Documentation ¶
Index ¶
- func AccessEntry_IsConstruct(x interface{}) *bool
- func AccessEntry_IsOwnedResource(construct constructs.IConstruct) *bool
- func AccessEntry_IsResource(construct constructs.IConstruct) *bool
- func AlbController_IsConstruct(x interface{}) *bool
- func AwsAuth_IsConstruct(x interface{}) *bool
- func CfnAccessEntry_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAccessEntry_IsCfnElement(x interface{}) *bool
- func CfnAccessEntry_IsCfnResource(x interface{}) *bool
- func CfnAccessEntry_IsConstruct(x interface{}) *bool
- func CfnAddon_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAddon_IsCfnElement(x interface{}) *bool
- func CfnAddon_IsCfnResource(x interface{}) *bool
- func CfnAddon_IsConstruct(x interface{}) *bool
- func CfnCluster_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCluster_IsCfnElement(x interface{}) *bool
- func CfnCluster_IsCfnResource(x interface{}) *bool
- func CfnCluster_IsConstruct(x interface{}) *bool
- func CfnFargateProfile_CFN_RESOURCE_TYPE_NAME() *string
- func CfnFargateProfile_IsCfnElement(x interface{}) *bool
- func CfnFargateProfile_IsCfnResource(x interface{}) *bool
- func CfnFargateProfile_IsConstruct(x interface{}) *bool
- func CfnIdentityProviderConfig_CFN_RESOURCE_TYPE_NAME() *string
- func CfnIdentityProviderConfig_IsCfnElement(x interface{}) *bool
- func CfnIdentityProviderConfig_IsCfnResource(x interface{}) *bool
- func CfnIdentityProviderConfig_IsConstruct(x interface{}) *bool
- func CfnNodegroup_CFN_RESOURCE_TYPE_NAME() *string
- func CfnNodegroup_IsCfnElement(x interface{}) *bool
- func CfnNodegroup_IsCfnResource(x interface{}) *bool
- func CfnNodegroup_IsConstruct(x interface{}) *bool
- func CfnPodIdentityAssociation_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPodIdentityAssociation_IsCfnElement(x interface{}) *bool
- func CfnPodIdentityAssociation_IsCfnResource(x interface{}) *bool
- func CfnPodIdentityAssociation_IsConstruct(x interface{}) *bool
- func Cluster_IsConstruct(x interface{}) *bool
- func Cluster_IsOwnedResource(construct constructs.IConstruct) *bool
- func Cluster_IsResource(construct constructs.IConstruct) *bool
- func FargateCluster_IsConstruct(x interface{}) *bool
- func FargateCluster_IsOwnedResource(construct constructs.IConstruct) *bool
- func FargateCluster_IsResource(construct constructs.IConstruct) *bool
- func FargateProfile_IsConstruct(x interface{}) *bool
- func HelmChart_IsConstruct(x interface{}) *bool
- func HelmChart_RESOURCE_TYPE() *string
- func KubectlProvider_IsConstruct(x interface{}) *bool
- func KubectlProvider_IsNestedStack(x interface{}) *bool
- func KubectlProvider_IsStack(x interface{}) *bool
- func KubectlProvider_Of(construct constructs.IConstruct) awscdk.Stack
- func KubernetesManifest_IsConstruct(x interface{}) *bool
- func KubernetesManifest_RESOURCE_TYPE() *string
- func KubernetesObjectValue_IsConstruct(x interface{}) *bool
- func KubernetesObjectValue_RESOURCE_TYPE() *string
- func KubernetesPatch_IsConstruct(x interface{}) *bool
- func NewAccessEntry_Override(a AccessEntry, scope constructs.Construct, id *string, props *AccessEntryProps)
- func NewAccessPolicyArn_Override(a AccessPolicyArn, policyName *string)
- func NewAccessPolicy_Override(a AccessPolicy, props *AccessPolicyProps)
- func NewAlbController_Override(a AlbController, scope constructs.Construct, id *string, ...)
- func NewAwsAuth_Override(a AwsAuth, scope constructs.Construct, id *string, props *AwsAuthProps)
- func NewCfnAccessEntry_Override(c CfnAccessEntry, scope constructs.Construct, id *string, ...)
- func NewCfnAddon_Override(c CfnAddon, scope constructs.Construct, id *string, props *CfnAddonProps)
- func NewCfnCluster_Override(c CfnCluster, scope constructs.Construct, id *string, props *CfnClusterProps)
- func NewCfnFargateProfile_Override(c CfnFargateProfile, scope constructs.Construct, id *string, ...)
- func NewCfnIdentityProviderConfig_Override(c CfnIdentityProviderConfig, scope constructs.Construct, id *string, ...)
- func NewCfnNodegroup_Override(c CfnNodegroup, scope constructs.Construct, id *string, ...)
- func NewCfnPodIdentityAssociation_Override(c CfnPodIdentityAssociation, scope constructs.Construct, id *string, ...)
- func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)
- func NewEksOptimizedImage_Override(e EksOptimizedImage, props *EksOptimizedImageProps)
- func NewFargateCluster_Override(f FargateCluster, scope constructs.Construct, id *string, ...)
- func NewFargateProfile_Override(f FargateProfile, scope constructs.Construct, id *string, ...)
- func NewHelmChart_Override(h HelmChart, scope constructs.Construct, id *string, props *HelmChartProps)
- func NewKubectlProvider_Override(k KubectlProvider, scope constructs.Construct, id *string, ...)
- func NewKubernetesManifest_Override(k KubernetesManifest, scope constructs.Construct, id *string, ...)
- func NewKubernetesObjectValue_Override(k KubernetesObjectValue, scope constructs.Construct, id *string, ...)
- func NewKubernetesPatch_Override(k KubernetesPatch, scope constructs.Construct, id *string, ...)
- func NewNodegroup_Override(n Nodegroup, scope constructs.Construct, id *string, props *NodegroupProps)
- func NewOpenIdConnectProvider_Override(o OpenIdConnectProvider, scope constructs.Construct, id *string, ...)
- func NewServiceAccount_Override(s ServiceAccount, scope constructs.Construct, id *string, ...)
- func Nodegroup_IsConstruct(x interface{}) *bool
- func Nodegroup_IsOwnedResource(construct constructs.IConstruct) *bool
- func Nodegroup_IsResource(construct constructs.IConstruct) *bool
- func OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope constructs.Construct, id *string, openIdConnectProviderArn *string) awsiam.IOpenIdConnectProvider
- func OpenIdConnectProvider_IsConstruct(x interface{}) *bool
- func OpenIdConnectProvider_IsOwnedResource(construct constructs.IConstruct) *bool
- func OpenIdConnectProvider_IsResource(construct constructs.IConstruct) *bool
- func ServiceAccount_IsConstruct(x interface{}) *bool
- type AccessEntry
- type AccessEntryAttributes
- type AccessEntryProps
- type AccessEntryType
- type AccessPolicy
- type AccessPolicyArn
- func AccessPolicyArn_AMAZON_EKS_ADMIN_POLICY() AccessPolicyArn
- func AccessPolicyArn_AMAZON_EKS_ADMIN_VIEW_POLICY() AccessPolicyArn
- func AccessPolicyArn_AMAZON_EKS_CLUSTER_ADMIN_POLICY() AccessPolicyArn
- func AccessPolicyArn_AMAZON_EKS_EDIT_POLICY() AccessPolicyArn
- func AccessPolicyArn_AMAZON_EKS_VIEW_POLICY() AccessPolicyArn
- func AccessPolicyArn_Of(policyName *string) AccessPolicyArn
- func NewAccessPolicyArn(policyName *string) AccessPolicyArn
- type AccessPolicyNameOptions
- type AccessPolicyProps
- type AccessScope
- type AccessScopeType
- type AlbController
- type AlbControllerOptions
- type AlbControllerProps
- type AlbControllerVersion
- func AlbControllerVersion_Of(version *string, helmChartVersion *string) AlbControllerVersion
- func AlbControllerVersion_V2_0_0() AlbControllerVersion
- func AlbControllerVersion_V2_0_1() AlbControllerVersion
- func AlbControllerVersion_V2_1_0() AlbControllerVersion
- func AlbControllerVersion_V2_1_1() AlbControllerVersion
- func AlbControllerVersion_V2_1_2() AlbControllerVersion
- func AlbControllerVersion_V2_1_3() AlbControllerVersion
- func AlbControllerVersion_V2_2_0() AlbControllerVersion
- func AlbControllerVersion_V2_2_1() AlbControllerVersion
- func AlbControllerVersion_V2_2_2() AlbControllerVersion
- func AlbControllerVersion_V2_2_3() AlbControllerVersion
- func AlbControllerVersion_V2_2_4() AlbControllerVersion
- func AlbControllerVersion_V2_3_0() AlbControllerVersion
- func AlbControllerVersion_V2_3_1() AlbControllerVersion
- func AlbControllerVersion_V2_4_1() AlbControllerVersion
- func AlbControllerVersion_V2_4_2() AlbControllerVersion
- func AlbControllerVersion_V2_4_3() AlbControllerVersion
- func AlbControllerVersion_V2_4_4() AlbControllerVersion
- func AlbControllerVersion_V2_4_5() AlbControllerVersion
- func AlbControllerVersion_V2_4_6() AlbControllerVersion
- func AlbControllerVersion_V2_4_7() AlbControllerVersion
- func AlbControllerVersion_V2_5_0() AlbControllerVersion
- func AlbControllerVersion_V2_5_1() AlbControllerVersion
- func AlbControllerVersion_V2_5_2() AlbControllerVersion
- func AlbControllerVersion_V2_5_3() AlbControllerVersion
- func AlbControllerVersion_V2_5_4() AlbControllerVersion
- func AlbControllerVersion_V2_6_0() AlbControllerVersion
- func AlbControllerVersion_V2_6_1() AlbControllerVersion
- func AlbControllerVersion_V2_6_2() AlbControllerVersion
- type AlbScheme
- type AuthenticationMode
- type AutoScalingGroupCapacityOptions
- type AutoScalingGroupOptions
- type AwsAuth
- type AwsAuthMapping
- type AwsAuthProps
- type BootstrapOptions
- type CapacityType
- type CfnAccessEntry
- type CfnAccessEntryProps
- type CfnAccessEntry_AccessPolicyProperty
- type CfnAccessEntry_AccessScopeProperty
- type CfnAddon
- type CfnAddonProps
- type CfnAddon_PodIdentityAssociationProperty
- type CfnCluster
- type CfnClusterProps
- type CfnCluster_AccessConfigProperty
- type CfnCluster_ClusterLoggingProperty
- type CfnCluster_ControlPlanePlacementProperty
- type CfnCluster_EncryptionConfigProperty
- type CfnCluster_KubernetesNetworkConfigProperty
- type CfnCluster_LoggingProperty
- type CfnCluster_LoggingTypeConfigProperty
- type CfnCluster_OutpostConfigProperty
- type CfnCluster_ProviderProperty
- type CfnCluster_ResourcesVpcConfigProperty
- type CfnFargateProfile
- type CfnFargateProfileProps
- type CfnFargateProfile_LabelProperty
- type CfnFargateProfile_SelectorProperty
- type CfnIdentityProviderConfig
- type CfnIdentityProviderConfigProps
- type CfnIdentityProviderConfig_OidcIdentityProviderConfigProperty
- type CfnIdentityProviderConfig_RequiredClaimProperty
- type CfnNodegroup
- type CfnNodegroupProps
- type CfnNodegroup_LaunchTemplateSpecificationProperty
- type CfnNodegroup_RemoteAccessProperty
- type CfnNodegroup_ScalingConfigProperty
- type CfnNodegroup_TaintProperty
- type CfnNodegroup_UpdateConfigProperty
- type CfnPodIdentityAssociation
- type CfnPodIdentityAssociationProps
- type Cluster
- type ClusterAttributes
- type ClusterLoggingTypes
- type ClusterOptions
- type ClusterProps
- type CommonClusterOptions
- type CoreDnsComputeType
- type CpuArch
- type DefaultCapacityType
- type EksOptimizedImage
- type EksOptimizedImageProps
- type EndpointAccess
- type FargateCluster
- type FargateClusterProps
- type FargateProfile
- type FargateProfileOptions
- type FargateProfileProps
- type HelmChart
- type HelmChartOptions
- type HelmChartProps
- type IAccessEntry
- type IAccessPolicy
- type ICluster
- type IKubectlProvider
- type INodegroup
- type IngressLoadBalancerAddressOptions
- type IpFamily
- type KubectlProvider
- type KubectlProviderAttributes
- type KubectlProviderProps
- type KubernetesManifest
- type KubernetesManifestOptions
- type KubernetesManifestProps
- type KubernetesObjectValue
- type KubernetesObjectValueProps
- type KubernetesPatch
- type KubernetesPatchProps
- type KubernetesVersion
- func KubernetesVersion_Of(version *string) KubernetesVersion
- func KubernetesVersion_V1_14() KubernetesVersion
- func KubernetesVersion_V1_15() KubernetesVersion
- func KubernetesVersion_V1_16() KubernetesVersion
- func KubernetesVersion_V1_17() KubernetesVersion
- func KubernetesVersion_V1_18() KubernetesVersion
- func KubernetesVersion_V1_19() KubernetesVersion
- func KubernetesVersion_V1_20() KubernetesVersion
- func KubernetesVersion_V1_21() KubernetesVersion
- func KubernetesVersion_V1_22() KubernetesVersion
- func KubernetesVersion_V1_23() KubernetesVersion
- func KubernetesVersion_V1_24() KubernetesVersion
- func KubernetesVersion_V1_25() KubernetesVersion
- func KubernetesVersion_V1_26() KubernetesVersion
- func KubernetesVersion_V1_27() KubernetesVersion
- func KubernetesVersion_V1_28() KubernetesVersion
- func KubernetesVersion_V1_29() KubernetesVersion
- func KubernetesVersion_V1_30() KubernetesVersion
- type LaunchTemplateSpec
- type MachineImageType
- type NodeType
- type Nodegroup
- type NodegroupAmiType
- type NodegroupOptions
- type NodegroupProps
- type NodegroupRemoteAccess
- type OpenIdConnectProvider
- type OpenIdConnectProviderProps
- type PatchType
- type Selector
- type ServiceAccount
- type ServiceAccountOptions
- type ServiceAccountProps
- type ServiceLoadBalancerAddressOptions
- type TaintEffect
- type TaintSpec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AccessEntry_IsConstruct ¶ added in v2.146.0
func AccessEntry_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func AccessEntry_IsOwnedResource ¶ added in v2.146.0
func AccessEntry_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func AccessEntry_IsResource ¶ added in v2.146.0
func AccessEntry_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func AlbController_IsConstruct ¶
func AlbController_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func AwsAuth_IsConstruct ¶
func AwsAuth_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnAccessEntry_CFN_RESOURCE_TYPE_NAME ¶ added in v2.117.0
func CfnAccessEntry_CFN_RESOURCE_TYPE_NAME() *string
func CfnAccessEntry_IsCfnElement ¶ added in v2.117.0
func CfnAccessEntry_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnAccessEntry_IsCfnResource ¶ added in v2.117.0
func CfnAccessEntry_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnAccessEntry_IsConstruct ¶ added in v2.117.0
func CfnAccessEntry_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnAddon_CFN_RESOURCE_TYPE_NAME ¶
func CfnAddon_CFN_RESOURCE_TYPE_NAME() *string
func CfnAddon_IsCfnElement ¶
func CfnAddon_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnAddon_IsCfnResource ¶
func CfnAddon_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnAddon_IsConstruct ¶
func CfnAddon_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnCluster_CFN_RESOURCE_TYPE_NAME ¶
func CfnCluster_CFN_RESOURCE_TYPE_NAME() *string
func CfnCluster_IsCfnElement ¶
func CfnCluster_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnCluster_IsCfnResource ¶
func CfnCluster_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnCluster_IsConstruct ¶
func CfnCluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnFargateProfile_CFN_RESOURCE_TYPE_NAME ¶
func CfnFargateProfile_CFN_RESOURCE_TYPE_NAME() *string
func CfnFargateProfile_IsCfnElement ¶
func CfnFargateProfile_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnFargateProfile_IsCfnResource ¶
func CfnFargateProfile_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnFargateProfile_IsConstruct ¶
func CfnFargateProfile_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnIdentityProviderConfig_CFN_RESOURCE_TYPE_NAME ¶ added in v2.16.0
func CfnIdentityProviderConfig_CFN_RESOURCE_TYPE_NAME() *string
func CfnIdentityProviderConfig_IsCfnElement ¶ added in v2.16.0
func CfnIdentityProviderConfig_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnIdentityProviderConfig_IsCfnResource ¶ added in v2.16.0
func CfnIdentityProviderConfig_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnIdentityProviderConfig_IsConstruct ¶ added in v2.16.0
func CfnIdentityProviderConfig_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnNodegroup_CFN_RESOURCE_TYPE_NAME ¶
func CfnNodegroup_CFN_RESOURCE_TYPE_NAME() *string
func CfnNodegroup_IsCfnElement ¶
func CfnNodegroup_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnNodegroup_IsCfnResource ¶
func CfnNodegroup_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnNodegroup_IsConstruct ¶
func CfnNodegroup_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnPodIdentityAssociation_CFN_RESOURCE_TYPE_NAME ¶ added in v2.112.0
func CfnPodIdentityAssociation_CFN_RESOURCE_TYPE_NAME() *string
func CfnPodIdentityAssociation_IsCfnElement ¶ added in v2.112.0
func CfnPodIdentityAssociation_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPodIdentityAssociation_IsCfnResource ¶ added in v2.112.0
func CfnPodIdentityAssociation_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnPodIdentityAssociation_IsConstruct ¶ added in v2.112.0
func CfnPodIdentityAssociation_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Cluster_IsConstruct ¶
func Cluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Cluster_IsOwnedResource ¶ added in v2.32.0
func Cluster_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func Cluster_IsResource ¶
func Cluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func FargateCluster_IsConstruct ¶
func FargateCluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func FargateCluster_IsOwnedResource ¶ added in v2.32.0
func FargateCluster_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func FargateCluster_IsResource ¶
func FargateCluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func FargateProfile_IsConstruct ¶
func FargateProfile_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func HelmChart_IsConstruct ¶
func HelmChart_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func HelmChart_RESOURCE_TYPE ¶
func HelmChart_RESOURCE_TYPE() *string
func KubectlProvider_IsConstruct ¶ added in v2.4.0
func KubectlProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func KubectlProvider_IsNestedStack ¶ added in v2.4.0
func KubectlProvider_IsNestedStack(x interface{}) *bool
Checks if `x` is an object of type `NestedStack`.
func KubectlProvider_IsStack ¶ added in v2.4.0
func KubectlProvider_IsStack(x interface{}) *bool
Return whether the given object is a Stack.
We do attribute detection since we can't reliably use 'instanceof'.
func KubectlProvider_Of ¶ added in v2.4.0
func KubectlProvider_Of(construct constructs.IConstruct) awscdk.Stack
Looks up the first stack scope in which `construct` is defined.
Fails if there is no stack up the tree.
func KubernetesManifest_IsConstruct ¶
func KubernetesManifest_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func KubernetesManifest_RESOURCE_TYPE ¶
func KubernetesManifest_RESOURCE_TYPE() *string
func KubernetesObjectValue_IsConstruct ¶
func KubernetesObjectValue_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func KubernetesObjectValue_RESOURCE_TYPE ¶
func KubernetesObjectValue_RESOURCE_TYPE() *string
func KubernetesPatch_IsConstruct ¶
func KubernetesPatch_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func NewAccessEntry_Override ¶ added in v2.146.0
func NewAccessEntry_Override(a AccessEntry, scope constructs.Construct, id *string, props *AccessEntryProps)
func NewAccessPolicyArn_Override ¶ added in v2.146.0
func NewAccessPolicyArn_Override(a AccessPolicyArn, policyName *string)
Constructs a new instance of the `AccessEntry` class.
func NewAccessPolicy_Override ¶ added in v2.146.0
func NewAccessPolicy_Override(a AccessPolicy, props *AccessPolicyProps)
Constructs a new instance of the AccessPolicy class.
func NewAlbController_Override ¶
func NewAlbController_Override(a AlbController, scope constructs.Construct, id *string, props *AlbControllerProps)
func NewAwsAuth_Override ¶
func NewAwsAuth_Override(a AwsAuth, scope constructs.Construct, id *string, props *AwsAuthProps)
func NewCfnAccessEntry_Override ¶ added in v2.117.0
func NewCfnAccessEntry_Override(c CfnAccessEntry, scope constructs.Construct, id *string, props *CfnAccessEntryProps)
func NewCfnAddon_Override ¶
func NewCfnAddon_Override(c CfnAddon, scope constructs.Construct, id *string, props *CfnAddonProps)
func NewCfnCluster_Override ¶
func NewCfnCluster_Override(c CfnCluster, scope constructs.Construct, id *string, props *CfnClusterProps)
func NewCfnFargateProfile_Override ¶
func NewCfnFargateProfile_Override(c CfnFargateProfile, scope constructs.Construct, id *string, props *CfnFargateProfileProps)
func NewCfnIdentityProviderConfig_Override ¶ added in v2.16.0
func NewCfnIdentityProviderConfig_Override(c CfnIdentityProviderConfig, scope constructs.Construct, id *string, props *CfnIdentityProviderConfigProps)
func NewCfnNodegroup_Override ¶
func NewCfnNodegroup_Override(c CfnNodegroup, scope constructs.Construct, id *string, props *CfnNodegroupProps)
func NewCfnPodIdentityAssociation_Override ¶ added in v2.112.0
func NewCfnPodIdentityAssociation_Override(c CfnPodIdentityAssociation, scope constructs.Construct, id *string, props *CfnPodIdentityAssociationProps)
func NewCluster_Override ¶
func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)
Initiates an EKS Cluster with the supplied arguments.
func NewEksOptimizedImage_Override ¶
func NewEksOptimizedImage_Override(e EksOptimizedImage, props *EksOptimizedImageProps)
Constructs a new instance of the EcsOptimizedAmi class.
func NewFargateCluster_Override ¶
func NewFargateCluster_Override(f FargateCluster, scope constructs.Construct, id *string, props *FargateClusterProps)
func NewFargateProfile_Override ¶
func NewFargateProfile_Override(f FargateProfile, scope constructs.Construct, id *string, props *FargateProfileProps)
func NewHelmChart_Override ¶
func NewHelmChart_Override(h HelmChart, scope constructs.Construct, id *string, props *HelmChartProps)
func NewKubectlProvider_Override ¶ added in v2.4.0
func NewKubectlProvider_Override(k KubectlProvider, scope constructs.Construct, id *string, props *KubectlProviderProps)
func NewKubernetesManifest_Override ¶
func NewKubernetesManifest_Override(k KubernetesManifest, scope constructs.Construct, id *string, props *KubernetesManifestProps)
func NewKubernetesObjectValue_Override ¶
func NewKubernetesObjectValue_Override(k KubernetesObjectValue, scope constructs.Construct, id *string, props *KubernetesObjectValueProps)
func NewKubernetesPatch_Override ¶
func NewKubernetesPatch_Override(k KubernetesPatch, scope constructs.Construct, id *string, props *KubernetesPatchProps)
func NewNodegroup_Override ¶
func NewNodegroup_Override(n Nodegroup, scope constructs.Construct, id *string, props *NodegroupProps)
func NewOpenIdConnectProvider_Override ¶
func NewOpenIdConnectProvider_Override(o OpenIdConnectProvider, scope constructs.Construct, id *string, props *OpenIdConnectProviderProps)
Defines an OpenID Connect provider.
func NewServiceAccount_Override ¶
func NewServiceAccount_Override(s ServiceAccount, scope constructs.Construct, id *string, props *ServiceAccountProps)
func Nodegroup_IsConstruct ¶
func Nodegroup_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func Nodegroup_IsOwnedResource ¶ added in v2.32.0
func Nodegroup_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func Nodegroup_IsResource ¶
func Nodegroup_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func OpenIdConnectProvider_FromOpenIdConnectProviderArn ¶
func OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope constructs.Construct, id *string, openIdConnectProviderArn *string) awsiam.IOpenIdConnectProvider
Imports an Open ID connect provider from an ARN.
func OpenIdConnectProvider_IsConstruct ¶
func OpenIdConnectProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func OpenIdConnectProvider_IsOwnedResource ¶ added in v2.32.0
func OpenIdConnectProvider_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func OpenIdConnectProvider_IsResource ¶
func OpenIdConnectProvider_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func ServiceAccount_IsConstruct ¶
func ServiceAccount_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
Types ¶
type AccessEntry ¶ added in v2.146.0
type AccessEntry interface { awscdk.Resource IAccessEntry // The Amazon Resource Name (ARN) of the access entry. AccessEntryArn() *string // The name of the access entry. AccessEntryName() *string // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. Env() *awscdk.ResourceEnvironment // The tree node. Node() constructs.Node // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. PhysicalName() *string // The stack in which this resource is defined. Stack() awscdk.Stack // Add the access policies for this entry. AddAccessPolicies(newAccessPolicies *[]IAccessPolicy) // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. GetResourceNameAttribute(nameAttr *string) *string // Returns a string representation of this construct. ToString() *string }
Represents an access entry in an Amazon EKS cluster.
An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var accessPolicy accessPolicy var cluster cluster accessEntry := awscdk.Aws_eks.NewAccessEntry(this, jsii.String("MyAccessEntry"), &AccessEntryProps{ AccessPolicies: []iAccessPolicy{ accessPolicy, }, Cluster: cluster, Principal: jsii.String("principal"), // the properties below are optional AccessEntryName: jsii.String("accessEntryName"), AccessEntryType: awscdk.*Aws_eks.AccessEntryType_STANDARD, })
func NewAccessEntry ¶ added in v2.146.0
func NewAccessEntry(scope constructs.Construct, id *string, props *AccessEntryProps) AccessEntry
type AccessEntryAttributes ¶ added in v2.146.0
type AccessEntryAttributes struct { // The Amazon Resource Name (ARN) of the access entry. AccessEntryArn *string `field:"required" json:"accessEntryArn" yaml:"accessEntryArn"` // The name of the access entry. AccessEntryName *string `field:"required" json:"accessEntryName" yaml:"accessEntryName"` }
Represents the attributes of an access entry.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessEntryAttributes := &AccessEntryAttributes{ AccessEntryArn: jsii.String("accessEntryArn"), AccessEntryName: jsii.String("accessEntryName"), }
type AccessEntryProps ¶ added in v2.146.0
type AccessEntryProps struct { // The access policies that define the permissions and scope for the access entry. AccessPolicies *[]IAccessPolicy `field:"required" json:"accessPolicies" yaml:"accessPolicies"` // The Amazon EKS cluster to which the access entry applies. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` // The Amazon Resource Name (ARN) of the principal (user or role) to associate the access entry with. Principal *string `field:"required" json:"principal" yaml:"principal"` // The name of the AccessEntry. // Default: - No access entry name is provided. // AccessEntryName *string `field:"optional" json:"accessEntryName" yaml:"accessEntryName"` // The type of the AccessEntry. // Default: STANDARD. // AccessEntryType AccessEntryType `field:"optional" json:"accessEntryType" yaml:"accessEntryType"` }
Represents the properties required to create an Amazon EKS access entry.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var accessPolicy accessPolicy var cluster cluster accessEntryProps := &AccessEntryProps{ AccessPolicies: []iAccessPolicy{ accessPolicy, }, Cluster: cluster, Principal: jsii.String("principal"), // the properties below are optional AccessEntryName: jsii.String("accessEntryName"), AccessEntryType: awscdk.Aws_eks.AccessEntryType_STANDARD, }
type AccessEntryType ¶ added in v2.146.0
type AccessEntryType string
Represents the different types of access entries that can be used in an Amazon EKS cluster.
const ( // Represents a standard access entry. AccessEntryType_STANDARD AccessEntryType = "STANDARD" // Represents a Fargate Linux access entry. AccessEntryType_FARGATE_LINUX AccessEntryType = "FARGATE_LINUX" // Represents an EC2 Linux access entry. AccessEntryType_EC2_LINUX AccessEntryType = "EC2_LINUX" // Represents an EC2 Windows access entry. AccessEntryType_EC2_WINDOWS AccessEntryType = "EC2_WINDOWS" )
type AccessPolicy ¶ added in v2.146.0
type AccessPolicy interface { IAccessPolicy // The scope of the access policy, which determines the level of access granted. AccessScope() *AccessScope // The access policy itself, which defines the specific permissions. Policy() *string }
Represents an Amazon EKS Access Policy that implements the IAccessPolicy interface.
Example:
// AmazonEKSClusterAdminPolicy with `cluster` scope eks.AccessPolicy_FromAccessPolicyName(jsii.String("AmazonEKSClusterAdminPolicy"), &AccessPolicyNameOptions{ AccessScopeType: eks.AccessScopeType_CLUSTER, }) // AmazonEKSAdminPolicy with `namespace` scope eks.AccessPolicy_FromAccessPolicyName(jsii.String("AmazonEKSAdminPolicy"), &AccessPolicyNameOptions{ AccessScopeType: eks.AccessScopeType_NAMESPACE, Namespaces: []*string{ jsii.String("foo"), jsii.String("bar"), }, })
func NewAccessPolicy ¶ added in v2.146.0
func NewAccessPolicy(props *AccessPolicyProps) AccessPolicy
Constructs a new instance of the AccessPolicy class.
type AccessPolicyArn ¶ added in v2.146.0
type AccessPolicyArn interface { // The Amazon Resource Name (ARN) of the access policy. PolicyArn() *string // - The name of the Amazon EKS access policy. // // This is used to construct the policy ARN. PolicyName() *string }
Represents an Amazon EKS Access Policy ARN.
Amazon EKS Access Policies are used to control access to Amazon EKS clusters.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessPolicyArn := awscdk.Aws_eks.AccessPolicyArn_AMAZON_EKS_ADMIN_POLICY()
See: https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
func AccessPolicyArn_AMAZON_EKS_ADMIN_POLICY ¶ added in v2.146.0
func AccessPolicyArn_AMAZON_EKS_ADMIN_POLICY() AccessPolicyArn
func AccessPolicyArn_AMAZON_EKS_ADMIN_VIEW_POLICY ¶ added in v2.146.0
func AccessPolicyArn_AMAZON_EKS_ADMIN_VIEW_POLICY() AccessPolicyArn
func AccessPolicyArn_AMAZON_EKS_CLUSTER_ADMIN_POLICY ¶ added in v2.146.0
func AccessPolicyArn_AMAZON_EKS_CLUSTER_ADMIN_POLICY() AccessPolicyArn
func AccessPolicyArn_AMAZON_EKS_EDIT_POLICY ¶ added in v2.146.0
func AccessPolicyArn_AMAZON_EKS_EDIT_POLICY() AccessPolicyArn
func AccessPolicyArn_AMAZON_EKS_VIEW_POLICY ¶ added in v2.146.0
func AccessPolicyArn_AMAZON_EKS_VIEW_POLICY() AccessPolicyArn
func AccessPolicyArn_Of ¶ added in v2.146.0
func AccessPolicyArn_Of(policyName *string) AccessPolicyArn
Creates a new instance of the AccessPolicy class with the specified policy name.
Returns: A new instance of the AccessPolicy class.
func NewAccessPolicyArn ¶ added in v2.146.0
func NewAccessPolicyArn(policyName *string) AccessPolicyArn
Constructs a new instance of the `AccessEntry` class.
type AccessPolicyNameOptions ¶ added in v2.146.0
type AccessPolicyNameOptions struct { // The scope of the access policy. // // This determines the level of access granted by the policy. AccessScopeType AccessScopeType `field:"required" json:"accessScopeType" yaml:"accessScopeType"` // An optional array of Kubernetes namespaces to which the access policy applies. // Default: - no specific namespaces for this scope. // Namespaces *[]*string `field:"optional" json:"namespaces" yaml:"namespaces"` }
Represents the options required to create an Amazon EKS Access Policy using the `fromAccessPolicyName()` method.
