aws-cdk-lib.aws_eks.ClusterAttributes

interface ClusterAttributes

LanguageType name
.NETAmazon.CDK.AWS.EKS.ClusterAttributes
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awseks#ClusterAttributes
Javasoftware.amazon.awscdk.services.eks.ClusterAttributes
Pythonaws_cdk.aws_eks.ClusterAttributes
TypeScript (source)aws-cdk-lib » aws_eks » ClusterAttributes

Attributes for EKS clusters.

Example

declare const cluster: eks.Cluster;
declare const asg: autoscaling.AutoScalingGroup;
const importedCluster = eks.Cluster.fromClusterAttributes(this, 'ImportedCluster', {
  clusterName: cluster.clusterName,
  clusterSecurityGroupId: cluster.clusterSecurityGroupId,
});

importedCluster.connectAutoScalingGroupCapacity(asg, {});

Properties

NameTypeDescription
clusterNamestringThe physical name of the Cluster.
awscliLayer?ILayerVersionAn AWS Lambda layer that contains the aws CLI.
clusterCertificateAuthorityData?stringThe certificate-authority-data for your cluster.
clusterEncryptionConfigKeyArn?stringAmazon Resource Name (ARN) or alias of the customer master key (CMK).
clusterEndpoint?stringThe API Server endpoint URL.
clusterHandlerSecurityGroupId?stringA security group id to associate with the Cluster Handler's Lambdas.
clusterSecurityGroupId?stringThe cluster security group that was created by Amazon EKS for the cluster.
ipFamily?IpFamilySpecify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlEnvironment?{ [string]: string }Environment variables to use when running kubectl against this cluster.
kubectlLambdaRole?IRoleAn IAM role that can perform kubectl operations against this cluster.
kubectlLayer?ILayerVersionAn AWS Lambda Layer which includes kubectl and Helm.
kubectlMemory?SizeAmount of memory to allocate to the provider's lambda function.
kubectlPrivateSubnetIds?string[]Subnets to host the kubectl compute resources.
kubectlProvider?IKubectlProviderKubectlProvider for issuing kubectl commands.
kubectlRoleArn?stringAn IAM role with cluster administrator and "system:masters" permissions.
kubectlSecurityGroupId?stringA security group to use for kubectl execution.
onEventLayer?ILayerVersionAn AWS Lambda Layer which includes the NPM dependency proxy-agent.
openIdConnectProvider?IOpenIdConnectProviderAn Open ID Connect provider for this cluster that can be used to configure service accounts.
prune?booleanIndicates whether Kubernetes resources added through addManifest() can be automatically pruned.
securityGroupIds?string[]Additional security groups associated with this cluster.
vpc?IVpcThe VPC in which this Cluster was created.

clusterName

Type: string

The physical name of the Cluster.


awscliLayer?

Type: ILayerVersion (optional, default: a default layer with the AWS CLI 1.x)

An AWS Lambda layer that contains the aws CLI.

The handler expects the layer to include the following executables:

/opt/awscli/aws

clusterCertificateAuthorityData?

Type: string (optional, default: if not specified cluster.clusterCertificateAuthorityData will throw an error)

The certificate-authority-data for your cluster.


clusterEncryptionConfigKeyArn?

Type: string (optional, default: if not specified cluster.clusterEncryptionConfigKeyArn will throw an error)

Amazon Resource Name (ARN) or alias of the customer master key (CMK).


clusterEndpoint?

Type: string (optional, default: if not specified cluster.clusterEndpoint will throw an error.)

The API Server endpoint URL.


clusterHandlerSecurityGroupId?

Type: string (optional, default: No security group.)

A security group id to associate with the Cluster Handler's Lambdas.

The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.


clusterSecurityGroupId?

Type: string (optional, default: if not specified cluster.clusterSecurityGroupId will throw an error)

The cluster security group that was created by Amazon EKS for the cluster.


ipFamily?

Type: IpFamily (optional, default: IpFamily.IP_V4)

Specify which IP family is used to assign Kubernetes pod and service IP addresses.

See also: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily


kubectlEnvironment?

Type: { [string]: string } (optional, default: no additional variables)

Environment variables to use when running kubectl against this cluster.


kubectlLambdaRole?

Type: IRole (optional, default: if not specified, the default role created by a lambda function will be used.)

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.


kubectlLayer?

Type: ILayerVersion (optional, default: a default layer with Kubectl 1.20 and helm 3.8.)

An AWS Lambda Layer which includes kubectl and Helm.

This layer is used by the kubectl handler to apply manifests and install helm charts. You must pick an appropriate releases of one of the @aws-cdk/layer-kubectl-vXX packages, that works with the version of Kubernetes you have chosen. If you don't supply this value kubectl 1.20 will be used, but that version is most likely too old.

The handler expects the layer to include the following executables:

/opt/helm/helm
/opt/kubectl/kubectl

kubectlMemory?

Type: Size (optional, default: Size.gibibytes(1))

Amount of memory to allocate to the provider's lambda function.


kubectlPrivateSubnetIds?

Type: string[] (optional, default: k8s endpoint is expected to be accessible publicly)

Subnets to host the kubectl compute resources.

If not specified, the k8s endpoint is expected to be accessible publicly.


kubectlProvider?

Type: IKubectlProvider (optional, default: Default CDK provider)

KubectlProvider for issuing kubectl commands.


kubectlRoleArn?

Type: string (optional, default: if not specified, it not be possible to issue kubectl commands against an imported cluster.)

An IAM role with cluster administrator and "system:masters" permissions.


kubectlSecurityGroupId?

Type: string (optional, default: k8s endpoint is expected to be accessible publicly)

A security group to use for kubectl execution.

If not specified, the k8s endpoint is expected to be accessible publicly.


onEventLayer?

Type: ILayerVersion (optional, default: a layer bundled with this module.)

An AWS Lambda Layer which includes the NPM dependency proxy-agent.

This layer is used by the onEvent handler to route AWS SDK requests through a proxy.

The handler expects the layer to include the following node_modules:

proxy-agent


openIdConnectProvider?

Type: IOpenIdConnectProvider (optional, default: if not specified cluster.openIdConnectProvider and cluster.addServiceAccount will throw an error.)

An Open ID Connect provider for this cluster that can be used to configure service accounts.

You can either import an existing provider using iam.OpenIdConnectProvider.fromProviderArn, or create a new provider using new eks.OpenIdConnectProvider


prune?

Type: boolean (optional, default: true)

Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.

When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the kubectl apply operation with the --prune switch.


securityGroupIds?

Type: string[] (optional, default: if not specified, no additional security groups will be considered in cluster.connections.)

Additional security groups associated with this cluster.


vpc?

Type: IVpc (optional, default: if not specified cluster.vpc will throw an error)

The VPC in which this Cluster was created.