ClusterOptions
- class aws_cdk.aws_eks.ClusterOptions(*, version, cluster_name=None, output_cluster_name=None, output_config_command=None, role=None, security_group=None, vpc=None, vpc_subnets=None, alb_controller=None, cluster_handler_environment=None, cluster_handler_security_group=None, core_dns_compute_type=None, endpoint_access=None, kubectl_environment=None, kubectl_layer=None, kubectl_memory=None, masters_role=None, on_event_layer=None, output_masters_role_arn=None, place_cluster_handler_in_vpc=None, prune=None, secrets_encryption_key=None, service_ipv4_cidr=None)
Bases:
CommonClusterOptions
Options for EKS clusters.
- Parameters:
version (
KubernetesVersion
) – The Kubernetes version to run in the cluster.cluster_name (
Optional
[str
]) – Name for the cluster. Default: - Automatically generated nameoutput_cluster_name (
Optional
[bool
]) – Determines whether a CloudFormation output with the name of the cluster will be synthesized. Default: falseoutput_config_command (
Optional
[bool
]) – Determines whether a CloudFormation output with theaws eks update-kubeconfig
command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. Default: truerole (
Optional
[IRole
]) – Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Default: - A role is automatically created for yousecurity_group (
Optional
[ISecurityGroup
]) – Security Group to use for Control Plane ENIs. Default: - A security group is automatically createdvpc (
Optional
[IVpc
]) – The VPC in which to create the Cluster. Default: - a VPC with default configuration will be created and can be accessed throughcluster.vpc
.vpc_subnets (
Optional
[Sequence
[Union
[SubnetSelection
,Dict
[str
,Any
]]]]) – Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following:vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }]
Default: - All public and private subnetsalb_controller (
Union
[AlbControllerOptions
,Dict
[str
,Any
],None
]) – Install the AWS Load Balancer Controller onto the cluster. Default: - The controller is not installed.cluster_handler_environment (
Optional
[Mapping
[str
,str
]]) – Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. Default: - No environment variables.cluster_handler_security_group (
Optional
[ISecurityGroup
]) – A security group to associate with the Cluster Handler’s Lambdas. The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API. RequiresplaceClusterHandlerInVpc
to be set to true. Default: - No security group.core_dns_compute_type (
Optional
[CoreDnsComputeType
]) – Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. Default: CoreDnsComputeType.EC2 (forFargateCluster
the default is FARGATE)endpoint_access (
Optional
[EndpointAccess
]) – Configure access to the Kubernetes API server endpoint.. Default: EndpointAccess.PUBLIC_AND_PRIVATEkubectl_environment (
Optional
[Mapping
[str
,str
]]) – Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. Default: - No environment variables.kubectl_layer (
Optional
[ILayerVersion
]) – An AWS Lambda Layer which includeskubectl
, Helm and the AWS CLI. By default, the provider will use the layer included in the “aws-lambda-layer-kubectl” SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:: const layer = new lambda.LayerVersion(this, ‘kubectl-layer’, { code: lambda.Code.fromAsset(${__dirname}/layer.zip), compatibleRuntimes: [lambda.Runtime.PROVIDED], }); Default: - the layer provided by theaws-lambda-layer-kubectl
SAR app.kubectl_memory (
Optional
[Size
]) – Amount of memory to allocate to the provider’s lambda function. Default: Size.gibibytes(1)masters_role (
Optional
[IRole
]) – An IAM role that will be added to thesystem:masters
Kubernetes RBAC group. Default: - a role that assumable by anyone with permissions in the same account will automatically be definedon_event_layer (
Optional
[ILayerVersion
]) – An AWS Lambda Layer which includes the NPM dependencyproxy-agent
. This layer is used by the onEvent handler to route AWS SDK requests through a proxy. By default, the provider will use the layer included in the “aws-lambda-layer-node-proxy-agent” SAR application which is available in all commercial regions. To deploy the layer locally define it in your app as follows:: const layer = new lambda.LayerVersion(this, ‘proxy-agent-layer’, { code: lambda.Code.fromAsset(${__dirname}/layer.zip), compatibleRuntimes: [lambda.Runtime.NODEJS_14_X], }); Default: - a layer bundled with this module.output_masters_role_arn (
Optional
[bool
]) – Determines whether a CloudFormation output with the ARN of the “masters” IAM role will be synthesized (ifmastersRole
is specified). Default: falseplace_cluster_handler_in_vpc (
Optional
[bool
]) – If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to thevpcSubnets
selection strategy. Default: falseprune (
Optional
[bool
]) – Indicates whether Kubernetes resources added throughaddManifest()
can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing thekubectl apply
operation with the--prune
switch. Default: truesecrets_encryption_key (
Optional
[IKey
]) – KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.service_ipv4_cidr (
Optional
[str
]) – The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_ec2 as ec2 import aws_cdk.aws_eks as eks import aws_cdk.aws_iam as iam import aws_cdk.aws_kms as kms import aws_cdk.aws_lambda as lambda_ import aws_cdk.core as cdk # alb_controller_version: eks.AlbControllerVersion # endpoint_access: eks.EndpointAccess # key: kms.Key # kubernetes_version: eks.KubernetesVersion # layer_version: lambda.LayerVersion # policy: Any # role: iam.Role # security_group: ec2.SecurityGroup # size: cdk.Size # subnet: ec2.Subnet # subnet_filter: ec2.SubnetFilter # vpc: ec2.Vpc cluster_options = eks.ClusterOptions( version=kubernetes_version, # the properties below are optional alb_controller=eks.AlbControllerOptions( version=alb_controller_version, # the properties below are optional policy=policy, repository="repository" ), cluster_handler_environment={ "cluster_handler_environment_key": "clusterHandlerEnvironment" }, cluster_handler_security_group=security_group, cluster_name="clusterName", core_dns_compute_type=eks.CoreDnsComputeType.EC2, endpoint_access=endpoint_access, kubectl_environment={ "kubectl_environment_key": "kubectlEnvironment" }, kubectl_layer=layer_version, kubectl_memory=size, masters_role=role, on_event_layer=layer_version, output_cluster_name=False, output_config_command=False, output_masters_role_arn=False, place_cluster_handler_in_vpc=False, prune=False, role=role, secrets_encryption_key=key, security_group=security_group, service_ipv4_cidr="serviceIpv4Cidr", vpc=vpc, vpc_subnets=[ec2.SubnetSelection( availability_zones=["availabilityZones"], one_per_az=False, subnet_filters=[subnet_filter], subnet_group_name="subnetGroupName", subnet_name="subnetName", subnets=[subnet], subnet_type=ec2.SubnetType.ISOLATED )] )
Attributes
- alb_controller
Install the AWS Load Balancer Controller onto the cluster.
