interface ICluster
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EKS.ICluster |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awseks#ICluster |
 Java | software.amazon.awscdk.services.eks.ICluster |
 Python | aws_cdk.aws_eks.ICluster |
 TypeScript (source) | aws-cdk-lib » aws_eks » ICluster |
Implemented by
Cluster, Fargate
Obtainable from
Cluster.fromClusterAttributes()
An EKS cluster.
Properties
| Name | Type | Description |
|---|---|---|
| cluster | string | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. |
| cluster | string | The certificate-authority-data for your cluster. |
| cluster | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). |
| cluster | string | The API Server endpoint URL. |
| cluster | string | The physical name of the Cluster. |
| cluster | ISecurity | The cluster security group that was created by Amazon EKS for the cluster. |
| cluster | string | The id of the cluster security group that was created by Amazon EKS for the cluster. |
| connections | Connections | The network connections associated with this resource. |
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| open | IOpen | The Open ID Connect Provider of the cluster used to configure Service Accounts. |
| prune | boolean | Indicates whether Kubernetes resources can be automatically pruned. |
| stack | Stack | The stack in which this resource is defined. |
| vpc | IVpc | The VPC in which this Cluster was created. |
| authentication | Authentication | The authentication mode for the cluster. |
| awscli | ILayer | An AWS Lambda layer that contains the aws CLI. |
| cluster | ISecurity | A security group to associate with the Cluster Handler's Lambdas. |
| eks | IAddon | The EKS Pod Identity Agent addon for the EKS cluster. |
| ip | Ip | Specify which IP family is used to assign Kubernetes pod and service IP addresses. |
| kubectl | { [string]: string } | Custom environment variables when running kubectl against this cluster. |
| kubectl | IRole | An IAM role that can perform kubectl operations against this cluster. |
| kubectl | ILayer | An AWS Lambda layer that includes kubectl and helm. |
| kubectl | Size | Amount of memory to allocate to the provider's lambda function. |
| kubectl | ISubnet[] | Subnets to host the kubectl compute resources. |
| kubectl | IKubectl | Kubectl Provider for issuing kubectl commands against it. |
| kubectl | IRole | An IAM role that can perform kubectl operations against this cluster. |
| kubectl | ISecurity | A security group to use for kubectl execution. |
| on | ILayer | An AWS Lambda layer that includes the NPM dependency proxy-agent. |
clusterArn
Type:
string
The unique ARN assigned to the service by AWS in the form of arn:aws:eks:.
clusterCertificateAuthorityData
Type:
string
The certificate-authority-data for your cluster.
clusterEncryptionConfigKeyArn
Type:
string
Amazon Resource Name (ARN) or alias of the customer master key (CMK).
clusterEndpoint
Type:
string
The API Server endpoint URL.
clusterName
Type:
string
The physical name of the Cluster.
clusterSecurityGroup
Type:
ISecurity
The cluster security group that was created by Amazon EKS for the cluster.
clusterSecurityGroupId
Type:
string
The id of the cluster security group that was created by Amazon EKS for the cluster.
connections
Type:
Connections
The network connections associated with this resource.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
openIdConnectProvider
Type:
IOpen
The Open ID Connect Provider of the cluster used to configure Service Accounts.
prune
Type:
boolean
Indicates whether Kubernetes resources can be automatically pruned.
When
this is enabled (default), prune labels will be allocated and injected to
each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.
stack
Type:
Stack
The stack in which this resource is defined.
vpc
Type:
IVpc
The VPC in which this Cluster was created.
authenticationMode?
Type:
Authentication
(optional, default: AuthenticationMode.CONFIG_MAP)
The authentication mode for the cluster.
awscliLayer?
Type:
ILayer
(optional)
An AWS Lambda layer that contains the aws CLI.
If not defined, a default layer will be used containing the AWS CLI 1.x.
clusterHandlerSecurityGroup?
Type:
ISecurity
(optional, default: No security group.)
