aws-cdk-lib.aws_eks.ClusterProps

interface ClusterProps

LanguageType name
.NETAmazon.CDK.AWS.EKS.ClusterProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awseks#ClusterProps
Javasoftware.amazon.awscdk.services.eks.ClusterProps
Pythonaws_cdk.aws_eks.ClusterProps
TypeScript (source)aws-cdk-lib » aws_eks » ClusterProps

Common configuration props for EKS clusters.

Example

const cluster = new eks.Cluster(this, 'HelloEKS', {
  version: eks.KubernetesVersion.V1_26,
  defaultCapacity: 0,
});

cluster.addNodegroupCapacity('custom-node-group', {
  instanceTypes: [new ec2.InstanceType('m5.large')],
  minSize: 4,
  diskSize: 100,
  amiType: eks.NodegroupAmiType.AL2_X86_64_GPU,
});

Properties

NameTypeDescription
versionKubernetesVersionThe Kubernetes version to run in the cluster.
albController?AlbControllerOptionsInstall the AWS Load Balancer Controller onto the cluster.
awscliLayer?ILayerVersionAn AWS Lambda layer that contains the aws CLI.
clusterHandlerEnvironment?{ [string]: string }Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.
clusterHandlerSecurityGroup?ISecurityGroupA security group to associate with the Cluster Handler's Lambdas.
clusterLogging?ClusterLoggingTypes[]The cluster log types which you want to enable.
clusterName?stringName for the cluster.
coreDnsComputeType?CoreDnsComputeTypeControls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.
defaultCapacity?numberNumber of instances to allocate as an initial capacity for this cluster.
defaultCapacityInstance?InstanceTypeThe instance type to use for the default capacity.
defaultCapacityType?DefaultCapacityTypeThe default capacity type for the cluster.
endpointAccess?EndpointAccessConfigure access to the Kubernetes API server endpoint..
ipFamily?IpFamilySpecify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlEnvironment?{ [string]: string }Environment variables for the kubectl execution.
kubectlLambdaRole?IRoleThe IAM role to pass to the Kubectl Lambda Handler.
kubectlLayer?ILayerVersionAn AWS Lambda Layer which includes kubectl and Helm.
kubectlMemory?SizeAmount of memory to allocate to the provider's lambda function.
mastersRole?IRoleAn IAM role that will be added to the system:masters Kubernetes RBAC group.
onEventLayer?ILayerVersionAn AWS Lambda Layer which includes the NPM dependency proxy-agent.
outputClusterName?booleanDetermines whether a CloudFormation output with the name of the cluster will be synthesized.
outputConfigCommand?booleanDetermines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized.
outputMastersRoleArn?booleanDetermines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if mastersRole is specified).
placeClusterHandlerInVpc?booleanIf set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets selection strategy.
prune?booleanIndicates whether Kubernetes resources added through addManifest() can be automatically pruned.
role?IRoleRole that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
secretsEncryptionKey?IKeyKMS secret for envelope encryption for Kubernetes secrets.
securityGroup?ISecurityGroupSecurity Group to use for Control Plane ENIs.
serviceIpv4Cidr?stringThe CIDR block to assign Kubernetes service IP addresses from.
tags?{ [string]: string }The tags assigned to the EKS cluster.
vpc?IVpcThe VPC in which to create the Cluster.
vpcSubnets?SubnetSelection[]Where to place EKS Control Plane ENIs.

version

Type: KubernetesVersion

The Kubernetes version to run in the cluster.


albController?

Type: AlbControllerOptions (optional, default: The controller is not installed.)

Install the AWS Load Balancer Controller onto the cluster.

See also: https://kubernetes-sigs.github.io/aws-load-balancer-controller


awscliLayer?

Type: ILayerVersion (optional, default: a default layer with the AWS CLI 1.x)

An AWS Lambda layer that contains the aws CLI.

The handler expects the layer to include the following executables:

/opt/awscli/aws

clusterHandlerEnvironment?

Type: { [string]: string } (optional, default: No environment variables.)

Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.


clusterHandlerSecurityGroup?

Type: ISecurityGroup (optional, default: No security group.)

A security group to associate with the Cluster Handler's Lambdas.

The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.

Requires placeClusterHandlerInVpc to be set to true.


clusterLogging?

Type: ClusterLoggingTypes[] (optional, default: none)

The cluster log types which you want to enable.


clusterName?