Example:
// AmazonEKSClusterAdminPolicy with `cluster` scope eks.AccessPolicy_FromAccessPolicyName(jsii.String("AmazonEKSClusterAdminPolicy"), &AccessPolicyNameOptions{ AccessScopeType: eks.AccessScopeType_CLUSTER, }) // AmazonEKSAdminPolicy with `namespace` scope eks.AccessPolicy_FromAccessPolicyName(jsii.String("AmazonEKSAdminPolicy"), &AccessPolicyNameOptions{ AccessScopeType: eks.AccessScopeType_NAMESPACE, Namespaces: []*string{ jsii.String("foo"), jsii.String("bar"), }, })
type AccessPolicyProps ¶ added in v2.146.0
type AccessPolicyProps struct { // The scope of the access policy, which determines the level of access granted. AccessScope *AccessScope `field:"required" json:"accessScope" yaml:"accessScope"` // The access policy itself, which defines the specific permissions. Policy AccessPolicyArn `field:"required" json:"policy" yaml:"policy"` }
Properties for configuring an Amazon EKS Access Policy.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var accessPolicyArn accessPolicyArn accessPolicyProps := &AccessPolicyProps{ AccessScope: &AccessScope{ Type: awscdk.Aws_eks.AccessScopeType_NAMESPACE, // the properties below are optional Namespaces: []*string{ jsii.String("namespaces"), }, }, Policy: accessPolicyArn, }
type AccessScope ¶ added in v2.146.0
type AccessScope struct { // The scope type of the policy, either 'namespace' or 'cluster'. Type AccessScopeType `field:"required" json:"type" yaml:"type"` // A Kubernetes namespace that an access policy is scoped to. // // A value is required if you specified // namespace for Type. // Default: - no specific namespaces for this scope. // Namespaces *[]*string `field:"optional" json:"namespaces" yaml:"namespaces"` }
Represents the scope of an access policy.
The scope defines the namespaces or cluster-level access granted by the policy.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessScope := &AccessScope{ Type: awscdk.Aws_eks.AccessScopeType_NAMESPACE, // the properties below are optional Namespaces: []*string{ jsii.String("namespaces"), }, }
type AccessScopeType ¶ added in v2.146.0
type AccessScopeType string
Represents the scope type of an access policy.
The scope type determines the level of access granted by the policy.
Example:
// AmazonEKSClusterAdminPolicy with `cluster` scope eks.AccessPolicy_FromAccessPolicyName(jsii.String("AmazonEKSClusterAdminPolicy"), &AccessPolicyNameOptions{ AccessScopeType: eks.AccessScopeType_CLUSTER, }) // AmazonEKSAdminPolicy with `namespace` scope eks.AccessPolicy_FromAccessPolicyName(jsii.String("AmazonEKSAdminPolicy"), &AccessPolicyNameOptions{ AccessScopeType: eks.AccessScopeType_NAMESPACE, Namespaces: []*string{ jsii.String("foo"), jsii.String("bar"), }, })
const ( // The policy applies to a specific namespace within the cluster. AccessScopeType_NAMESPACE AccessScopeType = "NAMESPACE" // The policy applies to the entire cluster. AccessScopeType_CLUSTER AccessScopeType = "CLUSTER" )
type AlbController ¶
type AlbController interface { constructs.Construct // The tree node. Node() constructs.Node // Returns a string representation of this construct. ToString() *string }
Construct for installing the AWS ALB Contoller on EKS clusters.
Use the factory functions `get` and `getOrCreate` to obtain/create instances of this controller.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var albControllerVersion albControllerVersion var cluster cluster var policy interface{} albController := awscdk.Aws_eks.NewAlbController(this, jsii.String("MyAlbController"), &AlbControllerProps{ Cluster: cluster, Version: albControllerVersion, // the properties below are optional Policy: policy, Repository: jsii.String("repository"), })
See: https://kubernetes-sigs.github.io/aws-load-balancer-controller
func AlbController_Create ¶
func AlbController_Create(scope constructs.Construct, props *AlbControllerProps) AlbController
Create the controller construct associated with this cluster and scope.
Singleton per stack/cluster.
func NewAlbController ¶
func NewAlbController(scope constructs.Construct, id *string, props *AlbControllerProps) AlbController
type AlbControllerOptions ¶
type AlbControllerOptions struct { // Version of the controller. Version AlbControllerVersion `field:"required" json:"version" yaml:"version"` // The IAM policy to apply to the service account. // // If you're using one of the built-in versions, this is not required since // CDK ships with the appropriate policies for those versions. // // However, if you are using a custom version, this is required (and validated). // Default: - Corresponds to the predefined version. // Policy interface{} `field:"optional" json:"policy" yaml:"policy"` // The repository to pull the controller image from. // // Note that the default repository works for most regions, but not all. // If the repository is not applicable to your region, use a custom repository // according to the information here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases. // Default: '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller' // Repository *string `field:"optional" json:"repository" yaml:"repository"` }
Options for `AlbController`.
Example:
eks.NewCluster(this, jsii.String("HelloEKS"), &ClusterProps{ Version: eks.KubernetesVersion_V1_30(), AlbController: &AlbControllerOptions{ Version: eks.AlbControllerVersion_V2_6_2(), }, })
type AlbControllerProps ¶
type AlbControllerProps struct { // Version of the controller. Version AlbControllerVersion `field:"required" json:"version" yaml:"version"` // The IAM policy to apply to the service account. // // If you're using one of the built-in versions, this is not required since // CDK ships with the appropriate policies for those versions. // // However, if you are using a custom version, this is required (and validated). // Default: - Corresponds to the predefined version. // Policy interface{} `field:"optional" json:"policy" yaml:"policy"` // The repository to pull the controller image from. // // Note that the default repository works for most regions, but not all. // If the repository is not applicable to your region, use a custom repository // according to the information here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases. // Default: '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller' // Repository *string `field:"optional" json:"repository" yaml:"repository"` // [disable-awslint:ref-via-interface] Cluster to install the controller onto. Cluster Cluster `field:"required" json:"cluster" yaml:"cluster"` }
Properties for `AlbController`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var albControllerVersion albControllerVersion var cluster cluster var policy interface{} albControllerProps := &AlbControllerProps{ Cluster: cluster, Version: albControllerVersion, // the properties below are optional Policy: policy, Repository: jsii.String("repository"), }
type AlbControllerVersion ¶
type AlbControllerVersion interface { // Whether or not its a custom version. Custom() *bool // The version of the helm chart to use. HelmChartVersion() *string // The version string. Version() *string }
Controller version.
Corresponds to the image tag of 'amazon/aws-load-balancer-controller' image.
Example:
eks.NewCluster(this, jsii.String("HelloEKS"), &ClusterProps{ Version: eks.KubernetesVersion_V1_30(), AlbController: &AlbControllerOptions{ Version: eks.AlbControllerVersion_V2_6_2(), }, })
func AlbControllerVersion_Of ¶
func AlbControllerVersion_Of(version *string, helmChartVersion *string) AlbControllerVersion
Specify a custom version and an associated helm chart version.
Use this if the version you need is not available in one of the predefined versions. Note that in this case, you will also need to provide an IAM policy in the controller options.
ALB controller version and helm chart version compatibility information can be found here: https://github.com/aws/eks-charts/blob/v0.0.133/stable/aws-load-balancer-controller/Chart.yaml
func AlbControllerVersion_V2_0_0 ¶
func AlbControllerVersion_V2_0_0() AlbControllerVersion
func AlbControllerVersion_V2_0_1 ¶
func AlbControllerVersion_V2_0_1() AlbControllerVersion
func AlbControllerVersion_V2_1_0 ¶
func AlbControllerVersion_V2_1_0() AlbControllerVersion
func AlbControllerVersion_V2_1_1 ¶
func AlbControllerVersion_V2_1_1() AlbControllerVersion
func AlbControllerVersion_V2_1_2 ¶
func AlbControllerVersion_V2_1_2() AlbControllerVersion
func AlbControllerVersion_V2_1_3 ¶
func AlbControllerVersion_V2_1_3() AlbControllerVersion
func AlbControllerVersion_V2_2_0 ¶
func AlbControllerVersion_V2_2_0() AlbControllerVersion
func AlbControllerVersion_V2_2_1 ¶
func AlbControllerVersion_V2_2_1() AlbControllerVersion
func AlbControllerVersion_V2_2_2 ¶
func AlbControllerVersion_V2_2_2() AlbControllerVersion
func AlbControllerVersion_V2_2_3 ¶
func AlbControllerVersion_V2_2_3() AlbControllerVersion
func AlbControllerVersion_V2_2_4 ¶
func AlbControllerVersion_V2_2_4() AlbControllerVersion
func AlbControllerVersion_V2_3_0 ¶
func AlbControllerVersion_V2_3_0() AlbControllerVersion
func AlbControllerVersion_V2_3_1 ¶ added in v2.4.0
func AlbControllerVersion_V2_3_1() AlbControllerVersion
func AlbControllerVersion_V2_4_1 ¶ added in v2.20.0
func AlbControllerVersion_V2_4_1() AlbControllerVersion
func AlbControllerVersion_V2_4_2 ¶ added in v2.80.0
func AlbControllerVersion_V2_4_2() AlbControllerVersion
func AlbControllerVersion_V2_4_3 ¶ added in v2.80.0
func AlbControllerVersion_V2_4_3() AlbControllerVersion
func AlbControllerVersion_V2_4_4 ¶ added in v2.80.0
func AlbControllerVersion_V2_4_4() AlbControllerVersion
func AlbControllerVersion_V2_4_5 ¶ added in v2.80.0
func AlbControllerVersion_V2_4_5() AlbControllerVersion
func AlbControllerVersion_V2_4_6 ¶ added in v2.80.0
func AlbControllerVersion_V2_4_6() AlbControllerVersion
func AlbControllerVersion_V2_4_7 ¶ added in v2.80.0
func AlbControllerVersion_V2_4_7() AlbControllerVersion
func AlbControllerVersion_V2_5_0 ¶ added in v2.80.0
func AlbControllerVersion_V2_5_0() AlbControllerVersion
func AlbControllerVersion_V2_5_1 ¶ added in v2.80.0
func AlbControllerVersion_V2_5_1() AlbControllerVersion
func AlbControllerVersion_V2_5_2 ¶ added in v2.106.0
func AlbControllerVersion_V2_5_2() AlbControllerVersion
func AlbControllerVersion_V2_5_3 ¶ added in v2.106.0
func AlbControllerVersion_V2_5_3() AlbControllerVersion
func AlbControllerVersion_V2_5_4 ¶ added in v2.106.0
func AlbControllerVersion_V2_5_4() AlbControllerVersion
func AlbControllerVersion_V2_6_0 ¶ added in v2.106.0
func AlbControllerVersion_V2_6_0() AlbControllerVersion
func AlbControllerVersion_V2_6_1 ¶ added in v2.106.0
func AlbControllerVersion_V2_6_1() AlbControllerVersion
func AlbControllerVersion_V2_6_2 ¶ added in v2.106.0
func AlbControllerVersion_V2_6_2() AlbControllerVersion
type AlbScheme ¶
type AlbScheme string
ALB Scheme. See: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/ingress/annotations/#scheme
const ( // The nodes of an internal load balancer have only private IP addresses. // // The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. // Therefore, internal load balancers can only route requests from clients with access to the VPC for the load balancer. AlbScheme_INTERNAL AlbScheme = "INTERNAL" // An internet-facing load balancer has a publicly resolvable DNS name, so it can route requests from clients over the internet to the EC2 instances that are registered with the load balancer. AlbScheme_INTERNET_FACING AlbScheme = "INTERNET_FACING" )
type AuthenticationMode ¶ added in v2.146.0
type AuthenticationMode string
Represents the authentication mode for an Amazon EKS cluster.
Example:
import "github.com/cdklabs/awscdk-kubectl-go/kubectlv30" var vpc vpc eks.NewCluster(this, jsii.String("Cluster"), &ClusterProps{ Vpc: Vpc, Version: eks.KubernetesVersion_V1_30(), KubectlLayer: kubectlv30.NewKubectlV30Layer(this, jsii.String("KubectlLayer")), AuthenticationMode: eks.AuthenticationMode_API_AND_CONFIG_MAP, })
const ( // Authenticates using a Kubernetes ConfigMap. AuthenticationMode_CONFIG_MAP AuthenticationMode = "CONFIG_MAP" // Authenticates using both the Kubernetes API server and a ConfigMap. AuthenticationMode_API_AND_CONFIG_MAP AuthenticationMode = "API_AND_CONFIG_MAP" // Authenticates using the Kubernetes API server. AuthenticationMode_API AuthenticationMode = "API" )
type AutoScalingGroupCapacityOptions ¶
type AutoScalingGroupCapacityOptions struct { // Whether the instances can initiate connections to anywhere by default. // Default: true. // AllowAllOutbound *bool `field:"optional" json:"allowAllOutbound" yaml:"allowAllOutbound"` // Whether instances in the Auto Scaling Group should have public IP addresses associated with them. // // `launchTemplate` and `mixedInstancesPolicy` must not be specified when this property is specified. // Default: - Use subnet setting. // AssociatePublicIpAddress *bool `field:"optional" json:"associatePublicIpAddress" yaml:"associatePublicIpAddress"` // The name of the Auto Scaling group. // // This name must be unique per Region per account. // Default: - Auto generated by CloudFormation. // AutoScalingGroupName *string `field:"optional" json:"autoScalingGroupName" yaml:"autoScalingGroupName"` // Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. // // Each instance that is launched has an associated root device volume, // either an Amazon EBS volume or an instance store volume. // You can use block device mappings to specify additional EBS volumes or // instance store volumes to attach to an instance when it is launched. // // `launchTemplate` and `mixedInstancesPolicy` must not be specified when this property is specified. // See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html // // Default: - Uses the block device mapping of the AMI. // BlockDevices *[]*awsautoscaling.BlockDevice `field:"optional" json:"blockDevices" yaml:"blockDevices"` // Indicates whether Capacity Rebalancing is enabled. // // When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling // attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of // interruption. After launching a new instance, it then terminates an old instance. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-capacityrebalance // // Default: false. // CapacityRebalance *bool `field:"optional" json:"capacityRebalance" yaml:"capacityRebalance"` // Default scaling cooldown for this AutoScalingGroup. // Default: Duration.minutes(5) // Cooldown awscdk.Duration `field:"optional" json:"cooldown" yaml:"cooldown"` // The amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. // // This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, // resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource // consumption to become stable after an instance reaches the InService state. // // To optimize the performance of scaling policies that scale continuously, such as target tracking and // step scaling policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds // // Default instance warmup will not be added if no value is specified. // See: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-default-instance-warmup.html // // Default: None. // DefaultInstanceWarmup awscdk.Duration `field:"optional" json:"defaultInstanceWarmup" yaml:"defaultInstanceWarmup"` // Initial amount of instances in the fleet. // // If this is set to a number, every deployment will reset the amount of // instances to this number. It is recommended to leave this value blank. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity // // Default: minCapacity, and leave unchanged during deployment. // DesiredCapacity *float64 `field:"optional" json:"desiredCapacity" yaml:"desiredCapacity"` // Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. // // To report all group metrics use `GroupMetrics.all()` // Group metrics are reported in a granularity of 1 minute at no additional charge. // Default: - no group metrics will be reported. // GroupMetrics *[]awsautoscaling.GroupMetrics `field:"optional" json:"groupMetrics" yaml:"groupMetrics"` // Configuration for health checks. // Default: - HealthCheck.ec2 with no grace period // HealthCheck awsautoscaling.HealthCheck `field:"optional" json:"healthCheck" yaml:"healthCheck"` // If the ASG has scheduled actions, don't reset unchanged group sizes. // // Only used if the ASG has scheduled actions (which may scale your ASG up // or down regardless of cdk deployments). If true, the size of the group // will only be reset if it has been changed in the CDK app. If false, the // sizes will always be changed back to what they were in the CDK app // on deployment. // Default: true. // IgnoreUnmodifiedSizeProperties *bool `field:"optional" json:"ignoreUnmodifiedSizeProperties" yaml:"ignoreUnmodifiedSizeProperties"` // Controls whether instances in this group are launched with detailed or basic monitoring. // // When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account // is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. // // `launchTemplate` and `mixedInstancesPolicy` must not be specified when this property is specified. // See: https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics // // Default: - Monitoring.DETAILED // InstanceMonitoring awsautoscaling.Monitoring `field:"optional" json:"instanceMonitoring" yaml:"instanceMonitoring"` // Name of SSH keypair to grant access to instances. // // `launchTemplate` and `mixedInstancesPolicy` must not be specified when this property is specified // // You can either specify `keyPair` or `keyName`, not both. // Default: - No SSH access will be possible. // // Deprecated: - Use `keyPair` instead - https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#using-an-existing-ec2-key-pair KeyName *string `field:"optional" json:"keyName" yaml:"keyName"` // The SSH keypair to grant access to the instance. // // Feature flag `AUTOSCALING_GENERATE_LAUNCH_TEMPLATE` must be enabled to use this property. // // `launchTemplate` and `mixedInstancesPolicy` must not be specified when this property is specified. // // You can either specify `keyPair` or `keyName`, not both. // Default: - No SSH access will be possible. // KeyPair awsec2.IKeyPair `field:"optional" json:"keyPair" yaml:"keyPair"` // Maximum number of instances in the fleet. // Default: desiredCapacity. // MaxCapacity *float64 `field:"optional" json:"maxCapacity" yaml:"maxCapacity"` // The maximum amount of time that an instance can be in service. // // The maximum duration applies // to all current and future instances in the group. As an instance approaches its maximum duration, // it is terminated and replaced, and cannot be used again. // // You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, // leave this property undefined. // See: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html // // Default: none. // MaxInstanceLifetime awscdk.Duration `field:"optional" json:"maxInstanceLifetime" yaml:"maxInstanceLifetime"` // Minimum number of instances in the fleet. // Default: 1. // MinCapacity *float64 `field:"optional" json:"minCapacity" yaml:"minCapacity"` // Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. // // By default, Auto Scaling can terminate an instance at any time after launch // when scaling in an Auto Scaling Group, subject to the group's termination // policy. However, you may wish to protect newly-launched instances from // being scaled in if they are going to run critical applications that should // not be prematurely terminated. // // This flag must be enabled if the Auto Scaling Group will be associated with // an ECS Capacity Provider with managed termination protection. // Default: false. // NewInstancesProtectedFromScaleIn *bool `field:"optional" json:"newInstancesProtectedFromScaleIn" yaml:"newInstancesProtectedFromScaleIn"` // Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations // // Default: - No fleet change notifications will be sent. // Notifications *[]*awsautoscaling.NotificationConfiguration `field:"optional" json:"notifications" yaml:"notifications"` // Configure waiting for signals during deployment. // // Use this to pause the CloudFormation deployment to wait for the instances // in the AutoScalingGroup to report successful startup during // creation and updates. The UserData script needs to invoke `cfn-signal` // with a success or failure code after it is done setting up the instance. // // Without waiting for signals, the CloudFormation deployment will proceed as // soon as the AutoScalingGroup has been created or updated but before the // instances in the group have been started. // // For example, to have instances wait for an Elastic Load Balancing health check before // they signal success, add a health-check verification by using the // cfn-init helper script. For an example, see the verify_instance_health // command in the Auto Scaling rolling updates sample template: // // https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml // Default: - Do not wait for signals. // Signals awsautoscaling.Signals `field:"optional" json:"signals" yaml:"signals"` // The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. // // Spot Instances are // launched when the price you specify exceeds the current Spot market price. // // `launchTemplate` and `mixedInstancesPolicy` must not be specified when this property is specified. // Default: none. // SpotPrice *string `field:"optional" json:"spotPrice" yaml:"spotPrice"` // Add SSM session permissions to the instance role. // // Setting this to `true` adds the necessary permissions to connect // to the instance using SSM Session Manager. You can do this // from the AWS Console. // // NOTE: Setting this flag to `true` may not be enough by itself. // You must also use an AMI that comes with the SSM Agent, or install // the SSM Agent yourself. See // [Working with SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) // in the SSM Developer Guide. // Default: false. // SsmSessionPermissions *bool `field:"optional" json:"ssmSessionPermissions" yaml:"ssmSessionPermissions"` // A policy or a list of policies that are used to select the instances to terminate. // // The policies are executed in the order that you list them. // See: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html // // Default: - `TerminationPolicy.DEFAULT` // TerminationPolicies *[]awsautoscaling.TerminationPolicy `field:"optional" json:"terminationPolicies" yaml:"terminationPolicies"` // A lambda function Arn that can be used as a custom termination policy to select the instances to terminate. // // This property must be specified if the TerminationPolicy.CUSTOM_LAMBDA_FUNCTION // is used. // See: https://docs.aws.amazon.com/autoscaling/ec2/userguide/lambda-custom-termination-policy.html // // Default: - No lambda function Arn will be supplied. // TerminationPolicyCustomLambdaFunctionArn *string `field:"optional" json:"terminationPolicyCustomLambdaFunctionArn" yaml:"terminationPolicyCustomLambdaFunctionArn"` // What to do when an AutoScalingGroup's instance configuration is changed. // // This is applied when any of the settings on the ASG are changed that // affect how the instances should be created (VPC, instance type, startup // scripts, etc.). It indicates how the existing instances should be // replaced with new instances matching the new config. By default, nothing // is done and only new instances are launched with the new config. // Default: - `UpdatePolicy.rollingUpdate()` if using `init`, `UpdatePolicy.none()` otherwise // UpdatePolicy awsautoscaling.UpdatePolicy `field:"optional" json:"updatePolicy" yaml:"updatePolicy"` // Where to place instances within the VPC. // Default: - All Private subnets. // VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"` // Instance type of the instances to start. InstanceType awsec2.InstanceType `field:"required" json:"instanceType" yaml:"instanceType"` // Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke `/etc/eks/bootstrap.sh`) and associate it with the EKS cluster. // // If you wish to provide a custom user data script, set this to `false` and // manually invoke `autoscalingGroup.addUserData()`. // Default: true. // BootstrapEnabled *bool `field:"optional" json:"bootstrapEnabled" yaml:"bootstrapEnabled"` // EKS node bootstrapping options. // Default: - none. // BootstrapOptions *BootstrapOptions `field:"optional" json:"bootstrapOptions" yaml:"bootstrapOptions"` // Machine image type. // Default: MachineImageType.AMAZON_LINUX_2 // MachineImageType MachineImageType `field:"optional" json:"machineImageType" yaml:"machineImageType"` // Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. // // This cannot be explicitly set to `true` if the cluster has kubectl disabled. // Default: - true if the cluster has kubectl enabled (which is the default). // MapRole *bool `field:"optional" json:"mapRole" yaml:"mapRole"` // Installs the AWS spot instance interrupt handler on the cluster if it's not already added. // // Only relevant if `spotPrice` is used. // Default: true. // SpotInterruptHandler *bool `field:"optional" json:"spotInterruptHandler" yaml:"spotInterruptHandler"` }
Options for adding worker nodes.
Example:
var cluster cluster cluster.AddAutoScalingGroupCapacity(jsii.String("BottlerocketNodes"), &AutoScalingGroupCapacityOptions{ InstanceType: ec2.NewInstanceType(jsii.String("t3.small")), MinCapacity: jsii.Number(2), MachineImageType: eks.MachineImageType_BOTTLEROCKET, })
type AutoScalingGroupOptions ¶
type AutoScalingGroupOptions struct { // Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke `/etc/eks/bootstrap.sh`) and associate it with the EKS cluster. // // If you wish to provide a custom user data script, set this to `false` and // manually invoke `autoscalingGroup.addUserData()`. // Default: true. // BootstrapEnabled *bool `field:"optional" json:"bootstrapEnabled" yaml:"bootstrapEnabled"` // Allows options for node bootstrapping through EC2 user data. // Default: - default options. // BootstrapOptions *BootstrapOptions `field:"optional" json:"bootstrapOptions" yaml:"bootstrapOptions"` // Allow options to specify different machine image type. // Default: MachineImageType.AMAZON_LINUX_2 // MachineImageType MachineImageType `field:"optional" json:"machineImageType" yaml:"machineImageType"` // Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. // // This cannot be explicitly set to `true` if the cluster has kubectl disabled. // Default: - true if the cluster has kubectl enabled (which is the default). // MapRole *bool `field:"optional" json:"mapRole" yaml:"mapRole"` // Installs the AWS spot instance interrupt handler on the cluster if it's not already added. // // Only relevant if `spotPrice` is configured on the auto-scaling group. // Default: true. // SpotInterruptHandler *bool `field:"optional" json:"spotInterruptHandler" yaml:"spotInterruptHandler"` }
Options for adding an AutoScalingGroup as capacity.
Example:
var cluster cluster var asg autoScalingGroup cluster.connectAutoScalingGroupCapacity(asg, &AutoScalingGroupOptions{ })
type AwsAuth ¶
type AwsAuth interface { constructs.Construct // The tree node. Node() constructs.Node // Additional AWS account to add to the aws-auth configmap. AddAccount(accountId *string) // Adds the specified IAM role to the `system:masters` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. AddMastersRole(role awsiam.IRole, username *string) // Adds a mapping between an IAM role to a Kubernetes user and groups. AddRoleMapping(role awsiam.IRole, mapping *AwsAuthMapping) // Adds a mapping between an IAM user to a Kubernetes user and groups. AddUserMapping(user awsiam.IUser, mapping *AwsAuthMapping) // Returns a string representation of this construct. ToString() *string }
Manages mapping between IAM users and roles to Kubernetes RBAC configuration.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var cluster cluster awsAuth := awscdk.Aws_eks.NewAwsAuth(this, jsii.String("MyAwsAuth"), &AwsAuthProps{ Cluster: cluster, })
See: https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html
func NewAwsAuth ¶
func NewAwsAuth(scope constructs.Construct, id *string, props *AwsAuthProps) AwsAuth
type AwsAuthMapping ¶
type AwsAuthMapping struct { // A list of groups within Kubernetes to which the role is mapped. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // Groups *[]*string `field:"required" json:"groups" yaml:"groups"` // The user name within Kubernetes to map to the IAM role. // Default: - By default, the user name is the ARN of the IAM role. // Username *string `field:"optional" json:"username" yaml:"username"` }
AwsAuth mapping.
Example:
var cluster cluster adminUser := iam.NewUser(this, jsii.String("Admin")) cluster.awsAuth.AddUserMapping(adminUser, &AwsAuthMapping{ Groups: []*string{ jsii.String("system:masters"), }, })
type AwsAuthProps ¶
type AwsAuthProps struct { // The EKS cluster to apply this configuration to. // // [disable-awslint:ref-via-interface]. Cluster Cluster `field:"required" json:"cluster" yaml:"cluster"` }
Configuration props for the AwsAuth construct.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var cluster cluster awsAuthProps := &AwsAuthProps{ Cluster: cluster, }
type BootstrapOptions ¶
type BootstrapOptions struct { // Additional command line arguments to pass to the `/etc/eks/bootstrap.sh` command. // See: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh // // Default: - none. // AdditionalArgs *string `field:"optional" json:"additionalArgs" yaml:"additionalArgs"` // Number of retry attempts for AWS API call (DescribeCluster). // Default: 3. // AwsApiRetryAttempts *float64 `field:"optional" json:"awsApiRetryAttempts" yaml:"awsApiRetryAttempts"` // Overrides the IP address to use for DNS queries within the cluster. // Default: - 10.100.0.10 or 172.20.0.10 based on the IP // address of the primary interface. // DnsClusterIp *string `field:"optional" json:"dnsClusterIp" yaml:"dnsClusterIp"` // The contents of the `/etc/docker/daemon.json` file. Useful if you want a custom config differing from the default one in the EKS AMI. // Default: - none. // DockerConfigJson *string `field:"optional" json:"dockerConfigJson" yaml:"dockerConfigJson"` // Restores the docker default bridge network. // Default: false. // EnableDockerBridge *bool `field:"optional" json:"enableDockerBridge" yaml:"enableDockerBridge"` // Extra arguments to add to the kubelet. Useful for adding labels or taints. // // For example, `--node-labels foo=bar,goo=far`. // Default: - none. // KubeletExtraArgs *string `field:"optional" json:"kubeletExtraArgs" yaml:"kubeletExtraArgs"` // Sets `--max-pods` for the kubelet based on the capacity of the EC2 instance. // Default: true. // UseMaxPods *bool `field:"optional" json:"useMaxPods" yaml:"useMaxPods"` }
EKS node bootstrapping options.
Example:
var cluster cluster cluster.AddAutoScalingGroupCapacity(jsii.String("spot"), &AutoScalingGroupCapacityOptions{ InstanceType: ec2.NewInstanceType(jsii.String("t3.large")), MinCapacity: jsii.Number(2), BootstrapOptions: &BootstrapOptions{ KubeletExtraArgs: jsii.String("--node-labels foo=bar,goo=far"), AwsApiRetryAttempts: jsii.Number(5), }, })
type CapacityType ¶
type CapacityType string
Capacity type of the managed node group.
Example:
var cluster cluster cluster.AddNodegroupCapacity(jsii.String("extra-ng-spot"), &NodegroupOptions{ InstanceTypes: []instanceType{ ec2.NewInstanceType(jsii.String("c5.large")), ec2.NewInstanceType(jsii.String("c5a.large")), ec2.NewInstanceType(jsii.String("c5d.large")), }, MinSize: jsii.Number(3), CapacityType: eks.CapacityType_SPOT, })
const ( // spot instances. CapacityType_SPOT CapacityType = "SPOT" // on-demand instances. CapacityType_ON_DEMAND CapacityType = "ON_DEMAND" )
type CfnAccessEntry ¶ added in v2.117.0
type CfnAccessEntry interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggableV2 // The access policies to associate to the access entry. AccessPolicies() interface{} SetAccessPolicies(val interface{}) // The ARN of the access entry. AttrAccessEntryArn() *string // Tag Manager which manages the tags for this resource. CdkTagManager() awscdk.TagManager // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // The name of your cluster. ClusterName() *string SetClusterName(val *string) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The value for `name` that you've specified for `kind: Group` as a `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding` object. KubernetesGroups() *[]*string SetKubernetesGroups(val *[]*string) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The tree node. Node() constructs.Node // The ARN of the IAM principal for the `AccessEntry` . PrincipalArn() *string SetPrincipalArn(val *string) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Metadata that assists with categorization and organization. Tags() *[]*awscdk.CfnTag SetTags(val *[]*awscdk.CfnTag) // The type of the new access entry. // // Valid values are `Standard` , `FARGATE_LINUX` , `EC2_LINUX` , and `EC2_WINDOWS` . Type() *string SetType(val *string) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // The username to authenticate to Kubernetes with. Username() *string SetUsername(val *string) // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Creates an access entry.
An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the `aws-auth` `ConfigMap` for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects.
