Class Cluster
- All Implemented Interfaces:
IResource
,IConnectable
,ICluster
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
- Direct Known Subclasses:
FargateCluster
This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.
Example:
// or Vpc vpc; Cluster.Builder.create(this, "MyCluster") .kubectlMemory(Size.gibibytes(4)) .version(KubernetesVersion.V1_30) .build(); Cluster.fromClusterAttributes(this, "MyCluster", ClusterAttributes.builder() .kubectlMemory(Size.gibibytes(4)) .vpc(vpc) .clusterName("cluster-name") .build());
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.eks.ICluster
ICluster.Jsii$Default, ICluster.Jsii$Proxy
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default
-
Constructor Summary
ModifierConstructorDescriptionprotected
Cluster
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
Cluster
(software.amazon.jsii.JsiiObjectRef objRef) Cluster
(software.constructs.Construct scope, String id, ClusterProps props) Initiates an EKS Cluster with the supplied arguments. -
Method Summary
Modifier and TypeMethodDescriptionAdd nodes to this EKS cluster.addCdk8sChart
(String id, software.constructs.Construct chart) Defines a CDK8s chart in this cluster.addCdk8sChart
(String id, software.constructs.Construct chart, KubernetesManifestOptions options) Defines a CDK8s chart in this cluster.addFargateProfile
(String id, FargateProfileOptions options) Adds a Fargate profile to this cluster.addHelmChart
(String id, HelmChartOptions options) Defines a Helm chart in this cluster.addManifest
(String id, @NotNull Map<String, Object>... manifest) Defines a Kubernetes resource in this cluster.Add managed nodegroup to this Amazon EKS cluster.addNodegroupCapacity
(String id, NodegroupOptions options) Add managed nodegroup to this Amazon EKS cluster.Creates a new service account with corresponding IAM Role (IRSA).addServiceAccount
(String id, ServiceAccountOptions options) Creates a new service account with corresponding IAM Role (IRSA).void
connectAutoScalingGroupCapacity
(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options) Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.static ICluster
fromClusterAttributes
(software.constructs.Construct scope, String id, ClusterAttributes attrs) Import an existing cluster.An IAM role with administrative permissions to create or update the cluster.The ALB Controller construct defined for this cluster.The authentication mode for the Amazon EKS cluster.Lazily creates the AwsAuth resource, which manages AWS authentication mapping.An AWS Lambda layer that contains theaws
CLI.The AWS generated ARN for the Cluster resource.The certificate-authority-data for your cluster.Amazon Resource Name (ARN) or alias of the customer master key (CMK).The endpoint URL for the Cluster.A security group to associate with the Cluster Handler's Lambdas.The Name of the created EKS Cluster.If this cluster is kubectl-enabled, returns the OpenID Connect issuer.If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.The cluster security group that was created by Amazon EKS for the cluster.The id of the cluster security group that was created by Amazon EKS for the cluster.Manages connection rules (Security Group Rules) for the cluster.The auto scaling group that hosts the default capacity for this cluster.The node group that hosts the default capacity for this cluster.Retrieves the EKS Pod Identity Agent addon for the EKS cluster.getIngressLoadBalancerAddress
(String ingressName) Fetch the load balancer address of an ingress backed by a load balancer.getIngressLoadBalancerAddress
(String ingressName, IngressLoadBalancerAddressOptions options) Fetch the load balancer address of an ingress backed by a load balancer.Specify which IP family is used to assign Kubernetes pod and service IP addresses.Custom environment variables when runningkubectl
against this cluster.An IAM role that can perform kubectl operations against this cluster.An AWS Lambda layer that includeskubectl
andhelm
.The amount of memory allocated to the kubectl provider's lambda function.Subnets to host thekubectl
compute resources.An IAM role that can perform kubectl operations against this cluster.A security group to use forkubectl
execution.The AWS Lambda layer that contains the NPM dependencyproxy-agent
.AnOpenIdConnectProvider
resource associated with this cluster, and which can be used to link this cluster to AWS IAM.getPrune()
Determines if Kubernetes resources can be pruned automatically.getRole()
IAM role assumed by the EKS Control Plane.getServiceLoadBalancerAddress
(String serviceName) Fetch the load balancer address of a service of type 'LoadBalancer'.getServiceLoadBalancerAddress
(String serviceName, ServiceLoadBalancerAddressOptions options) Fetch the load balancer address of a service of type 'LoadBalancer'.getVpc()
The VPC in which this Cluster was created.void
grantAccess
(String id, String principal, List<IAccessPolicy> accessPolicies) Grants the specified IAM principal access to the EKS cluster based on the provided access policies.Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource
Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.awscdk.services.eks.ICluster
getKubectlProvider
Methods inherited from interface software.constructs.IConstruct
getNode
Methods inherited from interface software.amazon.awscdk.IResource
applyRemovalPolicy, getEnv, getStack
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
Cluster
protected Cluster(software.amazon.jsii.JsiiObjectRef objRef) -
Cluster
protected Cluster(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
Cluster
@Stability(Stable) public Cluster(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull ClusterProps props) Initiates an EKS Cluster with the supplied arguments.- Parameters:
scope
- a Construct, most likely a cdk.Stack created. This parameter is required.id
- the id of the Construct to create. This parameter is required.props
- properties in the IClusterProps interface. This parameter is required.
