Class: Aws::EKS::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb

Overview

An API client for EKS. To construct a client, you need to configure a :region and :credentials.

client = Aws::EKS::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials. This can be an instance of any one of the following classes:

    • Aws::Credentials - Used for configuring static, non-refreshing credentials.

    • Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.

    • Aws::AssumeRoleCredentials - Used when you need to assume a role.

    • Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.

    • Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.

    • Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.

    • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • Aws::ECSCredentials - Used for loading credentials from instances running in ECS.

    • Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.

    When :credentials are not configured directly, the following locations will be searched for credentials:

    • Aws.config[:credentials]
    • The :access_key_id, :secret_access_key, and :session_token options.
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • ~/.aws/credentials
    • ~/.aws/config
    • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentails or Aws::ECSCredentials to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true.
  • :region (required, String)

    The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

    • Aws.config[:region]
    • ENV['AWS_REGION']
    • ENV['AMAZON_REGION']
    • ENV['AWS_DEFAULT_REGION']
    • ~/.aws/credentials
    • ~/.aws/config
  • :access_key_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

  • :client_side_monitoring (Boolean) — default: false

    When true, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :defaults_mode (String) — default: "legacy"

    See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

  • :disable_host_prefix_injection (Boolean) — default: false

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

  • :disable_request_compression (Boolean) — default: false

    When set to 'true' the request body will not be compressed for supported operations.

  • :endpoint (String)

    The client endpoint is normally constructed from the :region option. You should only configure an :endpoint when connecting to test or custom endpoints. This should be a valid HTTP(S) URI.

  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to true, endpoint discovery will be enabled for operations when available.

  • :ignore_configured_endpoint_urls (Boolean)

    Setting to true disables use of endpoint URLs provided via environment variables and the shared configuration file.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the :logger at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

  • :request_min_compression_size_bytes (Integer) — default: 10240

    The minimum size in bytes that triggers compression for request bodies. The value must be non-negative integer value between 0 and 10485780 bytes inclusive.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

    @see https://www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

    • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

  • :sdk_ua_app_id (String)

    A unique and opaque application ID that is appended to the User-Agent header as app/. It should have a maximum length of 50.

  • :secret_access_key (String)
  • :session_token (String)
  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :token_provider (Aws::TokenProvider)

    A Bearer Token Provider. This can be an instance of any one of the following classes:

    • Aws::StaticTokenProvider - Used for configuring static, non-refreshing tokens.

    • Aws::SSOTokenProvider - Used for loading tokens from AWS SSO using an access token generated from aws login.

    When :token_provider is not configured directly, the Aws::TokenProviderChain will be used to search for tokens configured for your profile in shared configuration files.

  • :use_dualstack_endpoint (Boolean)

    When set to true, dualstack enabled endpoints (with .aws TLD) will be used if available.

  • :use_fips_endpoint (Boolean)

    When set to true, fips compatible endpoints will be used if available. When a fips region is used, the region is normalized and this config is set to true.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request.

  • :endpoint_provider (Aws::EKS::EndpointProvider)

    The endpoint provider used to resolve endpoints. Any object that responds to #resolve_endpoint(parameters) where parameters is a Struct similar to Aws::EKS::EndpointParameters

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like 'http://proxy.com:123'.

  • :http_open_timeout (Float) — default: 15

    The number of seconds to wait when opening a HTTP session before raising a Timeout::Error.

  • :http_read_timeout (Float) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

  • :ssl_timeout (Float) — default: nil

    Sets the SSL timeout in seconds.

  • :http_wire_trace (Boolean) — default: false

    When true, HTTP debug output will be sent to the :logger.

  • :ssl_verify_peer (Boolean) — default: true

    When true, SSL peer certificates are verified when establishing a connection.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.



385
386
387
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 385

def initialize(*args)
  super
end

Instance Method Details

#associate_access_policy(params = {}) ⇒ Types::AssociateAccessPolicyResponse

Associates an access policy and its scope to an access entry. For more information about associating access policies, see Associating and disassociating access policies to and from access entries in the Amazon EKS User Guide.