For more information about access entries, see [Access entries](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html) in the *Amazon EKS User Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnAccessEntry := awscdk.Aws_eks.NewCfnAccessEntry(this, jsii.String("MyCfnAccessEntry"), &CfnAccessEntryProps{ ClusterName: jsii.String("clusterName"), PrincipalArn: jsii.String("principalArn"), // the properties below are optional AccessPolicies: []interface{}{ &AccessPolicyProperty{ AccessScope: &AccessScopeProperty{ Type: jsii.String("type"), // the properties below are optional Namespaces: []*string{ jsii.String("namespaces"), }, }, PolicyArn: jsii.String("policyArn"), }, }, KubernetesGroups: []*string{ jsii.String("kubernetesGroups"), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, Type: jsii.String("type"), Username: jsii.String("username"), })
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html
func NewCfnAccessEntry ¶ added in v2.117.0
func NewCfnAccessEntry(scope constructs.Construct, id *string, props *CfnAccessEntryProps) CfnAccessEntry
type CfnAccessEntryProps ¶ added in v2.117.0
type CfnAccessEntryProps struct { // The name of your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-clustername // ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // The ARN of the IAM principal for the `AccessEntry` . // // You can specify one ARN for each access entry. You can't specify the same ARN in more than one access entry. This value can't be changed after access entry creation. // // The valid principals differ depending on the type of the access entry in the `type` field. The only valid ARN is IAM roles for the types of access entries for nodes: “ “ . You can use every IAM principal type for `STANDARD` access entries. You can't use the STS session principal type with access entries because this is a temporary principal for each session and not a permanent identity that can be assigned permissions. // // [IAM best practices](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) recommend using IAM roles with temporary credentials, rather than IAM users with long-term credentials. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-principalarn // PrincipalArn *string `field:"required" json:"principalArn" yaml:"principalArn"` // The access policies to associate to the access entry. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-accesspolicies // AccessPolicies interface{} `field:"optional" json:"accessPolicies" yaml:"accessPolicies"` // The value for `name` that you've specified for `kind: Group` as a `subject` in a Kubernetes `RoleBinding` or `ClusterRoleBinding` object. // // Amazon EKS doesn't confirm that the value for `name` exists in any bindings on your cluster. You can specify one or more names. // // Kubernetes authorizes the `principalArn` of the access entry to access any cluster objects that you've specified in a Kubernetes `Role` or `ClusterRole` object that is also specified in a binding's `roleRef` . For more information about creating Kubernetes `RoleBinding` , `ClusterRoleBinding` , `Role` , or `ClusterRole` objects, see [Using RBAC Authorization in the Kubernetes documentation](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) . // // If you want Amazon EKS to authorize the `principalArn` (instead of, or in addition to Kubernetes authorizing the `principalArn` ), you can associate one or more access policies to the access entry using `AssociateAccessPolicy` . If you associate any access policies, the `principalARN` has all permissions assigned in the associated access policies and all permissions in any Kubernetes `Role` or `ClusterRole` objects that the group names are bound to. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-kubernetesgroups // KubernetesGroups *[]*string `field:"optional" json:"kubernetesGroups" yaml:"kubernetesGroups"` // Metadata that assists with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` // The type of the new access entry. Valid values are `Standard` , `FARGATE_LINUX` , `EC2_LINUX` , and `EC2_WINDOWS` . // // If the `principalArn` is for an IAM role that's used for self-managed Amazon EC2 nodes, specify `EC2_LINUX` or `EC2_WINDOWS` . Amazon EKS grants the necessary permissions to the node for you. If the `principalArn` is for any other purpose, specify `STANDARD` . If you don't specify a value, Amazon EKS sets the value to `STANDARD` . It's unnecessary to create access entries for IAM roles used with Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS creates entries in the `aws-auth` `ConfigMap` for the roles. You can't change this value once you've created the access entry. // // If you set the value to `EC2_LINUX` or `EC2_WINDOWS` , you can't specify values for `kubernetesGroups` , or associate an `AccessPolicy` to the access entry. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-type // Type *string `field:"optional" json:"type" yaml:"type"` // The username to authenticate to Kubernetes with. // // We recommend not specifying a username and letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies for you, or constraints before specifying your own username, see [Creating access entries](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html#cfn-eks-accessentry-username // Username *string `field:"optional" json:"username" yaml:"username"` }
Properties for defining a `CfnAccessEntry`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnAccessEntryProps := &CfnAccessEntryProps{ ClusterName: jsii.String("clusterName"), PrincipalArn: jsii.String("principalArn"), // the properties below are optional AccessPolicies: []interface{}{ &AccessPolicyProperty{ AccessScope: &AccessScopeProperty{ Type: jsii.String("type"), // the properties below are optional Namespaces: []*string{ jsii.String("namespaces"), }, }, PolicyArn: jsii.String("policyArn"), }, }, KubernetesGroups: []*string{ jsii.String("kubernetesGroups"), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, Type: jsii.String("type"), Username: jsii.String("username"), }
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-accessentry.html
type CfnAccessEntry_AccessPolicyProperty ¶ added in v2.117.0
type CfnAccessEntry_AccessPolicyProperty struct { // The scope of an `AccessPolicy` that's associated to an `AccessEntry` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-accessentry-accesspolicy.html#cfn-eks-accessentry-accesspolicy-accessscope // AccessScope interface{} `field:"required" json:"accessScope" yaml:"accessScope"` // The ARN of the access policy. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-accessentry-accesspolicy.html#cfn-eks-accessentry-accesspolicy-policyarn // PolicyArn *string `field:"required" json:"policyArn" yaml:"policyArn"` }
An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster.
The policies are managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the policies using the API. The permissions for many of the policies are similar to the Kubernetes `cluster-admin` , `admin` , `edit` , and `view` cluster roles. For more information about these cluster roles, see [User-facing roles](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) in the Kubernetes documentation. To view the contents of the policies, see [Access policy permissions](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions) in the *Amazon EKS User Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessPolicyProperty := &AccessPolicyProperty{ AccessScope: &AccessScopeProperty{ Type: jsii.String("type"), // the properties below are optional Namespaces: []*string{ jsii.String("namespaces"), }, }, PolicyArn: jsii.String("policyArn"), }
type CfnAccessEntry_AccessScopeProperty ¶ added in v2.117.0
type CfnAccessEntry_AccessScopeProperty struct { // The scope type of an access policy. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-accessentry-accessscope.html#cfn-eks-accessentry-accessscope-type // Type *string `field:"required" json:"type" yaml:"type"` // A Kubernetes `namespace` that an access policy is scoped to. // // A value is required if you specified `namespace` for `Type` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-accessentry-accessscope.html#cfn-eks-accessentry-accessscope-namespaces // Namespaces *[]*string `field:"optional" json:"namespaces" yaml:"namespaces"` }
The scope of an `AccessPolicy` that's associated to an `AccessEntry` .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessScopeProperty := &AccessScopeProperty{ Type: jsii.String("type"), // the properties below are optional Namespaces: []*string{ jsii.String("namespaces"), }, }
type CfnAddon ¶
type CfnAddon interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggable // The name of the add-on. AddonName() *string SetAddonName(val *string) // The version of the add-on. AddonVersion() *string SetAddonVersion(val *string) // The ARN of the add-on, such as `arn:aws:eks:us-west-2:111122223333:addon/1-19/vpc-cni/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` . AttrArn() *string // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // The name of your cluster. ClusterName() *string SetClusterName(val *string) // The configuration values that you provided. ConfigurationValues() *string SetConfigurationValues(val *string) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The tree node. Node() constructs.Node // An array of pod identities to apply to this add-on. PodIdentityAssociations() interface{} SetPodIdentityAssociations(val interface{}) // Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. PreserveOnDelete() interface{} SetPreserveOnDelete(val interface{}) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // How to resolve field value conflicts for an Amazon EKS add-on. ResolveConflicts() *string SetResolveConflicts(val *string) // The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. ServiceAccountRoleArn() *string SetServiceAccountRoleArn(val *string) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Tag Manager which manages the tags for this resource. Tags() awscdk.TagManager // The metadata that you apply to the add-on to assist with categorization and organization. TagsRaw() *[]*awscdk.CfnTag SetTagsRaw(val *[]*awscdk.CfnTag) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Creates an Amazon EKS add-on.
Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see [Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the *Amazon EKS User Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnAddon := awscdk.Aws_eks.NewCfnAddon(this, jsii.String("MyCfnAddon"), &CfnAddonProps{ AddonName: jsii.String("addonName"), ClusterName: jsii.String("clusterName"), // the properties below are optional AddonVersion: jsii.String("addonVersion"), ConfigurationValues: jsii.String("configurationValues"), PodIdentityAssociations: []interface{}{ &PodIdentityAssociationProperty{ RoleArn: jsii.String("roleArn"), ServiceAccount: jsii.String("serviceAccount"), }, }, PreserveOnDelete: jsii.Boolean(false), ResolveConflicts: jsii.String("resolveConflicts"), ServiceAccountRoleArn: jsii.String("serviceAccountRoleArn"), Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, })
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html
func NewCfnAddon ¶
func NewCfnAddon(scope constructs.Construct, id *string, props *CfnAddonProps) CfnAddon
type CfnAddonProps ¶
type CfnAddonProps struct { // The name of the add-on. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname // AddonName *string `field:"required" json:"addonName" yaml:"addonName"` // The name of your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername // ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // The version of the add-on. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion // AddonVersion *string `field:"optional" json:"addonVersion" yaml:"addonVersion"` // The configuration values that you provided. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-configurationvalues // ConfigurationValues *string `field:"optional" json:"configurationValues" yaml:"configurationValues"` // An array of pod identities to apply to this add-on. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-podidentityassociations // PodIdentityAssociations interface{} `field:"optional" json:"podIdentityAssociations" yaml:"podIdentityAssociations"` // Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. // // If an IAM account is associated with the add-on, it isn't removed. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-preserveondelete // PreserveOnDelete interface{} `field:"optional" json:"preserveOnDelete" yaml:"preserveOnDelete"` // How to resolve field value conflicts for an Amazon EKS add-on. // // Conflicts are handled based on the value you choose: // // - *None* – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail. // - *Overwrite* – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value. // - *Preserve* – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see [UpdateAddon](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) . // // If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts // ResolveConflicts *string `field:"optional" json:"resolveConflicts" yaml:"resolveConflicts"` // The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. // // The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the *Amazon EKS User Guide* . // // > To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn // ServiceAccountRoleArn *string `field:"optional" json:"serviceAccountRoleArn" yaml:"serviceAccountRoleArn"` // The metadata that you apply to the add-on to assist with categorization and organization. // // Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` }
Properties for defining a `CfnAddon`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnAddonProps := &CfnAddonProps{ AddonName: jsii.String("addonName"), ClusterName: jsii.String("clusterName"), // the properties below are optional AddonVersion: jsii.String("addonVersion"), ConfigurationValues: jsii.String("configurationValues"), PodIdentityAssociations: []interface{}{ &PodIdentityAssociationProperty{ RoleArn: jsii.String("roleArn"), ServiceAccount: jsii.String("serviceAccount"), }, }, PreserveOnDelete: jsii.Boolean(false), ResolveConflicts: jsii.String("resolveConflicts"), ServiceAccountRoleArn: jsii.String("serviceAccountRoleArn"), Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html
type CfnAddon_PodIdentityAssociationProperty ¶ added in v2.145.0
type CfnAddon_PodIdentityAssociationProperty struct { // The IAM role ARN that the pod identity association is created for. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-rolearn // RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"` // The Kubernetes service account that the pod identity association is created for. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-serviceaccount // ServiceAccount *string `field:"required" json:"serviceAccount" yaml:"serviceAccount"` }
A pod identity to associate with an add-on.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" podIdentityAssociationProperty := &PodIdentityAssociationProperty{ RoleArn: jsii.String("roleArn"), ServiceAccount: jsii.String("serviceAccount"), }
type CfnCluster ¶
type CfnCluster interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggable // The access configuration for the cluster. AccessConfig() interface{} SetAccessConfig(val interface{}) // The ARN of the cluster, such as `arn:aws:eks:us-west-2:666666666666:cluster/prod` . AttrArn() *string // The `certificate-authority-data` for your cluster. AttrCertificateAuthorityData() *string // The cluster security group that was created by Amazon EKS for the cluster. // // Managed node groups use this security group for control plane to data plane communication. // // This parameter is only returned by Amazon EKS clusters that support managed node groups. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* . AttrClusterSecurityGroupId() *string // Amazon Resource Name (ARN) or alias of the customer master key (CMK). AttrEncryptionConfigKeyArn() *string // The endpoint for your Kubernetes API server, such as `https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com` . AttrEndpoint() *string // The ID of your local Amazon EKS cluster on an AWS Outpost. // // This property isn't available for an Amazon EKS cluster on the AWS cloud. AttrId() *string // The CIDR block that Kubernetes Service IP addresses are assigned from if you created a `1.21` or later cluster with version `>1.10.1` or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns Service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom `IPv6` CIDR block when you create the cluster. AttrKubernetesNetworkConfigServiceIpv6Cidr() *string // The issuer URL for the OIDC identity provider of the cluster, such as `https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E` . If you need to remove `https://` from this output value, you can include the following code in your template. // // `!Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]]` AttrOpenIdConnectIssuerUrl() *string // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The encryption configuration for the cluster. EncryptionConfig() interface{} SetEncryptionConfig(val interface{}) // The Kubernetes network configuration for the cluster. KubernetesNetworkConfig() interface{} SetKubernetesNetworkConfig(val interface{}) // The logging configuration for your cluster. Logging() interface{} SetLogging(val interface{}) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The unique name to give to your cluster. Name() *string SetName(val *string) // The tree node. Node() constructs.Node // An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. OutpostConfig() interface{} SetOutpostConfig(val interface{}) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The VPC configuration that's used by the cluster control plane. ResourcesVpcConfig() interface{} SetResourcesVpcConfig(val interface{}) // The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. RoleArn() *string SetRoleArn(val *string) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Tag Manager which manages the tags for this resource. Tags() awscdk.TagManager // The metadata that you apply to the cluster to assist with categorization and organization. TagsRaw() *[]*awscdk.CfnTag SetTagsRaw(val *[]*awscdk.CfnTag) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // The desired Kubernetes version for your cluster. Version() *string SetVersion(val *string) // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows).
Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** .
You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** .
> CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) .
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnCluster := awscdk.Aws_eks.NewCfnCluster(this, jsii.String("MyCfnCluster"), &CfnClusterProps{ ResourcesVpcConfig: &ResourcesVpcConfigProperty{ SubnetIds: []*string{ jsii.String("subnetIds"), }, // the properties below are optional EndpointPrivateAccess: jsii.Boolean(false), EndpointPublicAccess: jsii.Boolean(false), PublicAccessCidrs: []*string{ jsii.String("publicAccessCidrs"), }, SecurityGroupIds: []*string{ jsii.String("securityGroupIds"), }, }, RoleArn: jsii.String("roleArn"), // the properties below are optional AccessConfig: &AccessConfigProperty{ AuthenticationMode: jsii.String("authenticationMode"), BootstrapClusterCreatorAdminPermissions: jsii.Boolean(false), }, EncryptionConfig: []interface{}{ &EncryptionConfigProperty{ Provider: &ProviderProperty{ KeyArn: jsii.String("keyArn"), }, Resources: []*string{ jsii.String("resources"), }, }, }, KubernetesNetworkConfig: &KubernetesNetworkConfigProperty{ IpFamily: jsii.String("ipFamily"), ServiceIpv4Cidr: jsii.String("serviceIpv4Cidr"), ServiceIpv6Cidr: jsii.String("serviceIpv6Cidr"), }, Logging: &LoggingProperty{ ClusterLogging: &ClusterLoggingProperty{ EnabledTypes: []interface{}{ &LoggingTypeConfigProperty{ Type: jsii.String("type"), }, }, }, }, Name: jsii.String("name"), OutpostConfig: &OutpostConfigProperty{ ControlPlaneInstanceType: jsii.String("controlPlaneInstanceType"), OutpostArns: []*string{ jsii.String("outpostArns"), }, // the properties below are optional ControlPlanePlacement: &ControlPlanePlacementProperty{ GroupName: jsii.String("groupName"), }, }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, Version: jsii.String("version"), })
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html
func NewCfnCluster ¶
func NewCfnCluster(scope constructs.Construct, id *string, props *CfnClusterProps) CfnCluster
type CfnClusterProps ¶
type CfnClusterProps struct { // The VPC configuration that's used by the cluster control plane. // // Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the *Amazon EKS User Guide* . You must specify at least two subnets. You can specify up to five security groups, but we recommend that you use a dedicated security group for your cluster control plane. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig // ResourcesVpcConfig interface{} `field:"required" json:"resourcesVpcConfig" yaml:"resourcesVpcConfig"` // The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. // // For more information, see [Amazon EKS Service IAM Role](https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html) in the **Amazon EKS User Guide** . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn // RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"` // The access configuration for the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-accessconfig // AccessConfig interface{} `field:"optional" json:"accessConfig" yaml:"accessConfig"` // The encryption configuration for the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig // EncryptionConfig interface{} `field:"optional" json:"encryptionConfig" yaml:"encryptionConfig"` // The Kubernetes network configuration for the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig // KubernetesNetworkConfig interface{} `field:"optional" json:"kubernetesNetworkConfig" yaml:"kubernetesNetworkConfig"` // The logging configuration for your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-logging // Logging interface{} `field:"optional" json:"logging" yaml:"logging"` // The unique name to give to your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name // Name *string `field:"optional" json:"name" yaml:"name"` // An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. // // This object isn't available for clusters on the AWS cloud. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-outpostconfig // OutpostConfig interface{} `field:"optional" json:"outpostConfig" yaml:"outpostConfig"` // The metadata that you apply to the cluster to assist with categorization and organization. // // Each tag consists of a key and an optional value, both of which you define. Cluster tags don't propagate to any other resources associated with the cluster. // // > You must have the `eks:TagResource` and `eks:UntagResource` permissions for your [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` // The desired Kubernetes version for your cluster. // // If you don't specify a value here, the default version available in Amazon EKS is used. // // > The default version might not be the latest version available. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version // Version *string `field:"optional" json:"version" yaml:"version"` }
Properties for defining a `CfnCluster`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnClusterProps := &CfnClusterProps{ ResourcesVpcConfig: &ResourcesVpcConfigProperty{ SubnetIds: []*string{ jsii.String("subnetIds"), }, // the properties below are optional EndpointPrivateAccess: jsii.Boolean(false), EndpointPublicAccess: jsii.Boolean(false), PublicAccessCidrs: []*string{ jsii.String("publicAccessCidrs"), }, SecurityGroupIds: []*string{ jsii.String("securityGroupIds"), }, }, RoleArn: jsii.String("roleArn"), // the properties below are optional AccessConfig: &AccessConfigProperty{ AuthenticationMode: jsii.String("authenticationMode"), BootstrapClusterCreatorAdminPermissions: jsii.Boolean(false), }, EncryptionConfig: []interface{}{ &EncryptionConfigProperty{ Provider: &ProviderProperty{ KeyArn: jsii.String("keyArn"), }, Resources: []*string{ jsii.String("resources"), }, }, }, KubernetesNetworkConfig: &KubernetesNetworkConfigProperty{ IpFamily: jsii.String("ipFamily"), ServiceIpv4Cidr: jsii.String("serviceIpv4Cidr"), ServiceIpv6Cidr: jsii.String("serviceIpv6Cidr"), }, Logging: &LoggingProperty{ ClusterLogging: &ClusterLoggingProperty{ EnabledTypes: []interface{}{ &LoggingTypeConfigProperty{ Type: jsii.String("type"), }, }, }, }, Name: jsii.String("name"), OutpostConfig: &OutpostConfigProperty{ ControlPlaneInstanceType: jsii.String("controlPlaneInstanceType"), OutpostArns: []*string{ jsii.String("outpostArns"), }, // the properties below are optional ControlPlanePlacement: &ControlPlanePlacementProperty{ GroupName: jsii.String("groupName"), }, }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, Version: jsii.String("version"), }
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html
type CfnCluster_AccessConfigProperty ¶ added in v2.109.0
type CfnCluster_AccessConfigProperty struct { // The desired authentication mode for the cluster. // // If you create a cluster by using the EKS API, AWS SDKs, or AWS CloudFormation , the default is `CONFIG_MAP` . If you create the cluster by using the AWS Management Console , the default value is `API_AND_CONFIG_MAP` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-accessconfig.html#cfn-eks-cluster-accessconfig-authenticationmode // AuthenticationMode *string `field:"optional" json:"authenticationMode" yaml:"authenticationMode"` // Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time. // // The default value is `true` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-accessconfig.html#cfn-eks-cluster-accessconfig-bootstrapclustercreatoradminpermissions // BootstrapClusterCreatorAdminPermissions interface{} `field:"optional" json:"bootstrapClusterCreatorAdminPermissions" yaml:"bootstrapClusterCreatorAdminPermissions"` }
The access configuration for the cluster.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessConfigProperty := &AccessConfigProperty{ AuthenticationMode: jsii.String("authenticationMode"), BootstrapClusterCreatorAdminPermissions: jsii.Boolean(false), }
type CfnCluster_ClusterLoggingProperty ¶
type CfnCluster_ClusterLoggingProperty struct { // The enabled control plane logs for your cluster. All log types are disabled if the array is empty. // // > When updating a resource, you must include this `EnabledTypes` property if the previous CloudFormation template of the resource had it. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html#cfn-eks-cluster-clusterlogging-enabledtypes // EnabledTypes interface{} `field:"optional" json:"enabledTypes" yaml:"enabledTypes"` }
The cluster control plane logging configuration for your cluster.
> When updating a resource, you must include this `ClusterLogging` property if the previous CloudFormation template of the resource had it.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" clusterLoggingProperty := &ClusterLoggingProperty{ EnabledTypes: []interface{}{ &LoggingTypeConfigProperty{ Type: jsii.String("type"), }, }, }
type CfnCluster_ControlPlanePlacementProperty ¶ added in v2.51.0
type CfnCluster_ControlPlanePlacementProperty struct { // The name of the placement group for the Kubernetes control plane instances. // // This property is only used for a local cluster on an AWS Outpost. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-controlplaneplacement.html#cfn-eks-cluster-controlplaneplacement-groupname // GroupName *string `field:"optional" json:"groupName" yaml:"groupName"` }
The placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost.
For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the Amazon EKS User Guide.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" controlPlanePlacementProperty := &ControlPlanePlacementProperty{ GroupName: jsii.String("groupName"), }
type CfnCluster_EncryptionConfigProperty ¶
type CfnCluster_EncryptionConfigProperty struct { // The encryption provider for the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider // Provider interface{} `field:"optional" json:"provider" yaml:"provider"` // Specifies the resources to be encrypted. // // The only supported value is `secrets` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources // Resources *[]*string `field:"optional" json:"resources" yaml:"resources"` }
The encryption configuration for the cluster.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" encryptionConfigProperty := &EncryptionConfigProperty{ Provider: &ProviderProperty{ KeyArn: jsii.String("keyArn"), }, Resources: []*string{ jsii.String("resources"), }, }
type CfnCluster_KubernetesNetworkConfigProperty ¶
type CfnCluster_KubernetesNetworkConfigProperty struct { // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // // If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both `IPv4` and `IPv6` CIDR blocks assigned to them. You can't specify `ipv6` for clusters in China Regions. // // You can only specify `ipv6` for `1.21` and later clusters that use version `1.10.1` or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to pods and services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the Amazon EKS User Guide. Kubernetes assigns services `IPv6` addresses from the unique local address range `(fc00::/7)` . You can't specify a custom `IPv6` CIDR block. Pod addresses are assigned from the subnet's `IPv6` CIDR. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-ipfamily // IpFamily *string `field:"optional" json:"ipFamily" yaml:"ipFamily"` // Don't specify a value if you select `ipv6` for *ipFamily* . // // The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements: // // - Within one of the following private IP address blocks: `10.0.0.0/8` , `172.16.0.0/12` , or `192.168.0.0/16` . // - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC. // - Between `/24` and `/12` . // // > You can only specify a custom CIDR block when you create a cluster. You can't change this value after the cluster is created. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr // ServiceIpv4Cidr *string `field:"optional" json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` // The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv6cidr // ServiceIpv6Cidr *string `field:"optional" json:"serviceIpv6Cidr" yaml:"serviceIpv6Cidr"` }
The Kubernetes network configuration for the cluster.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" kubernetesNetworkConfigProperty := &KubernetesNetworkConfigProperty{ IpFamily: jsii.String("ipFamily"), ServiceIpv4Cidr: jsii.String("serviceIpv4Cidr"), ServiceIpv6Cidr: jsii.String("serviceIpv6Cidr"), }
type CfnCluster_LoggingProperty ¶
type CfnCluster_LoggingProperty struct { // The cluster control plane logging configuration for your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-logging.html#cfn-eks-cluster-logging-clusterlogging // ClusterLogging interface{} `field:"optional" json:"clusterLogging" yaml:"clusterLogging"` }
Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs.
By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster control plane logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** .
> When updating a resource, you must include this `Logging` property if the previous CloudFormation template of the resource had it. > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" loggingProperty := &LoggingProperty{ ClusterLogging: &ClusterLoggingProperty{ EnabledTypes: []interface{}{ &LoggingTypeConfigProperty{ Type: jsii.String("type"), }, }, }, }
type CfnCluster_LoggingTypeConfigProperty ¶
type CfnCluster_LoggingTypeConfigProperty struct { // The name of the log type. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-loggingtypeconfig.html#cfn-eks-cluster-loggingtypeconfig-type // Type *string `field:"optional" json:"type" yaml:"type"` }
The enabled logging type.
For a list of the valid logging types, see the [`types` property of `LogSetup`](https://docs.aws.amazon.com/eks/latest/APIReference/API_LogSetup.html#AmazonEKS-Type-LogSetup-types) in the *Amazon EKS API Reference* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" loggingTypeConfigProperty := &LoggingTypeConfigProperty{ Type: jsii.String("type"), }
type CfnCluster_OutpostConfigProperty ¶ added in v2.42.0
type CfnCluster_OutpostConfigProperty struct { // The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. // // Choose an instance type based on the number of nodes that your cluster will have. For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . // // The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. The control plane is not automatically scaled by Amazon EKS. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-controlplaneinstancetype // ControlPlaneInstanceType *string `field:"required" json:"controlPlaneInstanceType" yaml:"controlPlaneInstanceType"` // The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. // // Only a single Outpost ARN is supported. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-outpostarns // OutpostArns *[]*string `field:"required" json:"outpostArns" yaml:"outpostArns"` // An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost. // // For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-controlplaneplacement // ControlPlanePlacement interface{} `field:"optional" json:"controlPlanePlacement" yaml:"controlPlanePlacement"` }
The configuration of your local Amazon EKS cluster on an AWS Outpost.
Before creating a cluster on an Outpost, review [Creating a local cluster on an Outpost](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-create.html) in the *Amazon EKS User Guide* . This API isn't available for Amazon EKS clusters on the AWS cloud.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" outpostConfigProperty := &OutpostConfigProperty{ ControlPlaneInstanceType: jsii.String("controlPlaneInstanceType"), OutpostArns: []*string{ jsii.String("outpostArns"), }, // the properties below are optional ControlPlanePlacement: &ControlPlanePlacementProperty{ GroupName: jsii.String("groupName"), }, }
type CfnCluster_ProviderProperty ¶ added in v2.20.0
type CfnCluster_ProviderProperty struct { // Amazon Resource Name (ARN) or alias of the KMS key. // // The KMS key must be symmetric and created in the same AWS Region as the cluster. If the KMS key was created in a different account, the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) must have access to the KMS key. For more information, see [Allowing users in other accounts to use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS Key Management Service Developer Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn // KeyArn *string `field:"optional" json:"keyArn" yaml:"keyArn"` }
Identifies the AWS Key Management Service ( AWS KMS ) key used to encrypt the secrets.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" providerProperty := &ProviderProperty{ KeyArn: jsii.String("keyArn"), }
type CfnCluster_ResourcesVpcConfigProperty ¶
type CfnCluster_ResourcesVpcConfigProperty struct { // Specify subnets for your Amazon EKS nodes. // // Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids // SubnetIds *[]*string `field:"required" json:"subnetIds" yaml:"subnetIds"` // Set this value to `true` to enable private access for your cluster's Kubernetes API server endpoint. // // If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is `false` , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that `publicAccessCidrs` includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-endpointprivateaccess // EndpointPrivateAccess interface{} `field:"optional" json:"endpointPrivateAccess" yaml:"endpointPrivateAccess"` // Set this value to `false` to disable public access to your cluster's Kubernetes API server endpoint. // // If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is `true` , which enables public access for your Kubernetes API server. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-endpointpublicaccess // EndpointPublicAccess interface{} `field:"optional" json:"endpointPublicAccess" yaml:"endpointPublicAccess"` // The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. // // Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is `0.0.0.0/0` . If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and AWS Fargate `Pod` in the cluster. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-publicaccesscidrs // PublicAccessCidrs *[]*string `field:"optional" json:"publicAccessCidrs" yaml:"publicAccessCidrs"` // Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. // // If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see [Amazon EKS security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the **Amazon EKS User Guide** . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids // SecurityGroupIds *[]*string `field:"optional" json:"securityGroupIds" yaml:"securityGroupIds"` }
An object representing the VPC configuration to use for an Amazon EKS cluster.
> When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them: > > - `EndpointPublicAccess` > - `EndpointPrivateAccess` > - `PublicAccessCidrs`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" resourcesVpcConfigProperty := &ResourcesVpcConfigProperty{ SubnetIds: []*string{ jsii.String("subnetIds"), }, // the properties below are optional EndpointPrivateAccess: jsii.Boolean(false), EndpointPublicAccess: jsii.Boolean(false), PublicAccessCidrs: []*string{ jsii.String("publicAccessCidrs"), }, SecurityGroupIds: []*string{ jsii.String("securityGroupIds"), }, }
type CfnFargateProfile ¶
type CfnFargateProfile interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggable // The ARN of the cluster, such as `arn:aws:eks:us-west-2:666666666666:fargateprofile/myCluster/myFargateProfile/1cb1a11a-1dc1-1d11-cf11-1111f11fa111` . AttrArn() *string // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // The name of your cluster. ClusterName() *string SetClusterName(val *string) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The name of the Fargate profile. FargateProfileName() *string SetFargateProfileName(val *string) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The tree node. Node() constructs.Node // The Amazon Resource Name (ARN) of the `Pod` execution role to use for a `Pod` that matches the selectors in the Fargate profile. PodExecutionRoleArn() *string SetPodExecutionRoleArn(val *string) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The selectors to match for a `Pod` to use this Fargate profile. Selectors() interface{} SetSelectors(val interface{}) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // The IDs of subnets to launch a `Pod` into. Subnets() *[]*string SetSubnets(val *[]*string) // Tag Manager which manages the tags for this resource. Tags() awscdk.TagManager // Metadata that assists with categorization and organization. TagsRaw() *[]*awscdk.CfnTag SetTagsRaw(val *[]*awscdk.CfnTag) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Creates an AWS Fargate profile for your Amazon EKS cluster.
You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* .
Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
For more information, see [AWS Fargate profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnFargateProfile := awscdk.Aws_eks.NewCfnFargateProfile(this, jsii.String("MyCfnFargateProfile"), &CfnFargateProfileProps{ ClusterName: jsii.String("clusterName"), PodExecutionRoleArn: jsii.String("podExecutionRoleArn"), Selectors: []interface{}{ &SelectorProperty{ Namespace: jsii.String("namespace"), // the properties below are optional Labels: []interface{}{ &LabelProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }, }, // the properties below are optional FargateProfileName: jsii.String("fargateProfileName"), Subnets: []*string{ jsii.String("subnets"), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, })
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html
func NewCfnFargateProfile ¶
func NewCfnFargateProfile(scope constructs.Construct, id *string, props *CfnFargateProfileProps) CfnFargateProfile
type CfnFargateProfileProps ¶
type CfnFargateProfileProps struct { // The name of your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername // ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // The Amazon Resource Name (ARN) of the `Pod` execution role to use for a `Pod` that matches the selectors in the Fargate profile. // // The `Pod` execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. For more information, see [`Pod` execution role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn // PodExecutionRoleArn *string `field:"required" json:"podExecutionRoleArn" yaml:"podExecutionRoleArn"` // The selectors to match for a `Pod` to use this Fargate profile. // // Each selector must have an associated Kubernetes `namespace` . Optionally, you can also specify `labels` for a `namespace` . You may specify up to five selectors in a Fargate profile. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors // Selectors interface{} `field:"required" json:"selectors" yaml:"selectors"` // The name of the Fargate profile. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename // FargateProfileName *string `field:"optional" json:"fargateProfileName" yaml:"fargateProfileName"` // The IDs of subnets to launch a `Pod` into. // // A `Pod` running on Fargate isn't assigned a public IP address, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets // Subnets *[]*string `field:"optional" json:"subnets" yaml:"subnets"` // Metadata that assists with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` }
Properties for defining a `CfnFargateProfile`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnFargateProfileProps := &CfnFargateProfileProps{ ClusterName: jsii.String("clusterName"), PodExecutionRoleArn: jsii.String("podExecutionRoleArn"), Selectors: []interface{}{ &SelectorProperty{ Namespace: jsii.String("namespace"), // the properties below are optional Labels: []interface{}{ &LabelProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }, }, // the properties below are optional FargateProfileName: jsii.String("fargateProfileName"), Subnets: []*string{ jsii.String("subnets"), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html
type CfnFargateProfile_LabelProperty ¶
type CfnFargateProfile_LabelProperty struct { // Enter a key. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key // Key *string `field:"required" json:"key" yaml:"key"` // Enter a value. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value // Value *string `field:"required" json:"value" yaml:"value"` }
A key-value pair.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" labelProperty := &LabelProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }
type CfnFargateProfile_SelectorProperty ¶
type CfnFargateProfile_SelectorProperty struct { // The Kubernetes `namespace` that the selector should match. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace // Namespace *string `field:"required" json:"namespace" yaml:"namespace"` // The Kubernetes labels that the selector should match. // // A pod must contain all of the labels that are specified in the selector for it to be considered a match. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels // Labels interface{} `field:"optional" json:"labels" yaml:"labels"` }
An object representing an AWS Fargate profile selector.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" selectorProperty := &SelectorProperty{ Namespace: jsii.String("namespace"), // the properties below are optional Labels: []interface{}{ &LabelProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }
type CfnIdentityProviderConfig ¶ added in v2.16.0
type CfnIdentityProviderConfig interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggable // The Amazon Resource Name (ARN) associated with the identity provider config. AttrIdentityProviderConfigArn() *string // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // The name of your cluster. ClusterName() *string SetClusterName(val *string) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The name of the configuration. IdentityProviderConfigName() *string SetIdentityProviderConfigName(val *string) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The tree node. Node() constructs.Node // An object representing an OpenID Connect (OIDC) identity provider configuration. Oidc() interface{} SetOidc(val interface{}) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Tag Manager which manages the tags for this resource. Tags() awscdk.TagManager // Metadata that assists with categorization and organization. TagsRaw() *[]*awscdk.CfnTag SetTagsRaw(val *[]*awscdk.CfnTag) // The type of the identity provider configuration. Type() *string SetType(val *string) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Associates an identity provider configuration to a cluster.
