ClusterCommonOptions

class aws_cdk.aws_eks_v2.ClusterCommonOptions(*, version, alb_controller=None, cluster_logging=None, cluster_name=None, core_dns_compute_type=None, endpoint_access=None, ip_family=None, kubectl_provider_options=None, masters_role=None, prune=None, remote_node_networks=None, remote_pod_networks=None, removal_policy=None, role=None, secrets_encryption_key=None, security_group=None, service_ipv4_cidr=None, tags=None, vpc=None, vpc_subnets=None)

Bases: object

Options for configuring an EKS cluster.

Parameters:

  • version (KubernetesVersion) – The Kubernetes version to run in the cluster.

  • alb_controller (Union[AlbControllerOptions, Dict[str, Any], None]) – Install the AWS Load Balancer Controller onto the cluster. Default: - The controller is not installed.

  • cluster_logging (Optional[Sequence[ClusterLoggingTypes]]) – The cluster log types which you want to enable. Default: - none

  • cluster_name (Optional[str]) – Name for the cluster. Default: - Automatically generated name

  • core_dns_compute_type (Optional[CoreDnsComputeType]) – Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. Default: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE)

  • endpoint_access (Optional[EndpointAccess]) – Configure access to the Kubernetes API server endpoint.. Default: EndpointAccess.PUBLIC_AND_PRIVATE

  • ip_family (Optional[IpFamily]) – Specify which IP family is used to assign Kubernetes pod and service IP addresses. Default: IpFamily.IP_V4

  • kubectl_provider_options (Union[KubectlProviderOptions, Dict[str, Any], None]) – Options for creating the kubectl provider - a lambda function that executes kubectl and helm against the cluster. If defined, kubectlLayer is a required property. Default: - kubectl provider will not be created

  • masters_role (Optional[IRole]) – An IAM role that will be added to the system:masters Kubernetes RBAC group. Default: - no masters role.

  • prune (Optional[bool]) – Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch. Default: true

  • remote_node_networks (Optional[Sequence[Union[RemoteNodeNetwork, Dict[str, Any]]]]) – IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster. Default: - none

  • remote_pod_networks (Optional[Sequence[Union[RemotePodNetwork, Dict[str, Any]]]]) – IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes. Default: - none

  • removal_policy (Optional[RemovalPolicy]) – The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct. Default: - Resources will be deleted.

  • role (Optional[IRole]) – Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Default: - A role is automatically created for you

  • secrets_encryption_key (Optional[IKeyRef]) – KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.

  • security_group (Optional[ISecurityGroup]) – Security Group to use for Control Plane ENIs. Default: - A security group is automatically created

  • service_ipv4_cidr (Optional[str]) – The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks

  • tags (Optional[Mapping[str, str]]) – The tags assigned to the EKS cluster. Default: - none

  • vpc (Optional[IVpc]) – The VPC in which to create the Cluster. Default: - a VPC with default configuration will be created and can be accessed through cluster.vpc.

  • vpc_subnets (Optional[Sequence[Union[SubnetSelection, Dict[str, Any]]]]) – Where to place EKS Control Plane ENIs. For example, to only select private subnets, supply the following: vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }] Default: - All public and private subnets

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk as cdk
from aws_cdk import aws_ec2 as ec2
from aws_cdk import aws_eks_v2 as eks_v2
from aws_cdk import aws_iam as iam
from aws_cdk import aws_lambda as lambda_
from aws_cdk.interfaces import aws_kms as interfaces_kms

# additional_helm_chart_values: Any
# alb_controller_version: eks_v2.AlbControllerVersion
# endpoint_access: eks_v2.EndpointAccess
# key_ref: interfaces_kms.IKeyRef
# kubernetes_version: eks_v2.KubernetesVersion
# layer_version: lambda.LayerVersion
# policy: Any
# role: iam.Role
# security_group: ec2.SecurityGroup
# size: cdk.Size
# subnet: ec2.Subnet
# subnet_filter: ec2.SubnetFilter
# vpc: ec2.Vpc

cluster_common_options = eks_v2.ClusterCommonOptions(
    version=kubernetes_version,

    # the properties below are optional
    alb_controller=eks_v2.AlbControllerOptions(
        version=alb_controller_version,