Examples:

Request syntax with placeholder values


resp = client.associate_access_policy({
  cluster_name: "String", # required
  principal_arn: "String", # required
  policy_arn: "String", # required
  access_scope: { # required
    type: "cluster", # accepts cluster, namespace
    namespaces: ["String"],
  },
})

Response structure


resp.cluster_name #=> String
resp.principal_arn #=> String
resp.associated_access_policy.policy_arn #=> String
resp.associated_access_policy.access_scope.type #=> String, one of "cluster", "namespace"
resp.associated_access_policy.access_scope.namespaces #=> Array
resp.associated_access_policy.access_scope.namespaces[0] #=> String
resp.associated_access_policy.associated_at #=> Time
resp.associated_access_policy.modified_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The Amazon Resource Name (ARN) of the IAM user or role for the AccessEntry that you're associating the access policy to.

  • :policy_arn (required, String)

    The ARN of the AccessPolicy that you're associating. For a list of ARNs, use ListAccessPolicies.

  • :access_scope (required, Types::AccessScope)

    The scope for the AccessPolicy. You can scope access policies to an entire cluster or to specific Kubernetes namespaces.

Returns:

See Also:



448
449
450
451
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 448

def associate_access_policy(params = {}, options = {})
  req = build_request(:associate_access_policy, params)
  req.send_request(options)
end

#associate_encryption_config(params = {}) ⇒ Types::AssociateEncryptionConfigResponse

Associates an encryption configuration to an existing cluster.

Use this API to enable encryption on existing clusters that don't already have encryption enabled. This allows you to implement a defense-in-depth security strategy without migrating applications to new Amazon EKS clusters.

Examples:

Request syntax with placeholder values


resp = client.associate_encryption_config({
  cluster_name: "String", # required
  encryption_config: [ # required
    {
      resources: ["String"],
      provider: {
        key_arn: "String",
      },
    },
  ],
  client_request_token: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :encryption_config (required, Array<Types::EncryptionConfig>)

    The configuration you are using for encryption.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



511
512
513
514
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 511

def associate_encryption_config(params = {}, options = {})
  req = build_request(:associate_encryption_config, params)
  req.send_request(options)
end

#associate_identity_provider_config(params = {}) ⇒ Types::AssociateIdentityProviderConfigResponse

Associates an identity provider configuration to a cluster.

If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes Role and ClusterRole objects, assign permissions to them, and then bind them to the identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For more information see Using RBAC Authorization in the Kubernetes documentation.

Examples:

Request syntax with placeholder values


resp = client.associate_identity_provider_config({
  cluster_name: "String", # required
  oidc: { # required
    identity_provider_config_name: "String", # required
    issuer_url: "String", # required
    client_id: "String", # required
    username_claim: "String",
    username_prefix: "String",
    groups_claim: "String",
    groups_prefix: "String",
    required_claims: {
      "requiredClaimsKey" => "requiredClaimsValue",
    },
  },
  tags: {
    "TagKey" => "TagValue",
  },
  client_request_token: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String
resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :oidc (required, Types::OidcIdentityProviderConfigRequest)

    An object representing an OpenID Connect (OIDC) identity provider configuration.

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



597
598
599
600
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 597

def associate_identity_provider_config(params = {}, options = {})
  req = build_request(:associate_identity_provider_config, params)
  req.send_request(options)
end

#create_access_entry(params = {}) ⇒ Types::CreateAccessEntryResponse

Creates an access entry.

An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the aws-auth ConfigMap for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes Role, ClusterRole, RoleBinding, and ClusterRoleBinding objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes Role, ClusterRole, RoleBinding, and ClusterRoleBinding objects.

For more information about access entries, see Access entries in the Amazon EKS User Guide.

Examples:

Request syntax with placeholder values


resp = client.create_access_entry({
  cluster_name: "String", # required
  principal_arn: "String", # required
  kubernetes_groups: ["String"],
  tags: {
    "TagKey" => "TagValue",
  },
  client_request_token: "String",
  username: "String",
  type: "String",
})

Response structure


resp.access_entry.cluster_name #=> String
resp.access_entry.principal_arn #=> String
resp.access_entry.kubernetes_groups #=> Array
resp.access_entry.kubernetes_groups[0] #=> String
resp.access_entry.access_entry_arn #=> String
resp.access_entry.created_at #=> Time
resp.access_entry.modified_at #=> Time
resp.access_entry.tags #=> Hash
resp.access_entry.tags["TagKey"] #=> String
resp.access_entry.username #=> String
resp.access_entry.type #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The ARN of the IAM principal for the AccessEntry. You can specify one ARN for each access entry. You can't specify the same ARN in more than one access entry. This value can't be changed after access entry creation.