If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `Role` and `ClusterRole` objects, assign permissions to them, and then bind them to the identities using Kubernetes `RoleBinding` and `ClusterRoleBinding` objects. For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnIdentityProviderConfig := awscdk.Aws_eks.NewCfnIdentityProviderConfig(this, jsii.String("MyCfnIdentityProviderConfig"), &CfnIdentityProviderConfigProps{ ClusterName: jsii.String("clusterName"), Type: jsii.String("type"), // the properties below are optional IdentityProviderConfigName: jsii.String("identityProviderConfigName"), Oidc: &OidcIdentityProviderConfigProperty{ ClientId: jsii.String("clientId"), IssuerUrl: jsii.String("issuerUrl"), // the properties below are optional GroupsClaim: jsii.String("groupsClaim"), GroupsPrefix: jsii.String("groupsPrefix"), RequiredClaims: []interface{}{ &RequiredClaimProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, UsernameClaim: jsii.String("usernameClaim"), UsernamePrefix: jsii.String("usernamePrefix"), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, })
func NewCfnIdentityProviderConfig ¶ added in v2.16.0
func NewCfnIdentityProviderConfig(scope constructs.Construct, id *string, props *CfnIdentityProviderConfigProps) CfnIdentityProviderConfig
type CfnIdentityProviderConfigProps ¶ added in v2.16.0
type CfnIdentityProviderConfigProps struct { // The name of your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-identityproviderconfig.html#cfn-eks-identityproviderconfig-clustername // ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // The type of the identity provider configuration. // // The only type available is `oidc` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-identityproviderconfig.html#cfn-eks-identityproviderconfig-type // Type *string `field:"required" json:"type" yaml:"type"` // The name of the configuration. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-identityproviderconfig.html#cfn-eks-identityproviderconfig-identityproviderconfigname // IdentityProviderConfigName *string `field:"optional" json:"identityProviderConfigName" yaml:"identityProviderConfigName"` // An object representing an OpenID Connect (OIDC) identity provider configuration. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-identityproviderconfig.html#cfn-eks-identityproviderconfig-oidc // Oidc interface{} `field:"optional" json:"oidc" yaml:"oidc"` // Metadata that assists with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-identityproviderconfig.html#cfn-eks-identityproviderconfig-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` }
Properties for defining a `CfnIdentityProviderConfig`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnIdentityProviderConfigProps := &CfnIdentityProviderConfigProps{ ClusterName: jsii.String("clusterName"), Type: jsii.String("type"), // the properties below are optional IdentityProviderConfigName: jsii.String("identityProviderConfigName"), Oidc: &OidcIdentityProviderConfigProperty{ ClientId: jsii.String("clientId"), IssuerUrl: jsii.String("issuerUrl"), // the properties below are optional GroupsClaim: jsii.String("groupsClaim"), GroupsPrefix: jsii.String("groupsPrefix"), RequiredClaims: []interface{}{ &RequiredClaimProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, UsernameClaim: jsii.String("usernameClaim"), UsernamePrefix: jsii.String("usernamePrefix"), }, Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }
type CfnIdentityProviderConfig_OidcIdentityProviderConfigProperty ¶ added in v2.16.0
type CfnIdentityProviderConfig_OidcIdentityProviderConfigProperty struct { // This is also known as *audience* . // // The ID of the client application that makes authentication requests to the OIDC identity provider. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-clientid // ClientId *string `field:"required" json:"clientId" yaml:"clientId"` // The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-issuerurl // IssuerUrl *string `field:"required" json:"issuerUrl" yaml:"issuerUrl"` // The JSON web token (JWT) claim that the provider uses to return your groups. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-groupsclaim // GroupsClaim *string `field:"optional" json:"groupsClaim" yaml:"groupsClaim"` // The prefix that is prepended to group claims to prevent clashes with existing names (such as `system:` groups). // // For example, the value `oidc:` creates group names like `oidc:engineering` and `oidc:infra` . The prefix can't contain `system:` // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-groupsprefix // GroupsPrefix *string `field:"optional" json:"groupsPrefix" yaml:"groupsPrefix"` // The key-value pairs that describe required claims in the identity token. // // If set, each claim is verified to be present in the token with a matching value. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-requiredclaims // RequiredClaims interface{} `field:"optional" json:"requiredClaims" yaml:"requiredClaims"` // The JSON Web token (JWT) claim that is used as the username. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-usernameclaim // UsernameClaim *string `field:"optional" json:"usernameClaim" yaml:"usernameClaim"` // The prefix that is prepended to username claims to prevent clashes with existing names. // // The prefix can't contain `system:`. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-oidcidentityproviderconfig.html#cfn-eks-identityproviderconfig-oidcidentityproviderconfig-usernameprefix // UsernamePrefix *string `field:"optional" json:"usernamePrefix" yaml:"usernamePrefix"` }
An object representing the configuration for an OpenID Connect (OIDC) identity provider.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" oidcIdentityProviderConfigProperty := &OidcIdentityProviderConfigProperty{ ClientId: jsii.String("clientId"), IssuerUrl: jsii.String("issuerUrl"), // the properties below are optional GroupsClaim: jsii.String("groupsClaim"), GroupsPrefix: jsii.String("groupsPrefix"), RequiredClaims: []interface{}{ &RequiredClaimProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, UsernameClaim: jsii.String("usernameClaim"), UsernamePrefix: jsii.String("usernamePrefix"), }
type CfnIdentityProviderConfig_RequiredClaimProperty ¶ added in v2.16.0
type CfnIdentityProviderConfig_RequiredClaimProperty struct { // The key to match from the token. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-requiredclaim.html#cfn-eks-identityproviderconfig-requiredclaim-key // Key *string `field:"required" json:"key" yaml:"key"` // The value for the key from the token. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-identityproviderconfig-requiredclaim.html#cfn-eks-identityproviderconfig-requiredclaim-value // Value *string `field:"required" json:"value" yaml:"value"` }
A key-value pair that describes a required claim in the identity token.
If set, each claim is verified to be present in the token with a matching value.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" requiredClaimProperty := &RequiredClaimProperty{ Key: jsii.String("key"), Value: jsii.String("value"), }
type CfnNodegroup ¶
type CfnNodegroup interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggable // The AMI type for your node group. AmiType() *string SetAmiType(val *string) // The Amazon Resource Name (ARN) associated with the managed node group. AttrArn() *string // The name of your cluster. AttrClusterName() *string AttrId() *string // The name associated with an Amazon EKS managed node group. AttrNodegroupName() *string // The capacity type of your managed node group. CapacityType() *string SetCapacityType(val *string) // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // The name of your cluster. ClusterName() *string SetClusterName(val *string) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The root device disk size (in GiB) for your node group instances. DiskSize() *float64 SetDiskSize(val *float64) // Force the update if any `Pod` on the existing node group can't be drained due to a `Pod` disruption budget issue. ForceUpdateEnabled() interface{} SetForceUpdateEnabled(val interface{}) // Specify the instance types for a node group. InstanceTypes() *[]*string SetInstanceTypes(val *[]*string) // The Kubernetes `labels` applied to the nodes in the node group. Labels() interface{} SetLabels(val interface{}) // An object representing a node group's launch template specification. LaunchTemplate() interface{} SetLaunchTemplate(val interface{}) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The tree node. Node() constructs.Node // The unique name to give your node group. NodegroupName() *string SetNodegroupName(val *string) // The Amazon Resource Name (ARN) of the IAM role to associate with your node group. NodeRole() *string SetNodeRole(val *string) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The AMI version of the Amazon EKS optimized AMI to use with your node group (for example, `1.14.7- *YYYYMMDD*` ). By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see [Amazon EKS optimized Linux AMI Versions](https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html) in the *Amazon EKS User Guide* . ReleaseVersion() *string SetReleaseVersion(val *string) // The remote access configuration to use with your node group. RemoteAccess() interface{} SetRemoteAccess(val interface{}) // The scaling configuration details for the Auto Scaling group that is created for your node group. ScalingConfig() interface{} SetScalingConfig(val interface{}) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // The subnets to use for the Auto Scaling group that is created for your node group. Subnets() *[]*string SetSubnets(val *[]*string) // Tag Manager which manages the tags for this resource. Tags() awscdk.TagManager // Metadata that assists with categorization and organization. TagsRaw() *map[string]*string SetTagsRaw(val *map[string]*string) // The Kubernetes taints to be applied to the nodes in the node group when they are created. Taints() interface{} SetTaints(val interface{}) // The node group update configuration. UpdateConfig() interface{} SetUpdateConfig(val interface{}) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // The Kubernetes version to use for your managed nodes. Version() *string SetVersion(val *string) // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Creates a managed node group for an Amazon EKS cluster.
You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
> Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnNodegroup := awscdk.Aws_eks.NewCfnNodegroup(this, jsii.String("MyCfnNodegroup"), &CfnNodegroupProps{ ClusterName: jsii.String("clusterName"), NodeRole: jsii.String("nodeRole"), Subnets: []*string{ jsii.String("subnets"), }, // the properties below are optional AmiType: jsii.String("amiType"), CapacityType: jsii.String("capacityType"), DiskSize: jsii.Number(123), ForceUpdateEnabled: jsii.Boolean(false), InstanceTypes: []*string{ jsii.String("instanceTypes"), }, Labels: map[string]*string{ "labelsKey": jsii.String("labels"), }, LaunchTemplate: &LaunchTemplateSpecificationProperty{ Id: jsii.String("id"), Name: jsii.String("name"), Version: jsii.String("version"), }, NodegroupName: jsii.String("nodegroupName"), ReleaseVersion: jsii.String("releaseVersion"), RemoteAccess: &RemoteAccessProperty{ Ec2SshKey: jsii.String("ec2SshKey"), // the properties below are optional SourceSecurityGroups: []*string{ jsii.String("sourceSecurityGroups"), }, }, ScalingConfig: &ScalingConfigProperty{ DesiredSize: jsii.Number(123), MaxSize: jsii.Number(123), MinSize: jsii.Number(123), }, Tags: map[string]*string{ "tagsKey": jsii.String("tags"), }, Taints: []interface{}{ &TaintProperty{ Effect: jsii.String("effect"), Key: jsii.String("key"), Value: jsii.String("value"), }, }, UpdateConfig: &UpdateConfigProperty{ MaxUnavailable: jsii.Number(123), MaxUnavailablePercentage: jsii.Number(123), }, Version: jsii.String("version"), })
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html
func NewCfnNodegroup ¶
func NewCfnNodegroup(scope constructs.Construct, id *string, props *CfnNodegroupProps) CfnNodegroup
type CfnNodegroupProps ¶
type CfnNodegroupProps struct { // The name of your cluster. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername // ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // The Amazon Resource Name (ARN) of the IAM role to associate with your node group. // // The Amazon EKS worker node `kubelet` daemon makes calls to AWS APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the **Amazon EKS User Guide** . If you specify `launchTemplate` , then don't specify `[IamInstanceProfile](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html)` in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole // NodeRole *string `field:"required" json:"nodeRole" yaml:"nodeRole"` // The subnets to use for the Auto Scaling group that is created for your node group. // // If you specify `launchTemplate` , then don't specify `[SubnetId](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html)` in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets // Subnets *[]*string `field:"required" json:"subnets" yaml:"subnets"` // The AMI type for your node group. // // If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `amiType` , or the node group deployment will fail. If your launch template uses a Windows custom AMI, then add `eks:kube-proxy-windows` to your Windows nodes `rolearn` in the `aws-auth` `ConfigMap` . For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype // AmiType *string `field:"optional" json:"amiType" yaml:"amiType"` // The capacity type of your managed node group. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype // CapacityType *string `field:"optional" json:"capacityType" yaml:"capacityType"` // The root device disk size (in GiB) for your node group instances. // // The default disk size is 20 GiB for Linux and Bottlerocket. The default disk size is 50 GiB for Windows. If you specify `launchTemplate` , then don't specify `diskSize` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize // DiskSize *float64 `field:"optional" json:"diskSize" yaml:"diskSize"` // Force the update if any `Pod` on the existing node group can't be drained due to a `Pod` disruption budget issue. // // If an update fails because all Pods can't be drained, you can force the update after it fails to terminate the old node whether or not any `Pod` is running on the node. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled // // Default: - false. // ForceUpdateEnabled interface{} `field:"optional" json:"forceUpdateEnabled" yaml:"forceUpdateEnabled"` // Specify the instance types for a node group. // // If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the `amiType` parameter. If you specify `launchTemplate` , then you can specify zero or one instance type in your launch template *or* you can specify 0-20 instance types for `instanceTypes` . If however, you specify an instance type in your launch template *and* specify any `instanceTypes` , the node group deployment will fail. If you don't specify an instance type in a launch template or for `instanceTypes` , then `t3.medium` is used, by default. If you specify `Spot` for `capacityType` , then we recommend specifying multiple values for `instanceTypes` . For more information, see [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types) and [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes // InstanceTypes *[]*string `field:"optional" json:"instanceTypes" yaml:"instanceTypes"` // The Kubernetes `labels` applied to the nodes in the node group. // // > Only `labels` that are applied with the Amazon EKS API are shown here. There may be other Kubernetes `labels` applied to the nodes in this group. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels // Labels interface{} `field:"optional" json:"labels" yaml:"labels"` // An object representing a node group's launch template specification. // // When using this object, don't directly specify `instanceTypes` , `diskSize` , or `remoteAccess` . Make sure that the launch template meets the requirements in `launchTemplateSpecification` . Also refer to [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate // LaunchTemplate interface{} `field:"optional" json:"launchTemplate" yaml:"launchTemplate"` // The unique name to give your node group. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname // NodegroupName *string `field:"optional" json:"nodegroupName" yaml:"nodegroupName"` // The AMI version of the Amazon EKS optimized AMI to use with your node group (for example, `1.14.7- *YYYYMMDD*` ). By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see [Amazon EKS optimized Linux AMI Versions](https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html) in the *Amazon EKS User Guide* . // // > Changing this value triggers an update of the node group if one is available. You can't update other properties at the same time as updating `Release Version` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion // ReleaseVersion *string `field:"optional" json:"releaseVersion" yaml:"releaseVersion"` // The remote access configuration to use with your node group. // // For Linux, the protocol is SSH. For Windows, the protocol is RDP. If you specify `launchTemplate` , then don't specify `remoteAccess` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess // RemoteAccess interface{} `field:"optional" json:"remoteAccess" yaml:"remoteAccess"` // The scaling configuration details for the Auto Scaling group that is created for your node group. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig // ScalingConfig interface{} `field:"optional" json:"scalingConfig" yaml:"scalingConfig"` // Metadata that assists with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags // Tags *map[string]*string `field:"optional" json:"tags" yaml:"tags"` // The Kubernetes taints to be applied to the nodes in the node group when they are created. // // Effect is one of `No_Schedule` , `Prefer_No_Schedule` , or `No_Execute` . Kubernetes taints can be used together with tolerations to control how workloads are scheduled to your nodes. For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints // Taints interface{} `field:"optional" json:"taints" yaml:"taints"` // The node group update configuration. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-updateconfig // UpdateConfig interface{} `field:"optional" json:"updateConfig" yaml:"updateConfig"` // The Kubernetes version to use for your managed nodes. // // By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `version` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . // // > You can't update other properties at the same time as updating `Version` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version // Version *string `field:"optional" json:"version" yaml:"version"` }
Properties for defining a `CfnNodegroup`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnNodegroupProps := &CfnNodegroupProps{ ClusterName: jsii.String("clusterName"), NodeRole: jsii.String("nodeRole"), Subnets: []*string{ jsii.String("subnets"), }, // the properties below are optional AmiType: jsii.String("amiType"), CapacityType: jsii.String("capacityType"), DiskSize: jsii.Number(123), ForceUpdateEnabled: jsii.Boolean(false), InstanceTypes: []*string{ jsii.String("instanceTypes"), }, Labels: map[string]*string{ "labelsKey": jsii.String("labels"), }, LaunchTemplate: &LaunchTemplateSpecificationProperty{ Id: jsii.String("id"), Name: jsii.String("name"), Version: jsii.String("version"), }, NodegroupName: jsii.String("nodegroupName"), ReleaseVersion: jsii.String("releaseVersion"), RemoteAccess: &RemoteAccessProperty{ Ec2SshKey: jsii.String("ec2SshKey"), // the properties below are optional SourceSecurityGroups: []*string{ jsii.String("sourceSecurityGroups"), }, }, ScalingConfig: &ScalingConfigProperty{ DesiredSize: jsii.Number(123), MaxSize: jsii.Number(123), MinSize: jsii.Number(123), }, Tags: map[string]*string{ "tagsKey": jsii.String("tags"), }, Taints: []interface{}{ &TaintProperty{ Effect: jsii.String("effect"), Key: jsii.String("key"), Value: jsii.String("value"), }, }, UpdateConfig: &UpdateConfigProperty{ MaxUnavailable: jsii.Number(123), MaxUnavailablePercentage: jsii.Number(123), }, Version: jsii.String("version"), }
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html
type CfnNodegroup_LaunchTemplateSpecificationProperty ¶
type CfnNodegroup_LaunchTemplateSpecificationProperty struct { // The ID of the launch template. // // You must specify either the launch template ID or the launch template name in the request, but not both. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id // Id *string `field:"optional" json:"id" yaml:"id"` // The name of the launch template. // // You must specify either the launch template name or the launch template ID in the request, but not both. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name // Name *string `field:"optional" json:"name" yaml:"name"` // The version number of the launch template to use. // // If no version is specified, then the template's default version is used. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version // Version *string `field:"optional" json:"version" yaml:"version"` }
An object representing a node group launch template specification.
The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
You must specify either the launch template ID or the launch template name in the request, but not both.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" launchTemplateSpecificationProperty := &LaunchTemplateSpecificationProperty{ Id: jsii.String("id"), Name: jsii.String("name"), Version: jsii.String("version"), }
type CfnNodegroup_RemoteAccessProperty ¶
type CfnNodegroup_RemoteAccessProperty struct { // The Amazon EC2 SSH key name that provides access for SSH communication with the nodes in the managed node group. // // For more information, see [Amazon EC2 key pairs and Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the *Amazon Elastic Compute Cloud User Guide for Linux Instances* . For Windows, an Amazon EC2 SSH key is used to obtain the RDP password. For more information, see [Amazon EC2 key pairs and Windows instances](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-key-pairs.html) in the *Amazon Elastic Compute Cloud User Guide for Windows Instances* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey // Ec2SshKey *string `field:"required" json:"ec2SshKey" yaml:"ec2SshKey"` // The security group IDs that are allowed SSH access (port 22) to the nodes. // // For Windows, the port is 3389. If you specify an Amazon EC2 SSH key but don't specify a source security group when you create a managed node group, then the port on the nodes is opened to the internet ( `0.0.0.0/0` ). For more information, see [Security Groups for Your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon Virtual Private Cloud User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups // SourceSecurityGroups *[]*string `field:"optional" json:"sourceSecurityGroups" yaml:"sourceSecurityGroups"` }
An object representing the remote access configuration for the managed node group.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" remoteAccessProperty := &RemoteAccessProperty{ Ec2SshKey: jsii.String("ec2SshKey"), // the properties below are optional SourceSecurityGroups: []*string{ jsii.String("sourceSecurityGroups"), }, }
type CfnNodegroup_ScalingConfigProperty ¶
type CfnNodegroup_ScalingConfigProperty struct { // The current number of nodes that the managed node group should maintain. // // > If you use the Kubernetes [Cluster Autoscaler](https://docs.aws.amazon.com/https://github.com/kubernetes/autoscaler#kubernetes-autoscaler) , you shouldn't change the `desiredSize` value directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale down. // // Whenever this parameter changes, the number of worker nodes in the node group is updated to the specified size. If this parameter is given a value that is smaller than the current number of running worker nodes, the necessary number of worker nodes are terminated to match the given value. When using CloudFormation, no action occurs if you remove this parameter from your CFN template. // // This parameter can be different from `minSize` in some cases, such as when starting with extra hosts for testing. This parameter can also be different when you want to start with an estimated number of needed hosts, but let the Cluster Autoscaler reduce the number if there are too many. When the Cluster Autoscaler is used, the `desiredSize` parameter is altered by the Cluster Autoscaler (but can be out-of-date for short periods of time). the Cluster Autoscaler doesn't scale a managed node group lower than `minSize` or higher than `maxSize` . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize // DesiredSize *float64 `field:"optional" json:"desiredSize" yaml:"desiredSize"` // The maximum number of nodes that the managed node group can scale out to. // // For information about the maximum number that you can specify, see [Amazon EKS service quotas](https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) in the *Amazon EKS User Guide* . // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize // MaxSize *float64 `field:"optional" json:"maxSize" yaml:"maxSize"` // The minimum number of nodes that the managed node group can scale in to. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize // MinSize *float64 `field:"optional" json:"minSize" yaml:"minSize"` }
An object representing the scaling configuration details for the Auto Scaling group that is associated with your node group.
When creating a node group, you must specify all or none of the properties. When updating a node group, you can specify any or none of the properties.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" scalingConfigProperty := &ScalingConfigProperty{ DesiredSize: jsii.Number(123), MaxSize: jsii.Number(123), MinSize: jsii.Number(123), }
type CfnNodegroup_TaintProperty ¶
type CfnNodegroup_TaintProperty struct { // The effect of the taint. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect // Effect *string `field:"optional" json:"effect" yaml:"effect"` // The key of the taint. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key // Key *string `field:"optional" json:"key" yaml:"key"` // The value of the taint. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value // Value *string `field:"optional" json:"value" yaml:"value"` }
A property that allows a node to repel a `Pod` .
For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) in the *Amazon EKS User Guide* .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" taintProperty := &TaintProperty{ Effect: jsii.String("effect"), Key: jsii.String("key"), Value: jsii.String("value"), }
type CfnNodegroup_UpdateConfigProperty ¶
type CfnNodegroup_UpdateConfigProperty struct { // // Nodes are updated in parallel. This value or `maxUnavailablePercentage` is required to have a value.The maximum number is 100. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailable // MaxUnavailable *float64 `field:"optional" json:"maxUnavailable" yaml:"maxUnavailable"` // // This percentage of nodes are updated in parallel, up to 100 nodes at once. This value or `maxUnavailable` is required to have a value. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailablepercentage // MaxUnavailablePercentage *float64 `field:"optional" json:"maxUnavailablePercentage" yaml:"maxUnavailablePercentage"` }
The update configuration for the node group.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" updateConfigProperty := &UpdateConfigProperty{ MaxUnavailable: jsii.Number(123), MaxUnavailablePercentage: jsii.Number(123), }
type CfnPodIdentityAssociation ¶ added in v2.112.0
type CfnPodIdentityAssociation interface { awscdk.CfnResource awscdk.IInspectable awscdk.ITaggableV2 // The Amazon Resource Name (ARN) of the association. AttrAssociationArn() *string // The ID of the association. AttrAssociationId() *string // Tag Manager which manages the tags for this resource. CdkTagManager() awscdk.TagManager // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // The name of the cluster that the association is in. ClusterName() *string SetClusterName(val *string) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The name of the Kubernetes namespace inside the cluster to create the association in. Namespace() *string SetNamespace(val *string) // The tree node. Node() constructs.Node // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The Amazon Resource Name (ARN) of the IAM role to associate with the service account. RoleArn() *string SetRoleArn(val *string) // The name of the Kubernetes service account inside the cluster to associate the IAM credentials with. ServiceAccount() *string SetServiceAccount(val *string) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Metadata that assists with categorization and organization. Tags() *[]*awscdk.CfnTag SetTags(val *[]*awscdk.CfnTag) // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) }
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnPodIdentityAssociation := awscdk.Aws_eks.NewCfnPodIdentityAssociation(this, jsii.String("MyCfnPodIdentityAssociation"), &CfnPodIdentityAssociationProps{ ClusterName: jsii.String("clusterName"), Namespace: jsii.String("namespace"), RoleArn: jsii.String("roleArn"), ServiceAccount: jsii.String("serviceAccount"), // the properties below are optional Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, })
func NewCfnPodIdentityAssociation ¶ added in v2.112.0
func NewCfnPodIdentityAssociation(scope constructs.Construct, id *string, props *CfnPodIdentityAssociationProps) CfnPodIdentityAssociation
type CfnPodIdentityAssociationProps ¶ added in v2.112.0
type CfnPodIdentityAssociationProps struct { // The name of the cluster that the association is in. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-clustername // ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // The name of the Kubernetes namespace inside the cluster to create the association in. // // The service account and the pods that use the service account must be in this namespace. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-namespace // Namespace *string `field:"required" json:"namespace" yaml:"namespace"` // The Amazon Resource Name (ARN) of the IAM role to associate with the service account. // // The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-rolearn // RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"` // The name of the Kubernetes service account inside the cluster to associate the IAM credentials with. // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-serviceaccount // ServiceAccount *string `field:"required" json:"serviceAccount" yaml:"serviceAccount"` // Metadata that assists with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. // // The following basic restrictions apply to tags: // // - Maximum number of tags per resource – 50 // - For each resource, each tag key must be unique, and each tag key can have only one value. // - Maximum key length – 128 Unicode characters in UTF-8 // - Maximum value length – 256 Unicode characters in UTF-8 // - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-tags // Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` }
Properties for defining a `CfnPodIdentityAssociation`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnPodIdentityAssociationProps := &CfnPodIdentityAssociationProps{ ClusterName: jsii.String("clusterName"), Namespace: jsii.String("namespace"), RoleArn: jsii.String("roleArn"), ServiceAccount: jsii.String("serviceAccount"), // the properties below are optional Tags: []cfnTag{ &cfnTag{ Key: jsii.String("key"), Value: jsii.String("value"), }, }, }
type Cluster ¶
type Cluster interface { awscdk.Resource ICluster // An IAM role with administrative permissions to create or update the cluster. // // This role also has `systems:master` permissions. AdminRole() awsiam.Role // The ALB Controller construct defined for this cluster. // // Will be undefined if `albController` wasn't configured. AlbController() AlbController // The authentication mode for the Amazon EKS cluster. // // The authentication mode determines how users and applications authenticate to the Kubernetes API server. // Default: CONFIG_MAP. // AuthenticationMode() AuthenticationMode // Lazily creates the AwsAuth resource, which manages AWS authentication mapping. AwsAuth() AwsAuth // An AWS Lambda layer that contains the `aws` CLI. // // If not defined, a default layer will be used containing the AWS CLI 1.x. AwscliLayer() awslambda.ILayerVersion // The AWS generated ARN for the Cluster resource. // // For example, `arn:aws:eks:us-west-2:666666666666:cluster/prod`. ClusterArn() *string // The certificate-authority-data for your cluster. ClusterCertificateAuthorityData() *string // Amazon Resource Name (ARN) or alias of the customer master key (CMK). ClusterEncryptionConfigKeyArn() *string // The endpoint URL for the Cluster. // // This is the URL inside the kubeconfig file to use with kubectl // // For example, `https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com` ClusterEndpoint() *string // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. // Default: - No security group. // ClusterHandlerSecurityGroup() awsec2.ISecurityGroup // The Name of the created EKS Cluster. ClusterName() *string // If this cluster is kubectl-enabled, returns the OpenID Connect issuer. // // This is because the values is only be retrieved by the API and not exposed // by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the // stock `CfnCluster`), this is `undefined`. ClusterOpenIdConnectIssuer() *string // If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. // // This is because the values is only be retrieved by the API and not exposed // by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the // stock `CfnCluster`), this is `undefined`. ClusterOpenIdConnectIssuerUrl() *string // The cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroup() awsec2.ISecurityGroup // The id of the cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroupId() *string // Manages connection rules (Security Group Rules) for the cluster. Connections() awsec2.Connections // The auto scaling group that hosts the default capacity for this cluster. // // This will be `undefined` if the `defaultCapacityType` is not `EC2` or // `defaultCapacityType` is `EC2` but default capacity is set to 0. DefaultCapacity() awsautoscaling.AutoScalingGroup // The node group that hosts the default capacity for this cluster. // // This will be `undefined` if the `defaultCapacityType` is `EC2` or // `defaultCapacityType` is `NODEGROUP` but default capacity is set to 0. DefaultNodegroup() Nodegroup // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. Env() *awscdk.ResourceEnvironment // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily() IpFamily // Custom environment variables when running `kubectl` against this cluster. KubectlEnvironment() *map[string]*string // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. // // This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. // Default: - if not specified, the default role created by a lambda function will // be used. // KubectlLambdaRole() awsiam.IRole // An AWS Lambda layer that includes `kubectl` and `helm`. // // If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8 KubectlLayer() awslambda.ILayerVersion // The amount of memory allocated to the kubectl provider's lambda function. KubectlMemory() awscdk.Size // Subnets to host the `kubectl` compute resources. // Default: - If not specified, the k8s endpoint is expected to be accessible // publicly. // KubectlPrivateSubnets() *[]awsec2.ISubnet // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. KubectlRole() awsiam.IRole // A security group to use for `kubectl` execution. // Default: - If not specified, the k8s endpoint is expected to be accessible // publicly. // KubectlSecurityGroup() awsec2.ISecurityGroup // The tree node. Node() constructs.Node // The AWS Lambda layer that contains the NPM dependency `proxy-agent`. // // If // undefined, a SAR app that contains this layer will be used. OnEventLayer() awslambda.ILayerVersion // An `OpenIdConnectProvider` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. // // A provider will only be defined if this property is accessed (lazy initialization). OpenIdConnectProvider() awsiam.IOpenIdConnectProvider // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. PhysicalName() *string // Determines if Kubernetes resources can be pruned automatically. Prune() *bool // IAM role assumed by the EKS Control Plane. Role() awsiam.IRole // The stack in which this resource is defined. Stack() awscdk.Stack // The VPC in which this Cluster was created. Vpc() awsec2.IVpc // Add nodes to this EKS cluster. // // The nodes will automatically be configured with the right VPC and AMI // for the instance type and Kubernetes version. // // Note that if you specify `updateType: RollingUpdate` or `updateType: ReplacingUpdate`, your nodes might be replaced at deploy // time without notice in case the recommended AMI for your machine image type has been updated by AWS. // The default behavior for `updateType` is `None`, which means only new instances will be launched using the new AMI. // // Spot instances will be labeled `lifecycle=Ec2Spot` and tainted with `PreferNoSchedule`. // In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) // daemon will be installed on all spot instances to handle // [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). AddAutoScalingGroupCapacity(id *string, options *AutoScalingGroupCapacityOptions) awsautoscaling.AutoScalingGroup // Defines a CDK8s chart in this cluster. // // Returns: a `KubernetesManifest` construct representing the chart. AddCdk8sChart(id *string, chart constructs.Construct, options *KubernetesManifestOptions) KubernetesManifest // Adds a Fargate profile to this cluster. // See: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html // AddFargateProfile(id *string, options *FargateProfileOptions) FargateProfile // Defines a Helm chart in this cluster. // // Returns: a `HelmChart` construct. AddHelmChart(id *string, options *HelmChartOptions) HelmChart // Defines a Kubernetes resource in this cluster. // // The manifest will be applied/deleted using kubectl as needed. // // Returns: a `KubernetesResource` object. AddManifest(id *string, manifest ...*map[string]interface{}) KubernetesManifest // Add managed nodegroup to this Amazon EKS cluster. // // This method will create a new managed nodegroup and add into the capacity. // See: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html // AddNodegroupCapacity(id *string, options *NodegroupOptions) Nodegroup // Creates a new service account with corresponding IAM Role (IRSA). AddServiceAccount(id *string, options *ServiceAccountOptions) ServiceAccount // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). ApplyRemovalPolicy(policy awscdk.RemovalPolicy) // Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. // // The AutoScalingGroup must be running an EKS-optimized AMI containing the // /etc/eks/bootstrap.sh script. This method will configure Security Groups, // add the right policies to the instance role, apply the right tags, and add // the required user data to the instance's launch configuration. // // Spot instances will be labeled `lifecycle=Ec2Spot` and tainted with `PreferNoSchedule`. // If kubectl is enabled, the // [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) // daemon will be installed on all spot instances to handle // [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). // // Prefer to use `addAutoScalingGroupCapacity` if possible. // See: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html // ConnectAutoScalingGroupCapacity(autoScalingGroup awsautoscaling.AutoScalingGroup, options *AutoScalingGroupOptions) GeneratePhysicalName() *string // Fetch the load balancer address of an ingress backed by a load balancer. GetIngressLoadBalancerAddress(ingressName *string, options *IngressLoadBalancerAddressOptions) *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. GetResourceNameAttribute(nameAttr *string) *string // Fetch the load balancer address of a service of type 'LoadBalancer'. GetServiceLoadBalancerAddress(serviceName *string, options *ServiceLoadBalancerAddressOptions) *string // Grants the specified IAM principal access to the EKS cluster based on the provided access policies. // // This method creates an `AccessEntry` construct that grants the specified IAM principal the access permissions // defined by the provided `IAccessPolicy` array. This allows the IAM principal to perform the actions permitted // by the access policies within the EKS cluster. GrantAccess(id *string, principal *string, accessPolicies *[]IAccessPolicy) // Returns a string representation of this construct. ToString() *string }
A Cluster represents a managed Kubernetes Service (EKS).
