Documentation ¶
Index ¶
- func AlbController_IsConstruct(x interface{}) *bool
- func AwsAuth_IsConstruct(x interface{}) *bool
- func CfnAddon_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAddon_IsCfnElement(x interface{}) *bool
- func CfnAddon_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnAddon_IsConstruct(x interface{}) *bool
- func CfnCluster_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCluster_IsCfnElement(x interface{}) *bool
- func CfnCluster_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCluster_IsConstruct(x interface{}) *bool
- func CfnFargateProfile_CFN_RESOURCE_TYPE_NAME() *string
- func CfnFargateProfile_IsCfnElement(x interface{}) *bool
- func CfnFargateProfile_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnFargateProfile_IsConstruct(x interface{}) *bool
- func CfnNodegroup_CFN_RESOURCE_TYPE_NAME() *string
- func CfnNodegroup_IsCfnElement(x interface{}) *bool
- func CfnNodegroup_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnNodegroup_IsConstruct(x interface{}) *bool
- func Cluster_IsConstruct(x interface{}) *bool
- func Cluster_IsResource(construct constructs.IConstruct) *bool
- func FargateCluster_IsConstruct(x interface{}) *bool
- func FargateCluster_IsResource(construct constructs.IConstruct) *bool
- func FargateProfile_IsConstruct(x interface{}) *bool
- func HelmChart_IsConstruct(x interface{}) *bool
- func HelmChart_RESOURCE_TYPE() *string
- func KubectlProvider_IsConstruct(x interface{}) *bool
- func KubectlProvider_IsNestedStack(x interface{}) *bool
- func KubectlProvider_IsStack(x interface{}) *bool
- func KubectlProvider_Of(construct constructs.IConstruct) awscdk.Stack
- func KubernetesManifest_IsConstruct(x interface{}) *bool
- func KubernetesManifest_RESOURCE_TYPE() *string
- func KubernetesObjectValue_IsConstruct(x interface{}) *bool
- func KubernetesObjectValue_RESOURCE_TYPE() *string
- func KubernetesPatch_IsConstruct(x interface{}) *bool
- func NewAlbController_Override(a AlbController, scope constructs.Construct, id *string, ...)
- func NewAwsAuth_Override(a AwsAuth, scope constructs.Construct, id *string, props *AwsAuthProps)
- func NewCfnAddon_Override(c CfnAddon, scope constructs.Construct, id *string, props *CfnAddonProps)
- func NewCfnCluster_Override(c CfnCluster, scope constructs.Construct, id *string, props *CfnClusterProps)
- func NewCfnFargateProfile_Override(c CfnFargateProfile, scope constructs.Construct, id *string, ...)
- func NewCfnNodegroup_Override(c CfnNodegroup, scope constructs.Construct, id *string, ...)
- func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)
- func NewEksOptimizedImage_Override(e EksOptimizedImage, props *EksOptimizedImageProps)
- func NewFargateCluster_Override(f FargateCluster, scope constructs.Construct, id *string, ...)
- func NewFargateProfile_Override(f FargateProfile, scope constructs.Construct, id *string, ...)
- func NewHelmChart_Override(h HelmChart, scope constructs.Construct, id *string, props *HelmChartProps)
- func NewKubectlProvider_Override(k KubectlProvider, scope constructs.Construct, id *string, ...)
- func NewKubernetesManifest_Override(k KubernetesManifest, scope constructs.Construct, id *string, ...)
- func NewKubernetesObjectValue_Override(k KubernetesObjectValue, scope constructs.Construct, id *string, ...)
- func NewKubernetesPatch_Override(k KubernetesPatch, scope constructs.Construct, id *string, ...)
- func NewNodegroup_Override(n Nodegroup, scope constructs.Construct, id *string, props *NodegroupProps)
- func NewOpenIdConnectProvider_Override(o OpenIdConnectProvider, scope constructs.Construct, id *string, ...)
- func NewServiceAccount_Override(s ServiceAccount, scope constructs.Construct, id *string, ...)
- func Nodegroup_IsConstruct(x interface{}) *bool
- func Nodegroup_IsResource(construct constructs.IConstruct) *bool
- func OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope constructs.Construct, id *string, openIdConnectProviderArn *string) awsiam.IOpenIdConnectProvider
- func OpenIdConnectProvider_IsConstruct(x interface{}) *bool
- func OpenIdConnectProvider_IsResource(construct constructs.IConstruct) *bool
- func ServiceAccount_IsConstruct(x interface{}) *bool
- type AlbController
- type AlbControllerOptions
- type AlbControllerProps
- type AlbControllerVersion
- func AlbControllerVersion_Of(version *string) AlbControllerVersion
- func AlbControllerVersion_V2_0_0() AlbControllerVersion
- func AlbControllerVersion_V2_0_1() AlbControllerVersion
- func AlbControllerVersion_V2_1_0() AlbControllerVersion
- func AlbControllerVersion_V2_1_1() AlbControllerVersion
- func AlbControllerVersion_V2_1_2() AlbControllerVersion
- func AlbControllerVersion_V2_1_3() AlbControllerVersion
- func AlbControllerVersion_V2_2_0() AlbControllerVersion
- func AlbControllerVersion_V2_2_1() AlbControllerVersion
- func AlbControllerVersion_V2_2_2() AlbControllerVersion
- func AlbControllerVersion_V2_2_3() AlbControllerVersion
- func AlbControllerVersion_V2_2_4() AlbControllerVersion
- func AlbControllerVersion_V2_3_0() AlbControllerVersion
- func AlbControllerVersion_V2_3_1() AlbControllerVersion
- type AlbScheme
- type AutoScalingGroupCapacityOptions
- type AutoScalingGroupOptions
- type AwsAuth
- type AwsAuthMapping
- type AwsAuthProps
- type BootstrapOptions
- type CapacityType
- type CfnAddon
- type CfnAddonProps
- type CfnCluster
- type CfnClusterProps
- type CfnCluster_ClusterLoggingProperty
- type CfnCluster_EncryptionConfigProperty
- type CfnCluster_KubernetesNetworkConfigProperty
- type CfnCluster_LoggingProperty
- type CfnCluster_LoggingTypeConfigProperty
- type CfnCluster_ResourcesVpcConfigProperty
- type CfnFargateProfile
- type CfnFargateProfileProps
- type CfnFargateProfile_LabelProperty
- type CfnFargateProfile_SelectorProperty
- type CfnNodegroup
- type CfnNodegroupProps
- type CfnNodegroup_LaunchTemplateSpecificationProperty
- type CfnNodegroup_RemoteAccessProperty
- type CfnNodegroup_ScalingConfigProperty
- type CfnNodegroup_TaintProperty
- type CfnNodegroup_UpdateConfigProperty
- type Cluster
- type ClusterAttributes
- type ClusterLoggingTypes
- type ClusterOptions
- type ClusterProps
- type CommonClusterOptions
- type CoreDnsComputeType
- type CpuArch
- type DefaultCapacityType
- type EksOptimizedImage
- type EksOptimizedImageProps
- type EndpointAccess
- type FargateCluster
- type FargateClusterProps
- type FargateProfile
- type FargateProfileOptions
- type FargateProfileProps
- type HelmChart
- type HelmChartOptions
- type HelmChartProps
- type ICluster
- type IKubectlProvider
- type INodegroup
- type IngressLoadBalancerAddressOptions
- type KubectlProvider
- type KubectlProviderAttributes
- type KubectlProviderProps
- type KubernetesManifest
- type KubernetesManifestOptions
- type KubernetesManifestProps
- type KubernetesObjectValue
- type KubernetesObjectValueProps
- type KubernetesPatch
- type KubernetesPatchProps
- type KubernetesVersion
- func KubernetesVersion_Of(version *string) KubernetesVersion
- func KubernetesVersion_V1_14() KubernetesVersion
- func KubernetesVersion_V1_15() KubernetesVersion
- func KubernetesVersion_V1_16() KubernetesVersion
- func KubernetesVersion_V1_17() KubernetesVersion
- func KubernetesVersion_V1_18() KubernetesVersion
- func KubernetesVersion_V1_19() KubernetesVersion
- func KubernetesVersion_V1_20() KubernetesVersion
- func KubernetesVersion_V1_21() KubernetesVersion
- type LaunchTemplateSpec
- type MachineImageType
- type NodeType
- type Nodegroup
- type NodegroupAmiType
- type NodegroupOptions
- type NodegroupProps
- type NodegroupRemoteAccess
- type OpenIdConnectProvider
- type OpenIdConnectProviderProps
- type PatchType
- type Selector
- type ServiceAccount
- type ServiceAccountOptions
- type ServiceAccountProps
- type ServiceLoadBalancerAddressOptions
- type TaintEffect
- type TaintSpec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AlbController_IsConstruct ¶
func AlbController_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func AwsAuth_IsConstruct ¶
func AwsAuth_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnAddon_CFN_RESOURCE_TYPE_NAME ¶
func CfnAddon_CFN_RESOURCE_TYPE_NAME() *string
func CfnAddon_IsCfnElement ¶
func CfnAddon_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnAddon_IsCfnResource ¶
func CfnAddon_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnAddon_IsConstruct ¶
func CfnAddon_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnCluster_CFN_RESOURCE_TYPE_NAME ¶
func CfnCluster_CFN_RESOURCE_TYPE_NAME() *string
func CfnCluster_IsCfnElement ¶
func CfnCluster_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnCluster_IsCfnResource ¶
func CfnCluster_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnCluster_IsConstruct ¶
func CfnCluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnFargateProfile_CFN_RESOURCE_TYPE_NAME ¶
func CfnFargateProfile_CFN_RESOURCE_TYPE_NAME() *string
func CfnFargateProfile_IsCfnElement ¶
func CfnFargateProfile_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnFargateProfile_IsCfnResource ¶
func CfnFargateProfile_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnFargateProfile_IsConstruct ¶
func CfnFargateProfile_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnNodegroup_CFN_RESOURCE_TYPE_NAME ¶
func CfnNodegroup_CFN_RESOURCE_TYPE_NAME() *string
func CfnNodegroup_IsCfnElement ¶
func CfnNodegroup_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnNodegroup_IsCfnResource ¶
func CfnNodegroup_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnNodegroup_IsConstruct ¶
func CfnNodegroup_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Cluster_IsConstruct ¶
func Cluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Cluster_IsResource ¶
func Cluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func FargateCluster_IsConstruct ¶
func FargateCluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func FargateCluster_IsResource ¶
func FargateCluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func FargateProfile_IsConstruct ¶
func FargateProfile_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func HelmChart_IsConstruct ¶
func HelmChart_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func HelmChart_RESOURCE_TYPE ¶
func HelmChart_RESOURCE_TYPE() *string
func KubectlProvider_IsConstruct ¶ added in v2.4.0
func KubectlProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func KubectlProvider_IsNestedStack ¶ added in v2.4.0
func KubectlProvider_IsNestedStack(x interface{}) *bool
Checks if `x` is an object of type `NestedStack`.
func KubectlProvider_IsStack ¶ added in v2.4.0
func KubectlProvider_IsStack(x interface{}) *bool
Return whether the given object is a Stack.
We do attribute detection since we can't reliably use 'instanceof'.
func KubectlProvider_Of ¶ added in v2.4.0
func KubectlProvider_Of(construct constructs.IConstruct) awscdk.Stack
Looks up the first stack scope in which `construct` is defined.
Fails if there is no stack up the tree.
func KubernetesManifest_IsConstruct ¶
func KubernetesManifest_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func KubernetesManifest_RESOURCE_TYPE ¶
func KubernetesManifest_RESOURCE_TYPE() *string
func KubernetesObjectValue_IsConstruct ¶
func KubernetesObjectValue_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func KubernetesObjectValue_RESOURCE_TYPE ¶
func KubernetesObjectValue_RESOURCE_TYPE() *string
func KubernetesPatch_IsConstruct ¶
func KubernetesPatch_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func NewAlbController_Override ¶
func NewAlbController_Override(a AlbController, scope constructs.Construct, id *string, props *AlbControllerProps)
func NewAwsAuth_Override ¶
func NewAwsAuth_Override(a AwsAuth, scope constructs.Construct, id *string, props *AwsAuthProps)
func NewCfnAddon_Override ¶
func NewCfnAddon_Override(c CfnAddon, scope constructs.Construct, id *string, props *CfnAddonProps)
Create a new `AWS::EKS::Addon`.
func NewCfnCluster_Override ¶
func NewCfnCluster_Override(c CfnCluster, scope constructs.Construct, id *string, props *CfnClusterProps)
Create a new `AWS::EKS::Cluster`.
func NewCfnFargateProfile_Override ¶
func NewCfnFargateProfile_Override(c CfnFargateProfile, scope constructs.Construct, id *string, props *CfnFargateProfileProps)
Create a new `AWS::EKS::FargateProfile`.
func NewCfnNodegroup_Override ¶
func NewCfnNodegroup_Override(c CfnNodegroup, scope constructs.Construct, id *string, props *CfnNodegroupProps)
Create a new `AWS::EKS::Nodegroup`.
func NewCluster_Override ¶
func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)
Initiates an EKS Cluster with the supplied arguments.
func NewEksOptimizedImage_Override ¶
func NewEksOptimizedImage_Override(e EksOptimizedImage, props *EksOptimizedImageProps)
Constructs a new instance of the EcsOptimizedAmi class.
func NewFargateCluster_Override ¶
func NewFargateCluster_Override(f FargateCluster, scope constructs.Construct, id *string, props *FargateClusterProps)
func NewFargateProfile_Override ¶
func NewFargateProfile_Override(f FargateProfile, scope constructs.Construct, id *string, props *FargateProfileProps)
func NewHelmChart_Override ¶
func NewHelmChart_Override(h HelmChart, scope constructs.Construct, id *string, props *HelmChartProps)
func NewKubectlProvider_Override ¶ added in v2.4.0
func NewKubectlProvider_Override(k KubectlProvider, scope constructs.Construct, id *string, props *KubectlProviderProps)
func NewKubernetesManifest_Override ¶
func NewKubernetesManifest_Override(k KubernetesManifest, scope constructs.Construct, id *string, props *KubernetesManifestProps)
func NewKubernetesObjectValue_Override ¶
func NewKubernetesObjectValue_Override(k KubernetesObjectValue, scope constructs.Construct, id *string, props *KubernetesObjectValueProps)
func NewKubernetesPatch_Override ¶
func NewKubernetesPatch_Override(k KubernetesPatch, scope constructs.Construct, id *string, props *KubernetesPatchProps)
func NewNodegroup_Override ¶
func NewNodegroup_Override(n Nodegroup, scope constructs.Construct, id *string, props *NodegroupProps)
func NewOpenIdConnectProvider_Override ¶
func NewOpenIdConnectProvider_Override(o OpenIdConnectProvider, scope constructs.Construct, id *string, props *OpenIdConnectProviderProps)
Defines an OpenID Connect provider.
func NewServiceAccount_Override ¶
func NewServiceAccount_Override(s ServiceAccount, scope constructs.Construct, id *string, props *ServiceAccountProps)
func Nodegroup_IsConstruct ¶
func Nodegroup_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Nodegroup_IsResource ¶
func Nodegroup_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func OpenIdConnectProvider_FromOpenIdConnectProviderArn ¶
func OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope constructs.Construct, id *string, openIdConnectProviderArn *string) awsiam.IOpenIdConnectProvider
Imports an Open ID connect provider from an ARN.
func OpenIdConnectProvider_IsConstruct ¶
func OpenIdConnectProvider_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func OpenIdConnectProvider_IsResource ¶
func OpenIdConnectProvider_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func ServiceAccount_IsConstruct ¶
func ServiceAccount_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
Types ¶
type AlbController ¶
type AlbController interface { constructs.Construct Node() constructs.Node ToString() *string }
Construct for installing the AWS ALB Contoller on EKS clusters.
Use the factory functions `get` and `getOrCreate` to obtain/create instances of this controller.
TODO: EXAMPLE
See: https://kubernetes-sigs.github.io/aws-load-balancer-controller
func AlbController_Create ¶
func AlbController_Create(scope constructs.Construct, props *AlbControllerProps) AlbController
Create the controller construct associated with this cluster and scope.
Singleton per stack/cluster.
func NewAlbController ¶
func NewAlbController(scope constructs.Construct, id *string, props *AlbControllerProps) AlbController
type AlbControllerOptions ¶
type AlbControllerOptions struct { // Version of the controller. Version AlbControllerVersion `json:"version" yaml:"version"` // The IAM policy to apply to the service account. // // If you're using one of the built-in versions, this is not required since // CDK ships with the appropriate policies for those versions. // // However, if you are using a custom version, this is required (and validated). Policy interface{} `json:"policy" yaml:"policy"` // The repository to pull the controller image from. // // Note that the default repository works for most regions, but not all. // If the repository is not applicable to your region, use a custom repository // according to the information here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases. Repository *string `json:"repository" yaml:"repository"` }
Options for `AlbController`.
TODO: EXAMPLE
type AlbControllerProps ¶
type AlbControllerProps struct { // Version of the controller. Version AlbControllerVersion `json:"version" yaml:"version"` // The IAM policy to apply to the service account. // // If you're using one of the built-in versions, this is not required since // CDK ships with the appropriate policies for those versions. // // However, if you are using a custom version, this is required (and validated). Policy interface{} `json:"policy" yaml:"policy"` // The repository to pull the controller image from. // // Note that the default repository works for most regions, but not all. // If the repository is not applicable to your region, use a custom repository // according to the information here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases. Repository *string `json:"repository" yaml:"repository"` // [disable-awslint:ref-via-interface] Cluster to install the controller onto. Cluster Cluster `json:"cluster" yaml:"cluster"` }
Properties for `AlbController`.
TODO: EXAMPLE
type AlbControllerVersion ¶
Controller version.
Corresponds to the image tag of 'amazon/aws-load-balancer-controller' image.
TODO: EXAMPLE
func AlbControllerVersion_Of ¶
func AlbControllerVersion_Of(version *string) AlbControllerVersion
Specify a custom version.
Use this if the version you need is not available in one of the predefined versions. Note that in this case, you will also need to provide an IAM policy in the controller options.
func AlbControllerVersion_V2_0_0 ¶
func AlbControllerVersion_V2_0_0() AlbControllerVersion
func AlbControllerVersion_V2_0_1 ¶
func AlbControllerVersion_V2_0_1() AlbControllerVersion
func AlbControllerVersion_V2_1_0 ¶
func AlbControllerVersion_V2_1_0() AlbControllerVersion
func AlbControllerVersion_V2_1_1 ¶
func AlbControllerVersion_V2_1_1() AlbControllerVersion
func AlbControllerVersion_V2_1_2 ¶
func AlbControllerVersion_V2_1_2() AlbControllerVersion
func AlbControllerVersion_V2_1_3 ¶
func AlbControllerVersion_V2_1_3() AlbControllerVersion
func AlbControllerVersion_V2_2_0 ¶
func AlbControllerVersion_V2_2_0() AlbControllerVersion
func AlbControllerVersion_V2_2_1 ¶
func AlbControllerVersion_V2_2_1() AlbControllerVersion
func AlbControllerVersion_V2_2_2 ¶
func AlbControllerVersion_V2_2_2() AlbControllerVersion
func AlbControllerVersion_V2_2_3 ¶
func AlbControllerVersion_V2_2_3() AlbControllerVersion
func AlbControllerVersion_V2_2_4 ¶
func AlbControllerVersion_V2_2_4() AlbControllerVersion
func AlbControllerVersion_V2_3_0 ¶
func AlbControllerVersion_V2_3_0() AlbControllerVersion
func AlbControllerVersion_V2_3_1 ¶ added in v2.4.0
func AlbControllerVersion_V2_3_1() AlbControllerVersion
type AlbScheme ¶
type AlbScheme string
ALB Scheme. See: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/ingress/annotations/#scheme
type AutoScalingGroupCapacityOptions ¶
type AutoScalingGroupCapacityOptions struct { // Whether the instances can initiate connections to anywhere by default. AllowAllOutbound *bool `json:"allowAllOutbound" yaml:"allowAllOutbound"` // Whether instances in the Auto Scaling Group should have public IP addresses associated with them. AssociatePublicIpAddress *bool `json:"associatePublicIpAddress" yaml:"associatePublicIpAddress"` // The name of the Auto Scaling group. // // This name must be unique per Region per account. AutoScalingGroupName *string `json:"autoScalingGroupName" yaml:"autoScalingGroupName"` // Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. // // Each instance that is launched has an associated root device volume, // either an Amazon EBS volume or an instance store volume. // You can use block device mappings to specify additional EBS volumes or // instance store volumes to attach to an instance when it is launched. // See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html // BlockDevices *[]*awsautoscaling.BlockDevice `json:"blockDevices" yaml:"blockDevices"` // Default scaling cooldown for this AutoScalingGroup. Cooldown awscdk.Duration `json:"cooldown" yaml:"cooldown"` // Initial amount of instances in the fleet. // // If this is set to a number, every deployment will reset the amount of // instances to this number. It is recommended to leave this value blank. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity // DesiredCapacity *float64 `json:"desiredCapacity" yaml:"desiredCapacity"` // Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. // // To report all group metrics use `GroupMetrics.all()` // Group metrics are reported in a granularity of 1 minute at no additional charge. GroupMetrics *[]awsautoscaling.GroupMetrics `json:"groupMetrics" yaml:"groupMetrics"` // Configuration for health checks. HealthCheck awsautoscaling.HealthCheck `json:"healthCheck" yaml:"healthCheck"` // If the ASG has scheduled actions, don't reset unchanged group sizes. // // Only used if the ASG has scheduled actions (which may scale your ASG up // or down regardless of cdk deployments). If true, the size of the group // will only be reset if it has been changed in the CDK app. If false, the // sizes will always be changed back to what they were in the CDK app // on deployment. IgnoreUnmodifiedSizeProperties *bool `json:"ignoreUnmodifiedSizeProperties" yaml:"ignoreUnmodifiedSizeProperties"` // Controls whether instances in this group are launched with detailed or basic monitoring. // // When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account // is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. // See: https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics // InstanceMonitoring awsautoscaling.Monitoring `json:"instanceMonitoring" yaml:"instanceMonitoring"` // Name of SSH keypair to grant access to instances. KeyName *string `json:"keyName" yaml:"keyName"` // Maximum number of instances in the fleet. MaxCapacity *float64 `json:"maxCapacity" yaml:"maxCapacity"` // The maximum amount of time that an instance can be in service. // // The maximum duration applies // to all current and future instances in the group. As an instance approaches its maximum duration, // it is terminated and replaced, and cannot be used again. // // You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, // leave this property undefined. // See: https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html // MaxInstanceLifetime awscdk.Duration `json:"maxInstanceLifetime" yaml:"maxInstanceLifetime"` // Minimum number of instances in the fleet. MinCapacity *float64 `json:"minCapacity" yaml:"minCapacity"` // Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. // // By default, Auto Scaling can terminate an instance at any time after launch // when scaling in an Auto Scaling Group, subject to the group's termination // policy. However, you may wish to protect newly-launched instances from // being scaled in if they are going to run critical applications that should // not be prematurely terminated. // // This flag must be enabled if the Auto Scaling Group will be associated with // an ECS Capacity Provider with managed termination protection. NewInstancesProtectedFromScaleIn *bool `json:"newInstancesProtectedFromScaleIn" yaml:"newInstancesProtectedFromScaleIn"` // Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations // Notifications *[]*awsautoscaling.NotificationConfiguration `json:"notifications" yaml:"notifications"` // Configure waiting for signals during deployment. // // Use this to pause the CloudFormation deployment to wait for the instances // in the AutoScalingGroup to report successful startup during // creation and updates. The UserData script needs to invoke `cfn-signal` // with a success or failure code after it is done setting up the instance. // // Without waiting for signals, the CloudFormation deployment will proceed as // soon as the AutoScalingGroup has been created or updated but before the // instances in the group have been started. // // For example, to have instances wait for an Elastic Load Balancing health check before // they signal success, add a health-check verification by using the // cfn-init helper script. For an example, see the verify_instance_health // command in the Auto Scaling rolling updates sample template: // // https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml Signals awsautoscaling.Signals `json:"signals" yaml:"signals"` // The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. // // Spot Instances are // launched when the price you specify exceeds the current Spot market price. SpotPrice *string `json:"spotPrice" yaml:"spotPrice"` // A policy or a list of policies that are used to select the instances to terminate. // // The policies are executed in the order that you list them. // See: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html // TerminationPolicies *[]awsautoscaling.TerminationPolicy `json:"terminationPolicies" yaml:"terminationPolicies"` // What to do when an AutoScalingGroup's instance configuration is changed. // // This is applied when any of the settings on the ASG are changed that // affect how the instances should be created (VPC, instance type, startup // scripts, etc.). It indicates how the existing instances should be // replaced with new instances matching the new config. By default, nothing // is done and only new instances are launched with the new config. UpdatePolicy awsautoscaling.UpdatePolicy `json:"updatePolicy" yaml:"updatePolicy"` // Where to place instances within the VPC. VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets" yaml:"vpcSubnets"` // Instance type of the instances to start. InstanceType awsec2.InstanceType `json:"instanceType" yaml:"instanceType"` // Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke `/etc/eks/bootstrap.sh`) and associate it with the EKS cluster. // // If you wish to provide a custom user data script, set this to `false` and // manually invoke `autoscalingGroup.addUserData()`. BootstrapEnabled *bool `json:"bootstrapEnabled" yaml:"bootstrapEnabled"` // EKS node bootstrapping options. BootstrapOptions *BootstrapOptions `json:"bootstrapOptions" yaml:"bootstrapOptions"` // Machine image type. MachineImageType MachineImageType `json:"machineImageType" yaml:"machineImageType"` // Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. // // This cannot be explicitly set to `true` if the cluster has kubectl disabled. MapRole *bool `json:"mapRole" yaml:"mapRole"` // Installs the AWS spot instance interrupt handler on the cluster if it's not already added. // // Only relevant if `spotPrice` is used. SpotInterruptHandler *bool `json:"spotInterruptHandler" yaml:"spotInterruptHandler"` }
Options for adding worker nodes.
TODO: EXAMPLE
type AutoScalingGroupOptions ¶
type AutoScalingGroupOptions struct { // Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke `/etc/eks/bootstrap.sh`) and associate it with the EKS cluster. // // If you wish to provide a custom user data script, set this to `false` and // manually invoke `autoscalingGroup.addUserData()`. BootstrapEnabled *bool `json:"bootstrapEnabled" yaml:"bootstrapEnabled"` // Allows options for node bootstrapping through EC2 user data. BootstrapOptions *BootstrapOptions `json:"bootstrapOptions" yaml:"bootstrapOptions"` // Allow options to specify different machine image type. MachineImageType MachineImageType `json:"machineImageType" yaml:"machineImageType"` // Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. // // This cannot be explicitly set to `true` if the cluster has kubectl disabled. MapRole *bool `json:"mapRole" yaml:"mapRole"` // Installs the AWS spot instance interrupt handler on the cluster if it's not already added. // // Only relevant if `spotPrice` is configured on the auto-scaling group. SpotInterruptHandler *bool `json:"spotInterruptHandler" yaml:"spotInterruptHandler"` }
Options for adding an AutoScalingGroup as capacity.
TODO: EXAMPLE
type AwsAuth ¶
type AwsAuth interface { constructs.Construct Node() constructs.Node AddAccount(accountId *string) AddMastersRole(role awsiam.IRole, username *string) AddRoleMapping(role awsiam.IRole, mapping *AwsAuthMapping) AddUserMapping(user awsiam.IUser, mapping *AwsAuthMapping) ToString() *string }
Manages mapping between IAM users and roles to Kubernetes RBAC configuration.
TODO: EXAMPLE
See: https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html
func NewAwsAuth ¶
func NewAwsAuth(scope constructs.Construct, id *string, props *AwsAuthProps) AwsAuth
type AwsAuthMapping ¶
type AwsAuthMapping struct { // A list of groups within Kubernetes to which the role is mapped. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // Groups *[]*string `json:"groups" yaml:"groups"` // The user name within Kubernetes to map to the IAM role. Username *string `json:"username" yaml:"username"` }
AwsAuth mapping.
TODO: EXAMPLE
type AwsAuthProps ¶
type AwsAuthProps struct { // The EKS cluster to apply this configuration to. // // [disable-awslint:ref-via-interface] Cluster Cluster `json:"cluster" yaml:"cluster"` }
Configuration props for the AwsAuth construct.
TODO: EXAMPLE
type BootstrapOptions ¶
type BootstrapOptions struct { // Additional command line arguments to pass to the `/etc/eks/bootstrap.sh` command. // See: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh // AdditionalArgs *string `json:"additionalArgs" yaml:"additionalArgs"` // Number of retry attempts for AWS API call (DescribeCluster). AwsApiRetryAttempts *float64 `json:"awsApiRetryAttempts" yaml:"awsApiRetryAttempts"` // Overrides the IP address to use for DNS queries within the cluster. DnsClusterIp *string `json:"dnsClusterIp" yaml:"dnsClusterIp"` // The contents of the `/etc/docker/daemon.json` file. Useful if you want a custom config differing from the default one in the EKS AMI. DockerConfigJson *string `json:"dockerConfigJson" yaml:"dockerConfigJson"` // Restores the docker default bridge network. EnableDockerBridge *bool `json:"enableDockerBridge" yaml:"enableDockerBridge"` // Extra arguments to add to the kubelet. Useful for adding labels or taints. // // For example, `--node-labels foo=bar,goo=far`. KubeletExtraArgs *string `json:"kubeletExtraArgs" yaml:"kubeletExtraArgs"` // Sets `--max-pods` for the kubelet based on the capacity of the EC2 instance. UseMaxPods *bool `json:"useMaxPods" yaml:"useMaxPods"` }
EKS node bootstrapping options.
TODO: EXAMPLE
type CapacityType ¶
type CapacityType string
Capacity type of the managed node group.
TODO: EXAMPLE
const ( CapacityType_SPOT CapacityType = "SPOT" CapacityType_ON_DEMAND CapacityType = "ON_DEMAND" )
type CfnAddon ¶
type CfnAddon interface { awscdk.CfnResource awscdk.IInspectable AddonName() *string SetAddonName(val *string) AddonVersion() *string SetAddonVersion(val *string) AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string ClusterName() *string SetClusterName(val *string) CreationStack() *[]*string LogicalId() *string Node() constructs.Node Ref() *string ResolveConflicts() *string SetResolveConflicts(val *string) ServiceAccountRoleArn() *string SetServiceAccountRoleArn(val *string) Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::EKS::Addon`.
Creates an Amazon EKS add-on.
Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. Amazon EKS add-ons require clusters running version 1.18 or later because Amazon EKS add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later. For more information, see [Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the *Amazon EKS User Guide* .
TODO: EXAMPLE
func NewCfnAddon ¶
func NewCfnAddon(scope constructs.Construct, id *string, props *CfnAddonProps) CfnAddon
Create a new `AWS::EKS::Addon`.
type CfnAddonProps ¶
type CfnAddonProps struct { // The name of the add-on. AddonName *string `json:"addonName" yaml:"addonName"` // The name of the cluster. ClusterName *string `json:"clusterName" yaml:"clusterName"` // The version of the add-on. AddonVersion *string `json:"addonVersion" yaml:"addonVersion"` // How to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on. ResolveConflicts *string `json:"resolveConflicts" yaml:"resolveConflicts"` // The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. // // The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the *Amazon EKS User Guide* . // // > To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the *Amazon EKS User Guide* . ServiceAccountRoleArn *string `json:"serviceAccountRoleArn" yaml:"serviceAccountRoleArn"` // The metadata that you apply to the add-on to assist with categorization and organization. // // Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster. Tags *[]*awscdk.CfnTag `json:"tags" yaml:"tags"` }
Properties for defining a `CfnAddon`.
TODO: EXAMPLE
type CfnCluster ¶
type CfnCluster interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string AttrCertificateAuthorityData() *string AttrClusterSecurityGroupId() *string AttrEncryptionConfigKeyArn() *string AttrEndpoint() *string AttrKubernetesNetworkConfigServiceIpv6Cidr() *string AttrOpenIdConnectIssuerUrl() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string EncryptionConfig() interface{} SetEncryptionConfig(val interface{}) KubernetesNetworkConfig() interface{} SetKubernetesNetworkConfig(val interface{}) Logging() interface{} SetLogging(val interface{}) LogicalId() *string Name() *string SetName(val *string) Node() constructs.Node Ref() *string ResourcesVpcConfig() interface{} SetResourcesVpcConfig(val interface{}) RoleArn() *string SetRoleArn(val *string) Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} Version() *string SetVersion(val *string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::EKS::Cluster`.
Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows).
Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Managing Cluster Authentication](https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* .
TODO: EXAMPLE
func NewCfnCluster ¶
func NewCfnCluster(scope constructs.Construct, id *string, props *CfnClusterProps) CfnCluster
Create a new `AWS::EKS::Cluster`.
type CfnClusterProps ¶
type CfnClusterProps struct { // The VPC configuration that's used by the cluster control plane. // // Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the *Amazon EKS User Guide* . You must specify at least two subnets. You can specify up to five security groups, but we recommend that you use a dedicated security group for your cluster control plane. // // > Updates require replacement of the `SecurityGroupIds` and `SubnetIds` sub-properties. ResourcesVpcConfig interface{} `json:"resourcesVpcConfig" yaml:"resourcesVpcConfig"` // The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. // // For more information, see [Amazon EKS Service IAM Role](https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html) in the **Amazon EKS User Guide** . RoleArn *string `json:"roleArn" yaml:"roleArn"` // The encryption configuration for the cluster. EncryptionConfig interface{} `json:"encryptionConfig" yaml:"encryptionConfig"` // The Kubernetes network configuration for the cluster. KubernetesNetworkConfig interface{} `json:"kubernetesNetworkConfig" yaml:"kubernetesNetworkConfig"` // The logging configuration for your cluster. Logging interface{} `json:"logging" yaml:"logging"` // The unique name to give to your cluster. Name *string `json:"name" yaml:"name"` // The metadata that you apply to the cluster to assist with categorization and organization. // // Each tag consists of a key and an optional value, both of which you define. Cluster tags don't propagate to any other resources associated with the cluster. // // > You must have the `eks:TagResource` and `eks:UntagResource` permissions in your IAM user or IAM role used to manage the CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update. Tags *[]*awscdk.CfnTag `json:"tags" yaml:"tags"` // The desired Kubernetes version for your cluster. // // If you don't specify a value here, the latest version available in Amazon EKS is used. Version *string `json:"version" yaml:"version"` }
Properties for defining a `CfnCluster`.
TODO: EXAMPLE
type CfnCluster_ClusterLoggingProperty ¶
type CfnCluster_ClusterLoggingProperty struct { // The enabled control plane logs for your cluster. All log types are disabled if the array is empty. // // > When updating a resource, you must include this `EnabledTypes` property if the previous CloudFormation template of the resource had it. EnabledTypes interface{} `json:"enabledTypes" yaml:"enabledTypes"` }
The cluster control plane logging configuration for your cluster.
> When updating a resource, you must include this `ClusterLogging` property if the previous CloudFormation template of the resource had it.
TODO: EXAMPLE
type CfnCluster_EncryptionConfigProperty ¶
type CfnCluster_EncryptionConfigProperty struct { // The encryption provider for the cluster. Provider interface{} `json:"provider" yaml:"provider"` // Specifies the resources to be encrypted. // // The only supported value is "secrets". Resources *[]*string `json:"resources" yaml:"resources"` }
The encryption configuration for the cluster.
TODO: EXAMPLE
type CfnCluster_KubernetesNetworkConfigProperty ¶
type CfnCluster_KubernetesNetworkConfigProperty struct { // Specify which IP family is used to assign Kubernetes pod and service IP addresses. // // If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them. You can't specify `ipv6` for clusters in China Regions. // // You can only specify `ipv6` for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to pods and services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the Amazon EKS User Guide. Kubernetes assigns services IPv6 addresses from the unique local address range (fc00::/7). You can't specify a custom IPv6 CIDR block. Pod addresses are assigned from the subnet's IPv6 CIDR. IpFamily *string `json:"ipFamily" yaml:"ipFamily"` // Don't specify a value if you select `ipv6` for *ipFamily* . // // The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements: // // - Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. // - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC. // - Between /24 and /12. // // > You can only specify a custom CIDR block when you create a cluster and can't change this value once the cluster is created. ServiceIpv4Cidr *string `json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` // The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster. ServiceIpv6Cidr *string `json:"serviceIpv6Cidr" yaml:"serviceIpv6Cidr"` }
The Kubernetes network configuration for the cluster.
TODO: EXAMPLE
type CfnCluster_LoggingProperty ¶
type CfnCluster_LoggingProperty struct {
// The cluster control plane logging configuration for your cluster.
ClusterLogging interface{} `json:"clusterLogging" yaml:"clusterLogging"`
}
Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs.
By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster control plane logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** .
> When updating a resource, you must include this `Logging` property if the previous CloudFormation template of the resource had it. > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) .
TODO: EXAMPLE
type CfnCluster_LoggingTypeConfigProperty ¶
type CfnCluster_LoggingTypeConfigProperty struct { // The name of the log type. Type *string `json:"type" yaml:"type"` }
The enabled logging type.
For a list of the valid logging types, see the [`types` property of `LogSetup`](https://docs.aws.amazon.com/eks/latest/APIReference/API_LogSetup.html#AmazonEKS-Type-LogSetup-types) in the *Amazon EKS API Reference* .
TODO: EXAMPLE
type CfnCluster_ResourcesVpcConfigProperty ¶
type CfnCluster_ResourcesVpcConfigProperty struct { // Specify subnets for your Amazon EKS nodes. // // Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. SubnetIds *[]*string `json:"subnetIds" yaml:"subnetIds"` // Set this value to `true` to enable private access for your cluster's Kubernetes API server endpoint. // // If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is `false` , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that `publicAccessCidrs` includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . EndpointPrivateAccess interface{} `json:"endpointPrivateAccess" yaml:"endpointPrivateAccess"` // Set this value to `false` to disable public access to your cluster's Kubernetes API server endpoint. // // If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is `true` , which enables public access for your Kubernetes API server. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . EndpointPublicAccess interface{} `json:"endpointPublicAccess" yaml:"endpointPublicAccess"` // The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. // // Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is `0.0.0.0/0` . If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks. For more information, see [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . PublicAccessCidrs *[]*string `json:"publicAccessCidrs" yaml:"publicAccessCidrs"` // Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. // // If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes: // // - 1.14 Amazon EKS platform version `eks.2` and earlier // - 1.14 Amazon EKS platform version `eks.3` and later // // For more information, see [Amazon EKS security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the **Amazon EKS User Guide** . SecurityGroupIds *[]*string `json:"securityGroupIds" yaml:"securityGroupIds"` }
An object representing the VPC configuration to use for an Amazon EKS cluster.
> When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them: > > - `EndpointPublicAccess` > - `EndpointPrivateAccess` > - `PublicAccessCidrs`
TODO: EXAMPLE
type CfnFargateProfile ¶
type CfnFargateProfile interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string ClusterName() *string SetClusterName(val *string) CreationStack() *[]*string FargateProfileName() *string SetFargateProfileName(val *string) LogicalId() *string Node() constructs.Node PodExecutionRoleArn() *string SetPodExecutionRoleArn(val *string) Ref() *string Selectors() interface{} SetSelectors(val interface{}) Stack() awscdk.Stack Subnets() *[]*string SetSubnets(val *[]*string) Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::EKS::FargateProfile`.
Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/admin/authorization/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* .
Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
For more information, see [AWS Fargate Profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* .
TODO: EXAMPLE
func NewCfnFargateProfile ¶
func NewCfnFargateProfile(scope constructs.Construct, id *string, props *CfnFargateProfileProps) CfnFargateProfile
Create a new `AWS::EKS::FargateProfile`.
type CfnFargateProfileProps ¶
type CfnFargateProfileProps struct { // The name of the Amazon EKS cluster to apply the Fargate profile to. ClusterName *string `json:"clusterName" yaml:"clusterName"` // The Amazon Resource Name (ARN) of the pod execution role to use for pods that match the selectors in the Fargate profile. // // The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* . PodExecutionRoleArn *string `json:"podExecutionRoleArn" yaml:"podExecutionRoleArn"` // The selectors to match for pods to use this Fargate profile. // // Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. You may specify up to five selectors in a Fargate profile. Selectors interface{} `json:"selectors" yaml:"selectors"` // The name of the Fargate profile. FargateProfileName *string `json:"fargateProfileName" yaml:"fargateProfileName"` // The IDs of subnets to launch your pods into. // // At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter. Subnets *[]*string `json:"subnets" yaml:"subnets"` // The metadata to apply to the Fargate profile to assist with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it. Tags *[]*awscdk.CfnTag `json:"tags" yaml:"tags"` }
Properties for defining a `CfnFargateProfile`.
TODO: EXAMPLE
type CfnFargateProfile_LabelProperty ¶
type CfnFargateProfile_LabelProperty struct { // Enter a key. Key *string `json:"key" yaml:"key"` // Enter a value. Value *string `json:"value" yaml:"value"` }
A key-value pair.