    The valid principals differ depending on the type of the access entry in the type field. The only valid ARN is IAM roles for the types of access entries for nodes: . You can use every IAM principal type for STANDARD access entries. You can't use the STS session principal type with access entries because this is a temporary principal for each session and not a permanent identity that can be assigned permissions.</p> IAM best practices recommend using IAM roles with temporary credentials, rather than IAM users with long-term credentials.

  • :kubernetes_groups (Array<String>)

    The value for name that you've specified for kind: Group as a subject in a Kubernetes RoleBinding or ClusterRoleBinding object. Amazon EKS doesn't confirm that the value for name exists in any bindings on your cluster. You can specify one or more names.

    Kubernetes authorizes the principalArn of the access entry to access any cluster objects that you've specified in a Kubernetes Role or ClusterRole object that is also specified in a binding's roleRef. For more information about creating Kubernetes RoleBinding, ClusterRoleBinding, Role, or ClusterRole objects, see Using RBAC Authorization in the Kubernetes documentation.

    If you want Amazon EKS to authorize the principalArn (instead of, or in addition to Kubernetes authorizing the principalArn), you can associate one or more access policies to the access entry using AssociateAccessPolicy. If you associate any access policies, the principalARN has all permissions assigned in the associated access policies and all permissions in any Kubernetes Role or ClusterRole objects that the group names are bound to.

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :username (String)

    The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies for you, or constraints before specifying your own username, see Creating access entries in the Amazon EKS User Guide.

  • :type (String)

    The type of the new access entry. Valid values are Standard, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS.

    If the principalArn is for an IAM role that's used for self-managed Amazon EC2 nodes, specify EC2_LINUX or EC2_WINDOWS. Amazon EKS grants the necessary permissions to the node for you. If the principalArn is for any other purpose, specify STANDARD. If you don't specify a value, Amazon EKS sets the value to STANDARD. It's unnecessary to create access entries for IAM roles used with Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS creates entries in the aws-auth ConfigMap for the roles. You can't change this value once you've created the access entry.

    If you set the value to EC2_LINUX or EC2_WINDOWS, you can't specify values for kubernetesGroups, or associate an AccessPolicy to the access entry.

Returns:

See Also:



745
746
747
748
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 745

def create_access_entry(params = {}, options = {})
  req = build_request(:create_access_entry, params)
  req.send_request(options)
end

#create_addon(params = {}) ⇒ Types::CreateAddonResponse

Creates an Amazon EKS add-on.

Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide.

Examples:

Request syntax with placeholder values


resp = client.create_addon({
  cluster_name: "ClusterName", # required
  addon_name: "String", # required
  addon_version: "String",
  service_account_role_arn: "RoleArn",
  resolve_conflicts: "OVERWRITE", # accepts OVERWRITE, NONE, PRESERVE
  client_request_token: "String",
  tags: {
    "TagKey" => "TagValue",
  },
  configuration_values: "String",
})

Response structure


resp.addon.addon_name #=> String
resp.addon.cluster_name #=> String
resp.addon.status #=> String, one of "CREATING", "ACTIVE", "CREATE_FAILED", "UPDATING", "DELETING", "DELETE_FAILED", "DEGRADED", "UPDATE_FAILED"
resp.addon.addon_version #=> String
resp.addon.health.issues #=> Array
resp.addon.health.issues[0].code #=> String, one of "AccessDenied", "InternalFailure", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.addon.health.issues[0].message #=> String
resp.addon.health.issues[0].resource_ids #=> Array
resp.addon.health.issues[0].resource_ids[0] #=> String
resp.addon.addon_arn #=> String
resp.addon.created_at #=> Time
resp.addon.modified_at #=> Time
resp.addon. #=> String
resp.addon.tags #=> Hash
resp.addon.tags["TagKey"] #=> String
resp.addon.publisher #=> String
resp.addon.owner #=> String
resp.addon.marketplace_information.product_id #=> String
resp.addon.marketplace_information.product_url #=> String
resp.addon.configuration_values #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :addon_name (required, String)

    The name of the add-on. The name must match one of the names returned by DescribeAddonVersions.