This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.
Example:
// or var vpc vpc eks.NewCluster(this, jsii.String("MyCluster"), &ClusterProps{ KubectlMemory: awscdk.Size_Gibibytes(jsii.Number(4)), Version: eks.KubernetesVersion_V1_30(), }) eks.Cluster_FromClusterAttributes(this, jsii.String("MyCluster"), &ClusterAttributes{ KubectlMemory: awscdk.Size_*Gibibytes(jsii.Number(4)), Vpc: Vpc, ClusterName: jsii.String("cluster-name"), })
func NewCluster ¶
func NewCluster(scope constructs.Construct, id *string, props *ClusterProps) Cluster
Initiates an EKS Cluster with the supplied arguments.
type ClusterAttributes ¶
type ClusterAttributes struct { // The physical name of the Cluster. ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"` // An AWS Lambda layer that contains the `aws` CLI. // // The handler expects the layer to include the following executables: // // “` // /opt/awscli/aws // “`. // Default: - a default layer with the AWS CLI 1.x // AwscliLayer awslambda.ILayerVersion `field:"optional" json:"awscliLayer" yaml:"awscliLayer"` // The certificate-authority-data for your cluster. // Default: - if not specified `cluster.clusterCertificateAuthorityData` will // throw an error. // ClusterCertificateAuthorityData *string `field:"optional" json:"clusterCertificateAuthorityData" yaml:"clusterCertificateAuthorityData"` // Amazon Resource Name (ARN) or alias of the customer master key (CMK). // Default: - if not specified `cluster.clusterEncryptionConfigKeyArn` will // throw an error. // ClusterEncryptionConfigKeyArn *string `field:"optional" json:"clusterEncryptionConfigKeyArn" yaml:"clusterEncryptionConfigKeyArn"` // The API Server endpoint URL. // Default: - if not specified `cluster.clusterEndpoint` will throw an error. // ClusterEndpoint *string `field:"optional" json:"clusterEndpoint" yaml:"clusterEndpoint"` // A security group id to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // Default: - No security group. // ClusterHandlerSecurityGroupId *string `field:"optional" json:"clusterHandlerSecurityGroupId" yaml:"clusterHandlerSecurityGroupId"` // The cluster security group that was created by Amazon EKS for the cluster. // Default: - if not specified `cluster.clusterSecurityGroupId` will throw an // error. // ClusterSecurityGroupId *string `field:"optional" json:"clusterSecurityGroupId" yaml:"clusterSecurityGroupId"` // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily IpFamily `field:"optional" json:"ipFamily" yaml:"ipFamily"` // Environment variables to use when running `kubectl` against this cluster. // Default: - no additional variables. // KubectlEnvironment *map[string]*string `field:"optional" json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. // // This role is directly passed to the lambda handler that sends Kube Ctl commands // to the cluster. // Default: - if not specified, the default role created by a lambda function will // be used. // KubectlLambdaRole awsiam.IRole `field:"optional" json:"kubectlLambdaRole" yaml:"kubectlLambdaRole"` // An AWS Lambda Layer which includes `kubectl` and Helm. // // This layer is used by the kubectl handler to apply manifests and install // helm charts. You must pick an appropriate releases of one of the // `@aws-cdk/layer-kubectl-vXX` packages, that works with the version of // Kubernetes you have chosen. If you don't supply this value `kubectl` // 1.20 will be used, but that version is most likely too old. // // The handler expects the layer to include the following executables: // // “` // /opt/helm/helm // /opt/kubectl/kubectl // “`. // Default: - a default layer with Kubectl 1.20 and helm 3.8. // KubectlLayer awslambda.ILayerVersion `field:"optional" json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. // Default: Size.gibibytes(1) // KubectlMemory awscdk.Size `field:"optional" json:"kubectlMemory" yaml:"kubectlMemory"` // Subnets to host the `kubectl` compute resources. // // If not specified, the k8s // endpoint is expected to be accessible publicly. // Default: - k8s endpoint is expected to be accessible publicly. // KubectlPrivateSubnetIds *[]*string `field:"optional" json:"kubectlPrivateSubnetIds" yaml:"kubectlPrivateSubnetIds"` // KubectlProvider for issuing kubectl commands. // Default: - Default CDK provider. // KubectlProvider IKubectlProvider `field:"optional" json:"kubectlProvider" yaml:"kubectlProvider"` // An IAM role with cluster administrator and "system:masters" permissions. // Default: - if not specified, it not be possible to issue `kubectl` commands // against an imported cluster. // KubectlRoleArn *string `field:"optional" json:"kubectlRoleArn" yaml:"kubectlRoleArn"` // A security group to use for `kubectl` execution. // // If not specified, the k8s // endpoint is expected to be accessible publicly. // Default: - k8s endpoint is expected to be accessible publicly. // KubectlSecurityGroupId *string `field:"optional" json:"kubectlSecurityGroupId" yaml:"kubectlSecurityGroupId"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // The handler expects the layer to include the following node_modules: // // proxy-agent. // Default: - a layer bundled with this module. // OnEventLayer awslambda.ILayerVersion `field:"optional" json:"onEventLayer" yaml:"onEventLayer"` // An Open ID Connect provider for this cluster that can be used to configure service accounts. // // You can either import an existing provider using `iam.OpenIdConnectProvider.fromProviderArn`, // or create a new provider using `new eks.OpenIdConnectProvider` // Default: - if not specified `cluster.openIdConnectProvider` and `cluster.addServiceAccount` will throw an error. // OpenIdConnectProvider awsiam.IOpenIdConnectProvider `field:"optional" json:"openIdConnectProvider" yaml:"openIdConnectProvider"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. // Default: true. // Prune *bool `field:"optional" json:"prune" yaml:"prune"` // Additional security groups associated with this cluster. // Default: - if not specified, no additional security groups will be // considered in `cluster.connections`. // SecurityGroupIds *[]*string `field:"optional" json:"securityGroupIds" yaml:"securityGroupIds"` // The VPC in which this Cluster was created. // Default: - if not specified `cluster.vpc` will throw an error // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` }
Attributes for EKS clusters.
Example:
var cluster cluster var asg autoScalingGroup importedCluster := eks.cluster_FromClusterAttributes(this, jsii.String("ImportedCluster"), &ClusterAttributes{ ClusterName: cluster.ClusterName, ClusterSecurityGroupId: cluster.ClusterSecurityGroupId, }) importedCluster.ConnectAutoScalingGroupCapacity(asg, &AutoScalingGroupOptions{ })
type ClusterLoggingTypes ¶ added in v2.10.0
type ClusterLoggingTypes string
EKS cluster logging types.
Example:
cluster := eks.NewCluster(this, jsii.String("Cluster"), &ClusterProps{ // ... Version: eks.KubernetesVersion_V1_30(), ClusterLogging: []clusterLoggingTypes{ eks.*clusterLoggingTypes_API, eks.*clusterLoggingTypes_AUTHENTICATOR, eks.*clusterLoggingTypes_SCHEDULER, }, })
const ( // Logs pertaining to API requests to the cluster. ClusterLoggingTypes_API ClusterLoggingTypes = "API" // Logs pertaining to cluster access via the Kubernetes API. ClusterLoggingTypes_AUDIT ClusterLoggingTypes = "AUDIT" // Logs pertaining to authentication requests into the cluster. ClusterLoggingTypes_AUTHENTICATOR ClusterLoggingTypes = "AUTHENTICATOR" // Logs pertaining to state of cluster controllers. ClusterLoggingTypes_CONTROLLER_MANAGER ClusterLoggingTypes = "CONTROLLER_MANAGER" // Logs pertaining to scheduling decisions. ClusterLoggingTypes_SCHEDULER ClusterLoggingTypes = "SCHEDULER" )
type ClusterOptions ¶
type ClusterOptions struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `field:"required" json:"version" yaml:"version"` // Name for the cluster. // Default: - Automatically generated name. // ClusterName *string `field:"optional" json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. // Default: false. // OutputClusterName *bool `field:"optional" json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. // Default: true. // OutputConfigCommand *bool `field:"optional" json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. // Default: - A role is automatically created for you. // Role awsiam.IRole `field:"optional" json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. // Default: - A security group is automatically created. // SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. // Default: - a VPC with default configuration will be created and can be accessed through `cluster.vpc`. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]` // Default: - All public and private subnets. // VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"` // Install the AWS Load Balancer Controller onto the cluster. // See: https://kubernetes-sigs.github.io/aws-load-balancer-controller // // Default: - The controller is not installed. // AlbController *AlbControllerOptions `field:"optional" json:"albController" yaml:"albController"` // The desired authentication mode for the cluster. // Default: AuthenticationMode.CONFIG_MAP // AuthenticationMode AuthenticationMode `field:"optional" json:"authenticationMode" yaml:"authenticationMode"` // An AWS Lambda layer that contains the `aws` CLI. // // The handler expects the layer to include the following executables: // // “` // /opt/awscli/aws // “`. // Default: - a default layer with the AWS CLI 1.x // AwscliLayer awslambda.ILayerVersion `field:"optional" json:"awscliLayer" yaml:"awscliLayer"` // Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. // Default: - No environment variables. // ClusterHandlerEnvironment *map[string]*string `field:"optional" json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"` // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. // Default: - No security group. // ClusterHandlerSecurityGroup awsec2.ISecurityGroup `field:"optional" json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"` // The cluster log types which you want to enable. // Default: - none. // ClusterLogging *[]ClusterLoggingTypes `field:"optional" json:"clusterLogging" yaml:"clusterLogging"` // Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. // Default: CoreDnsComputeType.EC2 (for `FargateCluster` the default is FARGATE) // CoreDnsComputeType CoreDnsComputeType `field:"optional" json:"coreDnsComputeType" yaml:"coreDnsComputeType"` // Configure access to the Kubernetes API server endpoint.. // See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html // // Default: EndpointAccess.PUBLIC_AND_PRIVATE // EndpointAccess EndpointAccess `field:"optional" json:"endpointAccess" yaml:"endpointAccess"` // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily IpFamily `field:"optional" json:"ipFamily" yaml:"ipFamily"` // Environment variables for the kubectl execution. // // Only relevant for kubectl enabled clusters. // Default: - No environment variables. // KubectlEnvironment *map[string]*string `field:"optional" json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An AWS Lambda Layer which includes `kubectl` and Helm. // // This layer is used by the kubectl handler to apply manifests and install // helm charts. You must pick an appropriate releases of one of the // `@aws-cdk/layer-kubectl-vXX` packages, that works with the version of // Kubernetes you have chosen. If you don't supply this value `kubectl` // 1.20 will be used, but that version is most likely too old. // // The handler expects the layer to include the following executables: // // “` // /opt/helm/helm // /opt/kubectl/kubectl // “`. // Default: - a default layer with Kubectl 1.20. // KubectlLayer awslambda.ILayerVersion `field:"optional" json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. // Default: Size.gibibytes(1) // KubectlMemory awscdk.Size `field:"optional" json:"kubectlMemory" yaml:"kubectlMemory"` // An IAM role that will be added to the `system:masters` Kubernetes RBAC group. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // // Default: - no masters role. // MastersRole awsiam.IRole `field:"optional" json:"mastersRole" yaml:"mastersRole"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // By default, the provider will use the layer included in the // "aws-lambda-layer-node-proxy-agent" SAR application which is available in all // commercial regions. // // To deploy the layer locally define it in your app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.NODEJS_LATEST], // }); // “`. // Default: - a layer bundled with this module. // OnEventLayer awslambda.ILayerVersion `field:"optional" json:"onEventLayer" yaml:"onEventLayer"` // Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified). // Default: false. // OutputMastersRoleArn *bool `field:"optional" json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"` // If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy. // Default: false. // PlaceClusterHandlerInVpc *bool `field:"optional" json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. // Default: true. // Prune *bool `field:"optional" json:"prune" yaml:"prune"` // KMS secret for envelope encryption for Kubernetes secrets. // Default: - By default, Kubernetes stores all secret object data within etcd and // all etcd volumes used by Amazon EKS are encrypted at the disk-level // using AWS-Managed encryption keys. // SecretsEncryptionKey awskms.IKey `field:"optional" json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"` // The CIDR block to assign Kubernetes service IP addresses from. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr // // Default: - Kubernetes assigns addresses from either the // 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks // ServiceIpv4Cidr *string `field:"optional" json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` }
Options for EKS clusters.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import cdk "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var albControllerVersion albControllerVersion var endpointAccess endpointAccess var key key var kubernetesVersion kubernetesVersion var layerVersion layerVersion var policy interface{} var role role var securityGroup securityGroup var size size var subnet subnet var subnetFilter subnetFilter var vpc vpc clusterOptions := &ClusterOptions{ Version: kubernetesVersion, // the properties below are optional AlbController: &AlbControllerOptions{ Version: albControllerVersion, // the properties below are optional Policy: policy, Repository: jsii.String("repository"), }, AuthenticationMode: awscdk.Aws_eks.AuthenticationMode_CONFIG_MAP, AwscliLayer: layerVersion, ClusterHandlerEnvironment: map[string]*string{ "clusterHandlerEnvironmentKey": jsii.String("clusterHandlerEnvironment"), }, ClusterHandlerSecurityGroup: securityGroup, ClusterLogging: []clusterLoggingTypes{ awscdk.*Aws_eks.*clusterLoggingTypes_API, }, ClusterName: jsii.String("clusterName"), CoreDnsComputeType: awscdk.*Aws_eks.CoreDnsComputeType_EC2, EndpointAccess: endpointAccess, IpFamily: awscdk.*Aws_eks.IpFamily_IP_V4, KubectlEnvironment: map[string]*string{ "kubectlEnvironmentKey": jsii.String("kubectlEnvironment"), }, KubectlLayer: layerVersion, KubectlMemory: size, MastersRole: role, OnEventLayer: layerVersion, OutputClusterName: jsii.Boolean(false), OutputConfigCommand: jsii.Boolean(false), OutputMastersRoleArn: jsii.Boolean(false), PlaceClusterHandlerInVpc: jsii.Boolean(false), Prune: jsii.Boolean(false), Role: role, SecretsEncryptionKey: key, SecurityGroup: securityGroup, ServiceIpv4Cidr: jsii.String("serviceIpv4Cidr"), Vpc: vpc, VpcSubnets: []subnetSelection{ &subnetSelection{ AvailabilityZones: []*string{ jsii.String("availabilityZones"), }, OnePerAz: jsii.Boolean(false), SubnetFilters: []*subnetFilter{ subnetFilter, }, SubnetGroupName: jsii.String("subnetGroupName"), Subnets: []iSubnet{ subnet, }, SubnetType: awscdk.Aws_ec2.SubnetType_PRIVATE_ISOLATED, }, }, }
type ClusterProps ¶
type ClusterProps struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `field:"required" json:"version" yaml:"version"` // Name for the cluster. // Default: - Automatically generated name. // ClusterName *string `field:"optional" json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. // Default: false. // OutputClusterName *bool `field:"optional" json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. // Default: true. // OutputConfigCommand *bool `field:"optional" json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. // Default: - A role is automatically created for you. // Role awsiam.IRole `field:"optional" json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. // Default: - A security group is automatically created. // SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. // Default: - a VPC with default configuration will be created and can be accessed through `cluster.vpc`. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]` // Default: - All public and private subnets. // VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"` // Install the AWS Load Balancer Controller onto the cluster. // See: https://kubernetes-sigs.github.io/aws-load-balancer-controller // // Default: - The controller is not installed. // AlbController *AlbControllerOptions `field:"optional" json:"albController" yaml:"albController"` // The desired authentication mode for the cluster. // Default: AuthenticationMode.CONFIG_MAP // AuthenticationMode AuthenticationMode `field:"optional" json:"authenticationMode" yaml:"authenticationMode"` // An AWS Lambda layer that contains the `aws` CLI. // // The handler expects the layer to include the following executables: // // “` // /opt/awscli/aws // “`. // Default: - a default layer with the AWS CLI 1.x // AwscliLayer awslambda.ILayerVersion `field:"optional" json:"awscliLayer" yaml:"awscliLayer"` // Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. // Default: - No environment variables. // ClusterHandlerEnvironment *map[string]*string `field:"optional" json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"` // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. // Default: - No security group. // ClusterHandlerSecurityGroup awsec2.ISecurityGroup `field:"optional" json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"` // The cluster log types which you want to enable. // Default: - none. // ClusterLogging *[]ClusterLoggingTypes `field:"optional" json:"clusterLogging" yaml:"clusterLogging"` // Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. // Default: CoreDnsComputeType.EC2 (for `FargateCluster` the default is FARGATE) // CoreDnsComputeType CoreDnsComputeType `field:"optional" json:"coreDnsComputeType" yaml:"coreDnsComputeType"` // Configure access to the Kubernetes API server endpoint.. // See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html // // Default: EndpointAccess.PUBLIC_AND_PRIVATE // EndpointAccess EndpointAccess `field:"optional" json:"endpointAccess" yaml:"endpointAccess"` // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily IpFamily `field:"optional" json:"ipFamily" yaml:"ipFamily"` // Environment variables for the kubectl execution. // // Only relevant for kubectl enabled clusters. // Default: - No environment variables. // KubectlEnvironment *map[string]*string `field:"optional" json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An AWS Lambda Layer which includes `kubectl` and Helm. // // This layer is used by the kubectl handler to apply manifests and install // helm charts. You must pick an appropriate releases of one of the // `@aws-cdk/layer-kubectl-vXX` packages, that works with the version of // Kubernetes you have chosen. If you don't supply this value `kubectl` // 1.20 will be used, but that version is most likely too old. // // The handler expects the layer to include the following executables: // // “` // /opt/helm/helm // /opt/kubectl/kubectl // “`. // Default: - a default layer with Kubectl 1.20. // KubectlLayer awslambda.ILayerVersion `field:"optional" json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. // Default: Size.gibibytes(1) // KubectlMemory awscdk.Size `field:"optional" json:"kubectlMemory" yaml:"kubectlMemory"` // An IAM role that will be added to the `system:masters` Kubernetes RBAC group. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // // Default: - no masters role. // MastersRole awsiam.IRole `field:"optional" json:"mastersRole" yaml:"mastersRole"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // By default, the provider will use the layer included in the // "aws-lambda-layer-node-proxy-agent" SAR application which is available in all // commercial regions. // // To deploy the layer locally define it in your app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.NODEJS_LATEST], // }); // “`. // Default: - a layer bundled with this module. // OnEventLayer awslambda.ILayerVersion `field:"optional" json:"onEventLayer" yaml:"onEventLayer"` // Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified). // Default: false. // OutputMastersRoleArn *bool `field:"optional" json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"` // If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy. // Default: false. // PlaceClusterHandlerInVpc *bool `field:"optional" json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. // Default: true. // Prune *bool `field:"optional" json:"prune" yaml:"prune"` // KMS secret for envelope encryption for Kubernetes secrets. // Default: - By default, Kubernetes stores all secret object data within etcd and // all etcd volumes used by Amazon EKS are encrypted at the disk-level // using AWS-Managed encryption keys. // SecretsEncryptionKey awskms.IKey `field:"optional" json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"` // The CIDR block to assign Kubernetes service IP addresses from. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr // // Default: - Kubernetes assigns addresses from either the // 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks // ServiceIpv4Cidr *string `field:"optional" json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` // Whether or not IAM principal of the cluster creator was set as a cluster admin access entry during cluster creation time. // // Changing this value after the cluster has been created will result in the cluster being replaced. // Default: true. // BootstrapClusterCreatorAdminPermissions *bool `field:"optional" json:"bootstrapClusterCreatorAdminPermissions" yaml:"bootstrapClusterCreatorAdminPermissions"` // Number of instances to allocate as an initial capacity for this cluster. // // Instance type can be configured through `defaultCapacityInstanceType`, // which defaults to `m5.large`. // // Use `cluster.addAutoScalingGroupCapacity` to add additional customized capacity. Set this // to `0` is you wish to avoid the initial capacity allocation. // Default: 2. // DefaultCapacity *float64 `field:"optional" json:"defaultCapacity" yaml:"defaultCapacity"` // The instance type to use for the default capacity. // // This will only be taken // into account if `defaultCapacity` is > 0. // Default: m5.large // DefaultCapacityInstance awsec2.InstanceType `field:"optional" json:"defaultCapacityInstance" yaml:"defaultCapacityInstance"` // The default capacity type for the cluster. // Default: NODEGROUP. // DefaultCapacityType DefaultCapacityType `field:"optional" json:"defaultCapacityType" yaml:"defaultCapacityType"` // The IAM role to pass to the Kubectl Lambda Handler. // Default: - Default Lambda IAM Execution Role. // KubectlLambdaRole awsiam.IRole `field:"optional" json:"kubectlLambdaRole" yaml:"kubectlLambdaRole"` // The tags assigned to the EKS cluster. // Default: - none. // Tags *map[string]*string `field:"optional" json:"tags" yaml:"tags"` }
Common configuration props for EKS clusters.
Example:
// or var vpc vpc eks.NewCluster(this, jsii.String("MyCluster"), &ClusterProps{ KubectlMemory: awscdk.Size_Gibibytes(jsii.Number(4)), Version: eks.KubernetesVersion_V1_30(), }) eks.Cluster_FromClusterAttributes(this, jsii.String("MyCluster"), &ClusterAttributes{ KubectlMemory: awscdk.Size_*Gibibytes(jsii.Number(4)), Vpc: Vpc, ClusterName: jsii.String("cluster-name"), })
type CommonClusterOptions ¶
type CommonClusterOptions struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `field:"required" json:"version" yaml:"version"` // Name for the cluster. // Default: - Automatically generated name. // ClusterName *string `field:"optional" json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. // Default: false. // OutputClusterName *bool `field:"optional" json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. // Default: true. // OutputConfigCommand *bool `field:"optional" json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. // Default: - A role is automatically created for you. // Role awsiam.IRole `field:"optional" json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. // Default: - A security group is automatically created. // SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. // Default: - a VPC with default configuration will be created and can be accessed through `cluster.vpc`. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]` // Default: - All public and private subnets. // VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"` }
Options for configuring an EKS cluster.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var kubernetesVersion kubernetesVersion var role role var securityGroup securityGroup var subnet subnet var subnetFilter subnetFilter var vpc vpc commonClusterOptions := &CommonClusterOptions{ Version: kubernetesVersion, // the properties below are optional ClusterName: jsii.String("clusterName"), OutputClusterName: jsii.Boolean(false), OutputConfigCommand: jsii.Boolean(false), Role: role, SecurityGroup: securityGroup, Vpc: vpc, VpcSubnets: []subnetSelection{ &subnetSelection{ AvailabilityZones: []*string{ jsii.String("availabilityZones"), }, OnePerAz: jsii.Boolean(false), SubnetFilters: []*subnetFilter{ subnetFilter, }, SubnetGroupName: jsii.String("subnetGroupName"), Subnets: []iSubnet{ subnet, }, SubnetType: awscdk.Aws_ec2.SubnetType_PRIVATE_ISOLATED, }, }, }
type CoreDnsComputeType ¶
type CoreDnsComputeType string
The type of compute resources to use for CoreDNS.
const ( // Deploy CoreDNS on EC2 instances. CoreDnsComputeType_EC2 CoreDnsComputeType = "EC2" // Deploy CoreDNS on Fargate-managed instances. CoreDnsComputeType_FARGATE CoreDnsComputeType = "FARGATE" )
type DefaultCapacityType ¶
type DefaultCapacityType string
The default capacity type for the cluster.
Example:
cluster := eks.NewCluster(this, jsii.String("HelloEKS"), &ClusterProps{ Version: eks.KubernetesVersion_V1_30(), DefaultCapacityType: eks.DefaultCapacityType_EC2, })
const ( // managed node group. DefaultCapacityType_NODEGROUP DefaultCapacityType = "NODEGROUP" // EC2 autoscaling group. DefaultCapacityType_EC2 DefaultCapacityType = "EC2" )
type EksOptimizedImage ¶
type EksOptimizedImage interface { awsec2.IMachineImage // Return the correct image. GetImage(scope constructs.Construct) *awsec2.MachineImageConfig }
Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" eksOptimizedImage := awscdk.Aws_eks.NewEksOptimizedImage(&EksOptimizedImageProps{ CpuArch: awscdk.*Aws_eks.CpuArch_ARM_64, KubernetesVersion: jsii.String("kubernetesVersion"), NodeType: awscdk.*Aws_eks.NodeType_STANDARD, })
func NewEksOptimizedImage ¶
func NewEksOptimizedImage(props *EksOptimizedImageProps) EksOptimizedImage
Constructs a new instance of the EcsOptimizedAmi class.
type EksOptimizedImageProps ¶
type EksOptimizedImageProps struct { // What cpu architecture to retrieve the image for (arm64 or x86_64). // Default: CpuArch.X86_64 // CpuArch CpuArch `field:"optional" json:"cpuArch" yaml:"cpuArch"` // The Kubernetes version to use. // Default: - The latest version. // KubernetesVersion *string `field:"optional" json:"kubernetesVersion" yaml:"kubernetesVersion"` // What instance type to retrieve the image for (standard or GPU-optimized). // Default: NodeType.STANDARD // NodeType NodeType `field:"optional" json:"nodeType" yaml:"nodeType"` }
Properties for EksOptimizedImage.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" eksOptimizedImageProps := &EksOptimizedImageProps{ CpuArch: awscdk.Aws_eks.CpuArch_ARM_64, KubernetesVersion: jsii.String("kubernetesVersion"), NodeType: awscdk.*Aws_eks.NodeType_STANDARD, }
type EndpointAccess ¶
type EndpointAccess interface { // Restrict public access to specific CIDR blocks. // // If public access is disabled, this method will result in an error. OnlyFrom(cidr ...*string) EndpointAccess }
Endpoint access characteristics.
