RegisterCluster - Amazon EKS

RegisterCluster

Connects a Kubernetes cluster to the Amazon EKS control plane.

Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes.

Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control plane.

Second, a Manifest containing the activationID and activationCode must be applied to the Kubernetes cluster through it's native provider to provide visibility.

After the Manifest is updated and applied, then the connected cluster is visible to the Amazon EKS control plane. If the Manifest is not applied within three days, then the connected cluster will no longer be visible and must be deregistered. See DeregisterCluster .

Request Syntax

POST /cluster-registrations HTTP/1.1 Content-type: application/json { "clientRequestToken": "string", "connectorConfig": { "provider": "string", "roleArn": "string" }, "name": "string", "tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientRequestToken

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

Type: String

Required: No

connectorConfig

The configuration settings required to connect the Kubernetes cluster to the Amazon EKS control plane.

Type: ConnectorConfigRequest object

Required: Yes

name

Define a unique name for this cluster for your Region.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 100.

Pattern: ^[0-9A-Za-z][A-Za-z0-9\-_]*

Required: Yes

tags

The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags do not propagate to any other resources associated with the cluster.

Type: String to string map

Map Entries: Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Maximum length of 256.

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "cluster": { "arn": "string", "certificateAuthority": { "data": "string" }, "clientRequestToken": "string", "connectorConfig": { "activationCode": "string", "activationExpiry": number, "activationId": "string", "provider": "string", "roleArn": "string" }, "createdAt": number, "encryptionConfig": [ { "provider": { "keyArn": "string" }, "resources": [ "string" ] } ], "endpoint": "string", "identity": { "oidc": { "issuer": "string" } }, "kubernetesNetworkConfig": { "serviceIpv4Cidr": "string" }, "logging": { "clusterLogging": [ { "enabled": boolean, "types": [ "string" ] } ] }, "name": "string", "platformVersion": "string", "resourcesVpcConfig": { "clusterSecurityGroupId": "string", "endpointPrivateAccess": boolean, "endpointPublicAccess": boolean, "publicAccessCidrs": [ "string" ], "securityGroupIds": [ "string" ], "subnetIds": [ "string" ], "vpcId": "string" }, "roleArn": "string", "status": "string", "tags": { "string" : "string" }, "version": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

cluster

An object representing an Amazon EKS cluster.

Type: Cluster object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.

HTTP Status Code: 403

ClientException

These errors are usually caused by a client action. Actions can include using an action or resource on behalf of a user that doesn't have permissions to use the action or resource or specifying an identifier that is not valid.

HTTP Status Code: 400

InvalidParameterException

The specified parameter is invalid. Review the available parameters for the API request.

HTTP Status Code: 400

ResourceInUseException

The specified resource is in use.

HTTP Status Code: 409

ResourceLimitExceededException

You have encountered a service limit on the specified resource.

HTTP Status Code: 400

ResourcePropagationDelayException

Required resources (such as Service Linked Roles) were created and are still propagating. Retry later.

HTTP Status Code: 428

ServerException

These errors are usually caused by a server-side issue.

HTTP Status Code: 500

ServiceUnavailableException

The service is unavailable. Back off and retry the operation.

HTTP Status Code: 503

Examples

In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an AWS Signature Version 4 signature. For more information about creating these signatures, see Signature Version 4 Signing Process in the Amazon EKS General Reference.

You need to learn how to sign HTTP requests only if you intend to manually create them. When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools. When you use these tools, you don't need to learn how to sign requests yourself.

Example

The following example connects a Kubernetes cluster named my-api-created-external-cluster.

Sample Request

POST /clusters HTTP/1.1 Host: eks.us-west-2.amazonaws.com Accept-Encoding: identity User-Agent: aws-cli/1.16.120 Python/3.7.0 Darwin/18.2.0 botocore/1.12.110 X-Amz-Date: 20190322T160158Z Authorization: AUTHPARAMS Content-Length: 368 { "name": "my-api-created-external-cluster", "connectorConfig": { "roleArn": "arn:aws:iam::ACCOUNT_ID:role/eks-connector-agent", "provider" : "OTHER" } }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: