README
¶
Vibe-io CDK-Extensions EC2 Construct Library
The cdk-extensions/eks-patterns module contains higher-level Amazon EKS constructs which follow common architectural patterns. It constains:
- Cluster Integrated with Common AWS Services
Cluster Integrated with Common AWS Services
To define an EKS cluster that comes pre-installed with common services many Kubernetes clusters running on AWS will use, instantiate one of the following:
- AwsIntegratedFargateCluster
declare const vpc: ec2.Vpc;
const cluster = new eks_patterns.AwsIntegratedFargateCluster(this, 'cluster', {
version: eks.KubernetesVersion.V1_21,
vpc: vpc,
vpcSubnets: [
{
onePerAz: true,
subnetGroupName: 'private'
}
]
});
Integrated Services
Route 53
Route 53 integration is provided by means of the External DNS Kubernetes Add-on. Services and ingresses in the cluster can be discovered and External DNS will manage appropriate DNS records in Route 53.
External DNS is enabled by default and must be explicitly disabled using:
const cluster = new eks_patterns.AwsIntegratedFargateCluster(this, 'cluster', {
externalDnsOptions: {
enabled: false,
},
version: eks.KubernetesVersion.V1_21,
});
Container Insights
Integration with Container Insights is implemented using AWS Distro for OpenTelemetry as described in this AWS blog post.
This help you collect, aggregate, and visualize advanced metrics from your services running on EKS and Fargate.
Container Insights is enabled by default and must be explicitly disabled using:
const cluster = new eks_patterns.AwsIntegratedFargateCluster(this, 'cluster', {
cloudWatchMonitoringOptions: {
enabled: false,
},
version: eks.KubernetesVersion.V1_21,
});
CloudWatch Logs
CloudWatch Logs integration is provided using the built-in log router provided by Fargate.
Currently this will ship logs for all containers to a CloudWatch log group that can be filtered to find the pods for specific pods and services.
We plan to expand the functionality of this resource to expand log destinations and provide more advanced log filtering.
Container Insights is enabled by default and must be explicitly disabled using:
const cluster = new eks_patterns.AwsIntegratedFargateCluster(this, 'cluster', {
fargateLogger: {
enabled: false,
},
version: eks.KubernetesVersion.V1_21,
});
Secrets Manager
Integration to Secrets Manager is provided using the External Secrets Operatore Kubernetes operator.
You can use it to configure links between Secrets Manager secrets (such as those created for RDS instances) and Kubernetes secrets which can be exposed to your pods as environment variables. Changes to the secret in Secrets Manager will automatically be synchronized into the secret in the EKS cluster.
Secrets Manager integration is enabled by default and must be explicitly disabled using:
const cluster = new eks_patterns.AwsIntegratedFargateCluster(this, 'cluster', {
externalSecretsOptions: {
enabled: false,
},
version: eks.KubernetesVersion.V1_21,
});
Documentation
¶
Index ¶
- func AwsIntegratedFargateCluster_IsConstruct(x interface{}) *bool
- func AwsIntegratedFargateCluster_IsOwnedResource(construct constructs.IConstruct) *bool
- func AwsIntegratedFargateCluster_IsResource(construct constructs.IConstruct) *bool
- func NewAwsIntegratedFargateCluster_Override(a AwsIntegratedFargateCluster, scope constructs.Construct, id *string, ...)
- type AwsIntegratedFargateCluster
- type AwsIntegratedFargateClusterProps
- type CloudWatchMonitoringOptions
- type ExternalDnsOptions
- type ExternalSecretsOptions
- type FargateLoggingOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AwsIntegratedFargateCluster_IsConstruct ¶
func AwsIntegratedFargateCluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.
func AwsIntegratedFargateCluster_IsOwnedResource ¶
func AwsIntegratedFargateCluster_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func AwsIntegratedFargateCluster_IsResource ¶
func AwsIntegratedFargateCluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func NewAwsIntegratedFargateCluster_Override ¶
func NewAwsIntegratedFargateCluster_Override(a AwsIntegratedFargateCluster, scope constructs.Construct, id *string, props *AwsIntegratedFargateClusterProps)
Types ¶
type AwsIntegratedFargateCluster ¶
type AwsIntegratedFargateCluster interface {
awscdk.Resource
CloudWatchMonitoring() k8saws.CloudWatchMonitoring
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
ExternalDns() k8saws.ExternalDns
ExternalSecrets() k8saws.ExternalSecretsOperator
FargateLogger() k8saws.FargateLogger
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
Resource() awseks.FargateCluster
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
RegisterSecretsManagerSecret(id *string, secret awssecretsmanager.ISecret, options *k8saws.NamespacedExternalSecretOptions) k8saws.ExternalSecret
RegisterSsmParameterSecret(id *string, parameter awsssm.IParameter, options *k8saws.NamespacedExternalSecretOptions) k8saws.ExternalSecret
// Returns a string representation of this construct.
