Class Cluster

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.eks.Cluster
All Implemented Interfaces:
IResource, IConnectable, ICluster, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
Direct Known Subclasses:
FargateCluster

@Generated(value="jsii-pacmak/1.103.1 (build bef2dea)", date="2024-10-05T03:43:43.095Z") @Stability(Stable) public class Cluster extends Resource implements ICluster
A Cluster represents a managed Kubernetes Service (EKS).

This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.

Example:

 // or
 Vpc vpc;
 Cluster.Builder.create(this, "MyCluster")
         .kubectlMemory(Size.gibibytes(4))
         .version(KubernetesVersion.V1_30)
         .build();
 Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder()
         .kubectlMemory(Size.gibibytes(4))
         .vpc(vpc)
         .clusterName("cluster-name")
         .build());
 
  • Constructor Details

    • Cluster

      protected Cluster(software.amazon.jsii.JsiiObjectRef objRef)
    • Cluster

      protected Cluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
    • Cluster

      @Stability(Stable) public Cluster(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull ClusterProps props)
      Initiates an EKS Cluster with the supplied arguments.

      Parameters:
      scope - a Construct, most likely a cdk.Stack created. This parameter is required.
      id - the id of the Construct to create. This parameter is required.
      props - properties in the IClusterProps interface. This parameter is required.
  • Method Details

    • fromClusterAttributes

      @Stability(Stable) @NotNull public static ICluster fromClusterAttributes(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull ClusterAttributes attrs)
      Import an existing cluster.

      Parameters:
      scope - the construct scope, in most cases 'this'. This parameter is required.
      id - the id or name to import as. This parameter is required.
      attrs - the cluster properties to use for importing information. This parameter is required.
    • addAutoScalingGroupCapacity

      @Stability(Stable) @NotNull public AutoScalingGroup addAutoScalingGroupCapacity(@NotNull String id, @NotNull AutoScalingGroupCapacityOptions options)
      Add nodes to this EKS cluster.

      The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.

      Note that if you specify updateType: RollingUpdate or updateType: ReplacingUpdate, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for updateType is None, which means only new instances will be launched using the new AMI.

      Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. In addition, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

      Parameters:
      id - This parameter is required.
      options - This parameter is required.
    • addCdk8sChart

      @Stability(Stable) @NotNull public KubernetesManifest addCdk8sChart(@NotNull String id, @NotNull software.constructs.Construct chart, @Nullable KubernetesManifestOptions options)
      Defines a CDK8s chart in this cluster.

      Specified by:
      addCdk8sChart in interface ICluster
      Parameters:
      id - logical id of this chart. This parameter is required.
      chart - the cdk8s chart. This parameter is required.
      options -
      Returns:
      a KubernetesManifest construct representing the chart.
    • addCdk8sChart

      @Stability(Stable) @NotNull public KubernetesManifest addCdk8sChart(@NotNull String id, @NotNull software.constructs.Construct chart)
      Defines a CDK8s chart in this cluster.

      Specified by:
      addCdk8sChart in interface ICluster
      Parameters:
      id - logical id of this chart. This parameter is required.
      chart - the cdk8s chart. This parameter is required.
      Returns:
      a KubernetesManifest construct representing the chart.
    • addFargateProfile

      @Stability(Stable) @NotNull public FargateProfile addFargateProfile(@NotNull String id, @NotNull FargateProfileOptions options)
      Adds a Fargate profile to this cluster.

      Parameters:
      id - the id of this profile. This parameter is required.
      options - profile options. This parameter is required.
      See Also:
    • addHelmChart

      @Stability(Stable) @NotNull public HelmChart addHelmChart(@NotNull String id, @NotNull HelmChartOptions options)
      Defines a Helm chart in this cluster.

      Specified by:
      addHelmChart in interface ICluster
      Parameters:
      id - logical id of this chart. This parameter is required.
      options - options of this chart. This parameter is required.
      Returns:
      a HelmChart construct
    • addManifest

      @Stability(Stable) @NotNull public KubernetesManifest addManifest(@NotNull String id, @NotNull @NotNull Map<String,Object>... manifest)
      Defines a Kubernetes resource in this cluster.

      The manifest will be applied/deleted using kubectl as needed.

