ICluster¶
-
class
aws_cdk.aws_eks.
ICluster
(*args, **kwds)¶ Bases:
aws_cdk.core.IResource
,aws_cdk.aws_ec2.IConnectable
,typing_extensions.Protocol
An EKS cluster.
Methods
-
add_cdk8s_chart
(id, chart, *, ingress_alb=None, ingress_alb_scheme=None, prune=None, skip_validation=None)¶ Defines a CDK8s chart in this cluster.
- Parameters
id (
str
) – logical id of this chart.chart (
Construct
) – the cdk8s chart.ingress_alb (
Optional
[bool
]) – Automatically detectIngress
resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. Default: falseingress_alb_scheme (
Optional
[AlbScheme
]) – Specify the ALB scheme that should be applied toIngress
resources. Only applicable ifingressAlb
is set totrue
. Default: AlbScheme.INTERNALprune (
Optional
[bool
]) – When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this,kubectl apply
has a--prune
option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become “orphaned” and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes viakubectl apply --prune
. The label name will beaws.cdk.eks/prune-<ADDR>
where<ADDR>
is the 42-char unique address of this construct in the construct tree. Value is empty. Default: - based on the prune option of the cluster, which istrue
unless otherwise specified.skip_validation (
Optional
[bool
]) – A flag to signify if the manifest validation should be skipped. Default: false
- Return type
- Returns
a
KubernetesManifest
construct representing the chart.
-
add_helm_chart
(id, *, chart=None, chart_asset=None, create_namespace=None, namespace=None, release=None, repository=None, timeout=None, values=None, version=None, wait=None)¶ Defines a Helm chart in this cluster.
- Parameters
id (
str
) – logical id of this chart.chart (
Optional
[str
]) – The name of the chart. Either this orchartAsset
must be specified. Default: - No chart name. ImplieschartAsset
is used.chart_asset (
Optional
[Asset
]) – The chart in the form of an asset. Either this orchart
must be specified. Default: - No chart asset. Implieschart
is used.create_namespace (
Optional
[bool
]) – create namespace if not exist. Default: truenamespace (
Optional
[str
]) – The Kubernetes namespace scope of the requests. Default: defaultrelease (
Optional
[str
]) – The name of the release. Default: - If no release name is given, it will use the last 53 characters of the node’s unique id.repository (
Optional
[str
]) – The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ Default: - No repository will be used, which means that the chart needs to be an absolute URL.timeout (
Optional
[Duration
]) – Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. Default: Duration.minutes(5)values (
Optional
[Mapping
[str
,Any
]]) – The values to be used by the chart. Default: - No values are provided to the chart.version (
Optional
[str
]) – The chart version to install. Default: - If this is not specified, the latest version is installedwait (
Optional
[bool
]) – Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. Default: - Helm will not wait before marking release as successful
- Return type
- Returns
a
HelmChart
construct
-
add_manifest
(id, *manifest)¶ Defines a Kubernetes resource in this cluster.
The manifest will be applied/deleted using kubectl as needed.
- Parameters
id (
str
) – logical id of this manifest.manifest (
Mapping
[str
,Any
]) – a list of Kubernetes resource specifications.
- Return type
- Returns
a
KubernetesManifest
object.
-
add_service_account
(id, *, annotations=None, labels=None, name=None, namespace=None)¶ Creates a new service account with corresponding IAM Role (IRSA).
- Parameters
id (
str
) – logical id of service account.annotations (
Optional
[Mapping
[str
,str
]]) – Additional annotations of the service account. Default: - no additional annotationslabels (
Optional
[Mapping
[str
,str
]]) – Additional labels of the service account. Default: - no additional labelsname (
Optional
[str
]) – The name of the service account. The name of a ServiceAccount object must be a valid DNS subdomain name. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ Default: - If no name is given, it will use the id of the resource.namespace (
Optional
[str
]) – The namespace of the service account. All namespace names must be valid RFC 1123 DNS labels. https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns Default: “default”
- Return type
-
apply_removal_policy
(policy)¶ Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY
), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN
).- Parameters
policy (
RemovalPolicy
) –- Return type
None
-
connect_auto_scaling_group_capacity
(auto_scaling_group, *, bootstrap_enabled=None, bootstrap_options=None, machine_image_type=None, map_role=None, spot_interrupt_handler=None)¶ Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance’s launch configuration.
