ICluster¶

class aws_cdk.aws_eks.ICluster(*args, **kwds)¶

Bases: aws_cdk.core.IResource, aws_cdk.aws_ec2.IConnectable, typing_extensions.Protocol

An EKS cluster.

Methods

add_cdk8s_chart(id, chart, *, ingress_alb=None, ingress_alb_scheme=None, prune=None, skip_validation=None)¶

Defines a CDK8s chart in this cluster.

Parameters

id (str) – logical id of this chart.
chart (Construct) – the cdk8s chart.
ingress_alb (Optional[bool]) – Automatically detect Ingress resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. Default: false
ingress_alb_scheme (Optional[AlbScheme]) – Specify the ALB scheme that should be applied to Ingress resources. Only applicable if ingressAlb is set to true. Default: AlbScheme.INTERNAL
prune (Optional[bool]) – When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, kubectl apply has a --prune option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become “orphaned” and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via kubectl apply --prune. The label name will be aws.cdk.eks/prune-<ADDR> where <ADDR> is the 42-char unique address of this construct in the construct tree. Value is empty. Default: - based on the prune option of the cluster, which is true unless otherwise specified.
skip_validation (Optional[bool]) – A flag to signify if the manifest validation should be skipped. Default: false

Return type

KubernetesManifest

Returns

a KubernetesManifest construct representing the chart.

add_helm_chart(id, *, chart=None, chart_asset=None, create_namespace=None, namespace=None, release=None, repository=None, timeout=None, values=None, version=None, wait=None)¶

Defines a Helm chart in this cluster.

Parameters

id (str) – logical id of this chart.
chart (Optional[str]) – The name of the chart. Either this or chartAsset must be specified. Default: - No chart name. Implies chartAsset is used.
chart_asset (Optional[Asset]) – The chart in the form of an asset. Either this or chart must be specified. Default: - No chart asset. Implies chart is used.
create_namespace (Optional[bool]) – create namespace if not exist. Default: true
namespace (Optional[str]) – The Kubernetes namespace scope of the requests. Default: default
release (Optional[str]) – The name of the release. Default: - If no release name is given, it will use the last 53 characters of the node’s unique id.
repository (Optional[str]) – The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ Default: - No repository will be used, which means that the chart needs to be an absolute URL.
timeout (Optional[Duration]) – Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. Default: Duration.minutes(5)
values (Optional[Mapping[str, Any]]) – The values to be used by the chart. Default: - No values are provided to the chart.
version (Optional[str]) – The chart version to install. Default: - If this is not specified, the latest version is installed
wait (Optional[bool]) – Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. Default: - Helm will not wait before marking release as successful

Return type

HelmChart

Returns

a HelmChart construct

add_manifest(id, *manifest)¶

Defines a Kubernetes resource in this cluster.

The manifest will be applied/deleted using kubectl as needed.

Parameters

id (str) – logical id of this manifest.
manifest (Mapping[str, Any]) – a list of Kubernetes resource specifications.

Return type

KubernetesManifest

Returns

a KubernetesManifest object.

add_service_account(id, *, annotations=None, labels=None, name=None, namespace=None)¶

Creates a new service account with corresponding IAM Role (IRSA).

Parameters

id (str) – logical id of service account.
annotations (Optional[Mapping[str, str]]) – Additional annotations of the service account. Default: - no additional annotations
labels (Optional[Mapping[str, str]]) – Additional labels of the service account. Default: - no additional labels
name (Optional[str]) – The name of the service account. The name of a ServiceAccount object must be a valid DNS subdomain name. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ Default: - If no name is given, it will use the id of the resource.
namespace (Optional[str]) – The namespace of the service account. All namespace names must be valid RFC 1123 DNS labels. https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns Default: “default”

Return type

ServiceAccount

apply_removal_policy(policy)¶

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters

policy (RemovalPolicy) –

Return type

None

connect_auto_scaling_group_capacity(auto_scaling_group, *, bootstrap_enabled=None, bootstrap_options=None, machine_image_type=None, map_role=None, spot_interrupt_handler=None)¶

Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.

