ICluster

class aws_cdk.aws_eks.ICluster(*args, **kwds)

Bases: aws_cdk.core.IResource, aws_cdk.aws_ec2.IConnectable, typing_extensions.Protocol

An EKS cluster.

Methods

add_cdk8s_chart(id, chart, *, ingress_alb=None, ingress_alb_scheme=None, prune=None, skip_validation=None)

Defines a CDK8s chart in this cluster.

Parameters

  • id (str) – logical id of this chart.

  • chart (Construct) – the cdk8s chart.

  • ingress_alb (Optional[bool]) – Automatically detect Ingress resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. Default: false

  • ingress_alb_scheme (Optional[AlbScheme]) – Specify the ALB scheme that should be applied to Ingress resources. Only applicable if ingressAlb is set to true. Default: AlbScheme.INTERNAL

  • prune (Optional[bool]) – When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, kubectl apply has a --prune option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become “orphaned” and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via kubectl apply --prune. The label name will be aws.cdk.eks/prune-<ADDR> where <ADDR> is the 42-char unique address of this construct in the construct tree. Value is empty. Default: - based on the prune option of the cluster, which is true unless otherwise specified.

  • skip_validation (Optional[bool]) – A flag to signify if the manifest validation should be skipped. Default: false

Return type

KubernetesManifest

Returns

a KubernetesManifest construct representing the chart.

add_helm_chart(id, *, chart=None, chart_asset=None, create_namespace=None, namespace=None, release=None, repository=None, timeout=None, values=None, version=None, wait=None)

Defines a Helm chart in this cluster.

Parameters

  • id (str) – logical id of this chart.

  • chart (Optional[str]) – The name of the chart. Either this or chartAsset must be specified. Default: - No chart name. Implies chartAsset is used.

  • chart_asset (Optional[Asset]) – The chart in the form of an asset. Either this or chart must be specified. Default: - No chart asset. Implies chart is used.

  • create_namespace (Optional[bool]) – create namespace if not exist. Default: true

  • namespace (Optional[str]) – The Kubernetes namespace scope of the requests. Default: default

  • release (Optional[str]) – The name of the release. Default: - If no release name is given, it will use the last 53 characters of the node’s unique id.

  • repository (Optional[str]) – The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ Default: - No repository will be used, which means that the chart needs to be an absolute URL.

  • timeout (Optional[Duration]) – Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. Default: Duration.minutes(5)

  • values (Optional[Mapping[str, Any]]) – The values to be used by the chart. Default: - No values are provided to the chart.

  • version (Optional[str]) – The chart version to install. Default: - If this is not specified, the latest version is installed

  • wait (Optional[bool]) – Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. Default: - Helm will not wait before marking release as successful

Return type

HelmChart

Returns

a HelmChart construct

add_manifest(id, *manifest)

Defines a Kubernetes resource in this cluster.

The manifest will be applied/deleted using kubectl as needed.

Parameters

  • id (str) – logical id of this manifest.

  • manifest (Mapping[str, Any]) – a list of Kubernetes resource specifications.

Return type

KubernetesManifest

Returns

a KubernetesManifest object.

add_service_account(id, *, name=None, namespace=None)

Creates a new service account with corresponding IAM Role (IRSA).

Parameters

  • id (str) – logical id of service account.

  • name (Optional[str]) – The name of the service account. Default: - If no name is given, it will use the id of the resource.

  • namespace (Optional[str]) – The namespace of the service account. Default: “default”

Return type

ServiceAccount

apply_removal_policy(policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters

policy (RemovalPolicy) –

Return type

None

connect_auto_scaling_group_capacity(auto_scaling_group, *, bootstrap_enabled=None, bootstrap_options=None, machine_image_type=None, map_role=None, spot_interrupt_handler=None)

Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.

The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance’s launch configuration.

Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

Prefer to use addAutoScalingGroupCapacity if possible.

Parameters

  • auto_scaling_group (AutoScalingGroup) – [disable-awslint:ref-via-interface].

  • bootstrap_enabled (Optional[bool]) – Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke /etc/eks/bootstrap.sh) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to false and manually invoke autoscalingGroup.addUserData(). Default: true

  • bootstrap_options (Optional[BootstrapOptions]) – Allows options for node bootstrapping through EC2 user data. Default: - default options

  • machine_image_type (Optional[MachineImageType]) – Allow options to specify different machine image type. Default: MachineImageType.AMAZON_LINUX_2

  • map_role (Optional[bool]) – Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to true if the cluster has kubectl disabled. Default: - true if the cluster has kubectl enabled (which is the default).

  • spot_interrupt_handler (Optional[bool]) – Installs the AWS spot instance interrupt handler on the cluster if it’s not already added. Only relevant if spotPrice is configured on the auto-scaling group. Default: true

See

https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html

Return type

None

Attributes

cluster_arn

eks:.

Attribute

true

Type

The unique ARN assigned to the service by AWS in the form of arn

Type

aws

Return type

str

cluster_certificate_authority_data

The certificate-authority-data for your cluster.

Attribute

true

Return type

str

cluster_encryption_config_key_arn

Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Attribute

true

Return type

str

cluster_endpoint

The API Server endpoint URL.

Attribute

true

Return type

str

cluster_handler_security_group

A security group to associate with the Cluster Handler’s Lambdas.

The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.

Requires placeClusterHandlerInVpc to be set to true.

Default

  • No security group.

Attribute

true

Return type

Optional[ISecurityGroup]

cluster_name

The physical name of the Cluster.

Attribute

true

Return type

str

cluster_security_group

The cluster security group that was created by Amazon EKS for the cluster.

Attribute

true

Return type

ISecurityGroup

cluster_security_group_id

The id of the cluster security group that was created by Amazon EKS for the cluster.

Attribute

true

Return type

str

connections

The network connections associated with this resource.

Return type

Connections

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type

ResourceEnvironment

kubectl_environment

Custom environment variables when running kubectl against this cluster.

Return type

Optional[Mapping[str, str]]

kubectl_lambda_role

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Return type

Optional[IRole]

kubectl_layer

An AWS Lambda layer that includes kubectl, helm and the aws CLI.

If not defined, a default layer will be used.

Return type

Optional[ILayerVersion]

kubectl_memory

Amount of memory to allocate to the provider’s lambda function.

Return type

Optional[Size]

kubectl_private_subnets

Subnets to host the kubectl compute resources.

If this is undefined, the k8s endpoint is expected to be accessible publicly.

Return type

Optional[List[ISubnet]]

kubectl_provider

Kubectl Provider for issuing kubectl commands against it.

If not defined, a default provider will be used

Return type

Optional[IKubectlProvider]

kubectl_role

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

Return type

Optional[IRole]

kubectl_security_group

A security group to use for kubectl execution.

If this is undefined, the k8s endpoint is expected to be accessible publicly.

Return type

Optional[ISecurityGroup]

node

The construct tree node for this construct.

Return type

ConstructNode

on_event_layer

An AWS Lambda layer that includes the NPM dependency proxy-agent.

If not defined, a default layer will be used.

Return type

Optional[ILayerVersion]

open_id_connect_provider

The Open ID Connect Provider of the cluster used to configure Service Accounts.

Return type

IOpenIdConnectProvider

prune

Indicates whether Kubernetes resources can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Return type

bool

stack

The stack in which this resource is defined.

Return type

Stack

vpc

The VPC in which this Cluster was created.

Return type

IVpc