      Specified by:
      addManifest in interface ICluster
      Parameters:
      id - logical id of this manifest. This parameter is required.
      manifest - a list of Kubernetes resource specifications. This parameter is required.
      Returns:
      a KubernetesResource object.
    • addNodegroupCapacity

      @Stability(Stable) @NotNull public Nodegroup addNodegroupCapacity(@NotNull String id, @Nullable NodegroupOptions options)
      Add managed nodegroup to this Amazon EKS cluster.

      This method will create a new managed nodegroup and add into the capacity.

      Parameters:
      id - The ID of the nodegroup. This parameter is required.
      options - options for creating a new nodegroup.
      See Also:
    • addNodegroupCapacity

      @Stability(Stable) @NotNull public Nodegroup addNodegroupCapacity(@NotNull String id)
      Add managed nodegroup to this Amazon EKS cluster.

      This method will create a new managed nodegroup and add into the capacity.

      Parameters:
      id - The ID of the nodegroup. This parameter is required.
      See Also:
    • addServiceAccount

      @Stability(Stable) @NotNull public ServiceAccount addServiceAccount(@NotNull String id, @Nullable ServiceAccountOptions options)
      Creates a new service account with corresponding IAM Role (IRSA).

      Specified by:
      addServiceAccount in interface ICluster
      Parameters:
      id - This parameter is required.
      options -
    • addServiceAccount

      @Stability(Stable) @NotNull public ServiceAccount addServiceAccount(@NotNull String id)
      Creates a new service account with corresponding IAM Role (IRSA).

      Specified by:
      addServiceAccount in interface ICluster
      Parameters:
      id - This parameter is required.
    • connectAutoScalingGroupCapacity

      @Stability(Stable) public void connectAutoScalingGroupCapacity(@NotNull AutoScalingGroup autoScalingGroup, @NotNull AutoScalingGroupOptions options)
      Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.

      The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.

      Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.

      Prefer to use addAutoScalingGroupCapacity if possible.

      Specified by:
      connectAutoScalingGroupCapacity in interface ICluster
      Parameters:
      autoScalingGroup - [disable-awslint:ref-via-interface]. This parameter is required.
      options - options for adding auto scaling groups, like customizing the bootstrap script. This parameter is required.
      See Also:
    • getIngressLoadBalancerAddress

      @Stability(Stable) @NotNull public String getIngressLoadBalancerAddress(@NotNull String ingressName, @Nullable IngressLoadBalancerAddressOptions options)
      Fetch the load balancer address of an ingress backed by a load balancer.

      Parameters:
      ingressName - The name of the ingress. This parameter is required.
      options - Additional operation options.
    • getIngressLoadBalancerAddress

      @Stability(Stable) @NotNull public String getIngressLoadBalancerAddress(@NotNull String ingressName)
      Fetch the load balancer address of an ingress backed by a load balancer.

      Parameters:
      ingressName - The name of the ingress. This parameter is required.
    • getServiceLoadBalancerAddress

      @Stability(Stable) @NotNull public String getServiceLoadBalancerAddress(@NotNull String serviceName, @Nullable ServiceLoadBalancerAddressOptions options)
      Fetch the load balancer address of a service of type 'LoadBalancer'.

      Parameters:
      serviceName - The name of the service. This parameter is required.
      options - Additional operation options.
    • getServiceLoadBalancerAddress

      @Stability(Stable) @NotNull public String getServiceLoadBalancerAddress(@NotNull String serviceName)
      Fetch the load balancer address of a service of type 'LoadBalancer'.

      Parameters:
      serviceName - The name of the service. This parameter is required.
    • grantAccess

      @Stability(Stable) public void grantAccess(@NotNull String id, @NotNull String principal, @NotNull List<IAccessPolicy> accessPolicies)
      Grants the specified IAM principal access to the EKS cluster based on the provided access policies.

      This method creates an AccessEntry construct that grants the specified IAM principal the access permissions defined by the provided IAccessPolicy array. This allows the IAM principal to perform the actions permitted by the access policies within the EKS cluster.

      Parameters:
      id -
      • The ID of the AccessEntry construct to be created.
      This parameter is required.
      principal -
      • The IAM principal (role or user) to be granted access to the EKS cluster.
      This parameter is required.
      accessPolicies -
      • An array of IAccessPolicy objects that define the access permissions to be granted to the IAM principal.
      This parameter is required.
    • getAdminRole

      @Stability(Stable) @NotNull public Role getAdminRole()
      An IAM role with administrative permissions to create or update the cluster.