Example:
cluster := eks.NewCluster(this, jsii.String("hello-eks"), &ClusterProps{ Version: eks.KubernetesVersion_V1_30(), EndpointAccess: eks.EndpointAccess_PRIVATE(), })
func EndpointAccess_PRIVATE ¶
func EndpointAccess_PRIVATE() EndpointAccess
func EndpointAccess_PUBLIC ¶
func EndpointAccess_PUBLIC() EndpointAccess
func EndpointAccess_PUBLIC_AND_PRIVATE ¶
func EndpointAccess_PUBLIC_AND_PRIVATE() EndpointAccess
type FargateCluster ¶
type FargateCluster interface { Cluster // An IAM role with administrative permissions to create or update the cluster. // // This role also has `systems:master` permissions. AdminRole() awsiam.Role // The ALB Controller construct defined for this cluster. // // Will be undefined if `albController` wasn't configured. AlbController() AlbController // The authentication mode for the Amazon EKS cluster. // // The authentication mode determines how users and applications authenticate to the Kubernetes API server. // Default: CONFIG_MAP. // AuthenticationMode() AuthenticationMode // Lazily creates the AwsAuth resource, which manages AWS authentication mapping. AwsAuth() AwsAuth // An AWS Lambda layer that contains the `aws` CLI. // // If not defined, a default layer will be used containing the AWS CLI 1.x. AwscliLayer() awslambda.ILayerVersion // The AWS generated ARN for the Cluster resource. // // For example, `arn:aws:eks:us-west-2:666666666666:cluster/prod`. ClusterArn() *string // The certificate-authority-data for your cluster. ClusterCertificateAuthorityData() *string // Amazon Resource Name (ARN) or alias of the customer master key (CMK). ClusterEncryptionConfigKeyArn() *string // The endpoint URL for the Cluster. // // This is the URL inside the kubeconfig file to use with kubectl // // For example, `https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com` ClusterEndpoint() *string // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. // Default: - No security group. // ClusterHandlerSecurityGroup() awsec2.ISecurityGroup // The Name of the created EKS Cluster. ClusterName() *string // If this cluster is kubectl-enabled, returns the OpenID Connect issuer. // // This is because the values is only be retrieved by the API and not exposed // by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the // stock `CfnCluster`), this is `undefined`. ClusterOpenIdConnectIssuer() *string // If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. // // This is because the values is only be retrieved by the API and not exposed // by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the // stock `CfnCluster`), this is `undefined`. ClusterOpenIdConnectIssuerUrl() *string // The cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroup() awsec2.ISecurityGroup // The id of the cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroupId() *string // Manages connection rules (Security Group Rules) for the cluster. Connections() awsec2.Connections // The auto scaling group that hosts the default capacity for this cluster. // // This will be `undefined` if the `defaultCapacityType` is not `EC2` or // `defaultCapacityType` is `EC2` but default capacity is set to 0. DefaultCapacity() awsautoscaling.AutoScalingGroup // The node group that hosts the default capacity for this cluster. // // This will be `undefined` if the `defaultCapacityType` is `EC2` or // `defaultCapacityType` is `NODEGROUP` but default capacity is set to 0. DefaultNodegroup() Nodegroup // Fargate Profile that was created with the cluster. DefaultProfile() FargateProfile // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. Env() *awscdk.ResourceEnvironment // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily() IpFamily // Custom environment variables when running `kubectl` against this cluster. KubectlEnvironment() *map[string]*string // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. // // This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. // Default: - if not specified, the default role created by a lambda function will // be used. // KubectlLambdaRole() awsiam.IRole // An AWS Lambda layer that includes `kubectl` and `helm`. // // If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8 KubectlLayer() awslambda.ILayerVersion // The amount of memory allocated to the kubectl provider's lambda function. KubectlMemory() awscdk.Size // Subnets to host the `kubectl` compute resources. // Default: - If not specified, the k8s endpoint is expected to be accessible // publicly. // KubectlPrivateSubnets() *[]awsec2.ISubnet // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. KubectlRole() awsiam.IRole // A security group to use for `kubectl` execution. // Default: - If not specified, the k8s endpoint is expected to be accessible // publicly. // KubectlSecurityGroup() awsec2.ISecurityGroup // The tree node. Node() constructs.Node // The AWS Lambda layer that contains the NPM dependency `proxy-agent`. // // If // undefined, a SAR app that contains this layer will be used. OnEventLayer() awslambda.ILayerVersion // An `OpenIdConnectProvider` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. // // A provider will only be defined if this property is accessed (lazy initialization). OpenIdConnectProvider() awsiam.IOpenIdConnectProvider // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. PhysicalName() *string // Determines if Kubernetes resources can be pruned automatically. Prune() *bool // IAM role assumed by the EKS Control Plane. Role() awsiam.IRole // The stack in which this resource is defined. Stack() awscdk.Stack // The VPC in which this Cluster was created. Vpc() awsec2.IVpc // Add nodes to this EKS cluster. // // The nodes will automatically be configured with the right VPC and AMI // for the instance type and Kubernetes version. // // Note that if you specify `updateType: RollingUpdate` or `updateType: ReplacingUpdate`, your nodes might be replaced at deploy // time without notice in case the recommended AMI for your machine image type has been updated by AWS. // The default behavior for `updateType` is `None`, which means only new instances will be launched using the new AMI. // // Spot instances will be labeled `lifecycle=Ec2Spot` and tainted with `PreferNoSchedule`. // In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) // daemon will be installed on all spot instances to handle // [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). AddAutoScalingGroupCapacity(id *string, options *AutoScalingGroupCapacityOptions) awsautoscaling.AutoScalingGroup // Defines a CDK8s chart in this cluster. // // Returns: a `KubernetesManifest` construct representing the chart. AddCdk8sChart(id *string, chart constructs.Construct, options *KubernetesManifestOptions) KubernetesManifest // Adds a Fargate profile to this cluster. // See: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html // AddFargateProfile(id *string, options *FargateProfileOptions) FargateProfile // Defines a Helm chart in this cluster. // // Returns: a `HelmChart` construct. AddHelmChart(id *string, options *HelmChartOptions) HelmChart // Defines a Kubernetes resource in this cluster. // // The manifest will be applied/deleted using kubectl as needed. // // Returns: a `KubernetesResource` object. AddManifest(id *string, manifest ...*map[string]interface{}) KubernetesManifest // Add managed nodegroup to this Amazon EKS cluster. // // This method will create a new managed nodegroup and add into the capacity. // See: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html // AddNodegroupCapacity(id *string, options *NodegroupOptions) Nodegroup // Creates a new service account with corresponding IAM Role (IRSA). AddServiceAccount(id *string, options *ServiceAccountOptions) ServiceAccount // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). ApplyRemovalPolicy(policy awscdk.RemovalPolicy) // Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. // // The AutoScalingGroup must be running an EKS-optimized AMI containing the // /etc/eks/bootstrap.sh script. This method will configure Security Groups, // add the right policies to the instance role, apply the right tags, and add // the required user data to the instance's launch configuration. // // Spot instances will be labeled `lifecycle=Ec2Spot` and tainted with `PreferNoSchedule`. // If kubectl is enabled, the // [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) // daemon will be installed on all spot instances to handle // [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). // // Prefer to use `addAutoScalingGroupCapacity` if possible. // See: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html // ConnectAutoScalingGroupCapacity(autoScalingGroup awsautoscaling.AutoScalingGroup, options *AutoScalingGroupOptions) GeneratePhysicalName() *string // Fetch the load balancer address of an ingress backed by a load balancer. GetIngressLoadBalancerAddress(ingressName *string, options *IngressLoadBalancerAddressOptions) *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. GetResourceNameAttribute(nameAttr *string) *string // Fetch the load balancer address of a service of type 'LoadBalancer'. GetServiceLoadBalancerAddress(serviceName *string, options *ServiceLoadBalancerAddressOptions) *string // Grants the specified IAM principal access to the EKS cluster based on the provided access policies. // // This method creates an `AccessEntry` construct that grants the specified IAM principal the access permissions // defined by the provided `IAccessPolicy` array. This allows the IAM principal to perform the actions permitted // by the access policies within the EKS cluster. GrantAccess(id *string, principal *string, accessPolicies *[]IAccessPolicy) // Returns a string representation of this construct. ToString() *string }
Defines an EKS cluster that runs entirely on AWS Fargate.
The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using `addFargateProfile`.
Example:
cluster := eks.NewFargateCluster(this, jsii.String("MyCluster"), &FargateClusterProps{ Version: eks.KubernetesVersion_V1_30(), })
func NewFargateCluster ¶
func NewFargateCluster(scope constructs.Construct, id *string, props *FargateClusterProps) FargateCluster
type FargateClusterProps ¶
type FargateClusterProps struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `field:"required" json:"version" yaml:"version"` // Name for the cluster. // Default: - Automatically generated name. // ClusterName *string `field:"optional" json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. // Default: false. // OutputClusterName *bool `field:"optional" json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. // Default: true. // OutputConfigCommand *bool `field:"optional" json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. // Default: - A role is automatically created for you. // Role awsiam.IRole `field:"optional" json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. // Default: - A security group is automatically created. // SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. // Default: - a VPC with default configuration will be created and can be accessed through `cluster.vpc`. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]` // Default: - All public and private subnets. // VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"` // Install the AWS Load Balancer Controller onto the cluster. // See: https://kubernetes-sigs.github.io/aws-load-balancer-controller // // Default: - The controller is not installed. // AlbController *AlbControllerOptions `field:"optional" json:"albController" yaml:"albController"` // The desired authentication mode for the cluster. // Default: AuthenticationMode.CONFIG_MAP // AuthenticationMode AuthenticationMode `field:"optional" json:"authenticationMode" yaml:"authenticationMode"` // An AWS Lambda layer that contains the `aws` CLI. // // The handler expects the layer to include the following executables: // // “` // /opt/awscli/aws // “`. // Default: - a default layer with the AWS CLI 1.x // AwscliLayer awslambda.ILayerVersion `field:"optional" json:"awscliLayer" yaml:"awscliLayer"` // Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. // Default: - No environment variables. // ClusterHandlerEnvironment *map[string]*string `field:"optional" json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"` // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. // Default: - No security group. // ClusterHandlerSecurityGroup awsec2.ISecurityGroup `field:"optional" json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"` // The cluster log types which you want to enable. // Default: - none. // ClusterLogging *[]ClusterLoggingTypes `field:"optional" json:"clusterLogging" yaml:"clusterLogging"` // Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. // Default: CoreDnsComputeType.EC2 (for `FargateCluster` the default is FARGATE) // CoreDnsComputeType CoreDnsComputeType `field:"optional" json:"coreDnsComputeType" yaml:"coreDnsComputeType"` // Configure access to the Kubernetes API server endpoint.. // See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html // // Default: EndpointAccess.PUBLIC_AND_PRIVATE // EndpointAccess EndpointAccess `field:"optional" json:"endpointAccess" yaml:"endpointAccess"` // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily IpFamily `field:"optional" json:"ipFamily" yaml:"ipFamily"` // Environment variables for the kubectl execution. // // Only relevant for kubectl enabled clusters. // Default: - No environment variables. // KubectlEnvironment *map[string]*string `field:"optional" json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An AWS Lambda Layer which includes `kubectl` and Helm. // // This layer is used by the kubectl handler to apply manifests and install // helm charts. You must pick an appropriate releases of one of the // `@aws-cdk/layer-kubectl-vXX` packages, that works with the version of // Kubernetes you have chosen. If you don't supply this value `kubectl` // 1.20 will be used, but that version is most likely too old. // // The handler expects the layer to include the following executables: // // “` // /opt/helm/helm // /opt/kubectl/kubectl // “`. // Default: - a default layer with Kubectl 1.20. // KubectlLayer awslambda.ILayerVersion `field:"optional" json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. // Default: Size.gibibytes(1) // KubectlMemory awscdk.Size `field:"optional" json:"kubectlMemory" yaml:"kubectlMemory"` // An IAM role that will be added to the `system:masters` Kubernetes RBAC group. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // // Default: - no masters role. // MastersRole awsiam.IRole `field:"optional" json:"mastersRole" yaml:"mastersRole"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // By default, the provider will use the layer included in the // "aws-lambda-layer-node-proxy-agent" SAR application which is available in all // commercial regions. // // To deploy the layer locally define it in your app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.NODEJS_LATEST], // }); // “`. // Default: - a layer bundled with this module. // OnEventLayer awslambda.ILayerVersion `field:"optional" json:"onEventLayer" yaml:"onEventLayer"` // Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified). // Default: false. // OutputMastersRoleArn *bool `field:"optional" json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"` // If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy. // Default: false. // PlaceClusterHandlerInVpc *bool `field:"optional" json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. // Default: true. // Prune *bool `field:"optional" json:"prune" yaml:"prune"` // KMS secret for envelope encryption for Kubernetes secrets. // Default: - By default, Kubernetes stores all secret object data within etcd and // all etcd volumes used by Amazon EKS are encrypted at the disk-level // using AWS-Managed encryption keys. // SecretsEncryptionKey awskms.IKey `field:"optional" json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"` // The CIDR block to assign Kubernetes service IP addresses from. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr // // Default: - Kubernetes assigns addresses from either the // 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks // ServiceIpv4Cidr *string `field:"optional" json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` // Fargate Profile to create along with the cluster. // Default: - A profile called "default" with 'default' and 'kube-system' // selectors will be created if this is left undefined. // DefaultProfile *FargateProfileOptions `field:"optional" json:"defaultProfile" yaml:"defaultProfile"` }
Configuration props for EKS Fargate.
Example:
cluster := eks.NewFargateCluster(this, jsii.String("MyCluster"), &FargateClusterProps{ Version: eks.KubernetesVersion_V1_30(), })
type FargateProfile ¶
type FargateProfile interface { constructs.Construct awscdk.ITaggable // The full Amazon Resource Name (ARN) of the Fargate profile. FargateProfileArn() *string // The name of the Fargate profile. FargateProfileName() *string // The tree node. Node() constructs.Node // The pod execution role to use for pods that match the selectors in the Fargate profile. // // The pod execution role allows Fargate infrastructure to // register with your cluster as a node, and it provides read access to Amazon // ECR image repositories. PodExecutionRole() awsiam.IRole // Resource tags. Tags() awscdk.TagManager // Returns a string representation of this construct. ToString() *string }
Fargate profiles allows an administrator to declare which pods run on Fargate.
This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate.
If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate.
Example:
var cluster cluster eks.NewFargateProfile(this, jsii.String("MyProfile"), &FargateProfileProps{ Cluster: Cluster, Selectors: []selector{ &selector{ Namespace: jsii.String("default"), }, }, })
func NewFargateProfile ¶
func NewFargateProfile(scope constructs.Construct, id *string, props *FargateProfileProps) FargateProfile
type FargateProfileOptions ¶
type FargateProfileOptions struct { // The selectors to match for pods to use this Fargate profile. // // Each selector // must have an associated namespace. Optionally, you can also specify labels // for a namespace. // // At least one selector is required and you may specify up to five selectors. Selectors *[]*Selector `field:"required" json:"selectors" yaml:"selectors"` // The name of the Fargate profile. // Default: - generated. // FargateProfileName *string `field:"optional" json:"fargateProfileName" yaml:"fargateProfileName"` // The pod execution role to use for pods that match the selectors in the Fargate profile. // // The pod execution role allows Fargate infrastructure to // register with your cluster as a node, and it provides read access to Amazon // ECR image repositories. // See: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html // // Default: - a role will be automatically created. // PodExecutionRole awsiam.IRole `field:"optional" json:"podExecutionRole" yaml:"podExecutionRole"` // Select which subnets to launch your pods into. // // At this time, pods running // on Fargate are not assigned public IP addresses, so only private subnets // (with no direct route to an Internet Gateway) are allowed. // // You must specify the VPC to customize the subnet selection. // Default: - all private subnets of the VPC are selected. // SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"` // The VPC from which to select subnets to launch your pods into. // // By default, all private subnets are selected. You can customize this using // `subnetSelection`. // Default: - all private subnets used by the EKS cluster. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` }
Options for defining EKS Fargate Profiles.
Example:
var cluster cluster cluster.AddFargateProfile(jsii.String("MyProfile"), &FargateProfileOptions{ Selectors: []selector{ &selector{ Namespace: jsii.String("default"), }, }, })
type FargateProfileProps ¶
type FargateProfileProps struct { // The selectors to match for pods to use this Fargate profile. // // Each selector // must have an associated namespace. Optionally, you can also specify labels // for a namespace. // // At least one selector is required and you may specify up to five selectors. Selectors *[]*Selector `field:"required" json:"selectors" yaml:"selectors"` // The name of the Fargate profile. // Default: - generated. // FargateProfileName *string `field:"optional" json:"fargateProfileName" yaml:"fargateProfileName"` // The pod execution role to use for pods that match the selectors in the Fargate profile. // // The pod execution role allows Fargate infrastructure to // register with your cluster as a node, and it provides read access to Amazon // ECR image repositories. // See: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html // // Default: - a role will be automatically created. // PodExecutionRole awsiam.IRole `field:"optional" json:"podExecutionRole" yaml:"podExecutionRole"` // Select which subnets to launch your pods into. // // At this time, pods running // on Fargate are not assigned public IP addresses, so only private subnets // (with no direct route to an Internet Gateway) are allowed. // // You must specify the VPC to customize the subnet selection. // Default: - all private subnets of the VPC are selected. // SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"` // The VPC from which to select subnets to launch your pods into. // // By default, all private subnets are selected. You can customize this using // `subnetSelection`. // Default: - all private subnets used by the EKS cluster. // Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"` // The EKS cluster to apply the Fargate profile to. // // [disable-awslint:ref-via-interface]. Cluster Cluster `field:"required" json:"cluster" yaml:"cluster"` }
Configuration props for EKS Fargate Profiles.
Example:
var cluster cluster eks.NewFargateProfile(this, jsii.String("MyProfile"), &FargateProfileProps{ Cluster: Cluster, Selectors: []selector{ &selector{ Namespace: jsii.String("default"), }, }, })
type HelmChart ¶
type HelmChart interface { constructs.Construct Atomic() *bool Chart() *string ChartAsset() awss3assets.Asset // The tree node. Node() constructs.Node Repository() *string Version() *string // Returns a string representation of this construct. ToString() *string }
Represents a helm chart within the Kubernetes system.
Applies/deletes the resources using `kubectl` in sync with the resource.
Example:
var cluster cluster // option 1: use a construct // option 1: use a construct eks.NewHelmChart(this, jsii.String("MyOCIChart"), &HelmChartProps{ Cluster: Cluster, Chart: jsii.String("some-chart"), Repository: jsii.String("oci://${ACCOUNT_ID}.dkr.ecr.${ACCOUNT_REGION}.amazonaws.com/${REPO_NAME}"), Namespace: jsii.String("oci"), Version: jsii.String("0.0.1"), })
func NewHelmChart ¶
func NewHelmChart(scope constructs.Construct, id *string, props *HelmChartProps) HelmChart
type HelmChartOptions ¶
type HelmChartOptions struct { // Whether or not Helm should treat this operation as atomic; // // if set, upgrade process rolls back changes // made in case of failed upgrade. The --wait flag will be set automatically if --atomic is used. // Default: false. // Atomic *bool `field:"optional" json:"atomic" yaml:"atomic"` // The name of the chart. // // Either this or `chartAsset` must be specified. // Default: - No chart name. Implies `chartAsset` is used. // Chart *string `field:"optional" json:"chart" yaml:"chart"` // The chart in the form of an asset. // // Either this or `chart` must be specified. // Default: - No chart asset. Implies `chart` is used. // ChartAsset awss3assets.Asset `field:"optional" json:"chartAsset" yaml:"chartAsset"` // create namespace if not exist. // Default: true. // CreateNamespace *bool `field:"optional" json:"createNamespace" yaml:"createNamespace"` // The Kubernetes namespace scope of the requests. // Default: default. // Namespace *string `field:"optional" json:"namespace" yaml:"namespace"` // The name of the release. // Default: - If no release name is given, it will use the last 53 characters of the node's unique id. // Release *string `field:"optional" json:"release" yaml:"release"` // The repository which contains the chart. // // For example: https://charts.helm.sh/stable/ // Default: - No repository will be used, which means that the chart needs to be an absolute URL. // Repository *string `field:"optional" json:"repository" yaml:"repository"` // if set, no CRDs will be installed. // Default: - CRDs are installed if not already present. // SkipCrds *bool `field:"optional" json:"skipCrds" yaml:"skipCrds"` // Amount of time to wait for any individual Kubernetes operation. // // Maximum 15 minutes. // Default: Duration.minutes(5) // Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"` // The values to be used by the chart. // // For nested values use a nested dictionary. For example: // values: { // installationCRDs: true, // webhook: { port: 9443 } // }. // Default: - No values are provided to the chart. // Values *map[string]interface{} `field:"optional" json:"values" yaml:"values"` // The chart version to install. // Default: - If this is not specified, the latest version is installed. // Version *string `field:"optional" json:"version" yaml:"version"` // Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. // Default: - Helm will not wait before marking release as successful. // Wait *bool `field:"optional" json:"wait" yaml:"wait"` }
Helm Chart options.
Example:
import s3Assets "github.com/aws/aws-cdk-go/awscdk" var cluster cluster chartAsset := s3Assets.NewAsset(this, jsii.String("ChartAsset"), &AssetProps{ Path: jsii.String("/path/to/asset"), }) cluster.addHelmChart(jsii.String("test-chart"), &HelmChartOptions{ ChartAsset: chartAsset, })
type HelmChartProps ¶
type HelmChartProps struct { // Whether or not Helm should treat this operation as atomic; // // if set, upgrade process rolls back changes // made in case of failed upgrade. The --wait flag will be set automatically if --atomic is used. // Default: false. // Atomic *bool `field:"optional" json:"atomic" yaml:"atomic"` // The name of the chart. // // Either this or `chartAsset` must be specified. // Default: - No chart name. Implies `chartAsset` is used. // Chart *string `field:"optional" json:"chart" yaml:"chart"` // The chart in the form of an asset. // // Either this or `chart` must be specified. // Default: - No chart asset. Implies `chart` is used. // ChartAsset awss3assets.Asset `field:"optional" json:"chartAsset" yaml:"chartAsset"` // create namespace if not exist. // Default: true. // CreateNamespace *bool `field:"optional" json:"createNamespace" yaml:"createNamespace"` // The Kubernetes namespace scope of the requests. // Default: default. // Namespace *string `field:"optional" json:"namespace" yaml:"namespace"` // The name of the release. // Default: - If no release name is given, it will use the last 53 characters of the node's unique id. // Release *string `field:"optional" json:"release" yaml:"release"` // The repository which contains the chart. // // For example: https://charts.helm.sh/stable/ // Default: - No repository will be used, which means that the chart needs to be an absolute URL. // Repository *string `field:"optional" json:"repository" yaml:"repository"` // if set, no CRDs will be installed. // Default: - CRDs are installed if not already present. // SkipCrds *bool `field:"optional" json:"skipCrds" yaml:"skipCrds"` // Amount of time to wait for any individual Kubernetes operation. // // Maximum 15 minutes. // Default: Duration.minutes(5) // Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"` // The values to be used by the chart. // // For nested values use a nested dictionary. For example: // values: { // installationCRDs: true, // webhook: { port: 9443 } // }. // Default: - No values are provided to the chart. // Values *map[string]interface{} `field:"optional" json:"values" yaml:"values"` // The chart version to install. // Default: - If this is not specified, the latest version is installed. // Version *string `field:"optional" json:"version" yaml:"version"` // Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. // Default: - Helm will not wait before marking release as successful. // Wait *bool `field:"optional" json:"wait" yaml:"wait"` // The EKS cluster to apply this configuration to. // // [disable-awslint:ref-via-interface]. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` }
Helm Chart properties.
Example:
var cluster cluster // option 1: use a construct // option 1: use a construct eks.NewHelmChart(this, jsii.String("MyOCIChart"), &HelmChartProps{ Cluster: Cluster, Chart: jsii.String("some-chart"), Repository: jsii.String("oci://${ACCOUNT_ID}.dkr.ecr.${ACCOUNT_REGION}.amazonaws.com/${REPO_NAME}"), Namespace: jsii.String("oci"), Version: jsii.String("0.0.1"), })
type IAccessEntry ¶ added in v2.146.0
type IAccessEntry interface { awscdk.IResource // The Amazon Resource Name (ARN) of the access entry. AccessEntryArn() *string // The name of the access entry. AccessEntryName() *string }
Represents an access entry in an Amazon EKS cluster.
An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster.
func AccessEntry_FromAccessEntryAttributes ¶ added in v2.146.0
func AccessEntry_FromAccessEntryAttributes(scope constructs.Construct, id *string, attrs *AccessEntryAttributes) IAccessEntry
Imports an `AccessEntry` from its attributes.
Returns: The imported access entry.
type IAccessPolicy ¶ added in v2.146.0
type IAccessPolicy interface { // The scope of the access policy, which determines the level of access granted. AccessScope() *AccessScope // The access policy itself, which defines the specific permissions. Policy() *string }
Represents an access policy that defines the permissions and scope for a user or role to access an Amazon EKS cluster.
func AccessPolicy_FromAccessPolicyName ¶ added in v2.146.0
func AccessPolicy_FromAccessPolicyName(policyName *string, options *AccessPolicyNameOptions) IAccessPolicy
Import AccessPolicy by name.
type ICluster ¶
type ICluster interface { awsec2.IConnectable awscdk.IResource // Defines a CDK8s chart in this cluster. // // Returns: a `KubernetesManifest` construct representing the chart. AddCdk8sChart(id *string, chart constructs.Construct, options *KubernetesManifestOptions) KubernetesManifest // Defines a Helm chart in this cluster. // // Returns: a `HelmChart` construct. AddHelmChart(id *string, options *HelmChartOptions) HelmChart // Defines a Kubernetes resource in this cluster. // // The manifest will be applied/deleted using kubectl as needed. // // Returns: a `KubernetesManifest` object. AddManifest(id *string, manifest ...*map[string]interface{}) KubernetesManifest // Creates a new service account with corresponding IAM Role (IRSA). AddServiceAccount(id *string, options *ServiceAccountOptions) ServiceAccount // Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. // // The AutoScalingGroup must be running an EKS-optimized AMI containing the // /etc/eks/bootstrap.sh script. This method will configure Security Groups, // add the right policies to the instance role, apply the right tags, and add // the required user data to the instance's launch configuration. // // Spot instances will be labeled `lifecycle=Ec2Spot` and tainted with `PreferNoSchedule`. // If kubectl is enabled, the // [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) // daemon will be installed on all spot instances to handle // [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). // // Prefer to use `addAutoScalingGroupCapacity` if possible. // See: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html // ConnectAutoScalingGroupCapacity(autoScalingGroup awsautoscaling.AutoScalingGroup, options *AutoScalingGroupOptions) // The authentication mode for the cluster. // Default: AuthenticationMode.CONFIG_MAP // AuthenticationMode() AuthenticationMode // An AWS Lambda layer that contains the `aws` CLI. // // If not defined, a default layer will be used containing the AWS CLI 1.x. AwscliLayer() awslambda.ILayerVersion // The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. ClusterArn() *string // The certificate-authority-data for your cluster. ClusterCertificateAuthorityData() *string // Amazon Resource Name (ARN) or alias of the customer master key (CMK). ClusterEncryptionConfigKeyArn() *string // The API Server endpoint URL. ClusterEndpoint() *string // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. // Default: - No security group. // ClusterHandlerSecurityGroup() awsec2.ISecurityGroup // The physical name of the Cluster. ClusterName() *string // The cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroup() awsec2.ISecurityGroup // The id of the cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroupId() *string // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-ipFamily // // Default: - IpFamily.IP_V4 // IpFamily() IpFamily // Custom environment variables when running `kubectl` against this cluster. KubectlEnvironment() *map[string]*string // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. // // This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. KubectlLambdaRole() awsiam.IRole // An AWS Lambda layer that includes `kubectl` and `helm`. // // If not defined, a default layer will be used containing Kubectl 1.20 and Helm 3.8 KubectlLayer() awslambda.ILayerVersion // Amount of memory to allocate to the provider's lambda function. KubectlMemory() awscdk.Size // Subnets to host the `kubectl` compute resources. // // If this is undefined, the k8s endpoint is expected to be accessible // publicly. KubectlPrivateSubnets() *[]awsec2.ISubnet // Kubectl Provider for issuing kubectl commands against it. // // If not defined, a default provider will be used. KubectlProvider() IKubectlProvider // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. KubectlRole() awsiam.IRole // A security group to use for `kubectl` execution. // // If this is undefined, the k8s endpoint is expected to be accessible // publicly. KubectlSecurityGroup() awsec2.ISecurityGroup // An AWS Lambda layer that includes the NPM dependency `proxy-agent`. // // If not defined, a default layer will be used. OnEventLayer() awslambda.ILayerVersion // The Open ID Connect Provider of the cluster used to configure Service Accounts. OpenIdConnectProvider() awsiam.IOpenIdConnectProvider // Indicates whether Kubernetes resources can be automatically pruned. // // When // this is enabled (default), prune labels will be allocated and injected to // each resource. These labels will then be used when issuing the `kubectl // apply` operation with the `--prune` switch. Prune() *bool // The VPC in which this Cluster was created. Vpc() awsec2.IVpc }
An EKS cluster.
func Cluster_FromClusterAttributes ¶
func Cluster_FromClusterAttributes(scope constructs.Construct, id *string, attrs *ClusterAttributes) ICluster
Import an existing cluster.
func FargateCluster_FromClusterAttributes ¶
func FargateCluster_FromClusterAttributes(scope constructs.Construct, id *string, attrs *ClusterAttributes) ICluster
Import an existing cluster.
type IKubectlProvider ¶ added in v2.4.0
type IKubectlProvider interface { constructs.IConstruct // The IAM execution role of the handler. HandlerRole() awsiam.IRole // The IAM role to assume in order to perform kubectl operations against this cluster. RoleArn() *string // The custom resource provider's service token. ServiceToken() *string }
Imported KubectlProvider that can be used in place of the default one created by CDK.
func KubectlProvider_FromKubectlProviderAttributes ¶ added in v2.4.0
func KubectlProvider_FromKubectlProviderAttributes(scope constructs.Construct, id *string, attrs *KubectlProviderAttributes) IKubectlProvider
Import an existing provider.
func KubectlProvider_GetOrCreate ¶ added in v2.4.0
func KubectlProvider_GetOrCreate(scope constructs.Construct, cluster ICluster) IKubectlProvider
Take existing provider or create new based on cluster.
type INodegroup ¶
type INodegroup interface { awscdk.IResource // Name of the nodegroup. NodegroupName() *string }
NodeGroup interface.
func Nodegroup_FromNodegroupName ¶
func Nodegroup_FromNodegroupName(scope constructs.Construct, id *string, nodegroupName *string) INodegroup
Import the Nodegroup from attributes.
type IngressLoadBalancerAddressOptions ¶
type IngressLoadBalancerAddressOptions struct { // The namespace the service belongs to. // Default: 'default'. // Namespace *string `field:"optional" json:"namespace" yaml:"namespace"` // Timeout for waiting on the load balancer address. // Default: Duration.minutes(5) // Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"` }
Options for fetching an IngressLoadBalancerAddress.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import cdk "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" ingressLoadBalancerAddressOptions := &IngressLoadBalancerAddressOptions{ Namespace: jsii.String("namespace"), Timeout: cdk.Duration_Minutes(jsii.Number(30)), }
type IpFamily ¶ added in v2.84.0
type IpFamily string
EKS cluster IP family.
