Protected Optional Internal_Manages the aws-auth config map.
ReadonlyadminAn IAM role with administrative permissions to create or update the
cluster. This role also has systems:master permissions.
Optional ReadonlyalbThe ALB Controller construct defined for this cluster.
Will be undefined if albController wasn't configured.
Optional ReadonlyauthenticationThe authentication mode for the Amazon EKS cluster.
The authentication mode determines how users and applications authenticate to the Kubernetes API server.
Optional ReadonlyawscliAn AWS Lambda layer that contains the aws CLI.
If not defined, a default layer will be used containing the AWS CLI 1.x.
ReadonlyclusterThe AWS generated ARN for the Cluster resource
For example, arn:aws:eks:us-west-2:666666666666:cluster/prod
ReadonlyclusterThe certificate-authority-data for your cluster.
ReadonlyclusterAmazon Resource Name (ARN) or alias of the customer master key (CMK).
ReadonlyclusterThe endpoint URL for the Cluster
This is the URL inside the kubeconfig file to use with kubectl
For example, https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
ReadonlyclusterOptional ReadonlyclusterA security group to associate with the Cluster Handler's Lambdas. The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires placeClusterHandlerInVpc to be set to true.
ReadonlyclusterThe Name of the created EKS Cluster
ReadonlyclusterThe cluster security group that was created by Amazon EKS for the cluster.
ReadonlyclusterThe id of the cluster security group that was created by Amazon EKS for the cluster.
ReadonlyconnectionsManages connection rules (Security Group Rules) for the cluster
Optional ReadonlydefaultThe auto scaling group that hosts the default capacity for this cluster.
This will be undefined if the defaultCapacityType is not EC2 or
defaultCapacityType is EC2 but default capacity is set to 0.
Optional ReadonlydefaultThe node group that hosts the default capacity for this cluster.
This will be undefined if the defaultCapacityType is EC2 or
defaultCapacityType is NODEGROUP but default capacity is set to 0.
ReadonlyefsReadonlyenvThe environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
ReadonlyiamOptional ReadonlyipSpecify which IP family is used to assign Kubernetes pod and service IP addresses.
Optional ReadonlykubectlCustom environment variables when running kubectl against this cluster.
Optional ReadonlykubectlAn IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the system:masters Kubernetes RBAC role.
This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.
Optional ReadonlykubectlAn AWS Lambda layer that includes kubectl and helm
Optional ReadonlykubectlThe amount of memory allocated to the kubectl provider's lambda function.
Optional ReadonlykubectlSubnets to host the kubectl compute resources.
Optional ReadonlykubectlAn IAM role that can perform kubectl operations against this cluster.
The role should be mapped to the system:masters Kubernetes RBAC role.
Optional ReadonlykubectlA security group to use for kubectl execution.
ReadonlymdaaOptional ReadonlymgmtReadonlynodeThe tree node.
Optional ReadonlyonThe AWS Lambda layer that contains the NPM dependency proxy-agent. If
undefined, a SAR app that contains this layer will be used.
Protected ReadonlyphysicalReturns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket")undefined, when a name should be generated by CloudFormationReadonlypruneDetermines if Kubernetes resources can be pruned automatically.
ReadonlyroleIAM role assumed by the EKS Control Plane
ReadonlystackThe stack in which this resource is defined.
ReadonlyvpcThe VPC in which this Cluster was created
Static ReadonlyPROPERTY_Uniquely identifies this class.
Lazily creates the AwsAuth resource, which manages AWS authentication mapping.
Retrieves the EKS Pod Identity Agent addon for the EKS cluster.
The EKS Pod Identity Agent is responsible for managing the temporary credentials used by pods in the cluster to access AWS resources. It runs as a DaemonSet on each node and provides the necessary credentials to the pods based on their associated service account.
An OpenIdConnectProvider resource associated with this cluster, and which can be used
to link this cluster to AWS IAM.
A provider will only be defined if this property is accessed (lazy initialization).