Spot instances will be labeled
lifecycle=Ec2Spot
and tainted withPreferNoSchedule
. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.Prefer to use
addAutoScalingGroupCapacity
if possible.- Parameters
auto_scaling_group (
AutoScalingGroup
) – [disable-awslint:ref-via-interface].bootstrap_enabled (
Optional
[bool
]) – Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke/etc/eks/bootstrap.sh
) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this tofalse
and manually invokeautoscalingGroup.addUserData()
. Default: truebootstrap_options (
Optional
[BootstrapOptions
]) – Allows options for node bootstrapping through EC2 user data. Default: - default optionsmachine_image_type (
Optional
[MachineImageType
]) – Allow options to specify different machine image type. Default: MachineImageType.AMAZON_LINUX_2map_role (
Optional
[bool
]) – Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set totrue
if the cluster has kubectl disabled. Default: - true if the cluster has kubectl enabled (which is the default).spot_interrupt_handler (
Optional
[bool
]) – Installs the AWS spot instance interrupt handler on the cluster if it’s not already added. Only relevant ifspotPrice
is configured on the auto-scaling group. Default: true
- See
https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
- Return type
None
Attributes
-
cluster_arn
¶ eks:.
- Attribute
true
- Type
The unique ARN assigned to the service by AWS in the form of arn
- Type
aws
- Return type
str
The certificate-authority-data for your cluster.
- Attribute
true
- Return type
str
-
cluster_encryption_config_key_arn
¶ Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- Attribute
true
- Return type
str
-
cluster_endpoint
¶ The API Server endpoint URL.
- Attribute
true
- Return type
str
-
cluster_handler_security_group
¶ A security group to associate with the Cluster Handler’s Lambdas.
The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.
Requires
placeClusterHandlerInVpc
to be set to true.- Default
No security group.
- Attribute
true
- Return type
Optional
[ISecurityGroup
]
-
cluster_name
¶ The physical name of the Cluster.
- Attribute
true
- Return type
str
-
cluster_security_group
¶ The cluster security group that was created by Amazon EKS for the cluster.
- Attribute
true
- Return type
-
cluster_security_group_id
¶ The id of the cluster security group that was created by Amazon EKS for the cluster.
- Attribute
true
- Return type
str
-
connections
¶ The network connections associated with this resource.
- Return type
-
env
¶ The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- Return type
-
kubectl_environment
¶ Custom environment variables when running
kubectl
against this cluster.- Return type
Optional
[Mapping
[str
,str
]]
-
kubectl_lambda_role
¶ An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the
system:masters
Kubernetes RBAC role.This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
- Return type
Optional
[IRole
]
-
kubectl_layer
¶ An AWS Lambda layer that includes
kubectl
,helm
and theaws
CLI.If not defined, a default layer will be used.
- Return type
Optional
[ILayerVersion
]
-
kubectl_memory
¶ Amount of memory to allocate to the provider’s lambda function.
- Return type
Optional
[Size
]
-
kubectl_private_subnets
¶ Subnets to host the
kubectl
compute resources.If this is undefined, the k8s endpoint is expected to be accessible publicly.
- Return type
Optional
[List
[ISubnet
]]
-
kubectl_provider
¶ Kubectl Provider for issuing kubectl commands against it.
If not defined, a default provider will be used
- Return type
Optional
[IKubectlProvider
]
-
kubectl_role
¶ An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the
system:masters
Kubernetes RBAC role.- Return type
Optional
[IRole
]
-
kubectl_security_group
¶ A security group to use for
kubectl
execution.If this is undefined, the k8s endpoint is expected to be accessible publicly.
- Return type
Optional
[ISecurityGroup
]
-
node
¶ The construct tree node for this construct.
- Return type
-
on_event_layer
¶ An AWS Lambda layer that includes the NPM dependency
proxy-agent
.If not defined, a default layer will be used.
- Return type
Optional
[ILayerVersion
]
-
open_id_connect_provider
¶ The Open ID Connect Provider of the cluster used to configure Service Accounts.
- Return type
-
prune
¶ Indicates whether Kubernetes resources can be automatically pruned.
When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the
kubectl apply
operation with the--prune
switch.- Return type
bool
-