-
-
Method Details
-
fromClusterAttributes
@Stability(Stable) @NotNull public static ICluster fromClusterAttributes(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull ClusterAttributes attrs) Import an existing cluster.- Parameters:
scope
- the construct scope, in most cases 'this'. This parameter is required.id
- the id or name to import as. This parameter is required.attrs
- the cluster properties to use for importing information. This parameter is required.
-
addAutoScalingGroupCapacity
@Stability(Stable) @NotNull public AutoScalingGroup addAutoScalingGroupCapacity(@NotNull String id, @NotNull AutoScalingGroupCapacityOptions options) Add nodes to this EKS cluster.The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.
Note that if you specify
updateType: RollingUpdate
orupdateType: ReplacingUpdate
, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior forupdateType
isNone
, which means only new instances will be launched using the new AMI.Spot instances will be labeled
lifecycle=Ec2Spot
and tainted withPreferNoSchedule
. In addition, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.- Parameters:
id
- This parameter is required.options
- This parameter is required.
-
addCdk8sChart
@Stability(Stable) @NotNull public KubernetesManifest addCdk8sChart(@NotNull String id, @NotNull software.constructs.Construct chart, @Nullable KubernetesManifestOptions options) Defines a CDK8s chart in this cluster.- Specified by:
addCdk8sChart
in interfaceICluster
- Parameters:
id
- logical id of this chart. This parameter is required.chart
- the cdk8s chart. This parameter is required.options
-- Returns:
- a
KubernetesManifest
construct representing the chart.
-
addCdk8sChart
@Stability(Stable) @NotNull public KubernetesManifest addCdk8sChart(@NotNull String id, @NotNull software.constructs.Construct chart) Defines a CDK8s chart in this cluster.- Specified by:
addCdk8sChart
in interfaceICluster
- Parameters:
id
- logical id of this chart. This parameter is required.chart
- the cdk8s chart. This parameter is required.- Returns:
- a
KubernetesManifest
construct representing the chart.
-
addFargateProfile
@Stability(Stable) @NotNull public FargateProfile addFargateProfile(@NotNull String id, @NotNull FargateProfileOptions options) Adds a Fargate profile to this cluster.- Parameters:
id
- the id of this profile. This parameter is required.options
- profile options. This parameter is required.- See Also:
-
addHelmChart
@Stability(Stable) @NotNull public HelmChart addHelmChart(@NotNull String id, @NotNull HelmChartOptions options) Defines a Helm chart in this cluster.- Specified by:
addHelmChart
in interfaceICluster
- Parameters:
id
- logical id of this chart. This parameter is required.options
- options of this chart. This parameter is required.- Returns:
- a
HelmChart
construct
-
addManifest
@Stability(Stable) @NotNull public KubernetesManifest addManifest(@NotNull String id, @NotNull @NotNull Map<String, Object>... manifest) Defines a Kubernetes resource in this cluster.The manifest will be applied/deleted using kubectl as needed.
- Specified by:
addManifest
in interfaceICluster
- Parameters:
id
- logical id of this manifest. This parameter is required.manifest
- a list of Kubernetes resource specifications. This parameter is required.- Returns:
- a
KubernetesResource
object.
-
addNodegroupCapacity
@Stability(Stable) @NotNull public Nodegroup addNodegroupCapacity(@NotNull String id, @Nullable NodegroupOptions options) Add managed nodegroup to this Amazon EKS cluster.This method will create a new managed nodegroup and add into the capacity.
- Parameters:
id
- The ID of the nodegroup. This parameter is required.options
- options for creating a new nodegroup.- See Also:
-
addNodegroupCapacity
Add managed nodegroup to this Amazon EKS cluster.This method will create a new managed nodegroup and add into the capacity.