TODO: EXAMPLE
type CfnFargateProfile_SelectorProperty ¶
type CfnFargateProfile_SelectorProperty struct { // The Kubernetes namespace that the selector should match. Namespace *string `json:"namespace" yaml:"namespace"` // The Kubernetes labels that the selector should match. // // A pod must contain all of the labels that are specified in the selector for it to be considered a match. Labels interface{} `json:"labels" yaml:"labels"` }
An object representing an AWS Fargate profile selector.
TODO: EXAMPLE
type CfnNodegroup ¶
type CfnNodegroup interface { awscdk.CfnResource awscdk.IInspectable AmiType() *string SetAmiType(val *string) AttrArn() *string AttrClusterName() *string AttrId() *string AttrNodegroupName() *string CapacityType() *string SetCapacityType(val *string) CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string ClusterName() *string SetClusterName(val *string) CreationStack() *[]*string DiskSize() *float64 SetDiskSize(val *float64) ForceUpdateEnabled() interface{} SetForceUpdateEnabled(val interface{}) InstanceTypes() *[]*string SetInstanceTypes(val *[]*string) Labels() interface{} SetLabels(val interface{}) LaunchTemplate() interface{} SetLaunchTemplate(val interface{}) LogicalId() *string Node() constructs.Node NodegroupName() *string SetNodegroupName(val *string) NodeRole() *string SetNodeRole(val *string) Ref() *string ReleaseVersion() *string SetReleaseVersion(val *string) RemoteAccess() interface{} SetRemoteAccess(val interface{}) ScalingConfig() interface{} SetScalingConfig(val interface{}) Stack() awscdk.Stack Subnets() *[]*string SetSubnets(val *[]*string) Tags() awscdk.TagManager Taints() interface{} SetTaints(val interface{}) UpdateConfig() interface{} SetUpdateConfig(val interface{}) UpdatedProperites() *map[string]interface{} Version() *string SetVersion(val *string) AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::EKS::Nodegroup`.
Creates a managed node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. Each node group uses a version of the Amazon EKS optimized Amazon Linux 2 AMI. For more information, see [Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
TODO: EXAMPLE
func NewCfnNodegroup ¶
func NewCfnNodegroup(scope constructs.Construct, id *string, props *CfnNodegroupProps) CfnNodegroup
Create a new `AWS::EKS::Nodegroup`.
type CfnNodegroupProps ¶
type CfnNodegroupProps struct { // The name of the cluster to create the node group in. ClusterName *string `json:"clusterName" yaml:"clusterName"` // The Amazon Resource Name (ARN) of the IAM role to associate with your node group. // // The Amazon EKS worker node `kubelet` daemon makes calls to AWS APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the **Amazon EKS User Guide** . If you specify `launchTemplate` , then don't specify [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . NodeRole *string `json:"nodeRole" yaml:"nodeRole"` // The subnets to use for the Auto Scaling group that is created for your node group. // // If you specify `launchTemplate` , then don't specify [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . Subnets *[]*string `json:"subnets" yaml:"subnets"` // The AMI type for your node group. // // GPU instance types should use the `AL2_x86_64_GPU` AMI type. Non-GPU instances should use the `AL2_x86_64` AMI type. Arm instances should use the `AL2_ARM_64` AMI type. All types use the Amazon EKS optimized Amazon Linux 2 AMI. If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `amiType` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . AmiType *string `json:"amiType" yaml:"amiType"` // The capacity type of your managed node group. CapacityType *string `json:"capacityType" yaml:"capacityType"` // The root device disk size (in GiB) for your node group instances. // // The default disk size is 20 GiB. If you specify `launchTemplate` , then don't specify `diskSize` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . DiskSize *float64 `json:"diskSize" yaml:"diskSize"` // Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. // // If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. ForceUpdateEnabled interface{} `json:"forceUpdateEnabled" yaml:"forceUpdateEnabled"` // Specify the instance types for a node group. // // If you specify a GPU instance type, be sure to specify `AL2_x86_64_GPU` with the `amiType` parameter. If you specify `launchTemplate` , then you can specify zero or one instance type in your launch template *or* you can specify 0-20 instance types for `instanceTypes` . If however, you specify an instance type in your launch template *and* specify any `instanceTypes` , the node group deployment will fail. If you don't specify an instance type in a launch template or for `instanceTypes` , then `t3.medium` is used, by default. If you specify `Spot` for `capacityType` , then we recommend specifying multiple values for `instanceTypes` . For more information, see [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types) and [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . InstanceTypes *[]*string `json:"instanceTypes" yaml:"instanceTypes"` // The Kubernetes labels to be applied to the nodes in the node group when they are created. Labels interface{} `json:"labels" yaml:"labels"` // An object representing a node group's launch template specification. // // If specified, then do not specify `instanceTypes` , `diskSize` , or `remoteAccess` and make sure that the launch template meets the requirements in `launchTemplateSpecification` . LaunchTemplate interface{} `json:"launchTemplate" yaml:"launchTemplate"` // The unique name to give your node group. NodegroupName *string `json:"nodegroupName" yaml:"nodegroupName"` // The AMI version of the Amazon EKS optimized AMI to use with your node group (for example, `1.14.7- *YYYYMMDD*` ). By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see [Amazon EKS optimized Linux AMI Versions](https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html) in the *Amazon EKS User Guide* . // // > Changing this value triggers an update of the node group if one is available. However, only the latest available AMI release version is valid as an input. You cannot roll back to a previous AMI release version. ReleaseVersion *string `json:"releaseVersion" yaml:"releaseVersion"` // The remote access (SSH) configuration to use with your node group. // // If you specify `launchTemplate` , then don't specify `remoteAccess` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . RemoteAccess interface{} `json:"remoteAccess" yaml:"remoteAccess"` // The scaling configuration details for the Auto Scaling group that is created for your node group. ScalingConfig interface{} `json:"scalingConfig" yaml:"scalingConfig"` // The metadata to apply to the node group to assist with categorization and organization. // // Each tag consists of a key and an optional value. You define both. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. Tags interface{} `json:"tags" yaml:"tags"` // The Kubernetes taints to be applied to the nodes in the node group when they are created. // // Effect is one of `No_Schedule` , `Prefer_No_Schedule` , or `No_Execute` . Kubernetes taints can be used together with tolerations to control how workloads are scheduled to your nodes. For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) . Taints interface{} `json:"taints" yaml:"taints"` // The node group update configuration. UpdateConfig interface{} `json:"updateConfig" yaml:"updateConfig"` // The Kubernetes version to use for your managed nodes. // // By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `version` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* . Version *string `json:"version" yaml:"version"` }
Properties for defining a `CfnNodegroup`.
TODO: EXAMPLE
type CfnNodegroup_LaunchTemplateSpecificationProperty ¶
type CfnNodegroup_LaunchTemplateSpecificationProperty struct { // The ID of the launch template. Id *string `json:"id" yaml:"id"` // The name of the launch template. Name *string `json:"name" yaml:"name"` // The version of the launch template to use. // // If no version is specified, then the template's default version is used. Version *string `json:"version" yaml:"version"` }
An object representing a node group launch template specification.
The launch template cannot include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
Specify either `name` or `id` , but not both.
TODO: EXAMPLE
type CfnNodegroup_RemoteAccessProperty ¶
type CfnNodegroup_RemoteAccessProperty struct { // The Amazon EC2 SSH key that provides access for SSH communication with the nodes in the managed node group. // // For more information, see [Amazon EC2 key pairs and Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) in the *Amazon Elastic Compute Cloud User Guide for Linux Instances* . Ec2SshKey *string `json:"ec2SshKey" yaml:"ec2SshKey"` // The security groups that are allowed SSH access (port 22) to the nodes. // // If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the nodes is opened to the internet (0.0.0.0/0). For more information, see [Security Groups for Your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the *Amazon Virtual Private Cloud User Guide* . SourceSecurityGroups *[]*string `json:"sourceSecurityGroups" yaml:"sourceSecurityGroups"` }
An object representing the remote access configuration for the managed node group.
TODO: EXAMPLE
type CfnNodegroup_ScalingConfigProperty ¶
type CfnNodegroup_ScalingConfigProperty struct { // The current number of nodes that the managed node group should maintain. // // > If you use Cluster Autoscaler, you shouldn't change the desiredSize value directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale down. // // Whenever this parameter changes, the number of worker nodes in the node group is updated to the specified size. If this parameter is given a value that is smaller than the current number of running worker nodes, the necessary number of worker nodes are terminated to match the given value. When using CloudFormation, no action occurs if you remove this parameter from your CFN template. // // This parameter can be different from minSize in some cases, such as when starting with extra hosts for testing. This parameter can also be different when you want to start with an estimated number of needed hosts, but let Cluster Autoscaler reduce the number if there are too many. When Cluster Autoscaler is used, the desiredSize parameter is altered by Cluster Autoscaler (but can be out-of-date for short periods of time). Cluster Autoscaler doesn't scale a managed node group lower than minSize or higher than maxSize. DesiredSize *float64 `json:"desiredSize" yaml:"desiredSize"` // The maximum number of nodes that the managed node group can scale out to. // // For information about the maximum number that you can specify, see [Amazon EKS service quotas](https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) in the *Amazon EKS User Guide* . MaxSize *float64 `json:"maxSize" yaml:"maxSize"` // The minimum number of nodes that the managed node group can scale in to. MinSize *float64 `json:"minSize" yaml:"minSize"` }
An object representing the scaling configuration details for the Auto Scaling group that is associated with your node group.
When creating a node group, you must specify all or none of the properties. When updating a node group, you can specify any or none of the properties.
TODO: EXAMPLE
type CfnNodegroup_TaintProperty ¶
type CfnNodegroup_TaintProperty struct { // The effect of the taint. Effect *string `json:"effect" yaml:"effect"` // The key of the taint. Key *string `json:"key" yaml:"key"` // The value of the taint. Value *string `json:"value" yaml:"value"` }
A property that allows a node to repel a set of pods.
For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) .
TODO: EXAMPLE
type CfnNodegroup_UpdateConfigProperty ¶
type CfnNodegroup_UpdateConfigProperty struct { // // Nodes will be updated in parallel. This value or `maxUnavailablePercentage` is required to have a value.The maximum number is 100. MaxUnavailable *float64 `json:"maxUnavailable" yaml:"maxUnavailable"` // // This percentage of nodes will be updated in parallel, up to 100 nodes at once. This value or `maxUnavailable` is required to have a value. MaxUnavailablePercentage *float64 `json:"maxUnavailablePercentage" yaml:"maxUnavailablePercentage"` }
The update configuration for the node group.
TODO: EXAMPLE
type Cluster ¶
type Cluster interface { awscdk.Resource ICluster AdminRole() awsiam.Role AlbController() AlbController AwsAuth() AwsAuth ClusterArn() *string ClusterCertificateAuthorityData() *string ClusterEncryptionConfigKeyArn() *string ClusterEndpoint() *string ClusterHandlerSecurityGroup() awsec2.ISecurityGroup ClusterName() *string ClusterOpenIdConnectIssuer() *string ClusterOpenIdConnectIssuerUrl() *string ClusterSecurityGroup() awsec2.ISecurityGroup ClusterSecurityGroupId() *string Connections() awsec2.Connections DefaultCapacity() awsautoscaling.AutoScalingGroup DefaultNodegroup() Nodegroup Env() *awscdk.ResourceEnvironment KubectlEnvironment() *map[string]*string KubectlLambdaRole() awsiam.IRole KubectlLayer() awslambda.ILayerVersion KubectlMemory() awscdk.Size KubectlPrivateSubnets() *[]awsec2.ISubnet KubectlRole() awsiam.IRole KubectlSecurityGroup() awsec2.ISecurityGroup Node() constructs.Node OnEventLayer() awslambda.ILayerVersion OpenIdConnectProvider() awsiam.IOpenIdConnectProvider PhysicalName() *string Prune() *bool Role() awsiam.IRole Stack() awscdk.Stack Vpc() awsec2.IVpc AddAutoScalingGroupCapacity(id *string, options *AutoScalingGroupCapacityOptions) awsautoscaling.AutoScalingGroup AddCdk8sChart(id *string, chart constructs.Construct, options *KubernetesManifestOptions) KubernetesManifest AddFargateProfile(id *string, options *FargateProfileOptions) FargateProfile AddHelmChart(id *string, options *HelmChartOptions) HelmChart AddManifest(id *string, manifest ...*map[string]interface{}) KubernetesManifest AddNodegroupCapacity(id *string, options *NodegroupOptions) Nodegroup AddServiceAccount(id *string, options *ServiceAccountOptions) ServiceAccount ApplyRemovalPolicy(policy awscdk.RemovalPolicy) ConnectAutoScalingGroupCapacity(autoScalingGroup awsautoscaling.AutoScalingGroup, options *AutoScalingGroupOptions) GeneratePhysicalName() *string GetIngressLoadBalancerAddress(ingressName *string, options *IngressLoadBalancerAddressOptions) *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string GetServiceLoadBalancerAddress(serviceName *string, options *ServiceLoadBalancerAddressOptions) *string ToString() *string }
A Cluster represents a managed Kubernetes Service (EKS).
This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.