Example:
var vpc vpc func associateSubnetWithV6Cidr(vpc *vpc, count *f64, subnet iSubnet) { cfnSubnet := *subnet.Node.defaultChild.(cfnSubnet) cfnSubnet.Ipv6CidrBlock = awscdk.Fn_Select(count, awscdk.Fn_Cidr(awscdk.Fn_Select(jsii.Number(0), vpc.VpcIpv6CidrBlocks), jsii.Number(256), (jsii.Number(128 - 64)).toString())) cfnSubnet.AssignIpv6AddressOnCreation = true } // make an ipv6 cidr ipv6cidr := ec2.NewCfnVPCCidrBlock(this, jsii.String("CIDR6"), &CfnVPCCidrBlockProps{ VpcId: vpc.VpcId, AmazonProvidedIpv6CidrBlock: jsii.Boolean(true), }) // connect the ipv6 cidr to all vpc subnets subnetcount := 0 subnets := vpc.PublicSubnets.concat(vpc.PrivateSubnets) for _, subnet := range subnets { // Wait for the ipv6 cidr to complete subnet.Node.AddDependency(ipv6cidr) associateSubnetWithV6Cidr(vpc, subnetcount, subnet) subnetcount = subnetcount + 1 } cluster := eks.NewCluster(this, jsii.String("hello-eks"), &ClusterProps{ Version: eks.KubernetesVersion_V1_30(), Vpc: vpc, IpFamily: eks.IpFamily_IP_V6, VpcSubnets: []subnetSelection{ &subnetSelection{ Subnets: vpc.*PublicSubnets, }, }, })
type KubectlProvider ¶ added in v2.4.0
type KubectlProvider interface { awscdk.NestedStack IKubectlProvider // The AWS account into which this stack will be deployed. // // This value is resolved according to the following rules: // // 1. The value provided to `env.account` when the stack is defined. This can // either be a concrete account (e.g. `585695031111`) or the // `Aws.ACCOUNT_ID` token. // 3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference // `{ "Ref": "AWS::AccountId" }` encoded as a string token. // // Preferably, you should use the return value as an opaque string and not // attempt to parse it to implement your logic. If you do, you must first // check that it is a concrete value an not an unresolved token. If this // value is an unresolved token (`Token.isUnresolved(stack.account)` returns // `true`), this implies that the user wishes that this stack will synthesize // into a **account-agnostic template**. In this case, your code should either // fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or // implement some other region-agnostic behavior. Account() *string // The ID of the cloud assembly artifact for this stack. ArtifactId() *string // Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. // // If the stack is environment-agnostic (either account and/or region are // tokens), this property will return an array with 2 tokens that will resolve // at deploy-time to the first two availability zones returned from CloudFormation's // `Fn::GetAZs` intrinsic function. // // If they are not available in the context, returns a set of dummy values and // reports them as missing, and let the CLI resolve them by calling EC2 // `DescribeAvailabilityZones` on the target environment. // // To specify a different strategy for selecting availability zones override this method. AvailabilityZones() *[]*string // Indicates whether the stack requires bundling or not. BundlingRequired() *bool // Return the stacks this stack depends on. Dependencies() *[]awscdk.Stack // The environment coordinates in which this stack is deployed. // // In the form // `aws://account/region`. Use `stack.account` and `stack.region` to obtain // the specific values, no need to parse. // // You can use this value to determine if two stacks are targeting the same // environment. // // If either `stack.account` or `stack.region` are not concrete values (e.g. // `Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or // `unknown-region` will be used respectively to indicate this stack is // region/account-agnostic. Environment() *string // The IAM execution role of the handler. HandlerRole() awsiam.IRole // Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. Nested() *bool // If this is a nested stack, returns it's parent stack. NestedStackParent() awscdk.Stack // If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. // // `undefined` for top-level (non-nested) stacks. NestedStackResource() awscdk.CfnResource // The tree node. Node() constructs.Node // Returns the list of notification Amazon Resource Names (ARNs) for the current stack. NotificationArns() *[]*string // The partition in which this stack is defined. Partition() *string // The AWS region into which this stack will be deployed (e.g. `us-west-2`). // // This value is resolved according to the following rules: // // 1. The value provided to `env.region` when the stack is defined. This can // either be a concrete region (e.g. `us-west-2`) or the `Aws.REGION` // token. // 3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference // `{ "Ref": "AWS::Region" }` encoded as a string token. // // Preferably, you should use the return value as an opaque string and not // attempt to parse it to implement your logic. If you do, you must first // check that it is a concrete value an not an unresolved token. If this // value is an unresolved token (`Token.isUnresolved(stack.region)` returns // `true`), this implies that the user wishes that this stack will synthesize // into a **region-agnostic template**. In this case, your code should either // fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or // implement some other region-agnostic behavior. Region() *string // The IAM role to assume in order to perform kubectl operations against this cluster. RoleArn() *string // The custom resource provider's service token. ServiceToken() *string // An attribute that represents the ID of the stack. // // This is a context aware attribute: // - If this is referenced from the parent stack, it will return `{ "Ref": "LogicalIdOfNestedStackResource" }`. // - If this is referenced from the context of the nested stack, it will return `{ "Ref": "AWS::StackId" }` // // Example value: `arn:aws:cloudformation:us-east-2:123456789012:stack/mystack-mynestedstack-sggfrhxhum7w/f449b250-b969-11e0-a185-5081d0136786`. StackId() *string // An attribute that represents the name of the nested stack. // // This is a context aware attribute: // - If this is referenced from the parent stack, it will return a token that parses the name from the stack ID. // - If this is referenced from the context of the nested stack, it will return `{ "Ref": "AWS::StackName" }` // // Example value: `mystack-mynestedstack-sggfrhxhum7w`. StackName() *string // Synthesis method for this stack. Synthesizer() awscdk.IStackSynthesizer // Tags to be applied to the stack. Tags() awscdk.TagManager // The name of the CloudFormation template file emitted to the output directory during synthesis. // // Example value: `MyStack.template.json` TemplateFile() *string // Options for CloudFormation template (like version, transform, description). TemplateOptions() awscdk.ITemplateOptions // Whether termination protection is enabled for this stack. TerminationProtection() *bool SetTerminationProtection(val *bool) // The Amazon domain suffix for the region in which this stack is defined. UrlSuffix() *string // Add a dependency between this stack and another stack. // // This can be used to define dependencies between any two stacks within an // app, and also supports nested stacks. AddDependency(target awscdk.Stack, reason *string) // Adds an arbitary key-value pair, with information you want to record about the stack. // // These get translated to the Metadata section of the generated template. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // AddMetadata(key *string, value interface{}) // Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. // // Duplicate values are removed when stack is synthesized. // // Example: // declare const stack: Stack; // // stack.addTransform('AWS::Serverless-2016-10-31') // // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html // AddTransform(transform *string) // Returns the naming scheme used to allocate logical IDs. // // By default, uses // the `HashedAddressingScheme` but this method can be overridden to customize // this behavior. // // In order to make sure logical IDs are unique and stable, we hash the resource // construct tree path (i.e. toplevel/secondlevel/.../myresource) and add it as // a suffix to the path components joined without a separator (CloudFormation // IDs only allow alphanumeric characters). // // The result will be: // // <path.join(”)><md5(path.join('/')> // "human" "hash" // // If the "human" part of the ID exceeds 240 characters, we simply trim it so // the total ID doesn't exceed CloudFormation's 255 character limit. // // We only take 8 characters from the md5 hash (0.000005 chance of collision). // // Special cases: // // - If the path only contains a single component (i.e. it's a top-level // resource), we won't add the hash to it. The hash is not needed for // disambiguation and also, it allows for a more straightforward migration an // existing CloudFormation template to a CDK stack without logical ID changes // (or renames). // - For aesthetic reasons, if the last components of the path are the same // (i.e. `L1/L2/Pipeline/Pipeline`), they will be de-duplicated to make the // resulting human portion of the ID more pleasing: `L1L2Pipeline<HASH>` // instead of `L1L2PipelinePipeline<HASH>` // - If a component is named "Default" it will be omitted from the path. This // allows refactoring higher level abstractions around constructs without affecting // the IDs of already deployed resources. // - If a component is named "Resource" it will be omitted from the user-visible // path, but included in the hash. This reduces visual noise in the human readable // part of the identifier. AllocateLogicalId(cfnElement awscdk.CfnElement) *string // Create a CloudFormation Export for a string list value. // // Returns a string list representing the corresponding `Fn.importValue()` // expression for this Export. The export expression is automatically wrapped with an // `Fn::Join` and the import value with an `Fn::Split`, since CloudFormation can only // export strings. You can control the name for the export by passing the `name` option. // // If you don't supply a value for `name`, the value you're exporting must be // a Resource attribute (for example: `bucket.bucketName`) and it will be // given the same name as the automatic cross-stack reference that would be created // if you used the attribute in another Stack. // // One of the uses for this method is to *remove* the relationship between // two Stacks established by automatic cross-stack references. It will // temporarily ensure that the CloudFormation Export still exists while you // remove the reference from the consuming stack. After that, you can remove // the resource and the manual export. // // See `exportValue` for an example of this process. ExportStringListValue(exportedValue interface{}, options *awscdk.ExportValueOptions) *[]*string // Create a CloudFormation Export for a string value. // // Returns a string representing the corresponding `Fn.importValue()` // expression for this Export. You can control the name for the export by // passing the `name` option. // // If you don't supply a value for `name`, the value you're exporting must be // a Resource attribute (for example: `bucket.bucketName`) and it will be // given the same name as the automatic cross-stack reference that would be created // if you used the attribute in another Stack. // // One of the uses for this method is to *remove* the relationship between // two Stacks established by automatic cross-stack references. It will // temporarily ensure that the CloudFormation Export still exists while you // remove the reference from the consuming stack. After that, you can remove // the resource and the manual export. // // ## Example // // Here is how the process works. Let's say there are two stacks, // `producerStack` and `consumerStack`, and `producerStack` has a bucket // called `bucket`, which is referenced by `consumerStack` (perhaps because // an AWS Lambda Function writes into it, or something like that). // // It is not safe to remove `producerStack.bucket` because as the bucket is being // deleted, `consumerStack` might still be using it. // // Instead, the process takes two deployments: // // ### Deployment 1: break the relationship // // - Make sure `consumerStack` no longer references `bucket.bucketName` (maybe the consumer // stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just // remove the Lambda Function altogether). // - In the `ProducerStack` class, call `this.exportValue(this.bucket.bucketName)`. This // will make sure the CloudFormation Export continues to exist while the relationship // between the two stacks is being broken. // - Deploy (this will effectively only change the `consumerStack`, but it's safe to deploy both). // // ### Deployment 2: remove the bucket resource // // - You are now free to remove the `bucket` resource from `producerStack`. // - Don't forget to remove the `exportValue()` call as well. // - Deploy again (this time only the `producerStack` will be changed -- the bucket will be deleted). ExportValue(exportedValue interface{}, options *awscdk.ExportValueOptions) *string // Creates an ARN from components. // // If `partition`, `region` or `account` are not specified, the stack's // partition, region and account will be used. // // If any component is the empty string, an empty string will be inserted // into the generated ARN at the location that component corresponds to. // // The ARN will be formatted as follows: // // arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name} // // The required ARN pieces that are omitted will be taken from the stack that // the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope // can be 'undefined'. FormatArn(components *awscdk.ArnComponents) *string // Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. // // This method is called when a `CfnElement` is created and used to render the // initial logical identity of resources. Logical ID renames are applied at // this stage. // // This method uses the protected method `allocateLogicalId` to render the // logical ID for an element. To modify the naming scheme, extend the `Stack` // class and override this method. GetLogicalId(element awscdk.CfnElement) *string // Look up a fact value for the given fact for the region of this stack. // // Will return a definite value only if the region of the current stack is resolved. // If not, a lookup map will be added to the stack and the lookup will be done at // CDK deployment time. // // What regions will be included in the lookup map is controlled by the // `@aws-cdk/core:target-partitions` context value: it must be set to a list // of partitions, and only regions from the given partitions will be included. // If no such context key is set, all regions will be included. // // This function is intended to be used by construct library authors. Application // builders can rely on the abstractions offered by construct libraries and do // not have to worry about regional facts. // // If `defaultValue` is not given, it is an error if the fact is unknown for // the given region. RegionalFact(factName *string, defaultValue *string) *string // Rename a generated logical identities. // // To modify the naming scheme strategy, extend the `Stack` class and // override the `allocateLogicalId` method. RenameLogicalId(oldId *string, newId *string) // Indicate that a context key was expected. // // Contains instructions which will be emitted into the cloud assembly on how // the key should be supplied. ReportMissingContextKey(report *cloudassemblyschema.MissingContext) // Resolve a tokenized value in the context of the current stack. Resolve(obj interface{}) interface{} // Assign a value to one of the nested stack parameters. SetParameter(name *string, value *string) // Splits the provided ARN into its components. // // Works both if 'arn' is a string like 'arn:aws:s3:::bucket', // and a Token representing a dynamic CloudFormation expression // (in which case the returned components will also be dynamic CloudFormation expressions, // encoded as Tokens). SplitArn(arn *string, arnFormat awscdk.ArnFormat) *awscdk.ArnComponents // Convert an object, potentially containing tokens, to a JSON string. ToJsonString(obj interface{}, space *float64) *string // Returns a string representation of this construct. ToString() *string // Convert an object, potentially containing tokens, to a YAML string. ToYamlString(obj interface{}) *string }
Implementation of Kubectl Lambda.
Example:
handlerRole := iam.Role_FromRoleArn(this, jsii.String("HandlerRole"), jsii.String("arn:aws:iam::123456789012:role/lambda-role")) // get the serivceToken from the custom resource provider functionArn := lambda.Function_FromFunctionName(this, jsii.String("ProviderOnEventFunc"), jsii.String("ProviderframeworkonEvent-XXX")).FunctionArn kubectlProvider := eks.KubectlProvider_FromKubectlProviderAttributes(this, jsii.String("KubectlProvider"), &KubectlProviderAttributes{ FunctionArn: jsii.String(FunctionArn), KubectlRoleArn: jsii.String("arn:aws:iam::123456789012:role/kubectl-role"), HandlerRole: HandlerRole, }) cluster := eks.Cluster_FromClusterAttributes(this, jsii.String("Cluster"), &ClusterAttributes{ ClusterName: jsii.String("cluster"), KubectlProvider: KubectlProvider, })
func NewKubectlProvider ¶ added in v2.4.0
func NewKubectlProvider(scope constructs.Construct, id *string, props *KubectlProviderProps) KubectlProvider
type KubectlProviderAttributes ¶ added in v2.4.0
type KubectlProviderAttributes struct { // The custom resource provider's service token. FunctionArn *string `field:"required" json:"functionArn" yaml:"functionArn"` // The IAM execution role of the handler. // // This role must be able to assume kubectlRoleArn. HandlerRole awsiam.IRole `field:"required" json:"handlerRole" yaml:"handlerRole"` // The IAM role to assume in order to perform kubectl operations against this cluster. KubectlRoleArn *string `field:"required" json:"kubectlRoleArn" yaml:"kubectlRoleArn"` }
Kubectl Provider Attributes.
Example:
handlerRole := iam.Role_FromRoleArn(this, jsii.String("HandlerRole"), jsii.String("arn:aws:iam::123456789012:role/lambda-role")) // get the serivceToken from the custom resource provider functionArn := lambda.Function_FromFunctionName(this, jsii.String("ProviderOnEventFunc"), jsii.String("ProviderframeworkonEvent-XXX")).FunctionArn kubectlProvider := eks.KubectlProvider_FromKubectlProviderAttributes(this, jsii.String("KubectlProvider"), &KubectlProviderAttributes{ FunctionArn: jsii.String(FunctionArn), KubectlRoleArn: jsii.String("arn:aws:iam::123456789012:role/kubectl-role"), HandlerRole: HandlerRole, }) cluster := eks.Cluster_FromClusterAttributes(this, jsii.String("Cluster"), &ClusterAttributes{ ClusterName: jsii.String("cluster"), KubectlProvider: KubectlProvider, })
type KubectlProviderProps ¶ added in v2.4.0
type KubectlProviderProps struct { // The cluster to control. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` }
Properties for a KubectlProvider.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var cluster cluster kubectlProviderProps := &KubectlProviderProps{ Cluster: cluster, }
type KubernetesManifest ¶
type KubernetesManifest interface { constructs.Construct // The tree node. Node() constructs.Node // Returns a string representation of this construct. ToString() *string }
Represents a manifest within the Kubernetes system.
Alternatively, you can use `cluster.addManifest(resource[, resource, ...])` to define resources on this cluster.
Applies/deletes the manifest using `kubectl`.
Example:
var cluster cluster namespace := cluster.addManifest(jsii.String("my-namespace"), map[string]interface{}{ "apiVersion": jsii.String("v1"), "kind": jsii.String("Namespace"), "metadata": map[string]*string{ "name": jsii.String("my-app"), }, }) service := cluster.addManifest(jsii.String("my-service"), map[string]interface{}{ "metadata": map[string]*string{ "name": jsii.String("myservice"), "namespace": jsii.String("my-app"), }, "spec": map[string]interface{}{ }, }) service.Node.AddDependency(namespace)
func NewKubernetesManifest ¶
func NewKubernetesManifest(scope constructs.Construct, id *string, props *KubernetesManifestProps) KubernetesManifest
type KubernetesManifestOptions ¶
type KubernetesManifestOptions struct { // Automatically detect `Ingress` resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. // Default: false. // IngressAlb *bool `field:"optional" json:"ingressAlb" yaml:"ingressAlb"` // Specify the ALB scheme that should be applied to `Ingress` resources. // // Only applicable if `ingressAlb` is set to `true`. // Default: AlbScheme.INTERNAL // IngressAlbScheme AlbScheme `field:"optional" json:"ingressAlbScheme" yaml:"ingressAlbScheme"` // When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. // // To address this, `kubectl apply` has a `--prune` option which will // query the cluster for all resources with a specific label and will remove // all the labeld resources that are not part of the applied manifest. If this // option is disabled and a resource is removed, it will become "orphaned" and // will not be deleted from the cluster. // // When this option is enabled (default), the construct will inject a label to // all Kubernetes resources included in this manifest which will be used to // prune resources when the manifest changes via `kubectl apply --prune`. // // The label name will be `aws.cdk.eks/prune-<ADDR>` where `<ADDR>` is the // 42-char unique address of this construct in the construct tree. Value is // empty. // See: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label // // Default: - based on the prune option of the cluster, which is `true` unless // otherwise specified. // Prune *bool `field:"optional" json:"prune" yaml:"prune"` // A flag to signify if the manifest validation should be skipped. // Default: false. // SkipValidation *bool `field:"optional" json:"skipValidation" yaml:"skipValidation"` }
Options for `KubernetesManifest`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" kubernetesManifestOptions := &KubernetesManifestOptions{ IngressAlb: jsii.Boolean(false), IngressAlbScheme: awscdk.Aws_eks.AlbScheme_INTERNAL, Prune: jsii.Boolean(false), SkipValidation: jsii.Boolean(false), }
type KubernetesManifestProps ¶
type KubernetesManifestProps struct { // Automatically detect `Ingress` resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. // Default: false. // IngressAlb *bool `field:"optional" json:"ingressAlb" yaml:"ingressAlb"` // Specify the ALB scheme that should be applied to `Ingress` resources. // // Only applicable if `ingressAlb` is set to `true`. // Default: AlbScheme.INTERNAL // IngressAlbScheme AlbScheme `field:"optional" json:"ingressAlbScheme" yaml:"ingressAlbScheme"` // When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. // // To address this, `kubectl apply` has a `--prune` option which will // query the cluster for all resources with a specific label and will remove // all the labeld resources that are not part of the applied manifest. If this // option is disabled and a resource is removed, it will become "orphaned" and // will not be deleted from the cluster. // // When this option is enabled (default), the construct will inject a label to // all Kubernetes resources included in this manifest which will be used to // prune resources when the manifest changes via `kubectl apply --prune`. // // The label name will be `aws.cdk.eks/prune-<ADDR>` where `<ADDR>` is the // 42-char unique address of this construct in the construct tree. Value is // empty. // See: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label // // Default: - based on the prune option of the cluster, which is `true` unless // otherwise specified. // Prune *bool `field:"optional" json:"prune" yaml:"prune"` // A flag to signify if the manifest validation should be skipped. // Default: false. // SkipValidation *bool `field:"optional" json:"skipValidation" yaml:"skipValidation"` // The EKS cluster to apply this manifest to. // // [disable-awslint:ref-via-interface]. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` // The manifest to apply. // // Consists of any number of child resources. // // When the resources are created/updated, this manifest will be applied to the // cluster through `kubectl apply` and when the resources or the stack is // deleted, the resources in the manifest will be deleted through `kubectl delete`. // // Example: // []map[string]interface{}{ // map[string]interface{}{ // "apiVersion": jsii.String("v1"), // "kind": jsii.String("Pod"), // "metadata": map[string]*string{ // "name": jsii.String("mypod"), // }, // "spec": map[string][]map[string]interface{}{ // "containers": []map[string]interface{}{ // map[string]interface{}{ // "name": jsii.String("hello"), // "image": jsii.String("paulbouwer/hello-kubernetes:1.5"), // "ports": []map[string]*f64{ // map[string]*f64{ // "containerPort": jsii.Number(8080), // }, // }, // }, // }, // }, // }, // } // Manifest *[]*map[string]interface{} `field:"required" json:"manifest" yaml:"manifest"` // Overwrite any existing resources. // // If this is set, we will use `kubectl apply` instead of `kubectl create` // when the resource is created. Otherwise, if there is already a resource // in the cluster with the same name, the operation will fail. // Default: false. // Overwrite *bool `field:"optional" json:"overwrite" yaml:"overwrite"` }
Properties for KubernetesManifest.
Example:
var cluster cluster appLabel := map[string]*string{ "app": jsii.String("hello-kubernetes"), } deployment := map[string]interface{}{ "apiVersion": jsii.String("apps/v1"), "kind": jsii.String("Deployment"), "metadata": map[string]*string{ "name": jsii.String("hello-kubernetes"), }, "spec": map[string]interface{}{ "replicas": jsii.Number(3), "selector": map[string]map[string]*string{ "matchLabels": appLabel, }, "template": map[string]map[string]map[string]*string{ "metadata": map[string]map[string]*string{ "labels": appLabel, }, "spec": map[string][]map[string]interface{}{ "containers": []map[string]interface{}{ map[string]interface{}{ "name": jsii.String("hello-kubernetes"), "image": jsii.String("paulbouwer/hello-kubernetes:1.5"), "ports": []map[string]*f64{ map[string]*f64{ "containerPort": jsii.Number(8080), }, }, }, }, }, }, }, } service := map[string]interface{}{ "apiVersion": jsii.String("v1"), "kind": jsii.String("Service"), "metadata": map[string]*string{ "name": jsii.String("hello-kubernetes"), }, "spec": map[string]interface{}{ "type": jsii.String("LoadBalancer"), "ports": []map[string]*f64{ map[string]*f64{ "port": jsii.Number(80), "targetPort": jsii.Number(8080), }, }, "selector": appLabel, }, } // option 1: use a construct // option 1: use a construct eks.NewKubernetesManifest(this, jsii.String("hello-kub"), &KubernetesManifestProps{ Cluster: Cluster, Manifest: []map[string]interface{}{ deployment, service, }, }) // or, option2: use `addManifest` cluster.addManifest(jsii.String("hello-kub"), service, deployment)
type KubernetesObjectValue ¶
type KubernetesObjectValue interface { constructs.Construct // The tree node. Node() constructs.Node // The value as a string token. Value() *string // Returns a string representation of this construct. ToString() *string }
Represents a value of a specific object deployed in the cluster.
Use this to fetch any information available by the `kubectl get` command.
Example:
var cluster cluster // query the load balancer address myServiceAddress := eks.NewKubernetesObjectValue(this, jsii.String("LoadBalancerAttribute"), &KubernetesObjectValueProps{ Cluster: cluster, ObjectType: jsii.String("service"), ObjectName: jsii.String("my-service"), JsonPath: jsii.String(".status.loadBalancer.ingress[0].hostname"), }) // pass the address to a lambda function proxyFunction := lambda.NewFunction(this, jsii.String("ProxyFunction"), &FunctionProps{ Handler: jsii.String("index.handler"), Code: lambda.Code_FromInline(jsii.String("my-code")), Runtime: lambda.Runtime_NODEJS_LATEST(), Environment: map[string]*string{ "myServiceAddress": myServiceAddress.value, }, })
func NewKubernetesObjectValue ¶
func NewKubernetesObjectValue(scope constructs.Construct, id *string, props *KubernetesObjectValueProps) KubernetesObjectValue
type KubernetesObjectValueProps ¶
type KubernetesObjectValueProps struct { // The EKS cluster to fetch attributes from. // // [disable-awslint:ref-via-interface]. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` // JSONPath to the specific value. // See: https://kubernetes.io/docs/reference/kubectl/jsonpath/ // JsonPath *string `field:"required" json:"jsonPath" yaml:"jsonPath"` // The name of the object to query. ObjectName *string `field:"required" json:"objectName" yaml:"objectName"` // The object type to query. // // (e.g 'service', 'pod'...) ObjectType *string `field:"required" json:"objectType" yaml:"objectType"` // The namespace the object belongs to. // Default: 'default'. // ObjectNamespace *string `field:"optional" json:"objectNamespace" yaml:"objectNamespace"` // Timeout for waiting on a value. // Default: Duration.minutes(5) // Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"` }
Properties for KubernetesObjectValue.
Example:
var cluster cluster // query the load balancer address myServiceAddress := eks.NewKubernetesObjectValue(this, jsii.String("LoadBalancerAttribute"), &KubernetesObjectValueProps{ Cluster: cluster, ObjectType: jsii.String("service"), ObjectName: jsii.String("my-service"), JsonPath: jsii.String(".status.loadBalancer.ingress[0].hostname"), }) // pass the address to a lambda function proxyFunction := lambda.NewFunction(this, jsii.String("ProxyFunction"), &FunctionProps{ Handler: jsii.String("index.handler"), Code: lambda.Code_FromInline(jsii.String("my-code")), Runtime: lambda.Runtime_NODEJS_LATEST(), Environment: map[string]*string{ "myServiceAddress": myServiceAddress.value, }, })
type KubernetesPatch ¶
type KubernetesPatch interface { constructs.Construct // The tree node. Node() constructs.Node // Returns a string representation of this construct. ToString() *string }
A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource.
Example:
var cluster cluster eks.NewKubernetesPatch(this, jsii.String("hello-kub-deployment-label"), &KubernetesPatchProps{ Cluster: Cluster, ResourceName: jsii.String("deployment/hello-kubernetes"), ApplyPatch: map[string]interface{}{ "spec": map[string]*f64{ "replicas": jsii.Number(5), }, }, RestorePatch: map[string]interface{}{ "spec": map[string]*f64{ "replicas": jsii.Number(3), }, }, })
See: https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/
func NewKubernetesPatch ¶
func NewKubernetesPatch(scope constructs.Construct, id *string, props *KubernetesPatchProps) KubernetesPatch
type KubernetesPatchProps ¶
type KubernetesPatchProps struct { // The JSON object to pass to `kubectl patch` when the resource is created/updated. ApplyPatch *map[string]interface{} `field:"required" json:"applyPatch" yaml:"applyPatch"` // The cluster to apply the patch to. // // [disable-awslint:ref-via-interface]. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` // The full name of the resource to patch (e.g. `deployment/coredns`). ResourceName *string `field:"required" json:"resourceName" yaml:"resourceName"` // The JSON object to pass to `kubectl patch` when the resource is removed. RestorePatch *map[string]interface{} `field:"required" json:"restorePatch" yaml:"restorePatch"` // The patch type to pass to `kubectl patch`. // // The default type used by `kubectl patch` is "strategic". // Default: PatchType.STRATEGIC // PatchType PatchType `field:"optional" json:"patchType" yaml:"patchType"` // The kubernetes API namespace. // Default: "default". // ResourceNamespace *string `field:"optional" json:"resourceNamespace" yaml:"resourceNamespace"` }
Properties for KubernetesPatch.
Example:
var cluster cluster eks.NewKubernetesPatch(this, jsii.String("hello-kub-deployment-label"), &KubernetesPatchProps{ Cluster: Cluster, ResourceName: jsii.String("deployment/hello-kubernetes"), ApplyPatch: map[string]interface{}{ "spec": map[string]*f64{ "replicas": jsii.Number(5), }, }, RestorePatch: map[string]interface{}{ "spec": map[string]*f64{ "replicas": jsii.Number(3), }, }, })
type KubernetesVersion ¶
type KubernetesVersion interface { // cluster version number. Version() *string }
Kubernetes cluster version.
Example:
// or var vpc vpc eks.NewCluster(this, jsii.String("MyCluster"), &ClusterProps{ KubectlMemory: awscdk.Size_Gibibytes(jsii.Number(4)), Version: eks.KubernetesVersion_V1_30(), }) eks.Cluster_FromClusterAttributes(this, jsii.String("MyCluster"), &ClusterAttributes{ KubectlMemory: awscdk.Size_*Gibibytes(jsii.Number(4)), Vpc: Vpc, ClusterName: jsii.String("cluster-name"), })
func KubernetesVersion_Of ¶
func KubernetesVersion_Of(version *string) KubernetesVersion
Custom cluster version.
func KubernetesVersion_V1_14 ¶
func KubernetesVersion_V1_14() KubernetesVersion
func KubernetesVersion_V1_15 ¶
func KubernetesVersion_V1_15() KubernetesVersion
func KubernetesVersion_V1_16 ¶
func KubernetesVersion_V1_16() KubernetesVersion
func KubernetesVersion_V1_17 ¶
func KubernetesVersion_V1_17() KubernetesVersion
func KubernetesVersion_V1_18 ¶
func KubernetesVersion_V1_18() KubernetesVersion
func KubernetesVersion_V1_19 ¶
func KubernetesVersion_V1_19() KubernetesVersion
func KubernetesVersion_V1_20 ¶
func KubernetesVersion_V1_20() KubernetesVersion
func KubernetesVersion_V1_21 ¶
func KubernetesVersion_V1_21() KubernetesVersion
func KubernetesVersion_V1_22 ¶ added in v2.20.0
func KubernetesVersion_V1_22() KubernetesVersion
func KubernetesVersion_V1_23 ¶ added in v2.49.0
func KubernetesVersion_V1_23() KubernetesVersion
func KubernetesVersion_V1_24 ¶ added in v2.54.0
func KubernetesVersion_V1_24() KubernetesVersion
func KubernetesVersion_V1_25 ¶ added in v2.69.0
func KubernetesVersion_V1_25() KubernetesVersion
func KubernetesVersion_V1_26 ¶ added in v2.77.0
func KubernetesVersion_V1_26() KubernetesVersion
func KubernetesVersion_V1_27 ¶ added in v2.88.0
func KubernetesVersion_V1_27() KubernetesVersion
func KubernetesVersion_V1_28 ¶ added in v2.109.0
func KubernetesVersion_V1_28() KubernetesVersion
func KubernetesVersion_V1_29 ¶ added in v2.127.0
func KubernetesVersion_V1_29() KubernetesVersion
func KubernetesVersion_V1_30 ¶ added in v2.145.0
func KubernetesVersion_V1_30() KubernetesVersion
type LaunchTemplateSpec ¶
type LaunchTemplateSpec struct { // The Launch template ID. Id *string `field:"required" json:"id" yaml:"id"` // The launch template version to be used (optional). // Default: - the default version of the launch template. // Version *string `field:"optional" json:"version" yaml:"version"` }
Launch template property specification.
Example:
var cluster cluster userData := `MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\ ` lt := ec2.NewCfnLaunchTemplate(this, jsii.String("LaunchTemplate"), &CfnLaunchTemplateProps{ LaunchTemplateData: &LaunchTemplateDataProperty{ InstanceType: jsii.String("t3.small"), UserData: awscdk.Fn_Base64(userData), }, }) cluster.AddNodegroupCapacity(jsii.String("extra-ng"), &NodegroupOptions{ LaunchTemplateSpec: &LaunchTemplateSpec{ Id: lt.ref, Version: lt.AttrLatestVersionNumber, }, })
type MachineImageType ¶
type MachineImageType string
The machine image type.
Example:
var cluster cluster cluster.AddAutoScalingGroupCapacity(jsii.String("BottlerocketNodes"), &AutoScalingGroupCapacityOptions{ InstanceType: ec2.NewInstanceType(jsii.String("t3.small")), MinCapacity: jsii.Number(2), MachineImageType: eks.MachineImageType_BOTTLEROCKET, })
const ( // Amazon EKS-optimized Linux AMI. MachineImageType_AMAZON_LINUX_2 MachineImageType = "AMAZON_LINUX_2" // Bottlerocket AMI. MachineImageType_BOTTLEROCKET MachineImageType = "BOTTLEROCKET" )
type NodeType ¶
type NodeType string
Whether the worker nodes should support GPU or just standard instances.
type Nodegroup ¶
type Nodegroup interface { awscdk.Resource INodegroup // the Amazon EKS cluster resource. Cluster() ICluster // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. Env() *awscdk.ResourceEnvironment // The tree node. Node() constructs.Node // ARN of the nodegroup. NodegroupArn() *string // Nodegroup name. NodegroupName() *string // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. PhysicalName() *string // IAM role of the instance profile for the nodegroup. Role() awsiam.IRole // The stack in which this resource is defined. Stack() awscdk.Stack // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. GetResourceNameAttribute(nameAttr *string) *string // Returns a string representation of this construct. ToString() *string }
The Nodegroup resource class.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var cluster cluster var instanceType instanceType var role role var securityGroup securityGroup var subnet subnet var subnetFilter subnetFilter nodegroup := awscdk.Aws_eks.NewNodegroup(this, jsii.String("MyNodegroup"), &NodegroupProps{ Cluster: cluster, // the properties below are optional AmiType: awscdk.*Aws_eks.NodegroupAmiType_AL2_X86_64, CapacityType: awscdk.*Aws_eks.CapacityType_SPOT, DesiredSize: jsii.Number(123), DiskSize: jsii.Number(123), ForceUpdate: jsii.Boolean(false), InstanceTypes: []*instanceType{ instanceType, }, Labels: map[string]*string{ "labelsKey": jsii.String("labels"), }, LaunchTemplateSpec: &LaunchTemplateSpec{ Id: jsii.String("id"), // the properties below are optional Version: jsii.String("version"), }, MaxSize: jsii.Number(123), MaxUnavailable: jsii.Number(123), MaxUnavailablePercentage: jsii.Number(123), MinSize: jsii.Number(123), NodegroupName: jsii.String("nodegroupName"), NodeRole: role, ReleaseVersion: jsii.String("releaseVersion"), RemoteAccess: &NodegroupRemoteAccess{ SshKeyName: jsii.String("sshKeyName"), // the properties below are optional SourceSecurityGroups: []iSecurityGroup{ securityGroup, }, }, Subnets: &SubnetSelection{ AvailabilityZones: []*string{ jsii.String("availabilityZones"), }, OnePerAz: jsii.Boolean(false), SubnetFilters: []*subnetFilter{ subnetFilter, }, SubnetGroupName: jsii.String("subnetGroupName"), Subnets: []iSubnet{ subnet, }, SubnetType: awscdk.Aws_ec2.SubnetType_PRIVATE_ISOLATED, }, Tags: map[string]*string{ "tagsKey": jsii.String("tags"), }, Taints: []taintSpec{ &taintSpec{ Effect: awscdk.*Aws_eks.TaintEffect_NO_SCHEDULE, Key: jsii.String("key"), Value: jsii.String("value"), }, }, })
func NewNodegroup ¶
func NewNodegroup(scope constructs.Construct, id *string, props *NodegroupProps) Nodegroup
type NodegroupAmiType ¶
type NodegroupAmiType string
The AMI type for your node group.