  • :addon_version (String)

    The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .

  • :service_account_role_arn (String)

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

  • :resolve_conflicts (String)

    How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose:

    • None – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail.

    • Overwrite – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value.

    • Preserve – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see UpdateAddon.

    If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

  • :configuration_values (String)

    The set of configuration values for the add-on that's created. The values that you provide are validated against the schema returned by DescribeAddonConfiguration.

Returns:

See Also:



888
889
890
891
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 888

def create_addon(params = {}, options = {})
  req = build_request(:create_addon, params)
  req.send_request(options)
end

#create_cluster(params = {}) ⇒ Types::CreateClusterResponse

Creates an Amazon EKS control plane.

The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.

The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).

Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.

You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .

You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Managing Cluster Authentication and Launching Amazon EKS nodes in the Amazon EKS User Guide.

Examples:

Example: To create a new cluster


# The following example creates an Amazon EKS cluster called prod.

resp = client.create_cluster({
  version: "1.10", 
  name: "prod", 
  client_request_token: "1d2129a1-3d38-460a-9756-e5b91fddb951", 
  resources_vpc_config: {
    security_group_ids: [
      "sg-6979fe18", 
    ], 
    subnet_ids: [
      "subnet-6782e71e", 
      "subnet-e7e761ac", 
    ], 
  }, 
  role_arn: "arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI", 
})

resp.to_h outputs the following:
{
}

Request syntax with placeholder values


resp = client.create_cluster({
  name: "ClusterName", # required
  version: "String",
  role_arn: "String", # required
  resources_vpc_config: { # required
    subnet_ids: ["String"],
    security_group_ids: ["String"],
    endpoint_public_access: false,
    endpoint_private_access: false,
    public_access_cidrs: ["String"],
  },
  kubernetes_network_config: {
    service_ipv_4_cidr: "String",
    ip_family: "ipv4", # accepts ipv4, ipv6
  },
  logging: {
    cluster_logging: [
      {
        types: ["api"], # accepts api, audit, authenticator, controllerManager, scheduler
        enabled: false,
      },
    ],
  },
  client_request_token: "String",
  tags: {
    "TagKey" => "TagValue",
  },
  encryption_config: [
    {
      resources: ["String"],
      provider: {
        key_arn: "String",
      },
    },
  ],
  outpost_config: {
    outpost_arns: ["String"], # required
    control_plane_instance_type: "String", # required
    control_plane_placement: {
      group_name: "String",
    },
  },
  access_config: {
    bootstrap_cluster_creator_admin_permissions: false,
    authentication_mode: "API", # accepts API, API_AND_CONFIG_MAP, CONFIG_MAP
  },
})