- Default:
The controller is not installed.
- See:
https://kubernetes-sigs.github.io/aws-load-balancer-controller
- cluster_handler_environment
Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.
- Default:
No environment variables.
- cluster_handler_security_group
A security group to associate with the Cluster Handler’s Lambdas.
The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.
Requires
placeClusterHandlerInVpc
to be set to true.- Default:
No security group.
- cluster_name
Name for the cluster.
- Default:
Automatically generated name
- core_dns_compute_type
Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.
- Default:
CoreDnsComputeType.EC2 (for
FargateCluster
the default is FARGATE)
- endpoint_access
Configure access to the Kubernetes API server endpoint..
- Default:
EndpointAccess.PUBLIC_AND_PRIVATE
- See:
https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
- kubectl_environment
Environment variables for the kubectl execution.
Only relevant for kubectl enabled clusters.
- Default:
No environment variables.
- kubectl_layer
An AWS Lambda Layer which includes
kubectl
, Helm and the AWS CLI.By default, the provider will use the layer included in the “aws-lambda-layer-kubectl” SAR application which is available in all commercial regions.
To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:
layer = lambda_.LayerVersion(self, "kubectl-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip"), compatible_runtimes=[lambda_.Runtime.PROVIDED] )
- Default:
the layer provided by the
aws-lambda-layer-kubectl
SAR app.
- See:
- kubectl_memory
Amount of memory to allocate to the provider’s lambda function.
- Default:
Size.gibibytes(1)
- masters_role
An IAM role that will be added to the
system:masters
Kubernetes RBAC group.- Default:
a role that assumable by anyone with permissions in the same
account will automatically be defined
- on_event_layer
An AWS Lambda Layer which includes the NPM dependency
proxy-agent
.This layer is used by the onEvent handler to route AWS SDK requests through a proxy.
By default, the provider will use the layer included in the “aws-lambda-layer-node-proxy-agent” SAR application which is available in all commercial regions.
To deploy the layer locally define it in your app as follows:
layer = lambda_.LayerVersion(self, "proxy-agent-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip"), compatible_runtimes=[lambda_.Runtime.NODEJS_14_X] )
- Default:
a layer bundled with this module.
- output_cluster_name
Determines whether a CloudFormation output with the name of the cluster will be synthesized.
- Default:
false
- output_config_command
Determines whether a CloudFormation output with the
aws eks update-kubeconfig
command will be synthesized.This command will include the cluster name and, if applicable, the ARN of the masters IAM role.
- Default:
true
- output_masters_role_arn
Determines whether a CloudFormation output with the ARN of the “masters” IAM role will be synthesized (if
mastersRole
is specified).- Default:
false
- place_cluster_handler_in_vpc
If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the
vpcSubnets
selection strategy.- Default:
false
- prune
Indicates whether Kubernetes resources added through
addManifest()
can be automatically pruned.When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the
kubectl apply
operation with the--prune
switch.- Default:
true
- role
Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- Default:
A role is automatically created for you
- secrets_encryption_key
KMS secret for envelope encryption for Kubernetes secrets.
- Default:
By default, Kubernetes stores all secret object data within etcd and
all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
- security_group
Security Group to use for Control Plane ENIs.
- Default:
A security group is automatically created
- service_ipv4_cidr
The CIDR block to assign Kubernetes service IP addresses from.
- Default:
Kubernetes assigns addresses from either the
10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
- version
The Kubernetes version to run in the cluster.
- vpc
The VPC in which to create the Cluster.
- Default:
a VPC with default configuration will be created and can be accessed through
cluster.vpc
.
- vpc_subnets
Where to place EKS Control Plane ENIs.
If you want to create public load balancers, this must include public subnets.
For example, to only select private subnets, supply the following:
vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }]
- Default:
All public and private subnets