        # the properties below are optional
        additional_helm_chart_values={
            "additional_helm_chart_values_key": additional_helm_chart_values
        },
        overwrite_service_account=False,
        policy=policy,
        removal_policy=cdk.RemovalPolicy.DESTROY,
        repository="repository"
    ),
    cluster_logging=[eks_v2.ClusterLoggingTypes.API],
    cluster_name="clusterName",
    core_dns_compute_type=eks_v2.CoreDnsComputeType.EC2,
    endpoint_access=endpoint_access,
    ip_family=eks_v2.IpFamily.IP_V4,
    kubectl_provider_options=eks_v2.KubectlProviderOptions(
        kubectl_layer=layer_version,

        # the properties below are optional
        awscli_layer=layer_version,
        environment={
            "environment_key": "environment"
        },
        memory=size,
        private_subnets=[subnet],
        removal_policy=cdk.RemovalPolicy.DESTROY,
        role=role,
        security_group=security_group
    ),
    masters_role=role,
    prune=False,
    remote_node_networks=[eks_v2.RemoteNodeNetwork(
        cidrs=["cidrs"]
    )],
    remote_pod_networks=[eks_v2.RemotePodNetwork(
        cidrs=["cidrs"]
    )],
    removal_policy=cdk.RemovalPolicy.DESTROY,
    role=role,
    secrets_encryption_key=key_ref,
    security_group=security_group,
    service_ipv4_cidr="serviceIpv4Cidr",
    tags={
        "tags_key": "tags"
    },
    vpc=vpc,
    vpc_subnets=[ec2.SubnetSelection(
        availability_zones=["availabilityZones"],
        one_per_az=False,
        subnet_filters=[subnet_filter],
        subnet_group_name="subnetGroupName",
        subnets=[subnet],
        subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
    )]
)

Attributes

alb_controller

Install the AWS Load Balancer Controller onto the cluster.

Default:

  • The controller is not installed.

See:

https://kubernetes-sigs.github.io/aws-load-balancer-controller

cluster_logging

The cluster log types which you want to enable.

Default:

  • none

cluster_name

Name for the cluster.

Default:

  • Automatically generated name

core_dns_compute_type

Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.

Default:

CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE)

endpoint_access

Configure access to the Kubernetes API server endpoint..

Default:

EndpointAccess.PUBLIC_AND_PRIVATE

See:

https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html

ip_family

Specify which IP family is used to assign Kubernetes pod and service IP addresses.

Default:

IpFamily.IP_V4

See:

https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily

kubectl_provider_options

Options for creating the kubectl provider - a lambda function that executes kubectl and helm against the cluster.

If defined, kubectlLayer is a required property.

Default:

  • kubectl provider will not be created

masters_role

An IAM role that will be added to the system:masters Kubernetes RBAC group.

Default:

  • no masters role.

See:

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings

prune

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Default:

true

remote_node_networks

IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster.

Default:

  • none

remote_pod_networks

IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes.

Default:

  • none

removal_policy

The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation.

This can happen in one of three situations:

  • The resource is removed from the template, so CloudFormation stops managing it;

  • A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it;

  • The stack is deleted, so CloudFormation stops managing all resources in it.

This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct.

Default:

  • Resources will be deleted.

role

Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.

Default:

  • A role is automatically created for you

secrets_encryption_key

KMS secret for envelope encryption for Kubernetes secrets.

Default:

  • By default, Kubernetes stores all secret object data within etcd and

all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.

security_group

Security Group to use for Control Plane ENIs.

Default:

  • A security group is automatically created

service_ipv4_cidr

The CIDR block to assign Kubernetes service IP addresses from.

Default:

  • Kubernetes assigns addresses from either the

10.100.0.0/16 or 172.20.0.0/16 CIDR blocks

See:

https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr

tags

The tags assigned to the EKS cluster.

Default:

  • none

version

The Kubernetes version to run in the cluster.

vpc

The VPC in which to create the Cluster.

Default:

  • a VPC with default configuration will be created and can be accessed through cluster.vpc.

vpc_subnets

Where to place EKS Control Plane ENIs.

For example, to only select private subnets, supply the following:

vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]

Default:

  • All public and private subnets