Class ClusterOptions
Options for EKS clusters.
Inheritance
Namespace: Amazon.CDK.AWS.EKS
Assembly: Amazon.CDK.AWS.EKS.dll
Syntax (csharp)
public class ClusterOptions : Object, IClusterOptions, ICommonClusterOptions
Syntax (vb)
Public Class ClusterOptions
Inherits Object
Implements IClusterOptions, ICommonClusterOptions
Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.EKS;
using Amazon.CDK.AWS.IAM;
using Amazon.CDK.AWS.KMS;
using Amazon.CDK.AWS.Lambda;
using Amazon.CDK;
AlbControllerVersion albControllerVersion;
EndpointAccess endpointAccess;
Key key;
KubernetesVersion kubernetesVersion;
LayerVersion layerVersion;
var policy;
Role role;
SecurityGroup securityGroup;
Size size;
Subnet subnet;
SubnetFilter subnetFilter;
Vpc vpc;
var clusterOptions = new ClusterOptions {
Version = kubernetesVersion,
// the properties below are optional
AlbController = new AlbControllerOptions {
Version = albControllerVersion,
// the properties below are optional
Policy = policy,
Repository = "repository"
},
ClusterHandlerEnvironment = new Dictionary<string, string> {
{ "clusterHandlerEnvironmentKey", "clusterHandlerEnvironment" }
},
ClusterHandlerSecurityGroup = securityGroup,
ClusterName = "clusterName",
CoreDnsComputeType = CoreDnsComputeType.EC2,
EndpointAccess = endpointAccess,
KubectlEnvironment = new Dictionary<string, string> {
{ "kubectlEnvironmentKey", "kubectlEnvironment" }
},
KubectlLayer = layerVersion,
KubectlMemory = size,
MastersRole = role,
OnEventLayer = layerVersion,
OutputClusterName = false,
OutputConfigCommand = false,
OutputMastersRoleArn = false,
PlaceClusterHandlerInVpc = false,
Prune = false,
Role = role,
SecretsEncryptionKey = key,
SecurityGroup = securityGroup,
ServiceIpv4Cidr = "serviceIpv4Cidr",
Vpc = vpc,
VpcSubnets = new [] { new SubnetSelection {
AvailabilityZones = new [] { "availabilityZones" },
OnePerAz = false,
SubnetFilters = new [] { subnetFilter },
SubnetGroupName = "subnetGroupName",
SubnetName = "subnetName",
Subnets = new [] { subnet },
SubnetType = SubnetType.ISOLATED
} }
};
Synopsis
Constructors
ClusterOptions() |
Properties
AlbController | Install the AWS Load Balancer Controller onto the cluster. |
ClusterHandlerEnvironment | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. |
ClusterHandlerSecurityGroup | A security group to associate with the Cluster Handler's Lambdas. |
ClusterName | Name for the cluster. |
CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. |
EndpointAccess | Configure access to the Kubernetes API server endpoint.. |
KubectlEnvironment | Environment variables for the kubectl execution. |
KubectlLayer | An AWS Lambda Layer which includes |
KubectlMemory | Amount of memory to allocate to the provider's lambda function. |
MastersRole | An IAM role that will be added to the |
OnEventLayer | An AWS Lambda Layer which includes the NPM dependency |
OutputClusterName | Determines whether a CloudFormation output with the name of the cluster will be synthesized. |
OutputConfigCommand | Determines whether a CloudFormation output with the |
OutputMastersRoleArn | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if |
PlaceClusterHandlerInVpc | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the |
Prune | Indicates whether Kubernetes resources added through |
Role | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
SecretsEncryptionKey | KMS secret for envelope encryption for Kubernetes secrets. |
SecurityGroup | Security Group to use for Control Plane ENIs. |
ServiceIpv4Cidr | The CIDR block to assign Kubernetes service IP addresses from. |
Version | The Kubernetes version to run in the cluster. |
Vpc | The VPC in which to create the Cluster. |
VpcSubnets | Where to place EKS Control Plane ENIs. |
Constructors
ClusterOptions()
public ClusterOptions()
Properties
AlbController
Install the AWS Load Balancer Controller onto the cluster.
public IAlbControllerOptions AlbController { get; set; }
Property Value
Remarks
Default: - The controller is not installed.
See: https://kubernetes-sigs.github.io/aws-load-balancer-controller
ClusterHandlerEnvironment
Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle.
public IDictionary<string, string> ClusterHandlerEnvironment { get; set; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.String>
Remarks
Default: - No environment variables.
ClusterHandlerSecurityGroup
A security group to associate with the Cluster Handler's Lambdas.
public ISecurityGroup ClusterHandlerSecurityGroup { get; set; }
Property Value
Remarks
The Cluster Handler's Lambdas are responsible for calling AWS's EKS API.
Requires placeClusterHandlerInVpc
to be set to true.