Response structure


resp.cluster.name #=> String
resp.cluster.arn #=> String
resp.cluster.created_at #=> Time
resp.cluster.version #=> String
resp.cluster.endpoint #=> String
resp.cluster.role_arn #=> String
resp.cluster.resources_vpc_config.subnet_ids #=> Array
resp.cluster.resources_vpc_config.subnet_ids[0] #=> String
resp.cluster.resources_vpc_config.security_group_ids #=> Array
resp.cluster.resources_vpc_config.security_group_ids[0] #=> String
resp.cluster.resources_vpc_config.cluster_security_group_id #=> String
resp.cluster.resources_vpc_config.vpc_id #=> String
resp.cluster.resources_vpc_config.endpoint_public_access #=> Boolean
resp.cluster.resources_vpc_config.endpoint_private_access #=> Boolean
resp.cluster.resources_vpc_config.public_access_cidrs #=> Array
resp.cluster.resources_vpc_config.public_access_cidrs[0] #=> String
resp.cluster.kubernetes_network_config.service_ipv_4_cidr #=> String
resp.cluster.kubernetes_network_config.service_ipv_6_cidr #=> String
resp.cluster.kubernetes_network_config.ip_family #=> String, one of "ipv4", "ipv6"
resp.cluster.logging.cluster_logging #=> Array
resp.cluster.logging.cluster_logging[0].types #=> Array
resp.cluster.logging.cluster_logging[0].types[0] #=> String, one of "api", "audit", "authenticator", "controllerManager", "scheduler"
resp.cluster.logging.cluster_logging[0].enabled #=> Boolean
resp.cluster.identity.oidc.issuer #=> String
resp.cluster.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "FAILED", "UPDATING", "PENDING"
resp.cluster.certificate_authority.data #=> String
resp.cluster.client_request_token #=> String
resp.cluster.platform_version #=> String
resp.cluster.tags #=> Hash
resp.cluster.tags["TagKey"] #=> String
resp.cluster.encryption_config #=> Array
resp.cluster.encryption_config[0].resources #=> Array
resp.cluster.encryption_config[0].resources[0] #=> String
resp.cluster.encryption_config[0].provider.key_arn #=> String
resp.cluster.connector_config.activation_id #=> String
resp.cluster.connector_config.activation_code #=> String
resp.cluster.connector_config.activation_expiry #=> Time
resp.cluster.connector_config.provider #=> String
resp.cluster.connector_config.role_arn #=> String
resp.cluster.id #=> String
resp.cluster.health.issues #=> Array
resp.cluster.health.issues[0].code #=> String, one of "AccessDenied", "ClusterUnreachable", "ConfigurationConflict", "InternalFailure", "ResourceLimitExceeded", "ResourceNotFound", "IamRoleNotFound", "VpcNotFound", "InsufficientFreeAddresses", "Ec2ServiceNotSubscribed", "Ec2SubnetNotFound", "Ec2SecurityGroupNotFound", "KmsGrantRevoked", "KmsKeyNotFound", "KmsKeyMarkedForDeletion", "KmsKeyDisabled", "StsRegionalEndpointDisabled", "UnsupportedVersion", "Other"
resp.cluster.health.issues[0].message #=> String
resp.cluster.health.issues[0].resource_ids #=> Array
resp.cluster.health.issues[0].resource_ids[0] #=> String
resp.cluster.outpost_config.outpost_arns #=> Array
resp.cluster.outpost_config.outpost_arns[0] #=> String
resp.cluster.outpost_config.control_plane_instance_type #=> String
resp.cluster.outpost_config.control_plane_placement.group_name #=> String
resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The unique name to give to your cluster.

  • :version (String)

    The desired Kubernetes version for your cluster. If you don't specify a value here, the default version available in Amazon EKS is used.

    The default version might not be the latest version available.

  • :role_arn (required, String)

    The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to Amazon Web Services API operations on your behalf. For more information, see Amazon EKS Service IAM Role in the Amazon EKS User Guide .

  • :resources_vpc_config (required, Types::VpcConfigRequest)

    The VPC configuration that's used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. You must specify at least two subnets. You can specify up to five security groups. However, we recommend that you use a dedicated security group for your cluster control plane.

  • :kubernetes_network_config (Types::KubernetesNetworkConfigRequest)

    The Kubernetes network configuration for the cluster.

  • :logging (Types::Logging)

    Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .

    CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

  • :encryption_config (Array<Types::EncryptionConfig>)

    The encryption configuration for the cluster.

  • :outpost_config (Types::OutpostConfigRequest)

    An object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services Outpost. Before creating a local cluster on an Outpost, review Local clusters for Amazon EKS on Amazon Web Services Outposts in the Amazon EKS User Guide. This object isn't available for creating Amazon EKS clusters on the Amazon Web Services cloud.

  • :access_config (Types::CreateAccessConfigRequest)

    The access configuration for the cluster.

Returns:

See Also:



1171
1172
1173
1174
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1171

def create_cluster(params = {}, options = {})
  req = build_request(:create_cluster, params)
  req.send_request(options)
end

#create_eks_anywhere_subscription(params = {}) ⇒ Types::CreateEksAnywhereSubscriptionResponse

Creates an EKS Anywhere subscription. When a subscription is created, it is a contract agreement for the length of the term specified in the request. Licenses that are used to validate support are provisioned in Amazon Web Services License Manager and the caller account is granted access to EKS Anywhere Curated Packages.