TODO: EXAMPLE
func NewCluster ¶
func NewCluster(scope constructs.Construct, id *string, props *ClusterProps) Cluster
Initiates an EKS Cluster with the supplied arguments.
type ClusterAttributes ¶
type ClusterAttributes struct { // The physical name of the Cluster. ClusterName *string `json:"clusterName" yaml:"clusterName"` // The certificate-authority-data for your cluster. ClusterCertificateAuthorityData *string `json:"clusterCertificateAuthorityData" yaml:"clusterCertificateAuthorityData"` // Amazon Resource Name (ARN) or alias of the customer master key (CMK). ClusterEncryptionConfigKeyArn *string `json:"clusterEncryptionConfigKeyArn" yaml:"clusterEncryptionConfigKeyArn"` // The API Server endpoint URL. ClusterEndpoint *string `json:"clusterEndpoint" yaml:"clusterEndpoint"` // A security group id to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. ClusterHandlerSecurityGroupId *string `json:"clusterHandlerSecurityGroupId" yaml:"clusterHandlerSecurityGroupId"` // The cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroupId *string `json:"clusterSecurityGroupId" yaml:"clusterSecurityGroupId"` // Environment variables to use when running `kubectl` against this cluster. KubectlEnvironment *map[string]*string `json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. // // This role is directly passed to the lambda handler that sends Kube Ctl commands // to the cluster. KubectlLambdaRole awsiam.IRole `json:"kubectlLambdaRole" yaml:"kubectlLambdaRole"` // An AWS Lambda Layer which includes `kubectl`, Helm and the AWS CLI. // // This layer // is used by the kubectl handler to apply manifests and install helm charts. // // The handler expects the layer to include the following executables: // // helm/helm // kubectl/kubectl // awscli/aws KubectlLayer awslambda.ILayerVersion `json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. KubectlMemory awscdk.Size `json:"kubectlMemory" yaml:"kubectlMemory"` // Subnets to host the `kubectl` compute resources. // // If not specified, the k8s // endpoint is expected to be accessible publicly. KubectlPrivateSubnetIds *[]*string `json:"kubectlPrivateSubnetIds" yaml:"kubectlPrivateSubnetIds"` // KubectlProvider for issuing kubectl commands. KubectlProvider IKubectlProvider `json:"kubectlProvider" yaml:"kubectlProvider"` // An IAM role with cluster administrator and "system:masters" permissions. KubectlRoleArn *string `json:"kubectlRoleArn" yaml:"kubectlRoleArn"` // A security group to use for `kubectl` execution. // // If not specified, the k8s // endpoint is expected to be accessible publicly. KubectlSecurityGroupId *string `json:"kubectlSecurityGroupId" yaml:"kubectlSecurityGroupId"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // The handler expects the layer to include the following node_modules: // // proxy-agent OnEventLayer awslambda.ILayerVersion `json:"onEventLayer" yaml:"onEventLayer"` // An Open ID Connect provider for this cluster that can be used to configure service accounts. // // You can either import an existing provider using `iam.OpenIdConnectProvider.fromProviderArn`, // or create a new provider using `new eks.OpenIdConnectProvider` OpenIdConnectProvider awsiam.IOpenIdConnectProvider `json:"openIdConnectProvider" yaml:"openIdConnectProvider"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. Prune *bool `json:"prune" yaml:"prune"` // Additional security groups associated with this cluster. SecurityGroupIds *[]*string `json:"securityGroupIds" yaml:"securityGroupIds"` // The VPC in which this Cluster was created. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` }
Attributes for EKS clusters.
TODO: EXAMPLE
type ClusterLoggingTypes ¶ added in v2.10.0
type ClusterLoggingTypes string
EKS cluster logging types.
TODO: EXAMPLE
const ( ClusterLoggingTypes_API ClusterLoggingTypes = "API" ClusterLoggingTypes_AUDIT ClusterLoggingTypes = "AUDIT" ClusterLoggingTypes_AUTHENTICATOR ClusterLoggingTypes = "AUTHENTICATOR" ClusterLoggingTypes_CONTROLLER_MANAGER ClusterLoggingTypes = "CONTROLLER_MANAGER" ClusterLoggingTypes_SCHEDULER ClusterLoggingTypes = "SCHEDULER" )
type ClusterOptions ¶
type ClusterOptions struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `json:"version" yaml:"version"` // Name for the cluster. ClusterName *string `json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. OutputClusterName *bool `json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. OutputConfigCommand *bool `json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Role awsiam.IRole `json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. SecurityGroup awsec2.ISecurityGroup `json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // If you want to create public load balancers, this must include public subnets. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }]` VpcSubnets *[]*awsec2.SubnetSelection `json:"vpcSubnets" yaml:"vpcSubnets"` // Install the AWS Load Balancer Controller onto the cluster. // See: https://kubernetes-sigs.github.io/aws-load-balancer-controller // AlbController *AlbControllerOptions `json:"albController" yaml:"albController"` // Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. ClusterHandlerEnvironment *map[string]*string `json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"` // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. ClusterHandlerSecurityGroup awsec2.ISecurityGroup `json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"` // Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. CoreDnsComputeType CoreDnsComputeType `json:"coreDnsComputeType" yaml:"coreDnsComputeType"` // Configure access to the Kubernetes API server endpoint.. // See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html // EndpointAccess EndpointAccess `json:"endpointAccess" yaml:"endpointAccess"` // Environment variables for the kubectl execution. // // Only relevant for kubectl enabled clusters. KubectlEnvironment *map[string]*string `json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An AWS Lambda Layer which includes `kubectl`, Helm and the AWS CLI. // // By default, the provider will use the layer included in the // "aws-lambda-layer-kubectl" SAR application which is available in all // commercial regions. // // To deploy the layer locally, visit // https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md // for instructions on how to prepare the .zip file and then define it in your // app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'kubectl-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.PROVIDED], // }); // “` // See: https://github.com/aws-samples/aws-lambda-layer-kubectl // KubectlLayer awslambda.ILayerVersion `json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. KubectlMemory awscdk.Size `json:"kubectlMemory" yaml:"kubectlMemory"` // An IAM role that will be added to the `system:masters` Kubernetes RBAC group. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // MastersRole awsiam.IRole `json:"mastersRole" yaml:"mastersRole"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // By default, the provider will use the layer included in the // "aws-lambda-layer-node-proxy-agent" SAR application which is available in all // commercial regions. // // To deploy the layer locally define it in your app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.NODEJS_12_X], // }); // “` OnEventLayer awslambda.ILayerVersion `json:"onEventLayer" yaml:"onEventLayer"` // Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified). OutputMastersRoleArn *bool `json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"` // If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy. PlaceClusterHandlerInVpc *bool `json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. Prune *bool `json:"prune" yaml:"prune"` // KMS secret for envelope encryption for Kubernetes secrets. SecretsEncryptionKey awskms.IKey `json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"` // The CIDR block to assign Kubernetes service IP addresses from. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr // ServiceIpv4Cidr *string `json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` }
Options for EKS clusters.
TODO: EXAMPLE
type ClusterProps ¶
type ClusterProps struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `json:"version" yaml:"version"` // Name for the cluster. ClusterName *string `json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. OutputClusterName *bool `json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. OutputConfigCommand *bool `json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Role awsiam.IRole `json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. SecurityGroup awsec2.ISecurityGroup `json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // If you want to create public load balancers, this must include public subnets. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }]` VpcSubnets *[]*awsec2.SubnetSelection `json:"vpcSubnets" yaml:"vpcSubnets"` // Install the AWS Load Balancer Controller onto the cluster. // See: https://kubernetes-sigs.github.io/aws-load-balancer-controller // AlbController *AlbControllerOptions `json:"albController" yaml:"albController"` // Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. ClusterHandlerEnvironment *map[string]*string `json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"` // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. ClusterHandlerSecurityGroup awsec2.ISecurityGroup `json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"` // Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. CoreDnsComputeType CoreDnsComputeType `json:"coreDnsComputeType" yaml:"coreDnsComputeType"` // Configure access to the Kubernetes API server endpoint.. // See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html // EndpointAccess EndpointAccess `json:"endpointAccess" yaml:"endpointAccess"` // Environment variables for the kubectl execution. // // Only relevant for kubectl enabled clusters. KubectlEnvironment *map[string]*string `json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An AWS Lambda Layer which includes `kubectl`, Helm and the AWS CLI. // // By default, the provider will use the layer included in the // "aws-lambda-layer-kubectl" SAR application which is available in all // commercial regions. // // To deploy the layer locally, visit // https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md // for instructions on how to prepare the .zip file and then define it in your // app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'kubectl-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.PROVIDED], // }); // “` // See: https://github.com/aws-samples/aws-lambda-layer-kubectl // KubectlLayer awslambda.ILayerVersion `json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. KubectlMemory awscdk.Size `json:"kubectlMemory" yaml:"kubectlMemory"` // An IAM role that will be added to the `system:masters` Kubernetes RBAC group. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // MastersRole awsiam.IRole `json:"mastersRole" yaml:"mastersRole"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // By default, the provider will use the layer included in the // "aws-lambda-layer-node-proxy-agent" SAR application which is available in all // commercial regions. // // To deploy the layer locally define it in your app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.NODEJS_12_X], // }); // “` OnEventLayer awslambda.ILayerVersion `json:"onEventLayer" yaml:"onEventLayer"` // Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified). OutputMastersRoleArn *bool `json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"` // If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy. PlaceClusterHandlerInVpc *bool `json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. Prune *bool `json:"prune" yaml:"prune"` // KMS secret for envelope encryption for Kubernetes secrets. SecretsEncryptionKey awskms.IKey `json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"` // The CIDR block to assign Kubernetes service IP addresses from. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr // ServiceIpv4Cidr *string `json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` // The cluster log types which you want to enable. ClusterLogging *[]ClusterLoggingTypes `json:"clusterLogging" yaml:"clusterLogging"` // Number of instances to allocate as an initial capacity for this cluster. // // Instance type can be configured through `defaultCapacityInstanceType`, // which defaults to `m5.large`. // // Use `cluster.addAutoScalingGroupCapacity` to add additional customized capacity. Set this // to `0` is you wish to avoid the initial capacity allocation. DefaultCapacity *float64 `json:"defaultCapacity" yaml:"defaultCapacity"` // The instance type to use for the default capacity. // // This will only be taken // into account if `defaultCapacity` is > 0. DefaultCapacityInstance awsec2.InstanceType `json:"defaultCapacityInstance" yaml:"defaultCapacityInstance"` // The default capacity type for the cluster. DefaultCapacityType DefaultCapacityType `json:"defaultCapacityType" yaml:"defaultCapacityType"` // The IAM role to pass to the Kubectl Lambda Handler. KubectlLambdaRole awsiam.IRole `json:"kubectlLambdaRole" yaml:"kubectlLambdaRole"` // The tags assigned to the EKS cluster. Tags *map[string]*string `json:"tags" yaml:"tags"` }
Common configuration props for EKS clusters.
TODO: EXAMPLE
type CommonClusterOptions ¶
type CommonClusterOptions struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `json:"version" yaml:"version"` // Name for the cluster. ClusterName *string `json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. OutputClusterName *bool `json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. OutputConfigCommand *bool `json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Role awsiam.IRole `json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. SecurityGroup awsec2.ISecurityGroup `json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // If you want to create public load balancers, this must include public subnets. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }]` VpcSubnets *[]*awsec2.SubnetSelection `json:"vpcSubnets" yaml:"vpcSubnets"` }
Options for configuring an EKS cluster.
TODO: EXAMPLE
type CoreDnsComputeType ¶
type CoreDnsComputeType string
The type of compute resources to use for CoreDNS.
const ( CoreDnsComputeType_EC2 CoreDnsComputeType = "EC2" CoreDnsComputeType_FARGATE CoreDnsComputeType = "FARGATE" )
type DefaultCapacityType ¶
type DefaultCapacityType string
The default capacity type for the cluster.
TODO: EXAMPLE
const ( DefaultCapacityType_NODEGROUP DefaultCapacityType = "NODEGROUP" DefaultCapacityType_EC2 DefaultCapacityType = "EC2" )
type EksOptimizedImage ¶
type EksOptimizedImage interface { awsec2.IMachineImage GetImage(scope constructs.Construct) *awsec2.MachineImageConfig }
Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM.
TODO: EXAMPLE
func NewEksOptimizedImage ¶
func NewEksOptimizedImage(props *EksOptimizedImageProps) EksOptimizedImage
Constructs a new instance of the EcsOptimizedAmi class.
type EksOptimizedImageProps ¶
type EksOptimizedImageProps struct { // What cpu architecture to retrieve the image for (arm64 or x86_64). CpuArch CpuArch `json:"cpuArch" yaml:"cpuArch"` // The Kubernetes version to use. KubernetesVersion *string `json:"kubernetesVersion" yaml:"kubernetesVersion"` // What instance type to retrieve the image for (standard or GPU-optimized). NodeType NodeType `json:"nodeType" yaml:"nodeType"` }
Properties for EksOptimizedImage.
TODO: EXAMPLE
type EndpointAccess ¶
type EndpointAccess interface {
OnlyFrom(cidr ...*string) EndpointAccess
}
Endpoint access characteristics.
TODO: EXAMPLE
func EndpointAccess_PRIVATE ¶
func EndpointAccess_PRIVATE() EndpointAccess
func EndpointAccess_PUBLIC ¶
func EndpointAccess_PUBLIC() EndpointAccess
func EndpointAccess_PUBLIC_AND_PRIVATE ¶
func EndpointAccess_PUBLIC_AND_PRIVATE() EndpointAccess
type FargateCluster ¶
type FargateCluster interface { Cluster AdminRole() awsiam.Role AlbController() AlbController AwsAuth() AwsAuth ClusterArn() *string ClusterCertificateAuthorityData() *string ClusterEncryptionConfigKeyArn() *string ClusterEndpoint() *string ClusterHandlerSecurityGroup() awsec2.ISecurityGroup ClusterName() *string ClusterOpenIdConnectIssuer() *string ClusterOpenIdConnectIssuerUrl() *string ClusterSecurityGroup() awsec2.ISecurityGroup ClusterSecurityGroupId() *string Connections() awsec2.Connections DefaultCapacity() awsautoscaling.AutoScalingGroup DefaultNodegroup() Nodegroup DefaultProfile() FargateProfile Env() *awscdk.ResourceEnvironment KubectlEnvironment() *map[string]*string KubectlLambdaRole() awsiam.IRole KubectlLayer() awslambda.ILayerVersion KubectlMemory() awscdk.Size KubectlPrivateSubnets() *[]awsec2.ISubnet KubectlRole() awsiam.IRole KubectlSecurityGroup() awsec2.ISecurityGroup Node() constructs.Node OnEventLayer() awslambda.ILayerVersion OpenIdConnectProvider() awsiam.IOpenIdConnectProvider PhysicalName() *string Prune() *bool Role() awsiam.IRole Stack() awscdk.Stack Vpc() awsec2.IVpc AddAutoScalingGroupCapacity(id *string, options *AutoScalingGroupCapacityOptions) awsautoscaling.AutoScalingGroup AddCdk8sChart(id *string, chart constructs.Construct, options *KubernetesManifestOptions) KubernetesManifest AddFargateProfile(id *string, options *FargateProfileOptions) FargateProfile AddHelmChart(id *string, options *HelmChartOptions) HelmChart AddManifest(id *string, manifest ...*map[string]interface{}) KubernetesManifest AddNodegroupCapacity(id *string, options *NodegroupOptions) Nodegroup AddServiceAccount(id *string, options *ServiceAccountOptions) ServiceAccount ApplyRemovalPolicy(policy awscdk.RemovalPolicy) ConnectAutoScalingGroupCapacity(autoScalingGroup awsautoscaling.AutoScalingGroup, options *AutoScalingGroupOptions) GeneratePhysicalName() *string GetIngressLoadBalancerAddress(ingressName *string, options *IngressLoadBalancerAddressOptions) *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string GetServiceLoadBalancerAddress(serviceName *string, options *ServiceLoadBalancerAddressOptions) *string ToString() *string }
Defines an EKS cluster that runs entirely on AWS Fargate.
