Class CfnCluster
- All Implemented Interfaces:
IInspectable
,ITaggable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd
and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec
, logs
, and proxy
data flows).
Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess
and endpointPrivateAccess
parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging
parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing .
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.eks.*; CfnCluster cfnCluster = CfnCluster.Builder.create(this, "MyCfnCluster") .resourcesVpcConfig(ResourcesVpcConfigProperty.builder() .subnetIds(List.of("subnetIds")) // the properties below are optional .endpointPrivateAccess(false) .endpointPublicAccess(false) .publicAccessCidrs(List.of("publicAccessCidrs")) .securityGroupIds(List.of("securityGroupIds")) .build()) .roleArn("roleArn") // the properties below are optional .accessConfig(AccessConfigProperty.builder() .authenticationMode("authenticationMode") .bootstrapClusterCreatorAdminPermissions(false) .build()) .bootstrapSelfManagedAddons(false) .encryptionConfig(List.of(EncryptionConfigProperty.builder() .provider(ProviderProperty.builder() .keyArn("keyArn") .build()) .resources(List.of("resources")) .build())) .kubernetesNetworkConfig(KubernetesNetworkConfigProperty.builder() .ipFamily("ipFamily") .serviceIpv4Cidr("serviceIpv4Cidr") .serviceIpv6Cidr("serviceIpv6Cidr") .build()) .logging(LoggingProperty.builder() .clusterLogging(ClusterLoggingProperty.builder() .enabledTypes(List.of(LoggingTypeConfigProperty.builder() .type("type") .build())) .build()) .build()) .name("name") .outpostConfig(OutpostConfigProperty.builder() .controlPlaneInstanceType("controlPlaneInstanceType") .outpostArns(List.of("outpostArns")) // the properties below are optional .controlPlanePlacement(ControlPlanePlacementProperty.builder() .groupName("groupName") .build()) .build()) .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .upgradePolicy(UpgradePolicyProperty.builder() .supportType("supportType") .build()) .version("version") .zonalShiftConfig(ZonalShiftConfigProperty.builder() .enabled(false) .build()) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
The access configuration for the cluster.static final class
A fluent builder forCfnCluster
.static interface
The cluster control plane logging configuration for your cluster.static interface
The placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost.static interface
The encryption configuration for the cluster.static interface
The Kubernetes network configuration for the cluster.static interface
Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs.static interface
The enabled logging type.static interface
The configuration of your local Amazon EKS cluster on an AWS Outpost.static interface
Identifies the AWS Key Management Service ( AWS KMS ) key used to encrypt the secrets.static interface
An object representing the VPC configuration to use for an Amazon EKS cluster.static interface
An object representing the Upgrade Policy to use for the cluster.static interface
The current zonal shift configuration to use for the cluster.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable
ITaggable.Jsii$Default, ITaggable.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionprotected
CfnCluster
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnCluster
(software.amazon.jsii.JsiiObjectRef objRef) CfnCluster
(software.constructs.Construct scope, String id, CfnClusterProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe access configuration for the cluster.The ARN of the cluster, such asarn:aws:eks:us-west-2:666666666666:cluster/prod
.Thecertificate-authority-data
for your cluster.The cluster security group that was created by Amazon EKS for the cluster.Amazon Resource Name (ARN) or alias of the customer master key (CMK).The endpoint for your Kubernetes API server, such ashttps://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
.The ID of your local Amazon EKS cluster on an AWS Outpost.The CIDR block that Kubernetes Service IP addresses are assigned from if you created a1.21
or later cluster with version>1.10.1
or later of the Amazon VPC CNI add-on and specifiedipv6
for ipFamily when you created the cluster.The issuer URL for the OIDC identity provider of the cluster, such ashttps://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E
.If you set this value toFalse
when creating a cluster, the default networking add-ons will not be installed.The encryption configuration for the cluster.The Kubernetes network configuration for the cluster.The logging configuration for your cluster.getName()
The unique name to give to your cluster.An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost.The VPC configuration that's used by the cluster control plane.The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.getTags()
Tag Manager which manages the tags for this resource.The metadata that you apply to the cluster to assist with categorization and organization.This value indicates if extended support is enabled or disabled for the cluster.The desired Kubernetes version for your cluster.The current zonal shift configuration to use for the cluster.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setAccessConfig
(IResolvable value) The access configuration for the cluster.void
The access configuration for the cluster.void
If you set this value toFalse
when creating a cluster, the default networking add-ons will not be installed.void
If you set this value toFalse
when creating a cluster, the default networking add-ons will not be installed.void
setEncryptionConfig
(List<Object> value) The encryption configuration for the cluster.void
setEncryptionConfig
(IResolvable value) The encryption configuration for the cluster.void
The Kubernetes network configuration for the cluster.void
The Kubernetes network configuration for the cluster.void
setLogging
(IResolvable value) The logging configuration for your cluster.void
The logging configuration for your cluster.void
The unique name to give to your cluster.void
setOutpostConfig
(IResolvable value) An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost.void
An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost.void
setResourcesVpcConfig
(IResolvable value) The VPC configuration that's used by the cluster control plane.void
The VPC configuration that's used by the cluster control plane.void
setRoleArn
(String value) The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.void
setTagsRaw
(List<CfnTag> value) The metadata that you apply to the cluster to assist with categorization and organization.void
setUpgradePolicy
(IResolvable value) This value indicates if extended support is enabled or disabled for the cluster.void
This value indicates if extended support is enabled or disabled for the cluster.void
setVersion
(String value) The desired Kubernetes version for your cluster.void
setZonalShiftConfig
(IResolvable value) The current zonal shift configuration to use for the cluster.void
The current zonal shift configuration to use for the cluster.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnCluster
protected CfnCluster(software.amazon.jsii.JsiiObjectRef objRef) -
CfnCluster
protected CfnCluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnCluster
@Stability(Stable) public CfnCluster(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnClusterProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrArn
The ARN of the cluster, such asarn:aws:eks:us-west-2:666666666666:cluster/prod
. -
getAttrCertificateAuthorityData
Thecertificate-authority-data
for your cluster. -
getAttrClusterSecurityGroupId
The cluster security group that was created by Amazon EKS for the cluster.Managed node groups use this security group for control plane to data plane communication.
