ClusterAttributes

class aws_cdk.aws_eks.ClusterAttributes(*, cluster_name, awscli_layer=None, cluster_certificate_authority_data=None, cluster_encryption_config_key_arn=None, cluster_endpoint=None, cluster_handler_security_group_id=None, cluster_security_group_id=None, ip_family=None, kubectl_environment=None, kubectl_lambda_role=None, kubectl_layer=None, kubectl_memory=None, kubectl_private_subnet_ids=None, kubectl_provider=None, kubectl_role_arn=None, kubectl_security_group_id=None, on_event_layer=None, open_id_connect_provider=None, prune=None, security_group_ids=None, vpc=None)

Bases: object

Attributes for EKS clusters.

Parameters:

  • cluster_name (str) – The physical name of the Cluster.

  • awscli_layer (Optional[ILayerVersion]) – An AWS Lambda layer that contains the aws CLI. The handler expects the layer to include the following executables:: /opt/awscli/aws Default: - a default layer with the AWS CLI 1.x

  • cluster_certificate_authority_data (Optional[str]) – The certificate-authority-data for your cluster. Default: - if not specified cluster.clusterCertificateAuthorityData will throw an error

  • cluster_encryption_config_key_arn (Optional[str]) – Amazon Resource Name (ARN) or alias of the customer master key (CMK). Default: - if not specified cluster.clusterEncryptionConfigKeyArn will throw an error

  • cluster_endpoint (Optional[str]) – The API Server endpoint URL. Default: - if not specified cluster.clusterEndpoint will throw an error.

  • cluster_handler_security_group_id (Optional[str]) – A security group id to associate with the Cluster Handler’s Lambdas. The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API. Default: - No security group.

  • cluster_security_group_id (Optional[str]) – The cluster security group that was created by Amazon EKS for the cluster. Default: - if not specified cluster.clusterSecurityGroupId will throw an error

  • ip_family (Optional[IpFamily]) – Specify which IP family is used to assign Kubernetes pod and service IP addresses. Default: - IpFamily.IP_V4

  • kubectl_environment (Optional[Mapping[str, str]]) – Environment variables to use when running kubectl against this cluster. Default: - no additional variables

  • kubectl_lambda_role (Optional[IRole]) – An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the system:masters Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.

  • kubectl_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes kubectl and Helm. This layer is used by the kubectl handler to apply manifests and install helm charts. You must pick an appropriate releases of one of the @aws-cdk/layer-kubectl-vXX packages, that works with the version of Kubernetes you have chosen. If you don’t supply this value kubectl 1.20 will be used, but that version is most likely too old. The handler expects the layer to include the following executables:: /opt/helm/helm /opt/kubectl/kubectl Default: - a default layer with Kubectl 1.20 and helm 3.8.

  • kubectl_memory (Optional[Size]) – Amount of memory to allocate to the provider’s lambda function. Default: Size.gibibytes(1)

  • kubectl_private_subnet_ids (Optional[Sequence[str]]) – Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • kubectl_provider (Optional[IKubectlProvider]) – KubectlProvider for issuing kubectl commands. Default: - Default CDK provider

  • kubectl_role_arn (Optional[str]) – An IAM role with cluster administrator and “system:masters” permissions. Default: - if not specified, it not be possible to issue kubectl commands against an imported cluster.

  • kubectl_security_group_id (Optional[str]) – A security group to use for kubectl execution. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - k8s endpoint is expected to be accessible publicly

  • on_event_layer (Optional[ILayerVersion]) – An AWS Lambda Layer which includes the NPM dependency proxy-agent. This layer is used by the onEvent handler to route AWS SDK requests through a proxy. The handler expects the layer to include the following node_modules: proxy-agent Default: - a layer bundled with this module.

  • open_id_connect_provider (Optional[IOpenIdConnectProvider]) – An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider Default: - if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

  • prune (Optional[bool]) – Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch. Default: true

  • security_group_ids (Optional[Sequence[str]]) – Additional security groups associated with this cluster. Default: - if not specified, no additional security groups will be considered in cluster.connections.

