ClusterAttributes¶
-
class
aws_cdk.aws_eks.
ClusterAttributes
(*, cluster_name, cluster_certificate_authority_data=None, cluster_encryption_config_key_arn=None, cluster_endpoint=None, cluster_handler_security_group_id=None, cluster_security_group_id=None, kubectl_environment=None, kubectl_lambda_role=None, kubectl_layer=None, kubectl_memory=None, kubectl_private_subnet_ids=None, kubectl_provider=None, kubectl_role_arn=None, kubectl_security_group_id=None, on_event_layer=None, open_id_connect_provider=None, prune=None, security_group_ids=None, vpc=None)¶ Bases:
object
Attributes for EKS clusters.
- Parameters
cluster_name (
str
) – The physical name of the Cluster.cluster_certificate_authority_data (
Optional
[str
]) – The certificate-authority-data for your cluster. Default: - if not specifiedcluster.clusterCertificateAuthorityData
will throw an errorcluster_encryption_config_key_arn (
Optional
[str
]) – Amazon Resource Name (ARN) or alias of the customer master key (CMK). Default: - if not specifiedcluster.clusterEncryptionConfigKeyArn
will throw an errorcluster_endpoint (
Optional
[str
]) – The API Server endpoint URL. Default: - if not specifiedcluster.clusterEndpoint
will throw an error.cluster_handler_security_group_id (
Optional
[str
]) – A security group id to associate with the Cluster Handler’s Lambdas. The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API. Default: - No security group.cluster_security_group_id (
Optional
[str
]) – The cluster security group that was created by Amazon EKS for the cluster. Default: - if not specifiedcluster.clusterSecurityGroupId
will throw an errorkubectl_environment (
Optional
[Mapping
[str
,str
]]) – Environment variables to use when runningkubectl
against this cluster. Default: - no additional variableskubectl_lambda_role (
Optional
[IRole
]) – An IAM role that can perform kubectl operations against this cluster. The role should be mapped to thesystem:masters
Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.kubectl_layer (
Optional
[ILayerVersion
]) – An AWS Lambda Layer which includeskubectl
, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables:: helm/helm kubectl/kubectl awscli/aws Default: - a layer bundled with this module.kubectl_memory (
Optional
[Size
]) – Amount of memory to allocate to the provider’s lambda function. Default: Size.gibibytes(1)kubectl_private_subnet_ids (
Optional
[Sequence
[str
]]) – Subnets to host thekubectl
compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publiclykubectl_provider (
Optional
[IKubectlProvider
]) – KubectlProvider for issuing kubectl commands. Default: - Default CDK providerkubectl_role_arn (
Optional
[str
]) – An IAM role with cluster administrator and “system:masters” permissions. Default: - if not specified, it not be possible to issuekubectl
commands against an imported cluster.kubectl_security_group_id (
Optional
[str
]) – A security group to use forkubectl
execution. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publiclyon_event_layer (
Optional
[ILayerVersion
]) – An AWS Lambda Layer which includes the NPM dependencyproxy-agent
. This layer is used by the onEvent handler to route AWS SDK requests through a proxy. The handler expects the layer to include the following node_modules:: proxy-agent Default: - a layer bundled with this module.open_id_connect_provider (
Optional
[IOpenIdConnectProvider
]) – An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider usingiam.OpenIdConnectProvider.fromProviderArn
, or create a new provider usingnew eks.OpenIdConnectProvider
Default: - if not specifiedcluster.openIdConnectProvider
andcluster.addServiceAccount
will throw an error.prune (
Optional
[bool
]) – Indicates whether Kubernetes resources added throughaddManifest()
can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing thekubectl apply
operation with the--prune
switch. Default: truesecurity_group_ids (
Optional
[Sequence
[str
]]) – Additional security groups associated with this cluster. Default: - if not specified, no additional security groups will be considered incluster.connections
.vpc (
Optional
[IVpc
]) – The VPC in which this Cluster was created. Default: - if not specifiedcluster.vpc
will throw an error
- ExampleMetadata
infused
Example:
# cluster: eks.Cluster # asg: autoscaling.AutoScalingGroup imported_cluster = eks.Cluster.from_cluster_attributes(self, "ImportedCluster", cluster_name=cluster.cluster_name, cluster_security_group_id=cluster.cluster_security_group_id ) imported_cluster.connect_auto_scaling_group_capacity(asg)
Attributes
The certificate-authority-data for your cluster.