Type: string (optional, default: Automatically generated name)

Name for the cluster.


coreDnsComputeType?

Type: CoreDnsComputeType (optional, default: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE))

Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.


defaultCapacity?

Type: number (optional, default: 2)

Number of instances to allocate as an initial capacity for this cluster.

Instance type can be configured through defaultCapacityInstanceType, which defaults to m5.large.

Use cluster.addAutoScalingGroupCapacity to add additional customized capacity. Set this to 0 is you wish to avoid the initial capacity allocation.


defaultCapacityInstance?

Type: InstanceType (optional, default: m5.large)

The instance type to use for the default capacity.

This will only be taken into account if defaultCapacity is > 0.


defaultCapacityType?

Type: DefaultCapacityType (optional, default: NODEGROUP)

The default capacity type for the cluster.


endpointAccess?

Type: EndpointAccess (optional, default: EndpointAccess.PUBLIC_AND_PRIVATE)

Configure access to the Kubernetes API server endpoint..

See also: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html


ipFamily?

Type: IpFamily (optional, default: IpFamily.IP_V4)

Specify which IP family is used to assign Kubernetes pod and service IP addresses.

See also: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily


kubectlEnvironment?

Type: { [string]: string } (optional, default: No environment variables.)

Environment variables for the kubectl execution.

Only relevant for kubectl enabled clusters.


kubectlLambdaRole?

Type: IRole (optional, default: Default Lambda IAM Execution Role)

The IAM role to pass to the Kubectl Lambda Handler.


kubectlLayer?

Type: ILayerVersion (optional, default: a default layer with Kubectl 1.20.)

An AWS Lambda Layer which includes kubectl and Helm.

This layer is used by the kubectl handler to apply manifests and install helm charts. You must pick an appropriate releases of one of the @aws-cdk/layer-kubectl-vXX packages, that works with the version of Kubernetes you have chosen. If you don't supply this value kubectl 1.20 will be used, but that version is most likely too old.

The handler expects the layer to include the following executables:

/opt/helm/helm
/opt/kubectl/kubectl

kubectlMemory?

Type: Size (optional, default: Size.gibibytes(1))

Amount of memory to allocate to the provider's lambda function.


mastersRole?

Type: IRole (optional, default: no masters role.)

An IAM role that will be added to the system:masters Kubernetes RBAC group.

See also: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings


onEventLayer?

Type: ILayerVersion (optional, default: a layer bundled with this module.)

An AWS Lambda Layer which includes the NPM dependency proxy-agent.

This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

By default, the provider will use the layer included in the "aws-lambda-layer-node-proxy-agent" SAR application which is available in all commercial regions.

To deploy the layer locally define it in your app as follows:

const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', {
  code: lambda.Code.fromAsset(`${__dirname}/layer.zip`),
  compatibleRuntimes: [lambda.Runtime.NODEJS_14_X],
});

outputClusterName?

Type: boolean (optional, default: false)

Determines whether a CloudFormation output with the name of the cluster will be synthesized.


outputConfigCommand?

Type: boolean (optional, default: true)

Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized.

This command will include the cluster name and, if applicable, the ARN of the masters IAM role.


outputMastersRoleArn?

Type: boolean (optional, default: false)

Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if mastersRole is specified).


placeClusterHandlerInVpc?

Type: boolean (optional, default: false)

If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets selection strategy.


prune?

Type: boolean (optional, default: true)

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.


role?

Type: IRole (optional, default: A role is automatically created for you)

Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.


secretsEncryptionKey?

Type: IKey (optional, default: By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.)

KMS secret for envelope encryption for Kubernetes secrets.


securityGroup?

Type: ISecurityGroup (optional, default: A security group is automatically created)

Security Group to use for Control Plane ENIs.


serviceIpv4Cidr?

Type: string (optional, default: Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks)

The CIDR block to assign Kubernetes service IP addresses from.

See also: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr


tags?

Type: { [string]: string } (optional, default: none)

The tags assigned to the EKS cluster.


vpc?

Type: IVpc (optional, default: a VPC with default configuration will be created and can be accessed through cluster.vpc.)

The VPC in which to create the Cluster.


vpcSubnets?

Type: SubnetSelection[] (optional, default: All public and private subnets)

Where to place EKS Control Plane ENIs.

If you want to create public load balancers, this must include public subnets.

For example, to only select private subnets, supply the following:

vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]