  • vpc (Optional[IVpc]) – The VPC in which this Cluster was created. Default: - if not specified cluster.vpc will throw an error

ExampleMetadata:

infused

Example:

# cluster: eks.Cluster
# asg: autoscaling.AutoScalingGroup

imported_cluster = eks.Cluster.from_cluster_attributes(self, "ImportedCluster",
    cluster_name=cluster.cluster_name,
    cluster_security_group_id=cluster.cluster_security_group_id
)

imported_cluster.connect_auto_scaling_group_capacity(asg)

Attributes

awscli_layer

An AWS Lambda layer that contains the aws CLI.

The handler expects the layer to include the following executables:

/opt/awscli/aws
Default:

  • a default layer with the AWS CLI 1.x

cluster_certificate_authority_data

The certificate-authority-data for your cluster.

Default:

  • if not specified cluster.clusterCertificateAuthorityData will

throw an error

cluster_encryption_config_key_arn

Amazon Resource Name (ARN) or alias of the customer master key (CMK).

Default:

  • if not specified cluster.clusterEncryptionConfigKeyArn will

throw an error

cluster_endpoint

The API Server endpoint URL.

Default:

  • if not specified cluster.clusterEndpoint will throw an error.

cluster_handler_security_group_id

A security group id to associate with the Cluster Handler’s Lambdas.

The Cluster Handler’s Lambdas are responsible for calling AWS’s EKS API.

Default:

  • No security group.

cluster_name

The physical name of the Cluster.

cluster_security_group_id

The cluster security group that was created by Amazon EKS for the cluster.

Default:

  • if not specified cluster.clusterSecurityGroupId will throw an

error

ip_family

Specify which IP family is used to assign Kubernetes pod and service IP addresses.

Default:

  • IpFamily.IP_V4

See:

https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily

kubectl_environment

Environment variables to use when running kubectl against this cluster.

Default:

  • no additional variables

kubectl_lambda_role

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Default:

  • if not specified, the default role created by a lambda function will

be used.

kubectl_layer

An AWS Lambda Layer which includes kubectl and Helm.

This layer is used by the kubectl handler to apply manifests and install helm charts. You must pick an appropriate releases of one of the @aws-cdk/layer-kubectl-vXX packages, that works with the version of Kubernetes you have chosen. If you don’t supply this value kubectl 1.20 will be used, but that version is most likely too old.

The handler expects the layer to include the following executables:

/opt/helm/helm
/opt/kubectl/kubectl
Default:

  • a default layer with Kubectl 1.20 and helm 3.8.

kubectl_memory

Amount of memory to allocate to the provider’s lambda function.

Default:

Size.gibibytes(1)

kubectl_private_subnet_ids

Subnets to host the kubectl compute resources.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default:

  • k8s endpoint is expected to be accessible publicly

kubectl_provider

KubectlProvider for issuing kubectl commands.

Default:

  • Default CDK provider

kubectl_role_arn

masters” permissions.

Default:

  • if not specified, it not be possible to issue kubectl commands

against an imported cluster.

Type:

An IAM role with cluster administrator and “system

kubectl_security_group_id

A security group to use for kubectl execution.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default:

  • k8s endpoint is expected to be accessible publicly

on_event_layer

An AWS Lambda Layer which includes the NPM dependency proxy-agent.

This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

The handler expects the layer to include the following node_modules:

proxy-agent

Default:

  • a layer bundled with this module.

open_id_connect_provider

An Open ID Connect provider for this cluster that can be used to configure service accounts.

You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider

Default:

  • if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.

prune

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.

Default:

true

security_group_ids

Additional security groups associated with this cluster.

Default:

  • if not specified, no additional security groups will be

considered in cluster.connections.

vpc

The VPC in which this Cluster was created.

Default:

  • if not specified cluster.vpc will throw an error