- Parameters:
id
- The ID of the nodegroup. This parameter is required.- See Also:
-
addServiceAccount
@Stability(Stable) @NotNull public ServiceAccount addServiceAccount(@NotNull String id, @Nullable ServiceAccountOptions options) Creates a new service account with corresponding IAM Role (IRSA).- Specified by:
addServiceAccount
in interfaceICluster
- Parameters:
id
- This parameter is required.options
-
-
addServiceAccount
Creates a new service account with corresponding IAM Role (IRSA).- Specified by:
addServiceAccount
in interfaceICluster
- Parameters:
id
- This parameter is required.
-
connectAutoScalingGroupCapacity
@Stability(Stable) public void connectAutoScalingGroupCapacity(@NotNull AutoScalingGroup autoScalingGroup, @NotNull AutoScalingGroupOptions options) Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.
Spot instances will be labeled
lifecycle=Ec2Spot
and tainted withPreferNoSchedule
. If kubectl is enabled, the spot interrupt handler daemon will be installed on all spot instances to handle EC2 Spot Instance Termination Notices.Prefer to use
addAutoScalingGroupCapacity
if possible.- Specified by:
connectAutoScalingGroupCapacity
in interfaceICluster
- Parameters:
autoScalingGroup
- [disable-awslint:ref-via-interface]. This parameter is required.options
- options for adding auto scaling groups, like customizing the bootstrap script. This parameter is required.- See Also:
-
getIngressLoadBalancerAddress
@Stability(Stable) @NotNull public String getIngressLoadBalancerAddress(@NotNull String ingressName, @Nullable IngressLoadBalancerAddressOptions options) Fetch the load balancer address of an ingress backed by a load balancer.- Parameters:
ingressName
- The name of the ingress. This parameter is required.options
- Additional operation options.
-
getIngressLoadBalancerAddress
@Stability(Stable) @NotNull public String getIngressLoadBalancerAddress(@NotNull String ingressName) Fetch the load balancer address of an ingress backed by a load balancer.- Parameters:
ingressName
- The name of the ingress. This parameter is required.
-
getServiceLoadBalancerAddress
@Stability(Stable) @NotNull public String getServiceLoadBalancerAddress(@NotNull String serviceName, @Nullable ServiceLoadBalancerAddressOptions options) Fetch the load balancer address of a service of type 'LoadBalancer'.- Parameters:
serviceName
- The name of the service. This parameter is required.options
- Additional operation options.
-
getServiceLoadBalancerAddress
@Stability(Stable) @NotNull public String getServiceLoadBalancerAddress(@NotNull String serviceName) Fetch the load balancer address of a service of type 'LoadBalancer'.- Parameters:
serviceName
- The name of the service. This parameter is required.
-
grantAccess
@Stability(Stable) public void grantAccess(@NotNull String id, @NotNull String principal, @NotNull List<IAccessPolicy> accessPolicies) Grants the specified IAM principal access to the EKS cluster based on the provided access policies.This method creates an
AccessEntry
construct that grants the specified IAM principal the access permissions defined by the providedIAccessPolicy
array. This allows the IAM principal to perform the actions permitted by the access policies within the EKS cluster.- Parameters:
id
-- The ID of the
AccessEntry
construct to be created.
- The ID of the
principal
-- The IAM principal (role or user) to be granted access to the EKS cluster.
accessPolicies
-- An array of
IAccessPolicy
objects that define the access permissions to be granted to the IAM principal.
- An array of
-
getAdminRole
An IAM role with administrative permissions to create or update the cluster.This role also has
systems:master
permissions. -
getAwsAuth
Lazily creates the AwsAuth resource, which manages AWS authentication mapping. -
getClusterArn
The AWS generated ARN for the Cluster resource.For example,
arn:aws:eks:us-west-2:666666666666:cluster/prod
- Specified by:
getClusterArn
in interfaceICluster
-
getClusterCertificateAuthorityData
The certificate-authority-data for your cluster.- Specified by:
getClusterCertificateAuthorityData
in interfaceICluster
-
getClusterEncryptionConfigKeyArn
Amazon Resource Name (ARN) or alias of the customer master key (CMK).- Specified by:
getClusterEncryptionConfigKeyArn
in interfaceICluster
-
getClusterEndpoint
The endpoint URL for the Cluster.This is the URL inside the kubeconfig file to use with kubectl
For example,
https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
- Specified by:
getClusterEndpoint
in interfaceICluster
-
getClusterName
The Name of the created EKS Cluster.- Specified by:
getClusterName
in interfaceICluster
-
getClusterOpenIdConnectIssuer
If this cluster is kubectl-enabled, returns the OpenID Connect issuer.This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock
CfnCluster
), this isundefined
. -
getClusterOpenIdConnectIssuerUrl
If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock
CfnCluster
), this isundefined
. -
getClusterSecurityGroup
The cluster security group that was created by Amazon EKS for the cluster.- Specified by:
getClusterSecurityGroup
in interfaceICluster
-
getClusterSecurityGroupId
The id of the cluster security group that was created by Amazon EKS for the cluster.- Specified by:
getClusterSecurityGroupId
in interfaceICluster
-
getConnections
Manages connection rules (Security Group Rules) for the cluster.- Specified by:
getConnections
in interfaceIConnectable
-
getOpenIdConnectProvider
AnOpenIdConnectProvider
resource associated with this cluster, and which can be used to link this cluster to AWS IAM.A provider will only be defined if this property is accessed (lazy initialization).
