacityType is NODEGROUP but default capacity is set to 0.

getKubectlEnvironment

public java.util.Map<java.lang.String,java.lang.String> getKubectlEnvironment()

Custom environment variables when running `kubectl` against this cluster.

Specified by:

getKubectlEnvironment in interface ICluster

getKubectlLambdaRole

public IRole getKubectlLambdaRole()

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Default: - if not specified, the default role created by a lambda function will be used.

Specified by:

getKubectlLambdaRole in interface ICluster

getKubectlLayer

public ILayerVersion getKubectlLayer()

The AWS Lambda layer that contains `kubectl`, `helm` and the AWS CLI.

If undefined, a SAR app that contains this layer will be used.

Specified by:

getKubectlLayer in interface ICluster

getKubectlMemory

public Size getKubectlMemory()

The amount of memory allocated to the kubectl provider's lambda function.

Specified by:

getKubectlMemory in interface ICluster

getKubectlPrivateSubnets

public java.util.List<ISubnet> getKubectlPrivateSubnets()

Subnets to host the `kubectl` compute resources.

Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

Specified by:

getKubectlPrivateSubnets in interface ICluster

getKubectlRole

public IRole getKubectlRole()

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

Specified by:

getKubectlRole in interface ICluster

getKubectlSecurityGroup

public ISecurityGroup getKubectlSecurityGroup()

A security group to use for `kubectl` execution.

Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

Specified by:

getKubectlSecurityGroup in interface ICluster

getOnEventLayer

public ILayerVersion getOnEventLayer()

The AWS Lambda layer that contains the NPM dependency `proxy-agent`.

If undefined, a SAR app that contains this layer will be used.

Specified by:

getOnEventLayer in interface ICluster