- Default
if not specified
cluster.clusterCertificateAuthorityData
will
throw an error
- Return type
Optional
[str
]
-
cluster_encryption_config_key_arn
¶ Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- Default
if not specified
cluster.clusterEncryptionConfigKeyArn
will
throw an error
- Return type
Optional
[str
]
-
cluster_endpoint
¶ The API Server endpoint URL.
- Default
if not specified
cluster.clusterEndpoint
will throw an error.
- Return type
Optional
[str
]
-
cluster_handler_security_group_id
¶ A security group id to associate with the Cluster Handler’s Lambdas.
The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.
- Default
No security group.
- Return type
Optional
[str
]
-
cluster_name
¶ The physical name of the Cluster.
- Return type
str
-
cluster_security_group_id
¶ The cluster security group that was created by Amazon EKS for the cluster.
- Default
if not specified
cluster.clusterSecurityGroupId
will throw an
error
- Return type
Optional
[str
]
-
kubectl_environment
¶ Environment variables to use when running
kubectl
against this cluster.- Default
no additional variables
- Return type
Optional
[Mapping
[str
,str
]]
-
kubectl_lambda_role
¶ An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the
system:masters
Kubernetes RBAC role.This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
- Default
if not specified, the default role created by a lambda function will
be used.
- Return type
Optional
[IRole
]
-
kubectl_layer
¶ An AWS Lambda Layer which includes
kubectl
, Helm and the AWS CLI.This layer is used by the kubectl handler to apply manifests and install helm charts.
The handler expects the layer to include the following executables:
helm/helm kubectl/kubectl awscli/aws
- Default
a layer bundled with this module.
- Return type
Optional
[ILayerVersion
]
-
kubectl_memory
¶ Amount of memory to allocate to the provider’s lambda function.
- Default
Size.gibibytes(1)
- Return type
Optional
[Size
]
-
kubectl_private_subnet_ids
¶ Subnets to host the
kubectl
compute resources.If not specified, the k8s endpoint is expected to be accessible publicly.
- Default
k8s endpoint is expected to be accessible publicly
- Return type
Optional
[List
[str
]]
-
kubectl_provider
¶ KubectlProvider for issuing kubectl commands.
- Default
Default CDK provider
- Return type
Optional
[IKubectlProvider
]
-
kubectl_role_arn
¶ masters” permissions.
- Default
if not specified, it not be possible to issue
kubectl
commands
against an imported cluster.
- Type
An IAM role with cluster administrator and “system
- Return type
Optional
[str
]
-
kubectl_security_group_id
¶ A security group to use for
kubectl
execution.If not specified, the k8s endpoint is expected to be accessible publicly.
- Default
k8s endpoint is expected to be accessible publicly
- Return type
Optional
[str
]
-
on_event_layer
¶ An AWS Lambda Layer which includes the NPM dependency
proxy-agent
.This layer is used by the onEvent handler to route AWS SDK requests through a proxy.
The handler expects the layer to include the following node_modules:
proxy-agent
- Default
a layer bundled with this module.
- Return type
Optional
[ILayerVersion
]
-
open_id_connect_provider
¶ An Open ID Connect provider for this cluster that can be used to configure service accounts.
You can either import an existing provider using
iam.OpenIdConnectProvider.fromProviderArn
, or create a new provider usingnew eks.OpenIdConnectProvider
- Default
if not specified
cluster.openIdConnectProvider
andcluster.addServiceAccount
will throw an error.
- Return type
Optional
[IOpenIdConnectProvider
]
-
prune
¶ Indicates whether Kubernetes resources added through
addManifest()
can be automatically pruned.When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the
kubectl apply
operation with the--prune
switch.- Default
true
- Return type
Optional
[bool
]
-
security_group_ids
¶ Additional security groups associated with this cluster.
- Default
if not specified, no additional security groups will be
considered in
cluster.connections
.- Return type
Optional
[List
[str
]]