A security group to associate with the Cluster Handler's Lambdas.
The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires placeClusterHandlerInVpc to be set to true.
eksPodIdentityAgent?
Type:
IAddon
(optional)
The EKS Pod Identity Agent addon for the EKS cluster.
The EKS Pod Identity Agent is responsible for managing the temporary credentials used by pods in the cluster to access AWS resources. It runs as a DaemonSet on each node and provides the necessary credentials to the pods based on their associated service account.
This property returns the CfnAddon resource representing the EKS Pod Identity
Agent addon. If the addon has not been created yet, it will be created and
returned.
ipFamily?
Type:
Ip
(optional, default: IpFamily.IP_V4)
Specify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlEnvironment?
Type:
{ [string]: string }
(optional)
Custom environment variables when running kubectl against this cluster.
kubectlLambdaRole?
Type:
IRole
(optional)
An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the system:masters Kubernetes RBAC role.
This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
kubectlLayer?
Type:
ILayer
(optional)
An AWS Lambda layer that includes kubectl and helm.
If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8
kubectlMemory?
Type:
Size
(optional)
Amount of memory to allocate to the provider's lambda function.
kubectlPrivateSubnets?
Type:
ISubnet[]
(optional)
Subnets to host the kubectl compute resources.
If this is undefined, the k8s endpoint is expected to be accessible publicly.
kubectlProvider?
Type:
IKubectl
(optional)
Kubectl Provider for issuing kubectl commands against it.
If not defined, a default provider will be used
kubectlRole?
Type:
IRole
(optional)
An IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the system:masters Kubernetes RBAC role.
kubectlSecurityGroup?
Type:
ISecurity
(optional)
A security group to use for kubectl execution.
If this is undefined, the k8s endpoint is expected to be accessible publicly.
onEventLayer?
Type:
ILayer
(optional)
An AWS Lambda layer that includes the NPM dependency proxy-agent.
If not defined, a default layer will be used.
Methods
| Name | Description |
|---|---|
| add | Defines a CDK8s chart in this cluster. |
| add | Defines a Helm chart in this cluster. |
| add | Defines a Kubernetes resource in this cluster. |
| add | Creates a new service account with corresponding IAM Role (IRSA). |
| apply | Apply the given removal policy to this resource. |
| connect | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. |
addCdk8sChart(id, chart, options?)
public addCdk8sChart(id: string, chart: Construct, options?: KubernetesManifestOptions): KubernetesManifest
Parameters
- id
string— logical id of this chart. - chart
Construct— the cdk8s chart. - options
KubernetesManifest Options
Returns
Defines a CDK8s chart in this cluster.
addHelmChart(id, options)
public addHelmChart(id: string, options: HelmChartOptions): HelmChart
Parameters
- id
string— logical id of this chart. - options
Helm— options of this chart.Chart Options
Returns
Defines a Helm chart in this cluster.
addManifest(id, ...manifest)
public addManifest(id: string, ...manifest: { [string]: any }[]): KubernetesManifest
Parameters
- id
string— logical id of this manifest. - manifest
{ [string]: any }— a list of Kubernetes resource specifications.
Returns
Defines a Kubernetes resource in this cluster.
The manifest will be applied/deleted using kubectl as needed.
addServiceAccount(id, options?)
public addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount
Parameters
- id
string— logical id of service account. - options
Service— service account options.Account Options
Returns
Creates a new service account with corresponding IAM Role (IRSA).
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
connectAutoScalingGroupCapacity(autoScalingGroup, options)
public connectAutoScalingGroupCapacity(autoScalingGroup: AutoScalingGroup, options: AutoScalingGroupOptions): void
Parameters
- autoScalingGroup
Auto— [disable-awslint:ref-via-interface].Scaling Group - options
Auto— options for adding auto scaling groups, like customizing the bootstrap script.Scaling Group Options
Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.
Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule.
If kubectl is enabled, the
spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
Prefer to use addAutoScalingGroupCapacity if possible.
See also: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html