This parameter is only returned by Amazon EKS clusters that support managed node groups. For more information, see Managed node groups in the Amazon EKS User Guide .
-
getAttrEncryptionConfigKeyArn
Amazon Resource Name (ARN) or alias of the customer master key (CMK). -
getAttrEndpoint
The endpoint for your Kubernetes API server, such ashttps://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
. -
getAttrId
The ID of your local Amazon EKS cluster on an AWS Outpost.This property isn't available for an Amazon EKS cluster on the AWS cloud.
-
getAttrKubernetesNetworkConfigServiceIpv6Cidr
The CIDR block that Kubernetes Service IP addresses are assigned from if you created a1.21
or later cluster with version>1.10.1
or later of the Amazon VPC CNI add-on and specifiedipv6
for ipFamily when you created the cluster. Kubernetes assigns Service addresses from the unique local address range (fc00::/7
) because you can't specify a customIPv6
CIDR block when you create the cluster. -
getAttrOpenIdConnectIssuerUrl
The issuer URL for the OIDC identity provider of the cluster, such ashttps://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E
. If you need to removehttps://
from this output value, you can include the following code in your template.!Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]]
-
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getTags
Tag Manager which manages the tags for this resource. -
getResourcesVpcConfig
The VPC configuration that's used by the cluster control plane. -
setResourcesVpcConfig
The VPC configuration that's used by the cluster control plane. -
setResourcesVpcConfig
@Stability(Stable) public void setResourcesVpcConfig(@NotNull CfnCluster.ResourcesVpcConfigProperty value) The VPC configuration that's used by the cluster control plane. -
getRoleArn
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. -
setRoleArn
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. -
getAccessConfig
The access configuration for the cluster. -
setAccessConfig
The access configuration for the cluster. -
setAccessConfig
The access configuration for the cluster. -
getBootstrapSelfManagedAddons
If you set this value toFalse
when creating a cluster, the default networking add-ons will not be installed. -
setBootstrapSelfManagedAddons
If you set this value toFalse
when creating a cluster, the default networking add-ons will not be installed. -
setBootstrapSelfManagedAddons
If you set this value toFalse
when creating a cluster, the default networking add-ons will not be installed. -
getEncryptionConfig
The encryption configuration for the cluster. -
setEncryptionConfig
The encryption configuration for the cluster. -
setEncryptionConfig
The encryption configuration for the cluster. -
getKubernetesNetworkConfig
The Kubernetes network configuration for the cluster. -
setKubernetesNetworkConfig
The Kubernetes network configuration for the cluster. -
setKubernetesNetworkConfig
@Stability(Stable) public void setKubernetesNetworkConfig(@Nullable CfnCluster.KubernetesNetworkConfigProperty value) The Kubernetes network configuration for the cluster. -
getLogging
The logging configuration for your cluster. -
setLogging
The logging configuration for your cluster. -
setLogging
The logging configuration for your cluster. -
getName
The unique name to give to your cluster. -
setName
The unique name to give to your cluster. -
getOutpostConfig
An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. -
setOutpostConfig
An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. -
setOutpostConfig
An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. -
getTagsRaw
The metadata that you apply to the cluster to assist with categorization and organization. -
setTagsRaw
The metadata that you apply to the cluster to assist with categorization and organization. -
getUpgradePolicy
This value indicates if extended support is enabled or disabled for the cluster. -
setUpgradePolicy
This value indicates if extended support is enabled or disabled for the cluster. -
setUpgradePolicy
This value indicates if extended support is enabled or disabled for the cluster. -
getVersion
The desired Kubernetes version for your cluster. -
setVersion
The desired Kubernetes version for your cluster. -
getZonalShiftConfig
The current zonal shift configuration to use for the cluster. -
setZonalShiftConfig
The current zonal shift configuration to use for the cluster. -
setZonalShiftConfig
@Stability(Stable) public void setZonalShiftConfig(@Nullable CfnCluster.ZonalShiftConfigProperty value) The current zonal shift configuration to use for the cluster.
-