InternalInternal API used by FargateProfile to keep inventory of Fargate profiles associated with
this cluster, for the sake of ensuring the profiles are created sequentially.
the list of FargateProfiles attached to this cluster, including the one just attached.
InternalAdds a resource scope that requires kubectl to this cluster and returns
the KubectlProvider which is the custom resource provider that should be
used as the resource provider.
Called from HelmResource and KubernetesResource
the construct scope in which kubectl resources are defined.
InternalCalled when this resource is referenced across environments (account/region) to order to request that a physical name will be generated for this resource during synthesis, so the resource can be referenced through its absolute name/arn.
Add nodes to this EKS cluster
The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.
Note that if you specify updateType: RollingUpdate or updateType: ReplacingUpdate, your nodes might be replaced at deploy
time without notice in case the recommended AMI for your machine image type has been updated by AWS.
The default behavior for updateType is None, which means only new instances will be launched using the new AMI.
Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule.
In addition, the spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
Defines a CDK8s chart in this cluster.
logical id of this chart.
the cdk8s chart.
Optionaloptions: KubernetesManifestOptionsa KubernetesManifest construct representing the chart.
Adds a Fargate profile to this cluster.
the id of this profile
Defines a Helm chart in this cluster.
logical id of this chart.
options of this chart.
a HelmChart construct
Defines a Kubernetes resource in this cluster.
The manifest will be applied/deleted using kubectl as needed.
logical id of this manifest
a list of Kubernetes resource specifications
a KubernetesResource object.
Add managed nodegroup to this Amazon EKS cluster
This method will create a new managed nodegroup and add into the capacity.
The ID of the nodegroup
Optionaloptions: NodegroupOptionsoptions for creating a new nodegroup
Creates a new service account with corresponding IAM Role (IRSA).
logical id of service account
Optionaloptions: ServiceAccountOptionsservice account options
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.
Spot instances will be labeled lifecycle=Ec2Spot and tainted with PreferNoSchedule.
If kubectl is enabled, the
spot interrupt handler
daemon will be installed on all spot instances to handle
EC2 Spot Instance Termination Notices.
Prefer to use addAutoScalingGroupCapacity if possible.
[disable-awslint:ref-via-interface]
options for adding auto scaling groups, like customizing the bootstrap script
ProtectedgenerateFetch the load balancer address of an ingress backed by a load balancer.
The name of the ingress.
Optionaloptions: IngressLoadBalancerAddressOptionsAdditional operation options.
ProtectedgetReturns an environment-sensitive token that should be used for the
resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arnAttr, but if the resource is
referenced across environments, arnComponents will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arnComponents.
The CFN attribute which resolves to the ARN of the resource.
Commonly it will be called "Arn" (e.g. resource.attrArn), but sometimes
it's the CFN resource's ref.
The format of the ARN of this resource. You must
reference this.physicalName somewhere within the ARN in order for
cross-environment references to work.
ProtectedgetReturns an environment-sensitive token that should be used for the
resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to nameAttr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
The CFN attribute which resolves to the resource's name.
Commonly this is the resource's ref.
Fetch the load balancer address of a service of type 'LoadBalancer'.
The name of the service.
Optionaloptions: ServiceLoadBalancerAddressOptionsAdditional operation options.
Grants the specified IAM principal access to the EKS cluster based on the provided access policies.
This method creates an AccessEntry construct that grants the specified IAM principal the access permissions
defined by the provided IAccessPolicy array. This allows the IAM principal to perform the actions permitted
by the access policies within the EKS cluster.
The ID of the AccessEntry construct to be created.
The IAM principal (role or user) to be granted access to the EKS cluster.
An array of IAccessPolicy objects that define the access permissions to be granted to the IAM principal.
Returns a string representation of this construct.
StaticfromImport an existing cluster
the construct scope, in most cases 'this'
the id or name to import as
the cluster properties to use for importing information
StaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
StaticisReturns true if the construct was created by CDK, and false otherwise
StaticisCheck whether the given construct is a Resource
A construct for creating a compliant EKS cluster resource.