Default: - No security group.
ClusterName
Name for the cluster.
public string ClusterName { get; set; }
Property Value
System.String
Remarks
Default: - Automatically generated name
CoreDnsComputeType
Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.
public Nullable<CoreDnsComputeType> CoreDnsComputeType { get; set; }
Property Value
System.Nullable<CoreDnsComputeType>
Remarks
Default: CoreDnsComputeType.EC2 (for FargateCluster
the default is FARGATE)
EndpointAccess
Configure access to the Kubernetes API server endpoint..
public EndpointAccess EndpointAccess { get; set; }
Property Value
Remarks
Default: EndpointAccess.PUBLIC_AND_PRIVATE
See: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
KubectlEnvironment
Environment variables for the kubectl execution.
public IDictionary<string, string> KubectlEnvironment { get; set; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.String>
Remarks
Only relevant for kubectl enabled clusters.
Default: - No environment variables.
KubectlLayer
An AWS Lambda Layer which includes kubectl
, Helm and the AWS CLI.
public ILayerVersion KubectlLayer { get; set; }
Property Value
Remarks
By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions.
To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows:
var layer = new LayerVersion(this, "kubectl-layer", new LayerVersionProps {
Code = Code.FromAsset($"{__dirname}/layer.zip"),
CompatibleRuntimes = new [] { Runtime.PROVIDED }
});
Default: - the layer provided by the aws-lambda-layer-kubectl
SAR app.
See: https://github.com/aws-samples/aws-lambda-layer-kubectl
KubectlMemory
Amount of memory to allocate to the provider's lambda function.
public Size KubectlMemory { get; set; }
Property Value
Remarks
Default: Size.gibibytes(1)
MastersRole
An IAM role that will be added to the system:masters
Kubernetes RBAC group.
public IRole MastersRole { get; set; }
Property Value
Remarks
Default: - a role that assumable by anyone with permissions in the same account will automatically be defined
See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings
OnEventLayer
An AWS Lambda Layer which includes the NPM dependency proxy-agent
.
public ILayerVersion OnEventLayer { get; set; }
Property Value
Remarks
This layer is used by the onEvent handler to route AWS SDK requests through a proxy.
By default, the provider will use the layer included in the "aws-lambda-layer-node-proxy-agent" SAR application which is available in all commercial regions.
To deploy the layer locally define it in your app as follows:
var layer = new LayerVersion(this, "proxy-agent-layer", new LayerVersionProps {
Code = Code.FromAsset($"{__dirname}/layer.zip"),
CompatibleRuntimes = new [] { Runtime.NODEJS_14_X }
});
Default: - a layer bundled with this module.
OutputClusterName
Determines whether a CloudFormation output with the name of the cluster will be synthesized.
public Nullable<bool> OutputClusterName { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
OutputConfigCommand
Determines whether a CloudFormation output with the aws eks update-kubeconfig
command will be synthesized.
public Nullable<bool> OutputConfigCommand { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
This command will include the cluster name and, if applicable, the ARN of the masters IAM role.
Default: true
OutputMastersRoleArn
Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if mastersRole
is specified).
public Nullable<bool> OutputMastersRoleArn { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
PlaceClusterHandlerInVpc
If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the vpcSubnets
selection strategy.
public Nullable<bool> PlaceClusterHandlerInVpc { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
Prune
Indicates whether Kubernetes resources added through addManifest()
can be automatically pruned.
public Nullable<bool> Prune { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
When this is enabled (default), prune labels will be
allocated and injected to each resource. These labels will then be used
when issuing the kubectl apply
operation with the --prune
switch.
Default: true
Role
Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
public IRole Role { get; set; }
Property Value
Remarks
Default: - A role is automatically created for you
SecretsEncryptionKey
KMS secret for envelope encryption for Kubernetes secrets.
public IKey SecretsEncryptionKey { get; set; }
Property Value
Remarks
Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
SecurityGroup
Security Group to use for Control Plane ENIs.
public ISecurityGroup SecurityGroup { get; set; }
Property Value
Remarks
Default: - A security group is automatically created
ServiceIpv4Cidr
The CIDR block to assign Kubernetes service IP addresses from.
public string ServiceIpv4Cidr { get; set; }
Property Value
System.String
Remarks
Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
Version
The Kubernetes version to run in the cluster.
public KubernetesVersion Version { get; set; }
Property Value
Vpc
The VPC in which to create the Cluster.
public IVpc Vpc { get; set; }
Property Value
Remarks
Default: - a VPC with default configuration will be created and can be accessed through cluster.vpc
.
VpcSubnets
Where to place EKS Control Plane ENIs.
public ISubnetSelection[] VpcSubnets { get; set; }
Property Value
Remarks
If you want to create public load balancers, this must include public subnets.
For example, to only select private subnets, supply the following:
vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }]
Default: - All public and private subnets