ClusterAttributes

class aws_cdk.aws_eks.ClusterAttributes(*, cluster_name, cluster_certificate_authority_data=None, cluster_encryption_config_key_arn=None, cluster_endpoint=None, cluster_handler_security_group_id=None, cluster_security_group_id=None, kubectl_environment=None, kubectl_lambda_role=None, kubectl_layer=None, kubectl_memory=None, kubectl_private_subnet_ids=None, kubectl_provider=None, kubectl_role_arn=None, kubectl_security_group_id=None, on_event_layer=None, open_id_connect_provider=None, prune=None, security_group_ids=None, vpc=None)

Bases: object

Attributes for EKS clusters.

Parameters
  • cluster_name (str) – The physical name of the Cluster.

  • cluster_certificate_authority_data (Optional[str]) – The certificate-authority-data for your cluster. Default: - if not specified cluster.clusterCertificateAuthorityData will throw an error

  • cluster_encryption_config_key_arn (Optional[str]) – Amazon Resource Name (ARN) or alias of the customer master key (CMK). Default: - if not specified cluster.clusterEncryptionConfigKeyArn will throw an error

  • cluster_endpoint (Optional[str]) – The API Server endpoint URL. Default: - if not specified cluster.clusterEndpoint will throw an error.

  • cluster_handler_security_group_id (Optional[str]) – A security group id to associate with the Cluster Handler’s Lambdas. The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API. Default: - No security group.

  • cluster_security_group_id (Optional[str]) – The cluster security group that was created by Amazon EKS for the cluster. Default: - if not specified cluster.clusterSecurityGroupId will throw an error

  • kubectl_environment (Optional[Mapping[str, str]]) – Environment variables to use when running kubectl against this cluster. Default: - no additional variables

  • kubectl_lambda_role (Optional[IRole]) – An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the system:masters Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.

  • kubectl_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables:: helm/helm kubectl/kubectl awscli/aws Default: - a layer bundled with this module.

  • kubectl_memory (Optional[Size]) – Amount of memory to allocate to the provider’s lambda function. Default: Size.gibibytes(1)

  • kubectl_private_subnet_ids (Optional[Sequence[str]]) – Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • kubectl_provider (Optional[IKubectlProvider]) – KubectlProvider for issuing kubectl commands. Default: - Default CDK provider

  • kubectl_role_arn (Optional[str]) – An IAM role with cluster administrator and “system:masters” permissions. Default: - if not specified, it not be possible to issue kubectl commands against an imported cluster.

  • kubectl_security_group_id (Optional[str]) – A security group to use for kubectl execution. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • on_event_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes the NPM dependency proxy-agent. This layer is used by the onEvent handler to route AWS SDK requests through a proxy. The handler expects the layer to include the following node_modules:: proxy-agent Default: - a layer bundled with this module.

  • open_id_connect_provider (Optional[IOpenIdConnectProvider]) – An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider Default: - if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

  • prune (Optional[bool]) – Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch. Default: true

  • security_group_ids (Optional[Sequence[str]]) – Additional security groups associated with this cluster. Default: - if not specified, no additional security groups will be considered in cluster.connections.

  • vpc (Optional[IVpc]) – The VPC in which this Cluster was created. Default: - if not specified cluster.vpc will throw an error

ExampleMetadata

infused

Example:

# cluster: eks.Cluster
# asg: autoscaling.AutoScalingGroup

imported_cluster = eks.Cluster.from_cluster_attributes(self, "ImportedCluster",
    cluster_name=cluster.cluster_name,
    cluster_security_group_id=cluster.cluster_security_group_id
)

imported_cluster.connect_auto_scaling_group_capacity(asg)

Attributes

cluster_certificate_authority_data

The certificate-authority-data for your cluster.

Default

  • if not specified cluster.clusterCertificateAuthorityData will

throw an error

cluster_encryption_config_key_arn

Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Default

  • if not specified cluster.clusterEncryptionConfigKeyArn will

throw an error

cluster_endpoint

The API Server endpoint URL.

Default
  • if not specified cluster.clusterEndpoint will throw an error.

cluster_handler_security_group_id

A security group id to associate with the Cluster Handler’s Lambdas.

The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.

Default
  • No security group.

cluster_name

The physical name of the Cluster.

cluster_security_group_id

The cluster security group that was created by Amazon EKS for the cluster.

Default

  • if not specified cluster.clusterSecurityGroupId will throw an

error

kubectl_environment

Environment variables to use when running kubectl against this cluster.

Default
  • no additional variables

kubectl_lambda_role

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Default

  • if not specified, the default role created by a lambda function will

be used.

kubectl_layer

An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI.

This layer is used by the kubectl handler to apply manifests and install helm charts.

The handler expects the layer to include the following executables:

helm/helm
kubectl/kubectl
awscli/aws
Default
  • a layer bundled with this module.

kubectl_memory

Amount of memory to allocate to the provider’s lambda function.

Default

Size.gibibytes(1)

kubectl_private_subnet_ids

Subnets to host the kubectl compute resources.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default
  • k8s endpoint is expected to be accessible publicly

kubectl_provider

KubectlProvider for issuing kubectl commands.

Default
  • Default CDK provider

kubectl_role_arn

masters” permissions.

Default

  • if not specified, it not be possible to issue kubectl commands

against an imported cluster.

Type

An IAM role with cluster administrator and “system

kubectl_security_group_id

A security group to use for kubectl execution.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default
  • k8s endpoint is expected to be accessible publicly

on_event_layer

An AWS Lambda Layer which includes the NPM dependency proxy-agent.

This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

The handler expects the layer to include the following node_modules:

proxy-agent
Default
  • a layer bundled with this module.

open_id_connect_provider

An Open ID Connect provider for this cluster that can be used to configure service accounts.

You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider

Default
  • if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

prune

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Default

true

security_group_ids

Additional security groups associated with this cluster.

Default

  • if not specified, no additional security groups will be

considered in cluster.connections.

vpc

The VPC in which this Cluster was created.

Default
  • if not specified cluster.vpc will throw an error