The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using `addFargateProfile`.
TODO: EXAMPLE
func NewFargateCluster ¶
func NewFargateCluster(scope constructs.Construct, id *string, props *FargateClusterProps) FargateCluster
type FargateClusterProps ¶
type FargateClusterProps struct { // The Kubernetes version to run in the cluster. Version KubernetesVersion `json:"version" yaml:"version"` // Name for the cluster. ClusterName *string `json:"clusterName" yaml:"clusterName"` // Determines whether a CloudFormation output with the name of the cluster will be synthesized. OutputClusterName *bool `json:"outputClusterName" yaml:"outputClusterName"` // Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. // // This command will include // the cluster name and, if applicable, the ARN of the masters IAM role. OutputConfigCommand *bool `json:"outputConfigCommand" yaml:"outputConfigCommand"` // Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Role awsiam.IRole `json:"role" yaml:"role"` // Security Group to use for Control Plane ENIs. SecurityGroup awsec2.ISecurityGroup `json:"securityGroup" yaml:"securityGroup"` // The VPC in which to create the Cluster. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` // Where to place EKS Control Plane ENIs. // // If you want to create public load balancers, this must include public subnets. // // For example, to only select private subnets, supply the following: // // `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }]` VpcSubnets *[]*awsec2.SubnetSelection `json:"vpcSubnets" yaml:"vpcSubnets"` // Install the AWS Load Balancer Controller onto the cluster. // See: https://kubernetes-sigs.github.io/aws-load-balancer-controller // AlbController *AlbControllerOptions `json:"albController" yaml:"albController"` // Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. ClusterHandlerEnvironment *map[string]*string `json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"` // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. ClusterHandlerSecurityGroup awsec2.ISecurityGroup `json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"` // Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. CoreDnsComputeType CoreDnsComputeType `json:"coreDnsComputeType" yaml:"coreDnsComputeType"` // Configure access to the Kubernetes API server endpoint.. // See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html // EndpointAccess EndpointAccess `json:"endpointAccess" yaml:"endpointAccess"` // Environment variables for the kubectl execution. // // Only relevant for kubectl enabled clusters. KubectlEnvironment *map[string]*string `json:"kubectlEnvironment" yaml:"kubectlEnvironment"` // An AWS Lambda Layer which includes `kubectl`, Helm and the AWS CLI. // // By default, the provider will use the layer included in the // "aws-lambda-layer-kubectl" SAR application which is available in all // commercial regions. // // To deploy the layer locally, visit // https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md // for instructions on how to prepare the .zip file and then define it in your // app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'kubectl-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.PROVIDED], // }); // “` // See: https://github.com/aws-samples/aws-lambda-layer-kubectl // KubectlLayer awslambda.ILayerVersion `json:"kubectlLayer" yaml:"kubectlLayer"` // Amount of memory to allocate to the provider's lambda function. KubectlMemory awscdk.Size `json:"kubectlMemory" yaml:"kubectlMemory"` // An IAM role that will be added to the `system:masters` Kubernetes RBAC group. // See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings // MastersRole awsiam.IRole `json:"mastersRole" yaml:"mastersRole"` // An AWS Lambda Layer which includes the NPM dependency `proxy-agent`. // // This layer // is used by the onEvent handler to route AWS SDK requests through a proxy. // // By default, the provider will use the layer included in the // "aws-lambda-layer-node-proxy-agent" SAR application which is available in all // commercial regions. // // To deploy the layer locally define it in your app as follows: // // “`ts // const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', { // code: lambda.Code.fromAsset(`${__dirname}/layer.zip`), // compatibleRuntimes: [lambda.Runtime.NODEJS_12_X], // }); // “` OnEventLayer awslambda.ILayerVersion `json:"onEventLayer" yaml:"onEventLayer"` // Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified). OutputMastersRoleArn *bool `json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"` // If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy. PlaceClusterHandlerInVpc *bool `json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"` // Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. // // When this is enabled (default), prune labels will be // allocated and injected to each resource. These labels will then be used // when issuing the `kubectl apply` operation with the `--prune` switch. Prune *bool `json:"prune" yaml:"prune"` // KMS secret for envelope encryption for Kubernetes secrets. SecretsEncryptionKey awskms.IKey `json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"` // The CIDR block to assign Kubernetes service IP addresses from. // See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr // ServiceIpv4Cidr *string `json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"` // Fargate Profile to create along with the cluster. DefaultProfile *FargateProfileOptions `json:"defaultProfile" yaml:"defaultProfile"` }
Configuration props for EKS Fargate.
TODO: EXAMPLE
type FargateProfile ¶
type FargateProfile interface { constructs.Construct awscdk.ITaggable FargateProfileArn() *string FargateProfileName() *string Node() constructs.Node PodExecutionRole() awsiam.IRole Tags() awscdk.TagManager ToString() *string }
Fargate profiles allows an administrator to declare which pods run on Fargate.
This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate.
If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate.
TODO: EXAMPLE
func NewFargateProfile ¶
func NewFargateProfile(scope constructs.Construct, id *string, props *FargateProfileProps) FargateProfile
type FargateProfileOptions ¶
type FargateProfileOptions struct { // The selectors to match for pods to use this Fargate profile. // // Each selector // must have an associated namespace. Optionally, you can also specify labels // for a namespace. // // At least one selector is required and you may specify up to five selectors. Selectors *[]*Selector `json:"selectors" yaml:"selectors"` // The name of the Fargate profile. FargateProfileName *string `json:"fargateProfileName" yaml:"fargateProfileName"` // The pod execution role to use for pods that match the selectors in the Fargate profile. // // The pod execution role allows Fargate infrastructure to // register with your cluster as a node, and it provides read access to Amazon // ECR image repositories. // See: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html // PodExecutionRole awsiam.IRole `json:"podExecutionRole" yaml:"podExecutionRole"` // Select which subnets to launch your pods into. // // At this time, pods running // on Fargate are not assigned public IP addresses, so only private subnets // (with no direct route to an Internet Gateway) are allowed. // // You must specify the VPC to customize the subnet selection SubnetSelection *awsec2.SubnetSelection `json:"subnetSelection" yaml:"subnetSelection"` // The VPC from which to select subnets to launch your pods into. // // By default, all private subnets are selected. You can customize this using // `subnetSelection`. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` }
Options for defining EKS Fargate Profiles.
TODO: EXAMPLE
type FargateProfileProps ¶
type FargateProfileProps struct { // The selectors to match for pods to use this Fargate profile. // // Each selector // must have an associated namespace. Optionally, you can also specify labels // for a namespace. // // At least one selector is required and you may specify up to five selectors. Selectors *[]*Selector `json:"selectors" yaml:"selectors"` // The name of the Fargate profile. FargateProfileName *string `json:"fargateProfileName" yaml:"fargateProfileName"` // The pod execution role to use for pods that match the selectors in the Fargate profile. // // The pod execution role allows Fargate infrastructure to // register with your cluster as a node, and it provides read access to Amazon // ECR image repositories. // See: https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html // PodExecutionRole awsiam.IRole `json:"podExecutionRole" yaml:"podExecutionRole"` // Select which subnets to launch your pods into. // // At this time, pods running // on Fargate are not assigned public IP addresses, so only private subnets // (with no direct route to an Internet Gateway) are allowed. // // You must specify the VPC to customize the subnet selection SubnetSelection *awsec2.SubnetSelection `json:"subnetSelection" yaml:"subnetSelection"` // The VPC from which to select subnets to launch your pods into. // // By default, all private subnets are selected. You can customize this using // `subnetSelection`. Vpc awsec2.IVpc `json:"vpc" yaml:"vpc"` // The EKS cluster to apply the Fargate profile to. // // [disable-awslint:ref-via-interface] Cluster Cluster `json:"cluster" yaml:"cluster"` }
Configuration props for EKS Fargate Profiles.
TODO: EXAMPLE
type HelmChart ¶
type HelmChart interface { constructs.Construct Node() constructs.Node ToString() *string }
Represents a helm chart within the Kubernetes system.
Applies/deletes the resources using `kubectl` in sync with the resource.
TODO: EXAMPLE
func NewHelmChart ¶
func NewHelmChart(scope constructs.Construct, id *string, props *HelmChartProps) HelmChart
type HelmChartOptions ¶
type HelmChartOptions struct { // The name of the chart. // // Either this or `chartAsset` must be specified. Chart *string `json:"chart" yaml:"chart"` // The chart in the form of an asset. // // Either this or `chart` must be specified. ChartAsset awss3assets.Asset `json:"chartAsset" yaml:"chartAsset"` // create namespace if not exist. CreateNamespace *bool `json:"createNamespace" yaml:"createNamespace"` // The Kubernetes namespace scope of the requests. Namespace *string `json:"namespace" yaml:"namespace"` // The name of the release. Release *string `json:"release" yaml:"release"` // The repository which contains the chart. // // For example: https://kubernetes-charts.storage.googleapis.com/ Repository *string `json:"repository" yaml:"repository"` // Amount of time to wait for any individual Kubernetes operation. // // Maximum 15 minutes. Timeout awscdk.Duration `json:"timeout" yaml:"timeout"` // The values to be used by the chart. Values *map[string]interface{} `json:"values" yaml:"values"` // The chart version to install. Version *string `json:"version" yaml:"version"` // Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. Wait *bool `json:"wait" yaml:"wait"` }
Helm Chart options.
TODO: EXAMPLE
type HelmChartProps ¶
type HelmChartProps struct { // The name of the chart. // // Either this or `chartAsset` must be specified. Chart *string `json:"chart" yaml:"chart"` // The chart in the form of an asset. // // Either this or `chart` must be specified. ChartAsset awss3assets.Asset `json:"chartAsset" yaml:"chartAsset"` // create namespace if not exist. CreateNamespace *bool `json:"createNamespace" yaml:"createNamespace"` // The Kubernetes namespace scope of the requests. Namespace *string `json:"namespace" yaml:"namespace"` // The name of the release. Release *string `json:"release" yaml:"release"` // The repository which contains the chart. // // For example: https://kubernetes-charts.storage.googleapis.com/ Repository *string `json:"repository" yaml:"repository"` // Amount of time to wait for any individual Kubernetes operation. // // Maximum 15 minutes. Timeout awscdk.Duration `json:"timeout" yaml:"timeout"` // The values to be used by the chart. Values *map[string]interface{} `json:"values" yaml:"values"` // The chart version to install. Version *string `json:"version" yaml:"version"` // Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. Wait *bool `json:"wait" yaml:"wait"` // The EKS cluster to apply this configuration to. // // [disable-awslint:ref-via-interface] Cluster ICluster `json:"cluster" yaml:"cluster"` }
Helm Chart properties.