ToString() *string
}
func NewAwsIntegratedFargateCluster ¶
func NewAwsIntegratedFargateCluster(scope constructs.Construct, id *string, props *AwsIntegratedFargateClusterProps) AwsIntegratedFargateCluster
type AwsIntegratedFargateClusterProps ¶
type AwsIntegratedFargateClusterProps struct {
// The Kubernetes version to run in the cluster.
Version awseks.KubernetesVersion `field:"required" json:"version" yaml:"version"`
// Name for the cluster.
ClusterName *string `field:"optional" json:"clusterName" yaml:"clusterName"`
// Determines whether a CloudFormation output with the name of the cluster will be synthesized.
OutputClusterName *bool `field:"optional" json:"outputClusterName" yaml:"outputClusterName"`
// Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized.
//
// This command will include
// the cluster name and, if applicable, the ARN of the masters IAM role.
OutputConfigCommand *bool `field:"optional" json:"outputConfigCommand" yaml:"outputConfigCommand"`
// Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
// Security Group to use for Control Plane ENIs.
SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
// The VPC in which to create the Cluster.
Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
// Where to place EKS Control Plane ENIs.
//
// If you want to create public load balancers, this must include public subnets.
//
// For example, to only select private subnets, supply the following:
//
// `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]`
VpcSubnets *[]*awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
// Install the AWS Load Balancer Controller onto the cluster.
// See: https://kubernetes-sigs.github.io/aws-load-balancer-controller
//
AlbController *awseks.AlbControllerOptions `field:"optional" json:"albController" yaml:"albController"`
// Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.
ClusterHandlerEnvironment *map[string]*string `field:"optional" json:"clusterHandlerEnvironment" yaml:"clusterHandlerEnvironment"`
// A security group to associate with the Cluster Handler's Lambdas.
//
// The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
//
// Requires `placeClusterHandlerInVpc` to be set to true.
ClusterHandlerSecurityGroup awsec2.ISecurityGroup `field:"optional" json:"clusterHandlerSecurityGroup" yaml:"clusterHandlerSecurityGroup"`
// The cluster log types which you want to enable.
ClusterLogging *[]awseks.ClusterLoggingTypes `field:"optional" json:"clusterLogging" yaml:"clusterLogging"`
// Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.
CoreDnsComputeType awseks.CoreDnsComputeType `field:"optional" json:"coreDnsComputeType" yaml:"coreDnsComputeType"`
// Configure access to the Kubernetes API server endpoint..
// See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
//
EndpointAccess awseks.EndpointAccess `field:"optional" json:"endpointAccess" yaml:"endpointAccess"`
// Environment variables for the kubectl execution.
//
// Only relevant for kubectl enabled clusters.
KubectlEnvironment *map[string]*string `field:"optional" json:"kubectlEnvironment" yaml:"kubectlEnvironment"`
// An AWS Lambda Layer which includes `kubectl`, Helm and the AWS CLI.
//
// By default, the provider will use the layer included in the
// "aws-lambda-layer-kubectl" SAR application which is available in all
// commercial regions.
//
// To deploy the layer locally, visit
// https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md
// for instructions on how to prepare the .zip file and then define it in your
// app as follows:
//
// “`ts
// const layer = new lambda.LayerVersion(this, 'kubectl-layer', {
// code: lambda.Code.fromAsset(`${__dirname}/layer.zip`),
// compatibleRuntimes: [lambda.Runtime.PROVIDED],
// });
// “`.
// See: https://github.com/aws-samples/aws-lambda-layer-kubectl
//
KubectlLayer awslambda.ILayerVersion `field:"optional" json:"kubectlLayer" yaml:"kubectlLayer"`
// Amount of memory to allocate to the provider's lambda function.
KubectlMemory awscdk.Size `field:"optional" json:"kubectlMemory" yaml:"kubectlMemory"`
// An IAM role that will be added to the `system:masters` Kubernetes RBAC group.
// See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings
//
MastersRole awsiam.IRole `field:"optional" json:"mastersRole" yaml:"mastersRole"`
// An AWS Lambda Layer which includes the NPM dependency `proxy-agent`.