      This role also has systems:master permissions.

    • getAwsAuth

      @Stability(Stable) @NotNull public AwsAuth getAwsAuth()
      Lazily creates the AwsAuth resource, which manages AWS authentication mapping.
    • getClusterArn

      @Stability(Stable) @NotNull public String getClusterArn()
      The AWS generated ARN for the Cluster resource.

      For example, arn:aws:eks:us-west-2:666666666666:cluster/prod

      Specified by:
      getClusterArn in interface ICluster
    • getClusterCertificateAuthorityData

      @Stability(Stable) @NotNull public String getClusterCertificateAuthorityData()
      The certificate-authority-data for your cluster.
      Specified by:
      getClusterCertificateAuthorityData in interface ICluster
    • getClusterEncryptionConfigKeyArn

      @Stability(Stable) @NotNull public String getClusterEncryptionConfigKeyArn()
      Amazon Resource Name (ARN) or alias of the customer master key (CMK).
      Specified by:
      getClusterEncryptionConfigKeyArn in interface ICluster
    • getClusterEndpoint

      @Stability(Stable) @NotNull public String getClusterEndpoint()
      The endpoint URL for the Cluster.

      This is the URL inside the kubeconfig file to use with kubectl

      For example, https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com

      Specified by:
      getClusterEndpoint in interface ICluster
    • getClusterName

      @Stability(Stable) @NotNull public String getClusterName()
      The Name of the created EKS Cluster.
      Specified by:
      getClusterName in interface ICluster
    • getClusterOpenIdConnectIssuer

      @Stability(Stable) @NotNull public String getClusterOpenIdConnectIssuer()
      If this cluster is kubectl-enabled, returns the OpenID Connect issuer.

      This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock CfnCluster), this is undefined.

    • getClusterOpenIdConnectIssuerUrl

      @Stability(Stable) @NotNull public String getClusterOpenIdConnectIssuerUrl()
      If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.

      This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock CfnCluster), this is undefined.

    • getClusterSecurityGroup

      @Stability(Stable) @NotNull public ISecurityGroup getClusterSecurityGroup()
      The cluster security group that was created by Amazon EKS for the cluster.
      Specified by:
      getClusterSecurityGroup in interface ICluster
    • getClusterSecurityGroupId

      @Stability(Stable) @NotNull public String getClusterSecurityGroupId()
      The id of the cluster security group that was created by Amazon EKS for the cluster.
      Specified by:
      getClusterSecurityGroupId in interface ICluster
    • getConnections

      @Stability(Stable) @NotNull public Connections getConnections()
      Manages connection rules (Security Group Rules) for the cluster.
      Specified by:
      getConnections in interface IConnectable
    • getOpenIdConnectProvider

      @Stability(Stable) @NotNull public IOpenIdConnectProvider getOpenIdConnectProvider()
      An OpenIdConnectProvider resource associated with this cluster, and which can be used to link this cluster to AWS IAM.

      A provider will only be defined if this property is accessed (lazy initialization).

      Specified by:
      getOpenIdConnectProvider in interface ICluster
    • getPrune

      @Stability(Stable) @NotNull public Boolean getPrune()
      Determines if Kubernetes resources can be pruned automatically.
      Specified by:
      getPrune in interface ICluster
    • getRole

      @Stability(Stable) @NotNull public IRole getRole()
      IAM role assumed by the EKS Control Plane.
    • getVpc

      @Stability(Stable) @NotNull public IVpc getVpc()
      The VPC in which this Cluster was created.
      Specified by:
      getVpc in interface ICluster
    • getAlbController

      @Stability(Stable) @Nullable public AlbController getAlbController()
      The ALB Controller construct defined for this cluster.

      Will be undefined if albController wasn't configured.

    • getAuthenticationMode

      @Stability(Stable) @Nullable public AuthenticationMode getAuthenticationMode()
      The authentication mode for the Amazon EKS cluster.

      The authentication mode determines how users and applications authenticate to the Kubernetes API server.

      Default: CONFIG_MAP.