GPU instance types should use the `AL2_x86_64_GPU` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support or the `BOTTLEROCKET_ARM_64_NVIDIA` or `BOTTLEROCKET_X86_64_NVIDIA` AMI types, which uses the Amazon EKS-optimized Linux AMI with Nvidia-GPU support.
Non-GPU instances should use the `AL2_x86_64` AMI type, which uses the Amazon EKS-optimized Linux AMI.
Example:
var cluster cluster cluster.AddNodegroupCapacity(jsii.String("BottlerocketNvidiaNG"), &NodegroupOptions{ AmiType: eks.NodegroupAmiType_BOTTLEROCKET_X86_64_NVIDIA, InstanceTypes: []instanceType{ ec2.NewInstanceType(jsii.String("g4dn.xlarge")), }, })
const ( // Amazon Linux 2 (x86-64). NodegroupAmiType_AL2_X86_64 NodegroupAmiType = "AL2_X86_64" // Amazon Linux 2 with GPU support. NodegroupAmiType_AL2_X86_64_GPU NodegroupAmiType = "AL2_X86_64_GPU" // Amazon Linux 2 (ARM-64). NodegroupAmiType_AL2_ARM_64 NodegroupAmiType = "AL2_ARM_64" // Bottlerocket Linux (ARM-64). NodegroupAmiType_BOTTLEROCKET_ARM_64 NodegroupAmiType = "BOTTLEROCKET_ARM_64" // Bottlerocket (x86-64). NodegroupAmiType_BOTTLEROCKET_X86_64 NodegroupAmiType = "BOTTLEROCKET_X86_64" // Bottlerocket Linux with Nvidia-GPU support (ARM-64). NodegroupAmiType_BOTTLEROCKET_ARM_64_NVIDIA NodegroupAmiType = "BOTTLEROCKET_ARM_64_NVIDIA" // Bottlerocket with Nvidia-GPU support (x86-64). NodegroupAmiType_BOTTLEROCKET_X86_64_NVIDIA NodegroupAmiType = "BOTTLEROCKET_X86_64_NVIDIA" // Windows Core 2019 (x86-64). NodegroupAmiType_WINDOWS_CORE_2019_X86_64 NodegroupAmiType = "WINDOWS_CORE_2019_X86_64" // Windows Core 2022 (x86-64). NodegroupAmiType_WINDOWS_CORE_2022_X86_64 NodegroupAmiType = "WINDOWS_CORE_2022_X86_64" // Windows Full 2019 (x86-64). NodegroupAmiType_WINDOWS_FULL_2019_X86_64 NodegroupAmiType = "WINDOWS_FULL_2019_X86_64" // Windows Full 2022 (x86-64). NodegroupAmiType_WINDOWS_FULL_2022_X86_64 NodegroupAmiType = "WINDOWS_FULL_2022_X86_64" // Amazon Linux 2023 (x86-64). NodegroupAmiType_AL2023_X86_64_STANDARD NodegroupAmiType = "AL2023_X86_64_STANDARD" // Amazon Linux 2023 (ARM-64). NodegroupAmiType_AL2023_ARM_64_STANDARD NodegroupAmiType = "AL2023_ARM_64_STANDARD" )
type NodegroupOptions ¶
type NodegroupOptions struct { // The AMI type for your node group. // // If you explicitly specify the launchTemplate with custom AMI, do not specify this property, or // the node group deployment will fail. In other cases, you will need to specify correct amiType for the nodegroup. // Default: - auto-determined from the instanceTypes property when launchTemplateSpec property is not specified. // AmiType NodegroupAmiType `field:"optional" json:"amiType" yaml:"amiType"` // The capacity type of the nodegroup. // Default: - ON_DEMAND. // CapacityType CapacityType `field:"optional" json:"capacityType" yaml:"capacityType"` // The current number of worker nodes that the managed node group should maintain. // // If not specified, // the nodewgroup will initially create `minSize` instances. // Default: 2. // DesiredSize *float64 `field:"optional" json:"desiredSize" yaml:"desiredSize"` // The root device disk size (in GiB) for your node group instances. // Default: 20. // DiskSize *float64 `field:"optional" json:"diskSize" yaml:"diskSize"` // Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. // // If an update fails because pods could not be drained, you can force the update after it fails to terminate the old // node whether or not any pods are // running on the node. // Default: true. // ForceUpdate *bool `field:"optional" json:"forceUpdate" yaml:"forceUpdate"` // The instance types to use for your node group. // See: - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes // // Default: t3.medium will be used according to the cloudformation document. // InstanceTypes *[]awsec2.InstanceType `field:"optional" json:"instanceTypes" yaml:"instanceTypes"` // The Kubernetes labels to be applied to the nodes in the node group when they are created. // Default: - None. // Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"` // Launch template specification used for the nodegroup. // See: - https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html // // Default: - no launch template. // LaunchTemplateSpec *LaunchTemplateSpec `field:"optional" json:"launchTemplateSpec" yaml:"launchTemplateSpec"` // The maximum number of worker nodes that the managed node group can scale out to. // // Managed node groups can support up to 100 nodes by default. // Default: - desiredSize. // MaxSize *float64 `field:"optional" json:"maxSize" yaml:"maxSize"` // // Nodes will be updated in parallel. The maximum number is 100. // // This value or `maxUnavailablePercentage` is required to have a value for custom update configurations to be applied. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailable // // Default: 1. // MaxUnavailable *float64 `field:"optional" json:"maxUnavailable" yaml:"maxUnavailable"` // // This percentage of nodes will be updated in parallel, up to 100 nodes at once. // // This value or `maxUnavailable` is required to have a value for custom update configurations to be applied. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailablepercentage // // Default: undefined - node groups will update instances one at a time. // MaxUnavailablePercentage *float64 `field:"optional" json:"maxUnavailablePercentage" yaml:"maxUnavailablePercentage"` // The minimum number of worker nodes that the managed node group can scale in to. // // This number must be greater than or equal to zero. // Default: 1. // MinSize *float64 `field:"optional" json:"minSize" yaml:"minSize"` // Name of the Nodegroup. // Default: - resource ID. // NodegroupName *string `field:"optional" json:"nodegroupName" yaml:"nodegroupName"` // The IAM role to associate with your node group. // // The Amazon EKS worker node kubelet daemon // makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through // an IAM instance profile and associated policies. Before you can launch worker nodes and register them // into a cluster, you must create an IAM role for those worker nodes to use when they are launched. // Default: - None. Auto-generated if not specified. // NodeRole awsiam.IRole `field:"optional" json:"nodeRole" yaml:"nodeRole"` // The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, `1.14.7-YYYYMMDD`). // Default: - The latest available AMI version for the node group's current Kubernetes version is used. // ReleaseVersion *string `field:"optional" json:"releaseVersion" yaml:"releaseVersion"` // The remote access (SSH) configuration to use with your node group. // // Disabled by default, however, if you // specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, // then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) // Default: - disabled. // RemoteAccess *NodegroupRemoteAccess `field:"optional" json:"remoteAccess" yaml:"remoteAccess"` // The subnets to use for the Auto Scaling group that is created for your node group. // // By specifying the // SubnetSelection, the selected subnets will automatically apply required tags i.e. // `kubernetes.io/cluster/CLUSTER_NAME` with a value of `shared`, where `CLUSTER_NAME` is replaced with // the name of your cluster. // Default: - private subnets. // Subnets *awsec2.SubnetSelection `field:"optional" json:"subnets" yaml:"subnets"` // The metadata to apply to the node group to assist with categorization and organization. // // Each tag consists of // a key and an optional value, both of which you define. Node group tags do not propagate to any other resources // associated with the node group, such as the Amazon EC2 instances or subnets. // Default: - None. // Tags *map[string]*string `field:"optional" json:"tags" yaml:"tags"` // The Kubernetes taints to be applied to the nodes in the node group when they are created. // Default: - None. // Taints *[]*TaintSpec `field:"optional" json:"taints" yaml:"taints"` }
The Nodegroup Options for addNodeGroup() method.
Example:
var cluster cluster cluster.AddNodegroupCapacity(jsii.String("extra-ng-spot"), &NodegroupOptions{ InstanceTypes: []instanceType{ ec2.NewInstanceType(jsii.String("c5.large")), ec2.NewInstanceType(jsii.String("c5a.large")), ec2.NewInstanceType(jsii.String("c5d.large")), }, MinSize: jsii.Number(3), CapacityType: eks.CapacityType_SPOT, })
type NodegroupProps ¶
type NodegroupProps struct { // The AMI type for your node group. // // If you explicitly specify the launchTemplate with custom AMI, do not specify this property, or // the node group deployment will fail. In other cases, you will need to specify correct amiType for the nodegroup. // Default: - auto-determined from the instanceTypes property when launchTemplateSpec property is not specified. // AmiType NodegroupAmiType `field:"optional" json:"amiType" yaml:"amiType"` // The capacity type of the nodegroup. // Default: - ON_DEMAND. // CapacityType CapacityType `field:"optional" json:"capacityType" yaml:"capacityType"` // The current number of worker nodes that the managed node group should maintain. // // If not specified, // the nodewgroup will initially create `minSize` instances. // Default: 2. // DesiredSize *float64 `field:"optional" json:"desiredSize" yaml:"desiredSize"` // The root device disk size (in GiB) for your node group instances. // Default: 20. // DiskSize *float64 `field:"optional" json:"diskSize" yaml:"diskSize"` // Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. // // If an update fails because pods could not be drained, you can force the update after it fails to terminate the old // node whether or not any pods are // running on the node. // Default: true. // ForceUpdate *bool `field:"optional" json:"forceUpdate" yaml:"forceUpdate"` // The instance types to use for your node group. // See: - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes // // Default: t3.medium will be used according to the cloudformation document. // InstanceTypes *[]awsec2.InstanceType `field:"optional" json:"instanceTypes" yaml:"instanceTypes"` // The Kubernetes labels to be applied to the nodes in the node group when they are created. // Default: - None. // Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"` // Launch template specification used for the nodegroup. // See: - https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html // // Default: - no launch template. // LaunchTemplateSpec *LaunchTemplateSpec `field:"optional" json:"launchTemplateSpec" yaml:"launchTemplateSpec"` // The maximum number of worker nodes that the managed node group can scale out to. // // Managed node groups can support up to 100 nodes by default. // Default: - desiredSize. // MaxSize *float64 `field:"optional" json:"maxSize" yaml:"maxSize"` // // Nodes will be updated in parallel. The maximum number is 100. // // This value or `maxUnavailablePercentage` is required to have a value for custom update configurations to be applied. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailable // // Default: 1. // MaxUnavailable *float64 `field:"optional" json:"maxUnavailable" yaml:"maxUnavailable"` // // This percentage of nodes will be updated in parallel, up to 100 nodes at once. // // This value or `maxUnavailable` is required to have a value for custom update configurations to be applied. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailablepercentage // // Default: undefined - node groups will update instances one at a time. // MaxUnavailablePercentage *float64 `field:"optional" json:"maxUnavailablePercentage" yaml:"maxUnavailablePercentage"` // The minimum number of worker nodes that the managed node group can scale in to. // // This number must be greater than or equal to zero. // Default: 1. // MinSize *float64 `field:"optional" json:"minSize" yaml:"minSize"` // Name of the Nodegroup. // Default: - resource ID. // NodegroupName *string `field:"optional" json:"nodegroupName" yaml:"nodegroupName"` // The IAM role to associate with your node group. // // The Amazon EKS worker node kubelet daemon // makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through // an IAM instance profile and associated policies. Before you can launch worker nodes and register them // into a cluster, you must create an IAM role for those worker nodes to use when they are launched. // Default: - None. Auto-generated if not specified. // NodeRole awsiam.IRole `field:"optional" json:"nodeRole" yaml:"nodeRole"` // The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, `1.14.7-YYYYMMDD`). // Default: - The latest available AMI version for the node group's current Kubernetes version is used. // ReleaseVersion *string `field:"optional" json:"releaseVersion" yaml:"releaseVersion"` // The remote access (SSH) configuration to use with your node group. // // Disabled by default, however, if you // specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, // then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) // Default: - disabled. // RemoteAccess *NodegroupRemoteAccess `field:"optional" json:"remoteAccess" yaml:"remoteAccess"` // The subnets to use for the Auto Scaling group that is created for your node group. // // By specifying the // SubnetSelection, the selected subnets will automatically apply required tags i.e. // `kubernetes.io/cluster/CLUSTER_NAME` with a value of `shared`, where `CLUSTER_NAME` is replaced with // the name of your cluster. // Default: - private subnets. // Subnets *awsec2.SubnetSelection `field:"optional" json:"subnets" yaml:"subnets"` // The metadata to apply to the node group to assist with categorization and organization. // // Each tag consists of // a key and an optional value, both of which you define. Node group tags do not propagate to any other resources // associated with the node group, such as the Amazon EC2 instances or subnets. // Default: - None. // Tags *map[string]*string `field:"optional" json:"tags" yaml:"tags"` // The Kubernetes taints to be applied to the nodes in the node group when they are created. // Default: - None. // Taints *[]*TaintSpec `field:"optional" json:"taints" yaml:"taints"` // Cluster resource. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` }
NodeGroup properties interface.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var cluster cluster var instanceType instanceType var role role var securityGroup securityGroup var subnet subnet var subnetFilter subnetFilter nodegroupProps := &NodegroupProps{ Cluster: cluster, // the properties below are optional AmiType: awscdk.Aws_eks.NodegroupAmiType_AL2_X86_64, CapacityType: awscdk.*Aws_eks.CapacityType_SPOT, DesiredSize: jsii.Number(123), DiskSize: jsii.Number(123), ForceUpdate: jsii.Boolean(false), InstanceTypes: []*instanceType{ instanceType, }, Labels: map[string]*string{ "labelsKey": jsii.String("labels"), }, LaunchTemplateSpec: &LaunchTemplateSpec{ Id: jsii.String("id"), // the properties below are optional Version: jsii.String("version"), }, MaxSize: jsii.Number(123), MaxUnavailable: jsii.Number(123), MaxUnavailablePercentage: jsii.Number(123), MinSize: jsii.Number(123), NodegroupName: jsii.String("nodegroupName"), NodeRole: role, ReleaseVersion: jsii.String("releaseVersion"), RemoteAccess: &NodegroupRemoteAccess{ SshKeyName: jsii.String("sshKeyName"), // the properties below are optional SourceSecurityGroups: []iSecurityGroup{ securityGroup, }, }, Subnets: &SubnetSelection{ AvailabilityZones: []*string{ jsii.String("availabilityZones"), }, OnePerAz: jsii.Boolean(false), SubnetFilters: []*subnetFilter{ subnetFilter, }, SubnetGroupName: jsii.String("subnetGroupName"), Subnets: []iSubnet{ subnet, }, SubnetType: awscdk.Aws_ec2.SubnetType_PRIVATE_ISOLATED, }, Tags: map[string]*string{ "tagsKey": jsii.String("tags"), }, Taints: []taintSpec{ &taintSpec{ Effect: awscdk.*Aws_eks.TaintEffect_NO_SCHEDULE, Key: jsii.String("key"), Value: jsii.String("value"), }, }, }
type NodegroupRemoteAccess ¶
type NodegroupRemoteAccess struct { // The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. SshKeyName *string `field:"required" json:"sshKeyName" yaml:"sshKeyName"` // The security groups that are allowed SSH access (port 22) to the worker nodes. // // If you specify an Amazon EC2 SSH // key but do not specify a source security group when you create a managed node group, then port 22 on the worker // nodes is opened to the internet (0.0.0.0/0). // Default: - port 22 on the worker nodes is opened to the internet (0.0.0.0/0) // SourceSecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"sourceSecurityGroups" yaml:"sourceSecurityGroups"` }
The remote access (SSH) configuration to use with your node group.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var securityGroup securityGroup nodegroupRemoteAccess := &NodegroupRemoteAccess{ SshKeyName: jsii.String("sshKeyName"), // the properties below are optional SourceSecurityGroups: []iSecurityGroup{ securityGroup, }, }
type OpenIdConnectProvider ¶
type OpenIdConnectProvider interface { awsiam.OpenIdConnectProvider // The environment this resource belongs to. // // For resources that are created and managed by the CDK // (generally, those created by creating new class instances like Role, Bucket, etc.), // this is always the same as the environment of the stack they belong to; // however, for imported resources // (those obtained from static methods like fromRoleArn, fromBucketName, etc.), // that might be different than the stack they were imported into. Env() *awscdk.ResourceEnvironment // The tree node. Node() constructs.Node // The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. OpenIdConnectProviderArn() *string // The issuer for OIDC Provider. OpenIdConnectProviderIssuer() *string // The thumbprints configured for this provider. OpenIdConnectProviderthumbprints() *string // Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource. // // This value will resolve to one of the following: // - a concrete value (e.g. `"my-awesome-bucket"`) // - `undefined`, when a name should be generated by CloudFormation // - a concrete name generated automatically during synthesis, in // cross-environment scenarios. PhysicalName() *string // The stack in which this resource is defined. Stack() awscdk.Stack // Apply the given removal policy to this resource. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string // Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`). // // Normally, this token will resolve to `arnAttr`, but if the resource is // referenced across environments, `arnComponents` will be used to synthesize // a concrete ARN with the resource's physical name. Make sure to reference // `this.physicalName` in `arnComponents`. GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string // Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`). // // Normally, this token will resolve to `nameAttr`, but if the resource is // referenced across environments, it will be resolved to `this.physicalName`, // which will be a concrete name. GetResourceNameAttribute(nameAttr *string) *string // Returns a string representation of this construct. ToString() *string }
IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account.
This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster.
Example:
// or create a new one using an existing issuer url var issuerUrl string // you can import an existing provider provider := eks.OpenIdConnectProvider_FromOpenIdConnectProviderArn(this, jsii.String("Provider"), jsii.String("arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")) provider2 := eks.NewOpenIdConnectProvider(this, jsii.String("Provider"), &OpenIdConnectProviderProps{ Url: issuerUrl, }) cluster := eks.Cluster_FromClusterAttributes(this, jsii.String("MyCluster"), &ClusterAttributes{ ClusterName: jsii.String("Cluster"), OpenIdConnectProvider: provider, KubectlRoleArn: jsii.String("arn:aws:iam::123456:role/service-role/k8sservicerole"), }) serviceAccount := cluster.AddServiceAccount(jsii.String("MyServiceAccount")) bucket := s3.NewBucket(this, jsii.String("Bucket")) bucket.GrantReadWrite(serviceAccount)
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
func NewOpenIdConnectProvider ¶
func NewOpenIdConnectProvider(scope constructs.Construct, id *string, props *OpenIdConnectProviderProps) OpenIdConnectProvider
Defines an OpenID Connect provider.
type OpenIdConnectProviderProps ¶
type OpenIdConnectProviderProps struct { // The URL of the identity provider. // // The URL must begin with https:// and // should correspond to the iss claim in the provider's OpenID Connect ID // tokens. Per the OIDC standard, path components are allowed but query // parameters are not. Typically the URL consists of only a hostname, like // https://server.example.org or https://example.com. // // You can find your OIDC Issuer URL by: // aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text Url *string `field:"required" json:"url" yaml:"url"` }
Initialization properties for `OpenIdConnectProvider`.
Example:
// or create a new one using an existing issuer url var issuerUrl string // you can import an existing provider provider := eks.OpenIdConnectProvider_FromOpenIdConnectProviderArn(this, jsii.String("Provider"), jsii.String("arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")) provider2 := eks.NewOpenIdConnectProvider(this, jsii.String("Provider"), &OpenIdConnectProviderProps{ Url: issuerUrl, }) cluster := eks.Cluster_FromClusterAttributes(this, jsii.String("MyCluster"), &ClusterAttributes{ ClusterName: jsii.String("Cluster"), OpenIdConnectProvider: provider, KubectlRoleArn: jsii.String("arn:aws:iam::123456:role/service-role/k8sservicerole"), }) serviceAccount := cluster.AddServiceAccount(jsii.String("MyServiceAccount")) bucket := s3.NewBucket(this, jsii.String("Bucket")) bucket.GrantReadWrite(serviceAccount)
type Selector ¶
type Selector struct { // The Kubernetes namespace that the selector should match. // // You must specify a namespace for a selector. The selector only matches pods // that are created in this namespace, but you can create multiple selectors // to target multiple namespaces. Namespace *string `field:"required" json:"namespace" yaml:"namespace"` // The Kubernetes labels that the selector should match. // // A pod must contain // all of the labels that are specified in the selector for it to be // considered a match. // Default: - all pods within the namespace will be selected. // Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"` }
Fargate profile selector.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" selector := &Selector{ Namespace: jsii.String("namespace"), // the properties below are optional Labels: map[string]*string{ "labelsKey": jsii.String("labels"), }, }
type ServiceAccount ¶
type ServiceAccount interface { constructs.Construct awsiam.IPrincipal // When this Principal is used in an AssumeRole policy, the action to use. AssumeRoleAction() *string // The principal to grant permissions to. GrantPrincipal() awsiam.IPrincipal // The tree node. Node() constructs.Node // Return the policy fragment that identifies this principal in a Policy. PolicyFragment() awsiam.PrincipalPolicyFragment // The role which is linked to the service account. Role() awsiam.IRole // The name of the service account. ServiceAccountName() *string // The namespace where the service account is located in. ServiceAccountNamespace() *string // Add to the policy of this principal. AddToPrincipalPolicy(statement awsiam.PolicyStatement) *awsiam.AddToPrincipalPolicyResult // Returns a string representation of this construct. ToString() *string }
Service Account.
Example:
// or create a new one using an existing issuer url var issuerUrl string // you can import an existing provider provider := eks.OpenIdConnectProvider_FromOpenIdConnectProviderArn(this, jsii.String("Provider"), jsii.String("arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC")) provider2 := eks.NewOpenIdConnectProvider(this, jsii.String("Provider"), &OpenIdConnectProviderProps{ Url: issuerUrl, }) cluster := eks.Cluster_FromClusterAttributes(this, jsii.String("MyCluster"), &ClusterAttributes{ ClusterName: jsii.String("Cluster"), OpenIdConnectProvider: provider, KubectlRoleArn: jsii.String("arn:aws:iam::123456:role/service-role/k8sservicerole"), }) serviceAccount := cluster.AddServiceAccount(jsii.String("MyServiceAccount")) bucket := s3.NewBucket(this, jsii.String("Bucket")) bucket.GrantReadWrite(serviceAccount)
func NewServiceAccount ¶
func NewServiceAccount(scope constructs.Construct, id *string, props *ServiceAccountProps) ServiceAccount
type ServiceAccountOptions ¶
type ServiceAccountOptions struct { // Additional annotations of the service account. // Default: - no additional annotations. // Annotations *map[string]*string `field:"optional" json:"annotations" yaml:"annotations"` // Additional labels of the service account. // Default: - no additional labels. // Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"` // The name of the service account. // // The name of a ServiceAccount object must be a valid DNS subdomain name. // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ // Default: - If no name is given, it will use the id of the resource. // Name *string `field:"optional" json:"name" yaml:"name"` // The namespace of the service account. // // All namespace names must be valid RFC 1123 DNS labels. // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns // Default: "default". // Namespace *string `field:"optional" json:"namespace" yaml:"namespace"` }
Options for `ServiceAccount`.
Example:
var cluster cluster // add service account with annotations and labels serviceAccount := cluster.addServiceAccount(jsii.String("MyServiceAccount"), &ServiceAccountOptions{ Annotations: map[string]*string{ "eks.amazonaws.com/sts-regional-endpoints": jsii.String("false"), }, Labels: map[string]*string{ "some-label": jsii.String("with-some-value"), }, })
type ServiceAccountProps ¶
type ServiceAccountProps struct { // Additional annotations of the service account. // Default: - no additional annotations. // Annotations *map[string]*string `field:"optional" json:"annotations" yaml:"annotations"` // Additional labels of the service account. // Default: - no additional labels. // Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"` // The name of the service account. // // The name of a ServiceAccount object must be a valid DNS subdomain name. // https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ // Default: - If no name is given, it will use the id of the resource. // Name *string `field:"optional" json:"name" yaml:"name"` // The namespace of the service account. // // All namespace names must be valid RFC 1123 DNS labels. // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns // Default: "default". // Namespace *string `field:"optional" json:"namespace" yaml:"namespace"` // The cluster to apply the patch to. Cluster ICluster `field:"required" json:"cluster" yaml:"cluster"` }
Properties for defining service accounts.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" var cluster cluster serviceAccountProps := &ServiceAccountProps{ Cluster: cluster, // the properties below are optional Annotations: map[string]*string{ "annotationsKey": jsii.String("annotations"), }, Labels: map[string]*string{ "labelsKey": jsii.String("labels"), }, Name: jsii.String("name"), Namespace: jsii.String("namespace"), }
type ServiceLoadBalancerAddressOptions ¶
type ServiceLoadBalancerAddressOptions struct { // The namespace the service belongs to. // Default: 'default'. // Namespace *string `field:"optional" json:"namespace" yaml:"namespace"` // Timeout for waiting on the load balancer address. // Default: Duration.minutes(5) // Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"` }
Options for fetching a ServiceLoadBalancerAddress.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import cdk "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" serviceLoadBalancerAddressOptions := &ServiceLoadBalancerAddressOptions{ Namespace: jsii.String("namespace"), Timeout: cdk.Duration_Minutes(jsii.Number(30)), }
type TaintEffect ¶
type TaintEffect string
Effect types of kubernetes node taint.
Example:
var cluster cluster cluster.AddNodegroupCapacity(jsii.String("custom-node-group"), &NodegroupOptions{ InstanceTypes: []instanceType{ ec2.NewInstanceType(jsii.String("m5.large")), }, Taints: []taintSpec{ &taintSpec{ Effect: eks.TaintEffect_NO_SCHEDULE, Key: jsii.String("foo"), Value: jsii.String("bar"), }, }, })
const ( // NoSchedule. TaintEffect_NO_SCHEDULE TaintEffect = "NO_SCHEDULE" // PreferNoSchedule. TaintEffect_PREFER_NO_SCHEDULE TaintEffect = "PREFER_NO_SCHEDULE" // NoExecute. TaintEffect_NO_EXECUTE TaintEffect = "NO_EXECUTE" )
type TaintSpec ¶
type TaintSpec struct { // Effect type. // Default: - None. // Effect TaintEffect `field:"optional" json:"effect" yaml:"effect"` // Taint key. // Default: - None. // Key *string `field:"optional" json:"key" yaml:"key"` // Taint value. // Default: - None. // Value *string `field:"optional" json:"value" yaml:"value"` }
Taint interface.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" taintSpec := &TaintSpec{ Effect: awscdk.Aws_eks.TaintEffect_NO_SCHEDULE, Key: jsii.String("key"), Value: jsii.String("value"), }
Source Files ¶
- AccessEntry.go
- AccessEntryAttributes.go
- AccessEntryProps.go
- AccessEntryType.go
- AccessEntry__checks.go
- AccessPolicy.go
- AccessPolicyArn.go
- AccessPolicyArn__checks.go
- AccessPolicyNameOptions.go
- AccessPolicyProps.go
- AccessPolicy__checks.go
- AccessScope.go
- AccessScopeType.go
- AlbController.go
- AlbControllerOptions.go
- AlbControllerProps.go
- AlbControllerVersion.go
- AlbControllerVersion__checks.go
- AlbController__checks.go
- AlbScheme.go
- AuthenticationMode.go
- AutoScalingGroupCapacityOptions.go
- AutoScalingGroupOptions.go
- AwsAuth.go
- AwsAuthMapping.go
- AwsAuthProps.go
- AwsAuth__checks.go
- BootstrapOptions.go
- CapacityType.go
- CfnAccessEntry.go
- CfnAccessEntryProps.go
- CfnAccessEntry_AccessPolicyProperty.go
- CfnAccessEntry_AccessScopeProperty.go
- CfnAccessEntry__checks.go
- CfnAddon.go
- CfnAddonProps.go
- CfnAddon_PodIdentityAssociationProperty.go
- CfnAddon__checks.go
- CfnCluster.go
- CfnClusterProps.go
- CfnCluster_AccessConfigProperty.go
- CfnCluster_ClusterLoggingProperty.go
- CfnCluster_ControlPlanePlacementProperty.go
- CfnCluster_EncryptionConfigProperty.go
- CfnCluster_KubernetesNetworkConfigProperty.go
- CfnCluster_LoggingProperty.go
- CfnCluster_LoggingTypeConfigProperty.go
- CfnCluster_OutpostConfigProperty.go
- CfnCluster_ProviderProperty.go
- CfnCluster_ResourcesVpcConfigProperty.go
- CfnCluster__checks.go
- CfnFargateProfile.go
- CfnFargateProfileProps.go
- CfnFargateProfile_LabelProperty.go
- CfnFargateProfile_SelectorProperty.go
- CfnFargateProfile__checks.go
- CfnIdentityProviderConfig.go
- CfnIdentityProviderConfigProps.go
- CfnIdentityProviderConfig_OidcIdentityProviderConfigProperty.go
- CfnIdentityProviderConfig_RequiredClaimProperty.go
- CfnIdentityProviderConfig__checks.go
- CfnNodegroup.go
- CfnNodegroupProps.go
- CfnNodegroup_LaunchTemplateSpecificationProperty.go
- CfnNodegroup_RemoteAccessProperty.go
- CfnNodegroup_ScalingConfigProperty.go
- CfnNodegroup_TaintProperty.go
- CfnNodegroup_UpdateConfigProperty.go
- CfnNodegroup__checks.go
- CfnPodIdentityAssociation.go
- CfnPodIdentityAssociationProps.go
- CfnPodIdentityAssociation__checks.go
- Cluster.go
- ClusterAttributes.go
- ClusterLoggingTypes.go
- ClusterOptions.go
- ClusterProps.go
- Cluster__checks.go
- CommonClusterOptions.go
- CoreDnsComputeType.go
- CpuArch.go
- DefaultCapacityType.go
- EksOptimizedImage.go
- EksOptimizedImageProps.go
- EksOptimizedImage__checks.go
- EndpointAccess.go
- FargateCluster.go
- FargateClusterProps.go
- FargateCluster__checks.go
- FargateProfile.go
- FargateProfileOptions.go
- FargateProfileProps.go
- FargateProfile__checks.go
- HelmChart.go
- HelmChartOptions.go
- HelmChartProps.go
- HelmChart__checks.go
- IAccessEntry.go
- IAccessPolicy.go
- ICluster.go
- ICluster__checks.go
- IKubectlProvider.go
- INodegroup.go
- IngressLoadBalancerAddressOptions.go
- IpFamily.go
- KubectlProvider.go
- KubectlProviderAttributes.go
- KubectlProviderProps.go
- KubectlProvider__checks.go
- KubernetesManifest.go
- KubernetesManifestOptions.go
- KubernetesManifestProps.go
- KubernetesManifest__checks.go
- KubernetesObjectValue.go
- KubernetesObjectValueProps.go
- KubernetesObjectValue__checks.go
- KubernetesPatch.go
- KubernetesPatchProps.go
- KubernetesPatch__checks.go
- KubernetesVersion.go
- KubernetesVersion__checks.go
- LaunchTemplateSpec.go
- MachineImageType.go
- NodeType.go
- Nodegroup.go
- NodegroupAmiType.go
- NodegroupOptions.go
- NodegroupProps.go
- NodegroupRemoteAccess.go
- Nodegroup__checks.go
- OpenIdConnectProvider.go
- OpenIdConnectProviderProps.go
- OpenIdConnectProvider__checks.go
- PatchType.go
- Selector.go
- ServiceAccount.go
- ServiceAccountOptions.go
- ServiceAccountProps.go
- ServiceAccount__checks.go
- ServiceLoadBalancerAddressOptions.go
- TaintEffect.go
- TaintSpec.go
- main.go