TODO: EXAMPLE
type ICluster ¶
type ICluster interface { awsec2.IConnectable awscdk.IResource // Defines a CDK8s chart in this cluster. // // Returns: a `KubernetesManifest` construct representing the chart. AddCdk8sChart(id *string, chart constructs.Construct, options *KubernetesManifestOptions) KubernetesManifest // Defines a Helm chart in this cluster. // // Returns: a `HelmChart` construct AddHelmChart(id *string, options *HelmChartOptions) HelmChart // Defines a Kubernetes resource in this cluster. // // The manifest will be applied/deleted using kubectl as needed. // // Returns: a `KubernetesManifest` object. AddManifest(id *string, manifest ...*map[string]interface{}) KubernetesManifest // Creates a new service account with corresponding IAM Role (IRSA). AddServiceAccount(id *string, options *ServiceAccountOptions) ServiceAccount // Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. // // The AutoScalingGroup must be running an EKS-optimized AMI containing the // /etc/eks/bootstrap.sh script. This method will configure Security Groups, // add the right policies to the instance role, apply the right tags, and add // the required user data to the instance's launch configuration. // // Spot instances will be labeled `lifecycle=Ec2Spot` and tainted with `PreferNoSchedule`. // If kubectl is enabled, the // [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) // daemon will be installed on all spot instances to handle // [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). // // Prefer to use `addAutoScalingGroupCapacity` if possible. // See: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html // ConnectAutoScalingGroupCapacity(autoScalingGroup awsautoscaling.AutoScalingGroup, options *AutoScalingGroupOptions) // The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. ClusterArn() *string // The certificate-authority-data for your cluster. ClusterCertificateAuthorityData() *string // Amazon Resource Name (ARN) or alias of the customer master key (CMK). ClusterEncryptionConfigKeyArn() *string // The API Server endpoint URL. ClusterEndpoint() *string // A security group to associate with the Cluster Handler's Lambdas. // // The Cluster Handler's Lambdas are responsible for calling AWS's EKS API. // // Requires `placeClusterHandlerInVpc` to be set to true. ClusterHandlerSecurityGroup() awsec2.ISecurityGroup // The physical name of the Cluster. ClusterName() *string // The cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroup() awsec2.ISecurityGroup // The id of the cluster security group that was created by Amazon EKS for the cluster. ClusterSecurityGroupId() *string // Custom environment variables when running `kubectl` against this cluster. KubectlEnvironment() *map[string]*string // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. // // This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. KubectlLambdaRole() awsiam.IRole // An AWS Lambda layer that includes `kubectl`, `helm` and the `aws` CLI. // // If not defined, a default layer will be used. KubectlLayer() awslambda.ILayerVersion // Amount of memory to allocate to the provider's lambda function. KubectlMemory() awscdk.Size // Subnets to host the `kubectl` compute resources. // // If this is undefined, the k8s endpoint is expected to be accessible // publicly. KubectlPrivateSubnets() *[]awsec2.ISubnet // Kubectl Provider for issuing kubectl commands against it. // // If not defined, a default provider will be used KubectlProvider() IKubectlProvider // An IAM role that can perform kubectl operations against this cluster. // // The role should be mapped to the `system:masters` Kubernetes RBAC role. KubectlRole() awsiam.IRole // A security group to use for `kubectl` execution. // // If this is undefined, the k8s endpoint is expected to be accessible // publicly. KubectlSecurityGroup() awsec2.ISecurityGroup // An AWS Lambda layer that includes the NPM dependency `proxy-agent`. // // If not defined, a default layer will be used. OnEventLayer() awslambda.ILayerVersion // The Open ID Connect Provider of the cluster used to configure Service Accounts. OpenIdConnectProvider() awsiam.IOpenIdConnectProvider // Indicates whether Kubernetes resources can be automatically pruned. // // When // this is enabled (default), prune labels will be allocated and injected to // each resource. These labels will then be used when issuing the `kubectl // apply` operation with the `--prune` switch. Prune() *bool // The VPC in which this Cluster was created. Vpc() awsec2.IVpc }
An EKS cluster.
func Cluster_FromClusterAttributes ¶
func Cluster_FromClusterAttributes(scope constructs.Construct, id *string, attrs *ClusterAttributes) ICluster
Import an existing cluster.
func FargateCluster_FromClusterAttributes ¶
func FargateCluster_FromClusterAttributes(scope constructs.Construct, id *string, attrs *ClusterAttributes) ICluster
Import an existing cluster.
type IKubectlProvider ¶ added in v2.4.0
type IKubectlProvider interface { constructs.IConstruct // The IAM execution role of the handler. HandlerRole() awsiam.IRole // The IAM role to assume in order to perform kubectl operations against this cluster. RoleArn() *string // The custom resource provider's service token. ServiceToken() *string }
Imported KubectlProvider that can be used in place of the default one created by CDK.
func KubectlProvider_FromKubectlProviderAttributes ¶ added in v2.4.0
func KubectlProvider_FromKubectlProviderAttributes(scope constructs.Construct, id *string, attrs *KubectlProviderAttributes) IKubectlProvider
Import an existing provider.
func KubectlProvider_GetOrCreate ¶ added in v2.4.0
func KubectlProvider_GetOrCreate(scope constructs.Construct, cluster ICluster) IKubectlProvider
Take existing provider or create new based on cluster.
type INodegroup ¶
type INodegroup interface { awscdk.IResource // Name of the nodegroup. NodegroupName() *string }
NodeGroup interface.
func Nodegroup_FromNodegroupName ¶
func Nodegroup_FromNodegroupName(scope constructs.Construct, id *string, nodegroupName *string) INodegroup
Import the Nodegroup from attributes.
type IngressLoadBalancerAddressOptions ¶
type IngressLoadBalancerAddressOptions struct { // The namespace the service belongs to. Namespace *string `json:"namespace" yaml:"namespace"` // Timeout for waiting on the load balancer address. Timeout awscdk.Duration `json:"timeout" yaml:"timeout"` }
Options for fetching an IngressLoadBalancerAddress.
TODO: EXAMPLE
type KubectlProvider ¶ added in v2.4.0
type KubectlProvider interface { awscdk.NestedStack IKubectlProvider Account() *string ArtifactId() *string AvailabilityZones() *[]*string Dependencies() *[]awscdk.Stack Environment() *string HandlerRole() awsiam.IRole Nested() *bool NestedStackParent() awscdk.Stack NestedStackResource() awscdk.CfnResource Node() constructs.Node NotificationArns() *[]*string Partition() *string Region() *string RoleArn() *string ServiceToken() *string StackId() *string StackName() *string Synthesizer() awscdk.IStackSynthesizer Tags() awscdk.TagManager TemplateFile() *string TemplateOptions() awscdk.ITemplateOptions TerminationProtection() *bool UrlSuffix() *string AddDependency(target awscdk.Stack, reason *string) AddTransform(transform *string) AllocateLogicalId(cfnElement awscdk.CfnElement) *string ExportValue(exportedValue interface{}, options *awscdk.ExportValueOptions) *string FormatArn(components *awscdk.ArnComponents) *string GetLogicalId(element awscdk.CfnElement) *string RegionalFact(factName *string, defaultValue *string) *string RenameLogicalId(oldId *string, newId *string) ReportMissingContextKey(report *cloudassemblyschema.MissingContext) Resolve(obj interface{}) interface{} SetParameter(name *string, value *string) SplitArn(arn *string, arnFormat awscdk.ArnFormat) *awscdk.ArnComponents ToJsonString(obj interface{}, space *float64) *string ToString() *string }
Implementation of Kubectl Lambda.
TODO: EXAMPLE
func NewKubectlProvider ¶ added in v2.4.0
func NewKubectlProvider(scope constructs.Construct, id *string, props *KubectlProviderProps) KubectlProvider
type KubectlProviderAttributes ¶ added in v2.4.0
type KubectlProviderAttributes struct { // The kubectl provider lambda arn. FunctionArn *string `json:"functionArn" yaml:"functionArn"` // The IAM execution role of the handler. // // This role must be able to assume kubectlRoleArn HandlerRole awsiam.IRole `json:"handlerRole" yaml:"handlerRole"` // The IAM role to assume in order to perform kubectl operations against this cluster. KubectlRoleArn *string `json:"kubectlRoleArn" yaml:"kubectlRoleArn"` }
Kubectl Provider Attributes.
TODO: EXAMPLE
type KubectlProviderProps ¶ added in v2.4.0
type KubectlProviderProps struct { // The cluster to control. Cluster ICluster `json:"cluster" yaml:"cluster"` }
Properties for a KubectlProvider.
TODO: EXAMPLE
type KubernetesManifest ¶
type KubernetesManifest interface { constructs.Construct Node() constructs.Node ToString() *string }
Represents a manifest within the Kubernetes system.
Alternatively, you can use `cluster.addManifest(resource[, resource, ...])` to define resources on this cluster.
Applies/deletes the manifest using `kubectl`.
TODO: EXAMPLE
func NewKubernetesManifest ¶
func NewKubernetesManifest(scope constructs.Construct, id *string, props *KubernetesManifestProps) KubernetesManifest
type KubernetesManifestOptions ¶
type KubernetesManifestOptions struct { // Automatically detect `Ingress` resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. IngressAlb *bool `json:"ingressAlb" yaml:"ingressAlb"` // Specify the ALB scheme that should be applied to `Ingress` resources. // // Only applicable if `ingressAlb` is set to `true`. IngressAlbScheme AlbScheme `json:"ingressAlbScheme" yaml:"ingressAlbScheme"` // When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. // // To address this, `kubectl apply` has a `--prune` option which will // query the cluster for all resources with a specific label and will remove // all the labeld resources that are not part of the applied manifest. If this // option is disabled and a resource is removed, it will become "orphaned" and // will not be deleted from the cluster. // // When this option is enabled (default), the construct will inject a label to // all Kubernetes resources included in this manifest which will be used to // prune resources when the manifest changes via `kubectl apply --prune`. // // The label name will be `aws.cdk.eks/prune-<ADDR>` where `<ADDR>` is the // 42-char unique address of this construct in the construct tree. Value is // empty. // See: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label // Prune *bool `json:"prune" yaml:"prune"` // A flag to signify if the manifest validation should be skipped. SkipValidation *bool `json:"skipValidation" yaml:"skipValidation"` }
Options for `KubernetesManifest`.
TODO: EXAMPLE
type KubernetesManifestProps ¶
type KubernetesManifestProps struct { // Automatically detect `Ingress` resources in the manifest and annotate them so they are picked up by an ALB Ingress Controller. IngressAlb *bool `json:"ingressAlb" yaml:"ingressAlb"` // Specify the ALB scheme that should be applied to `Ingress` resources. // // Only applicable if `ingressAlb` is set to `true`. IngressAlbScheme AlbScheme `json:"ingressAlbScheme" yaml:"ingressAlbScheme"` // When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. // // To address this, `kubectl apply` has a `--prune` option which will // query the cluster for all resources with a specific label and will remove // all the labeld resources that are not part of the applied manifest. If this // option is disabled and a resource is removed, it will become "orphaned" and // will not be deleted from the cluster. // // When this option is enabled (default), the construct will inject a label to // all Kubernetes resources included in this manifest which will be used to // prune resources when the manifest changes via `kubectl apply --prune`. // // The label name will be `aws.cdk.eks/prune-<ADDR>` where `<ADDR>` is the // 42-char unique address of this construct in the construct tree. Value is // empty. // See: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label // Prune *bool `json:"prune" yaml:"prune"` // A flag to signify if the manifest validation should be skipped. SkipValidation *bool `json:"skipValidation" yaml:"skipValidation"` // The EKS cluster to apply this manifest to. // // [disable-awslint:ref-via-interface] Cluster ICluster `json:"cluster" yaml:"cluster"` // The manifest to apply. // // Consists of any number of child resources. // // When the resources are created/updated, this manifest will be applied to the // cluster through `kubectl apply` and when the resources or the stack is // deleted, the resources in the manifest will be deleted through `kubectl delete`. // // TODO: EXAMPLE // Manifest *[]*map[string]interface{} `json:"manifest" yaml:"manifest"` // Overwrite any existing resources. // // If this is set, we will use `kubectl apply` instead of `kubectl create` // when the resource is created. Otherwise, if there is already a resource // in the cluster with the same name, the operation will fail. Overwrite *bool `json:"overwrite" yaml:"overwrite"` }
Properties for KubernetesManifest.
TODO: EXAMPLE
type KubernetesObjectValue ¶
type KubernetesObjectValue interface { constructs.Construct Node() constructs.Node Value() *string ToString() *string }
Represents a value of a specific object deployed in the cluster.
Use this to fetch any information available by the `kubectl get` command.
TODO: EXAMPLE
func NewKubernetesObjectValue ¶
func NewKubernetesObjectValue(scope constructs.Construct, id *string, props *KubernetesObjectValueProps) KubernetesObjectValue
type KubernetesObjectValueProps ¶
type KubernetesObjectValueProps struct { // The EKS cluster to fetch attributes from. // // [disable-awslint:ref-via-interface] Cluster ICluster `json:"cluster" yaml:"cluster"` // JSONPath to the specific value. // See: https://kubernetes.io/docs/reference/kubectl/jsonpath/ // JsonPath *string `json:"jsonPath" yaml:"jsonPath"` // The name of the object to query. ObjectName *string `json:"objectName" yaml:"objectName"` // The object type to query. // // (e.g 'service', 'pod'...) ObjectType *string `json:"objectType" yaml:"objectType"` // The namespace the object belongs to. ObjectNamespace *string `json:"objectNamespace" yaml:"objectNamespace"` // Timeout for waiting on a value. Timeout awscdk.Duration `json:"timeout" yaml:"timeout"` }
Properties for KubernetesObjectValue.
TODO: EXAMPLE
type KubernetesPatch ¶
type KubernetesPatch interface { constructs.Construct Node() constructs.Node ToString() *string }
A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource.
TODO: EXAMPLE
See: https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/
func NewKubernetesPatch ¶
func NewKubernetesPatch(scope constructs.Construct, id *string, props *KubernetesPatchProps) KubernetesPatch
type KubernetesPatchProps ¶
type KubernetesPatchProps struct { // The JSON object to pass to `kubectl patch` when the resource is created/updated. ApplyPatch *map[string]interface{} `json:"applyPatch" yaml:"applyPatch"` // The cluster to apply the patch to. // // [disable-awslint:ref-via-interface] Cluster ICluster `json:"cluster" yaml:"cluster"` // The full name of the resource to patch (e.g. `deployment/coredns`). ResourceName *string `json:"resourceName" yaml:"resourceName"` // The JSON object to pass to `kubectl patch` when the resource is removed. RestorePatch *map[string]interface{} `json:"restorePatch" yaml:"restorePatch"` // The patch type to pass to `kubectl patch`. // // The default type used by `kubectl patch` is "strategic". PatchType PatchType `json:"patchType" yaml:"patchType"` // The kubernetes API namespace. ResourceNamespace *string `json:"resourceNamespace" yaml:"resourceNamespace"` }
Properties for KubernetesPatch.
TODO: EXAMPLE
type KubernetesVersion ¶
type KubernetesVersion interface {
Version() *string
}
Kubernetes cluster version.
TODO: EXAMPLE
func KubernetesVersion_Of ¶
func KubernetesVersion_Of(version *string) KubernetesVersion
Custom cluster version.
func KubernetesVersion_V1_14 ¶
func KubernetesVersion_V1_14() KubernetesVersion
func KubernetesVersion_V1_15 ¶
func KubernetesVersion_V1_15() KubernetesVersion
func KubernetesVersion_V1_16 ¶
func KubernetesVersion_V1_16() KubernetesVersion
func KubernetesVersion_V1_17 ¶
func KubernetesVersion_V1_17() KubernetesVersion
func KubernetesVersion_V1_18 ¶
func KubernetesVersion_V1_18() KubernetesVersion
func KubernetesVersion_V1_19 ¶
func KubernetesVersion_V1_19() KubernetesVersion
func KubernetesVersion_V1_20 ¶
func KubernetesVersion_V1_20() KubernetesVersion
func KubernetesVersion_V1_21 ¶
func KubernetesVersion_V1_21() KubernetesVersion
type LaunchTemplateSpec ¶
type LaunchTemplateSpec struct { // The Launch template ID. Id *string `json:"id" yaml:"id"` // The launch template version to be used (optional). Version *string `json:"version" yaml:"version"` }
Launch template property specification.