      Specified by:
      getAuthenticationMode in interface ICluster
    • getAwscliLayer

      @Stability(Stable) @Nullable public ILayerVersion getAwscliLayer()
      An AWS Lambda layer that contains the aws CLI.

      If not defined, a default layer will be used containing the AWS CLI 1.x.

      Specified by:
      getAwscliLayer in interface ICluster
    • getClusterHandlerSecurityGroup

      @Stability(Stable) @Nullable public ISecurityGroup getClusterHandlerSecurityGroup()
      A security group to associate with the Cluster Handler's Lambdas.

      The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.

      Requires placeClusterHandlerInVpc to be set to true.

      Default: - No security group.

      Specified by:
      getClusterHandlerSecurityGroup in interface ICluster
    • getDefaultCapacity

      @Stability(Stable) @Nullable public AutoScalingGroup getDefaultCapacity()
      The auto scaling group that hosts the default capacity for this cluster.

      This will be undefined if the defaultCapacityType is not EC2 or defaultCapacityType is EC2 but default capacity is set to 0.

    • getDefaultNodegroup

      @Stability(Stable) @Nullable public Nodegroup getDefaultNodegroup()
      The node group that hosts the default capacity for this cluster.

      This will be undefined if the defaultCapacityType is EC2 or defaultCapacityType is NODEGROUP but default capacity is set to 0.

    • getEksPodIdentityAgent

      @Stability(Stable) @Nullable public IAddon getEksPodIdentityAgent()
      Retrieves the EKS Pod Identity Agent addon for the EKS cluster.

      The EKS Pod Identity Agent is responsible for managing the temporary credentials used by pods in the cluster to access AWS resources. It runs as a DaemonSet on each node and provides the necessary credentials to the pods based on their associated service account.

      Specified by:
      getEksPodIdentityAgent in interface ICluster
    • getIpFamily

      @Stability(Stable) @Nullable public IpFamily getIpFamily()
      Specify which IP family is used to assign Kubernetes pod and service IP addresses.

      Default: - IpFamily.IP_V4

      Specified by:
      getIpFamily in interface ICluster
      See Also:
    • getKubectlEnvironment

      @Stability(Stable) @Nullable public Map<String,String> getKubectlEnvironment()
      Custom environment variables when running kubectl against this cluster.
      Specified by:
      getKubectlEnvironment in interface ICluster
    • getKubectlLambdaRole

      @Stability(Stable) @Nullable public IRole getKubectlLambdaRole()
      An IAM role that can perform kubectl operations against this cluster.

      The role should be mapped to the system:masters Kubernetes RBAC role.

      This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

      Default: - if not specified, the default role created by a lambda function will be used.

      Specified by:
      getKubectlLambdaRole in interface ICluster
    • getKubectlLayer

      @Stability(Stable) @Nullable public ILayerVersion getKubectlLayer()
      An AWS Lambda layer that includes kubectl and helm.

      If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8

      Specified by:
      getKubectlLayer in interface ICluster
    • getKubectlMemory

      @Stability(Stable) @Nullable public Size getKubectlMemory()
      The amount of memory allocated to the kubectl provider's lambda function.
      Specified by:
      getKubectlMemory in interface ICluster
    • getKubectlPrivateSubnets

      @Stability(Stable) @Nullable public List<ISubnet> getKubectlPrivateSubnets()
      Subnets to host the kubectl compute resources.

      Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

      Specified by:
      getKubectlPrivateSubnets in interface ICluster
    • getKubectlRole

      @Stability(Stable) @Nullable public IRole getKubectlRole()
      An IAM role that can perform kubectl operations against this cluster.

      The role should be mapped to the system:masters Kubernetes RBAC role.

      Specified by:
      getKubectlRole in interface ICluster
    • getKubectlSecurityGroup

      @Stability(Stable) @Nullable public ISecurityGroup getKubectlSecurityGroup()
      A security group to use for kubectl execution.

      Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

      Specified by:
      getKubectlSecurityGroup in interface ICluster
    • getOnEventLayer

      @Stability(Stable) @Nullable public ILayerVersion getOnEventLayer()
      The AWS Lambda layer that contains the NPM dependency proxy-agent.

      If undefined, a SAR app that contains this layer will be used.

      Specified by:
      getOnEventLayer in interface ICluster