//
// This layer
// is used by the onEvent handler to route AWS SDK requests through a proxy.
//
// By default, the provider will use the layer included in the
// "aws-lambda-layer-node-proxy-agent" SAR application which is available in all
// commercial regions.
//
// To deploy the layer locally define it in your app as follows:
//
// “`ts
// const layer = new lambda.LayerVersion(this, 'proxy-agent-layer', {
// code: lambda.Code.fromAsset(`${__dirname}/layer.zip`),
// compatibleRuntimes: [lambda.Runtime.NODEJS_14_X],
// });
// “`.
OnEventLayer awslambda.ILayerVersion `field:"optional" json:"onEventLayer" yaml:"onEventLayer"`
// Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if `mastersRole` is specified).
OutputMastersRoleArn *bool `field:"optional" json:"outputMastersRoleArn" yaml:"outputMastersRoleArn"`
// If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the `vpcSubnets` selection strategy.
PlaceClusterHandlerInVpc *bool `field:"optional" json:"placeClusterHandlerInVpc" yaml:"placeClusterHandlerInVpc"`
// Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned.
//
// When this is enabled (default), prune labels will be
// allocated and injected to each resource. These labels will then be used
// when issuing the `kubectl apply` operation with the `--prune` switch.
Prune *bool `field:"optional" json:"prune" yaml:"prune"`
// KMS secret for envelope encryption for Kubernetes secrets.
SecretsEncryptionKey awskms.IKey `field:"optional" json:"secretsEncryptionKey" yaml:"secretsEncryptionKey"`
// The CIDR block to assign Kubernetes service IP addresses from.
// See: https://docs.aws.amazon.com/eks/latest/APIReference/API_KubernetesNetworkConfigRequest.html#AmazonEKS-Type-KubernetesNetworkConfigRequest-serviceIpv4Cidr
//
ServiceIpv4Cidr *string `field:"optional" json:"serviceIpv4Cidr" yaml:"serviceIpv4Cidr"`
// Fargate Profile to create along with the cluster.
DefaultProfile *awseks.FargateProfileOptions `field:"optional" json:"defaultProfile" yaml:"defaultProfile"`
CloudWatchMonitoringOptions *CloudWatchMonitoringOptions `field:"optional" json:"cloudWatchMonitoringOptions" yaml:"cloudWatchMonitoringOptions"`
ExternalDnsOptions *ExternalDnsOptions `field:"optional" json:"externalDnsOptions" yaml:"externalDnsOptions"`
ExternalSecretsOptions *ExternalSecretsOptions `field:"optional" json:"externalSecretsOptions" yaml:"externalSecretsOptions"`
LoggingOptions *FargateLoggingOptions `field:"optional" json:"loggingOptions" yaml:"loggingOptions"`
}
type CloudWatchMonitoringOptions ¶
type CloudWatchMonitoringOptions struct {
Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
}
type ExternalDnsOptions ¶
type ExternalSecretsOptions ¶
type ExternalSecretsOptions struct {
CreateNamespace *bool `field:"optional" json:"createNamespace" yaml:"createNamespace"`
Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
Name *string `field:"optional" json:"name" yaml:"name"`
Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}
type FargateLoggingOptions ¶
type FargateLoggingOptions struct {
// Controls whether logging will be set up for pods using the default Fargate provide on the EKS cluster.
Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
// The CloudWatch log group where Farget container logs will be sent.
LogGroup awslogs.ILogGroup `field:"optional" json:"logGroup" yaml:"logGroup"`
// The prefix to add to the start of log streams created by the Fargate logger.
LogStreamPrefix *string `field:"optional" json:"logStreamPrefix" yaml:"logStreamPrefix"`
// The number of days logs sent to CloudWatch from Fluent Bit should be retained before they are automatically removed.
Retention awslogs.RetentionDays `field:"optional" json:"retention" yaml:"retention"`
}
Source Files
¶
- ekspatterns.go
- ekspatterns_AwsIntegratedFargateCluster.go
- ekspatterns_AwsIntegratedFargateClusterProps.go
- ekspatterns_AwsIntegratedFargateCluster__runtime_type_checks.go
- ekspatterns_CloudWatchMonitoringOptions.go
- ekspatterns_ExternalDnsOptions.go
- ekspatterns_ExternalSecretsOptions.go
- ekspatterns_FargateLoggingOptions.go
Directories
Click to show internal directories.
Click to hide internal directories.