ClusterOptions

class aws_cdk.aws_eks.ClusterOptions(*, version, cluster_name=None, output_cluster_name=None, output_config_command=None, role=None, security_group=None, vpc=None, vpc_subnets=None, alb_controller=None, cluster_handler_environment=None, cluster_handler_security_group=None, core_dns_compute_type=None, endpoint_access=None, kubectl_environment=None, kubectl_layer=None, kubectl_memory=None, masters_role=None, on_event_layer=None, output_masters_role_arn=None, place_cluster_handler_in_vpc=None, prune=None, secrets_encryption_key=None, service_ipv4_cidr=None)

Bases: CommonClusterOptions

Options for EKS clusters.

Parameters:

version (KubernetesVersion) – The Kubernetes version to run in the cluster.
cluster_name (Optional[str]) – Name for the cluster. Default: - Automatically generated name
output_cluster_name (Optional[bool]) – Determines whether a CloudFormation output with the name of the cluster will be synthesized. Default: false
output_config_command (Optional[bool]) – Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. Default: true
role (Optional[IRole]) – Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Default: - A role is automatically created for you
security_group (Optional[ISecurityGroup]) – Security Group to use for Control Plane ENIs. Default: - A security group is automatically created
vpc (Optional[IVpc]) – The VPC in which to create the Cluster. Default: - a VPC with default configuration will be created and can be accessed through cluster.vpc.
vpc_subnets (Optional[Sequence[Union[SubnetSelection, Dict[str, Any]]]]) – Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }] Default: - All public and private subnets
alb_controller (Union[AlbControllerOptions, Dict[str, Any], None]) – Install the AWS Load Balancer Controller onto the cluster. Default: - The controller is not installed.
cluster_handler_environment (Optional[Mapping[str, str]]) – Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. Default: - No environment variables.
cluster_handler_security_group (Optional[ISecurityGroup]) – A security group to associate with the Cluster Handler’s Lambdas. The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API. Requires placeClusterHandlerInVpc to be set to true. Default: - No security group.
core_dns_compute_type (Optional[CoreDnsComputeType]) – Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. Default: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE)
endpoint_access (Optional[EndpointAccess]) – Configure access to the Kubernetes API server endpoint.. Default: EndpointAccess.PUBLIC_AND_PRIVATE
kubectl_environment (Optional[Mapping[str, str]]) – Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. Default: - No environment variables.
kubectl_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI. By default, the provider will use the layer included in the “aws-lambda-layer-kubectl” SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:: const layer = new lambda.LayerVersion(this, ‘kubectl-layer’, { code: lambda.Code.fromAsset(${__dirname}/layer.zip), compatibleRuntimes: [lambda.Runtime.PROVIDED], }); Default: - the layer provided by the aws-lambda-layer-kubectl SAR app.
kubectl_memory (Optional[Size]) – Amount of memory to allocate to the provider’s lambda function. Default: Size.gibibytes(1)
masters_role (Optional[IRole]) – An IAM role that will be added to the system:masters Kubernetes RBAC group. Default: - a role that assumable by anyone with permissions in the same account will automatically be defined
on_event_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes the NPM dependency proxy-agent. This layer is used by the onEvent handler to route AWS SDK requests through a proxy. By default, the provider will use the layer included in the “aws-lambda-layer-node-proxy-agent” SAR application which is available in all commercial regions. To deploy the layer locally define it in your app as follows:: const layer = new lambda.LayerVersion(this, ‘proxy-agent-layer’, { code: lambda.Code.fromAsset(${__dirname}/layer.zip), compatibleRuntimes: [lambda.Runtime.NODEJS_14_X], }); Default: - a layer bundled with this module.
output_masters_role_arn (Optional[bool]) – Determines whether a CloudFormation output with the ARN of the “masters” IAM role will be synthesized (if mastersRole is specified). Default: false
place_cluster_handler_in_vpc (Optional[bool]) – If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets selection strategy. Default: false
prune (Optional[bool]) – Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch. Default: true
secrets_encryption_key (Optional[IKey]) – KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
service_ipv4_cidr (Optional[str]) – The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_ec2 as ec2
import aws_cdk.aws_eks as eks
import aws_cdk.aws_iam as iam
import aws_cdk.aws_kms as kms
import aws_cdk.aws_lambda as lambda_
import aws_cdk.core as cdk