- Specified by:
getOpenIdConnectProvider
in interfaceICluster
-
getPrune
Determines if Kubernetes resources can be pruned automatically. -
getRole
IAM role assumed by the EKS Control Plane. -
getVpc
The VPC in which this Cluster was created. -
getAlbController
The ALB Controller construct defined for this cluster.Will be undefined if
albController
wasn't configured. -
getAuthenticationMode
The authentication mode for the Amazon EKS cluster.The authentication mode determines how users and applications authenticate to the Kubernetes API server.
Default: CONFIG_MAP.
- Specified by:
getAuthenticationMode
in interfaceICluster
-
getAwscliLayer
An AWS Lambda layer that contains theaws
CLI.If not defined, a default layer will be used containing the AWS CLI 1.x.
- Specified by:
getAwscliLayer
in interfaceICluster
-
getClusterHandlerSecurityGroup
A security group to associate with the Cluster Handler's Lambdas.The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires
placeClusterHandlerInVpc
to be set to true.Default: - No security group.
- Specified by:
getClusterHandlerSecurityGroup
in interfaceICluster
-
getDefaultCapacity
The auto scaling group that hosts the default capacity for this cluster.This will be
undefined
if thedefaultCapacityType
is notEC2
ordefaultCapacityType
isEC2
but default capacity is set to 0. -
getDefaultNodegroup
The node group that hosts the default capacity for this cluster.This will be
undefined
if thedefaultCapacityType
isEC2
ordefaultCapacityType
isNODEGROUP
but default capacity is set to 0. -
getEksPodIdentityAgent
Retrieves the EKS Pod Identity Agent addon for the EKS cluster.The EKS Pod Identity Agent is responsible for managing the temporary credentials used by pods in the cluster to access AWS resources. It runs as a DaemonSet on each node and provides the necessary credentials to the pods based on their associated service account.
- Specified by:
getEksPodIdentityAgent
in interfaceICluster
-
getIpFamily
Specify which IP family is used to assign Kubernetes pod and service IP addresses.Default: - IpFamily.IP_V4
- Specified by:
getIpFamily
in interfaceICluster
- See Also:
-
getKubectlEnvironment
Custom environment variables when runningkubectl
against this cluster.- Specified by:
getKubectlEnvironment
in interfaceICluster
-
getKubectlLambdaRole
An IAM role that can perform kubectl operations against this cluster.The role should be mapped to the
system:masters
Kubernetes RBAC role.This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
Default: - if not specified, the default role created by a lambda function will be used.
- Specified by:
getKubectlLambdaRole
in interfaceICluster
-
getKubectlLayer
An AWS Lambda layer that includeskubectl
andhelm
.If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8
- Specified by:
getKubectlLayer
in interfaceICluster
-
getKubectlMemory
The amount of memory allocated to the kubectl provider's lambda function.- Specified by:
getKubectlMemory
in interfaceICluster
-
getKubectlPrivateSubnets
Subnets to host thekubectl
compute resources.Default: - If not specified, the k8s endpoint is expected to be accessible publicly.
- Specified by:
getKubectlPrivateSubnets
in interfaceICluster
-
getKubectlRole
An IAM role that can perform kubectl operations against this cluster.The role should be mapped to the
system:masters
Kubernetes RBAC role.- Specified by:
getKubectlRole
in interfaceICluster
-
getKubectlSecurityGroup
A security group to use forkubectl
execution.Default: - If not specified, the k8s endpoint is expected to be accessible publicly.
- Specified by:
getKubectlSecurityGroup
in interfaceICluster
-
getOnEventLayer
The AWS Lambda layer that contains the NPM dependencyproxy-agent
.If undefined, a SAR app that contains this layer will be used.
- Specified by:
getOnEventLayer
in interfaceICluster
-