The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance’s launch configuration.

Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

Prefer to use addAutoScalingGroupCapacity if possible.

Parameters

auto_scaling_group (AutoScalingGroup) – [disable-awslint:ref-via-interface].
bootstrap_enabled (Optional[bool]) – Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke /etc/eks/bootstrap.sh) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to false and manually invoke autoscalingGroup.addUserData(). Default: true
bootstrap_options (Union[BootstrapOptions, Dict[str, Any], None]) – Allows options for node bootstrapping through EC2 user data. Default: - default options
machine_image_type (Optional[MachineImageType]) – Allow options to specify different machine image type. Default: MachineImageType.AMAZON_LINUX_2
map_role (Optional[bool]) – Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to true if the cluster has kubectl disabled. Default: - true if the cluster has kubectl enabled (which is the default).
spot_interrupt_handler (Optional[bool]) – Installs the AWS spot instance interrupt handler on the cluster if it’s not already added. Only relevant if spotPrice is configured on the auto-scaling group. Default: true

See

https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html

Return type

None

Attributes

cluster_arn¶

eks:.

Attribute: true
Type: The unique ARN assigned to the service by AWS in the form of arn
Type: aws
Return type: str

cluster_certificate_authority_data¶

The certificate-authority-data for your cluster.

Attribute: true
Return type: str

cluster_encryption_config_key_arn¶

Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Attribute: true
Return type: str

cluster_endpoint¶

The API Server endpoint URL.

Attribute: true
Return type: str

cluster_handler_security_group¶

A security group to associate with the Cluster Handler’s Lambdas.

The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.

Requires placeClusterHandlerInVpc to be set to true.

Default

No security group.

Attribute

true

Return type

Optional[ISecurityGroup]

cluster_name¶

The physical name of the Cluster.

Attribute: true
Return type: str

cluster_security_group¶

The cluster security group that was created by Amazon EKS for the cluster.

Attribute: true
Return type: ISecurityGroup

cluster_security_group_id¶

The id of the cluster security group that was created by Amazon EKS for the cluster.

Attribute: true
Return type: str

connections¶

The network connections associated with this resource.

Return type: Connections

env¶

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type: ResourceEnvironment

kubectl_environment¶

Custom environment variables when running kubectl against this cluster.

Return type: Optional[Mapping[str, str]]

kubectl_lambda_role¶

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Return type: Optional[IRole]

kubectl_layer¶

An AWS Lambda layer that includes kubectl, helm and the aws CLI.

If not defined, a default layer will be used.

Return type: Optional[ILayerVersion]

kubectl_memory¶

Amount of memory to allocate to the provider’s lambda function.

Return type: Optional[Size]

kubectl_private_subnets¶

Subnets to host the kubectl compute resources.

If this is undefined, the k8s endpoint is expected to be accessible publicly.

Return type: Optional[List[ISubnet]]

kubectl_provider¶

Kubectl Provider for issuing kubectl commands against it.

If not defined, a default provider will be used

Return type: Optional[IKubectlProvider]

kubectl_role¶

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

Return type: Optional[IRole]

kubectl_security_group¶

A security group to use for kubectl execution.

If this is undefined, the k8s endpoint is expected to be accessible publicly.

Return type: Optional[ISecurityGroup]

node¶

The construct tree node for this construct.

Return type: ConstructNode

on_event_layer¶

An AWS Lambda layer that includes the NPM dependency proxy-agent.

If not defined, a default layer will be used.

Return type: Optional[ILayerVersion]

open_id_connect_provider¶

The Open ID Connect Provider of the cluster used to configure Service Accounts.

Return type: IOpenIdConnectProvider

prune¶

Indicates whether Kubernetes resources can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Return type: bool

stack¶

The stack in which this resource is defined.

Return type: Stack

vpc¶

The VPC in which this Cluster was created.

Return type: IVpc