# alb_controller_version: eks.AlbControllerVersion
# endpoint_access: eks.EndpointAccess
# key: kms.Key
# kubernetes_version: eks.KubernetesVersion
# layer_version: lambda.LayerVersion
# policy: Any
# role: iam.Role
# security_group: ec2.SecurityGroup
# size: cdk.Size
# subnet: ec2.Subnet
# subnet_filter: ec2.SubnetFilter
# vpc: ec2.Vpc

cluster_options = eks.ClusterOptions(
    version=kubernetes_version,

    # the properties below are optional
    alb_controller=eks.AlbControllerOptions(
        version=alb_controller_version,

        # the properties below are optional
        policy=policy,
        repository="repository"
    ),
    cluster_handler_environment={
        "cluster_handler_environment_key": "clusterHandlerEnvironment"
    },
    cluster_handler_security_group=security_group,
    cluster_name="clusterName",
    core_dns_compute_type=eks.CoreDnsComputeType.EC2,
    endpoint_access=endpoint_access,
    kubectl_environment={
        "kubectl_environment_key": "kubectlEnvironment"
    },
    kubectl_layer=layer_version,
    kubectl_memory=size,
    masters_role=role,
    on_event_layer=layer_version,
    output_cluster_name=False,
    output_config_command=False,
    output_masters_role_arn=False,
    place_cluster_handler_in_vpc=False,
    prune=False,
    role=role,
    secrets_encryption_key=key,
    security_group=security_group,
    service_ipv4_cidr="serviceIpv4Cidr",
    vpc=vpc,
    vpc_subnets=[ec2.SubnetSelection(
        availability_zones=["availabilityZones"],
        one_per_az=False,
        subnet_filters=[subnet_filter],
        subnet_group_name="subnetGroupName",
        subnet_name="subnetName",
        subnets=[subnet],
        subnet_type=ec2.SubnetType.ISOLATED
    )]
)

Attributes

alb_controller

Install the AWS Load Balancer Controller onto the cluster.

Default:

The controller is not installed.

See:

https://kubernetes-sigs.github.io/aws-load-balancer-controller

cluster_handler_environment

Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.

Default:

No environment variables.

cluster_handler_security_group

A security group to associate with the Cluster Handler’s Lambdas.

The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.

Requires placeClusterHandlerInVpc to be set to true.

Default:

No security group.

cluster_name

Name for the cluster.

Default:

Automatically generated name

core_dns_compute_type

Controls the “eks.amazonaws.com/compute-type” annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.

Default:: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE)

endpoint_access

Configure access to the Kubernetes API server endpoint..

Default:: EndpointAccess.PUBLIC_AND_PRIVATE
See:: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html

kubectl_environment

Environment variables for the kubectl execution.

Only relevant for kubectl enabled clusters.

Default:

No environment variables.

kubectl_layer

An AWS Lambda Layer which includes kubectl, Helm and the AWS CLI.

By default, the provider will use the layer included in the “aws-lambda-layer-kubectl” SAR application which is available in all commercial regions.

To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:

layer = lambda_.LayerVersion(self, "kubectl-layer",
    code=lambda_.Code.from_asset(f"{__dirname}/layer.zip"),
    compatible_runtimes=[lambda_.Runtime.PROVIDED]
)

Default:

the layer provided by the aws-lambda-layer-kubectl SAR app.

See:

https://github.com/aws-samples/aws-lambda-layer-kubectl

kubectl_memory

Amount of memory to allocate to the provider’s lambda function.

Default:: Size.gibibytes(1)

masters_role

An IAM role that will be added to the system:masters Kubernetes RBAC group.

Default:

a role that assumable by anyone with permissions in the same

account will automatically be defined

See:: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings

on_event_layer

An AWS Lambda Layer which includes the NPM dependency proxy-agent.

This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

By default, the provider will use the layer included in the “aws-lambda-layer-node-proxy-agent” SAR application which is available in all commercial regions.

To deploy the layer locally define it in your app as follows:

layer = lambda_.LayerVersion(self, "proxy-agent-layer",
    code=lambda_.Code.from_asset(f"{__dirname}/layer.zip"),
    compatible_runtimes=[lambda_.Runtime.NODEJS_14_X]
)

Default:

a layer bundled with this module.

output_cluster_name

Determines whether a CloudFormation output with the name of the cluster will be synthesized.

Default:: false

output_config_command

Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized.

This command will include the cluster name and, if applicable, the ARN of the masters IAM role.

Default:: true

output_masters_role_arn

Determines whether a CloudFormation output with the ARN of the “masters” IAM role will be synthesized (if mastersRole is specified).

Default:: false

place_cluster_handler_in_vpc

If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets selection strategy.

Default:: false

prune

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Default:: true

role

Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.

Default:

A role is automatically created for you

secrets_encryption_key

KMS secret for envelope encryption for Kubernetes secrets.

Default:

By default, Kubernetes stores all secret object data within etcd and

all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.

security_group

Security Group to use for Control Plane ENIs.

Default:

A security group is automatically created

service_ipv4_cidr

The CIDR block to assign Kubernetes service IP addresses from.

Default:

Kubernetes assigns addresses from either the

10.100.0.0/16 or 172.20.0.0/16 CIDR blocks

See:: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr

version: The Kubernetes version to run in the cluster.

vpc

The VPC in which to create the Cluster.

Default:

a VPC with default configuration will be created and can be accessed through cluster.vpc.

vpc_subnets

Where to place EKS Control Plane ENIs.

If you want to create public load balancers, this must include public subnets.

For example, to only select private subnets, supply the following:

vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }]

Default:

All public and private subnets