TODO: EXAMPLE
type MachineImageType ¶
type MachineImageType string
The machine image type.
TODO: EXAMPLE
const ( MachineImageType_AMAZON_LINUX_2 MachineImageType = "AMAZON_LINUX_2" MachineImageType_BOTTLEROCKET MachineImageType = "BOTTLEROCKET" )
type NodeType ¶
type NodeType string
Whether the worker nodes should support GPU or just standard instances.
type Nodegroup ¶
type Nodegroup interface { awscdk.Resource INodegroup Cluster() ICluster Env() *awscdk.ResourceEnvironment Node() constructs.Node NodegroupArn() *string NodegroupName() *string PhysicalName() *string Role() awsiam.IRole Stack() awscdk.Stack ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
The Nodegroup resource class.
TODO: EXAMPLE
func NewNodegroup ¶
func NewNodegroup(scope constructs.Construct, id *string, props *NodegroupProps) Nodegroup
type NodegroupAmiType ¶
type NodegroupAmiType string
The AMI type for your node group.
GPU instance types should use the `AL2_x86_64_GPU` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the `AL2_x86_64` AMI type, which uses the Amazon EKS-optimized Linux AMI.
TODO: EXAMPLE
const ( NodegroupAmiType_AL2_X86_64 NodegroupAmiType = "AL2_X86_64" NodegroupAmiType_AL2_X86_64_GPU NodegroupAmiType = "AL2_X86_64_GPU" NodegroupAmiType_AL2_ARM_64 NodegroupAmiType = "AL2_ARM_64" NodegroupAmiType_BOTTLEROCKET_ARM_64 NodegroupAmiType = "BOTTLEROCKET_ARM_64" NodegroupAmiType_BOTTLEROCKET_X86_64 NodegroupAmiType = "BOTTLEROCKET_X86_64" )
type NodegroupOptions ¶
type NodegroupOptions struct { // The AMI type for your node group. // // If you explicitly specify the launchTemplate with custom AMI, do not specify this property, or // the node group deployment will fail. In other cases, you will need to specify correct amiType for the nodegroup. AmiType NodegroupAmiType `json:"amiType" yaml:"amiType"` // The capacity type of the nodegroup. CapacityType CapacityType `json:"capacityType" yaml:"capacityType"` // The current number of worker nodes that the managed node group should maintain. // // If not specified, // the nodewgroup will initially create `minSize` instances. DesiredSize *float64 `json:"desiredSize" yaml:"desiredSize"` // The root device disk size (in GiB) for your node group instances. DiskSize *float64 `json:"diskSize" yaml:"diskSize"` // Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. // // If an update fails because pods could not be drained, you can force the update after it fails to terminate the old // node whether or not any pods are // running on the node. ForceUpdate *bool `json:"forceUpdate" yaml:"forceUpdate"` // The instance types to use for your node group. // See: - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes // InstanceTypes *[]awsec2.InstanceType `json:"instanceTypes" yaml:"instanceTypes"` // The Kubernetes labels to be applied to the nodes in the node group when they are created. Labels *map[string]*string `json:"labels" yaml:"labels"` // Launch template specification used for the nodegroup. // See: - https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html // LaunchTemplateSpec *LaunchTemplateSpec `json:"launchTemplateSpec" yaml:"launchTemplateSpec"` // The maximum number of worker nodes that the managed node group can scale out to. // // Managed node groups can support up to 100 nodes by default. MaxSize *float64 `json:"maxSize" yaml:"maxSize"` // The minimum number of worker nodes that the managed node group can scale in to. // // This number must be greater than or equal to zero. MinSize *float64 `json:"minSize" yaml:"minSize"` // Name of the Nodegroup. NodegroupName *string `json:"nodegroupName" yaml:"nodegroupName"` // The IAM role to associate with your node group. // // The Amazon EKS worker node kubelet daemon // makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through // an IAM instance profile and associated policies. Before you can launch worker nodes and register them // into a cluster, you must create an IAM role for those worker nodes to use when they are launched. NodeRole awsiam.IRole `json:"nodeRole" yaml:"nodeRole"` // The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, `1.14.7-YYYYMMDD`). ReleaseVersion *string `json:"releaseVersion" yaml:"releaseVersion"` // The remote access (SSH) configuration to use with your node group. // // Disabled by default, however, if you // specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, // then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) RemoteAccess *NodegroupRemoteAccess `json:"remoteAccess" yaml:"remoteAccess"` // The subnets to use for the Auto Scaling group that is created for your node group. // // By specifying the // SubnetSelection, the selected subnets will automatically apply required tags i.e. // `kubernetes.io/cluster/CLUSTER_NAME` with a value of `shared`, where `CLUSTER_NAME` is replaced with // the name of your cluster. Subnets *awsec2.SubnetSelection `json:"subnets" yaml:"subnets"` // The metadata to apply to the node group to assist with categorization and organization. // // Each tag consists of // a key and an optional value, both of which you define. Node group tags do not propagate to any other resources // associated with the node group, such as the Amazon EC2 instances or subnets. Tags *map[string]*string `json:"tags" yaml:"tags"` // The Kubernetes taints to be applied to the nodes in the node group when they are created. Taints *[]*TaintSpec `json:"taints" yaml:"taints"` }
The Nodegroup Options for addNodeGroup() method.
TODO: EXAMPLE
type NodegroupProps ¶
type NodegroupProps struct { // The AMI type for your node group. // // If you explicitly specify the launchTemplate with custom AMI, do not specify this property, or // the node group deployment will fail. In other cases, you will need to specify correct amiType for the nodegroup. AmiType NodegroupAmiType `json:"amiType" yaml:"amiType"` // The capacity type of the nodegroup. CapacityType CapacityType `json:"capacityType" yaml:"capacityType"` // The current number of worker nodes that the managed node group should maintain. // // If not specified, // the nodewgroup will initially create `minSize` instances. DesiredSize *float64 `json:"desiredSize" yaml:"desiredSize"` // The root device disk size (in GiB) for your node group instances. DiskSize *float64 `json:"diskSize" yaml:"diskSize"` // Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. // // If an update fails because pods could not be drained, you can force the update after it fails to terminate the old // node whether or not any pods are // running on the node. ForceUpdate *bool `json:"forceUpdate" yaml:"forceUpdate"` // The instance types to use for your node group. // See: - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes // InstanceTypes *[]awsec2.InstanceType `json:"instanceTypes" yaml:"instanceTypes"` // The Kubernetes labels to be applied to the nodes in the node group when they are created. Labels *map[string]*string `json:"labels" yaml:"labels"` // Launch template specification used for the nodegroup. // See: - https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html // LaunchTemplateSpec *LaunchTemplateSpec `json:"launchTemplateSpec" yaml:"launchTemplateSpec"` // The maximum number of worker nodes that the managed node group can scale out to. // // Managed node groups can support up to 100 nodes by default. MaxSize *float64 `json:"maxSize" yaml:"maxSize"` // The minimum number of worker nodes that the managed node group can scale in to. // // This number must be greater than or equal to zero. MinSize *float64 `json:"minSize" yaml:"minSize"` // Name of the Nodegroup. NodegroupName *string `json:"nodegroupName" yaml:"nodegroupName"` // The IAM role to associate with your node group. // // The Amazon EKS worker node kubelet daemon // makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through // an IAM instance profile and associated policies. Before you can launch worker nodes and register them // into a cluster, you must create an IAM role for those worker nodes to use when they are launched. NodeRole awsiam.IRole `json:"nodeRole" yaml:"nodeRole"` // The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, `1.14.7-YYYYMMDD`). ReleaseVersion *string `json:"releaseVersion" yaml:"releaseVersion"` // The remote access (SSH) configuration to use with your node group. // // Disabled by default, however, if you // specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, // then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) RemoteAccess *NodegroupRemoteAccess `json:"remoteAccess" yaml:"remoteAccess"` // The subnets to use for the Auto Scaling group that is created for your node group. // // By specifying the // SubnetSelection, the selected subnets will automatically apply required tags i.e. // `kubernetes.io/cluster/CLUSTER_NAME` with a value of `shared`, where `CLUSTER_NAME` is replaced with // the name of your cluster. Subnets *awsec2.SubnetSelection `json:"subnets" yaml:"subnets"` // The metadata to apply to the node group to assist with categorization and organization. // // Each tag consists of // a key and an optional value, both of which you define. Node group tags do not propagate to any other resources // associated with the node group, such as the Amazon EC2 instances or subnets. Tags *map[string]*string `json:"tags" yaml:"tags"` // The Kubernetes taints to be applied to the nodes in the node group when they are created. Taints *[]*TaintSpec `json:"taints" yaml:"taints"` // Cluster resource. Cluster ICluster `json:"cluster" yaml:"cluster"` }
NodeGroup properties interface.
TODO: EXAMPLE
type NodegroupRemoteAccess ¶
type NodegroupRemoteAccess struct { // The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. SshKeyName *string `json:"sshKeyName" yaml:"sshKeyName"` // The security groups that are allowed SSH access (port 22) to the worker nodes. // // If you specify an Amazon EC2 SSH // key but do not specify a source security group when you create a managed node group, then port 22 on the worker // nodes is opened to the internet (0.0.0.0/0). SourceSecurityGroups *[]awsec2.ISecurityGroup `json:"sourceSecurityGroups" yaml:"sourceSecurityGroups"` }
The remote access (SSH) configuration to use with your node group.
TODO: EXAMPLE
type OpenIdConnectProvider ¶
type OpenIdConnectProvider interface { awsiam.OpenIdConnectProvider Env() *awscdk.ResourceEnvironment Node() constructs.Node OpenIdConnectProviderArn() *string OpenIdConnectProviderIssuer() *string PhysicalName() *string Stack() awscdk.Stack ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce.
You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account.
This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster
TODO: EXAMPLE
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
func NewOpenIdConnectProvider ¶
func NewOpenIdConnectProvider(scope constructs.Construct, id *string, props *OpenIdConnectProviderProps) OpenIdConnectProvider
Defines an OpenID Connect provider.
type OpenIdConnectProviderProps ¶
type OpenIdConnectProviderProps struct { // The URL of the identity provider. // // The URL must begin with https:// and // should correspond to the iss claim in the provider's OpenID Connect ID // tokens. Per the OIDC standard, path components are allowed but query // parameters are not. Typically the URL consists of only a hostname, like // https://server.example.org or https://example.com. // // You can find your OIDC Issuer URL by: // aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text Url *string `json:"url" yaml:"url"` }
Initialization properties for `OpenIdConnectProvider`.
TODO: EXAMPLE
type Selector ¶
type Selector struct { // The Kubernetes namespace that the selector should match. // // You must specify a namespace for a selector. The selector only matches pods // that are created in this namespace, but you can create multiple selectors // to target multiple namespaces. Namespace *string `json:"namespace" yaml:"namespace"` // The Kubernetes labels that the selector should match. // // A pod must contain // all of the labels that are specified in the selector for it to be // considered a match. Labels *map[string]*string `json:"labels" yaml:"labels"` }
Fargate profile selector.
TODO: EXAMPLE
type ServiceAccount ¶
type ServiceAccount interface { constructs.Construct awsiam.IPrincipal AssumeRoleAction() *string GrantPrincipal() awsiam.IPrincipal Node() constructs.Node PolicyFragment() awsiam.PrincipalPolicyFragment Role() awsiam.IRole ServiceAccountName() *string ServiceAccountNamespace() *string AddToPrincipalPolicy(statement awsiam.PolicyStatement) *awsiam.AddToPrincipalPolicyResult ToString() *string }
Service Account.
TODO: EXAMPLE
func NewServiceAccount ¶
func NewServiceAccount(scope constructs.Construct, id *string, props *ServiceAccountProps) ServiceAccount
type ServiceAccountOptions ¶
type ServiceAccountOptions struct { // The name of the service account. Name *string `json:"name" yaml:"name"` // The namespace of the service account. Namespace *string `json:"namespace" yaml:"namespace"` }
Options for `ServiceAccount`.
TODO: EXAMPLE
type ServiceAccountProps ¶
type ServiceAccountProps struct { // The name of the service account. Name *string `json:"name" yaml:"name"` // The namespace of the service account. Namespace *string `json:"namespace" yaml:"namespace"` // The cluster to apply the patch to. Cluster ICluster `json:"cluster" yaml:"cluster"` }
Properties for defining service accounts.
TODO: EXAMPLE
type ServiceLoadBalancerAddressOptions ¶
type ServiceLoadBalancerAddressOptions struct { // The namespace the service belongs to. Namespace *string `json:"namespace" yaml:"namespace"` // Timeout for waiting on the load balancer address. Timeout awscdk.Duration `json:"timeout" yaml:"timeout"` }
Options for fetching a ServiceLoadBalancerAddress.
TODO: EXAMPLE
type TaintEffect ¶
type TaintEffect string
Effect types of kubernetes node taint.
TODO: EXAMPLE
const ( TaintEffect_NO_SCHEDULE TaintEffect = "NO_SCHEDULE" TaintEffect_PREFER_NO_SCHEDULE TaintEffect = "PREFER_NO_SCHEDULE" TaintEffect_NO_EXECUTE TaintEffect = "NO_EXECUTE" )
type TaintSpec ¶
type TaintSpec struct { // Effect type. Effect TaintEffect `json:"effect" yaml:"effect"` // Taint key. Key *string `json:"key" yaml:"key"` // Taint value. Value *string `json:"value" yaml:"value"` }
Taint interface.
TODO: EXAMPLE