Examples:

Request syntax with placeholder values


resp = client.create_eks_anywhere_subscription({
  name: "EksAnywhereSubscriptionName", # required
  term: { # required
    duration: 1,
    unit: "MONTHS", # accepts MONTHS
  },
  license_quantity: 1,
  license_type: "Cluster", # accepts Cluster
  auto_renew: false,
  client_request_token: "String",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.subscription.id #=> String
resp.subscription.arn #=> String
resp.subscription.created_at #=> Time
resp.subscription.effective_date #=> Time
resp.subscription.expiration_date #=> Time
resp.subscription.license_quantity #=> Integer
resp.subscription.license_type #=> String, one of "Cluster"
resp.subscription.term.duration #=> Integer
resp.subscription.term.unit #=> String, one of "MONTHS"
resp.subscription.status #=> String
resp.subscription.auto_renew #=> Boolean
resp.subscription.license_arns #=> Array
resp.subscription.license_arns[0] #=> String
resp.subscription.tags #=> Hash
resp.subscription.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The unique name for your subscription. It must be unique in your Amazon Web Services account in the Amazon Web Services Region you're creating the subscription in. The name can contain only alphanumeric characters (case-sensitive), hyphens, and underscores. It must start with an alphabetic character and can't be longer than 100 characters.

  • :term (required, Types::EksAnywhereSubscriptionTerm)

    An object representing the term duration and term unit type of your subscription. This determines the term length of your subscription. Valid values are MONTHS for term unit and 12 or 36 for term duration, indicating a 12 month or 36 month subscription. This value cannot be changed after creating the subscription.

  • :license_quantity (Integer)

    The number of licenses to purchase with the subscription. Valid values are between 1 and 100. This value can't be changed after creating the subscription.

  • :license_type (String)

    The license type for all licenses in the subscription. Valid value is CLUSTER. With the CLUSTER license type, each license covers support for a single EKS Anywhere cluster.

  • :auto_renew (Boolean)

    A boolean indicating whether the subscription auto renews at the end of the term.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    The metadata for a subscription to assist with categorization and organization. Each tag consists of a key and an optional value. Subscription tags don't propagate to any other resources associated with the subscription.

Returns:

See Also:



1266
1267
1268
1269
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1266

def create_eks_anywhere_subscription(params = {}, options = {})
  req = build_request(:create_eks_anywhere_subscription, params)
  req.send_request(options)
end

#create_fargate_profile(params = {}) ⇒ Types::CreateFargateProfileResponse

Creates an Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.

The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.

When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes Role Based Access Control (RBAC) for authorization so that the kubelet that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see Pod Execution Role in the Amazon EKS User Guide.

Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.

If any Fargate profiles in a cluster are in the DELETING status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.

For more information, see Fargate profile in the Amazon EKS User Guide.

Examples:

Request syntax with placeholder values


resp = client.create_fargate_profile({
  fargate_profile_name: "String", # required
  cluster_name: "String", # required
  pod_execution_role_arn: "String", # required
  subnets: ["String"],
  selectors: [
    {
      namespace: "String",
      labels: {
        "String" => "String",
      },
    },
  ],
  client_request_token: "String",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.fargate_profile.fargate_profile_name #=> String
resp.fargate_profile.fargate_profile_arn #=> String
resp.fargate_profile.cluster_name #=> String
resp.fargate_profile.created_at #=> Time
resp.fargate_profile.pod_execution_role_arn #=> String
resp.fargate_profile.subnets #=> Array
resp.fargate_profile.subnets[0] #=> String
resp.fargate_profile.selectors #=> Array
resp.fargate_profile.selectors[0].namespace #=> String
resp.fargate_profile.selectors[0].labels #=> Hash
resp.fargate_profile.selectors[0].labels["String"] #=> String
resp.fargate_profile.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "CREATE_FAILED", "DELETE_FAILED"
resp.fargate_profile.tags #=> Hash
resp.fargate_profile.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :fargate_profile_name (required, String)

    The name of the Fargate profile.

  • :cluster_name (required, String)

    The name of your cluster.

  • :pod_execution_role_arn (required, String)

    The Amazon Resource Name (ARN) of the Pod execution role to use for a Pod that matches the selectors in the Fargate profile. The Pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. For more information, see Pod execution role in the Amazon EKS User Guide.

  • :subnets (Array<String>)

    The IDs of subnets to launch a Pod into. A Pod running on Fargate isn't assigned a public IP address, so only private subnets (with no direct route to an Internet Gateway) are accepted for this parameter.

  • :selectors (Array<Types::FargateProfileSelector>)

    The selectors to match for a Pod to use this Fargate profile. Each selector must have an associated Kubernetes namespace. Optionally, you can also specify labels for a namespace. You may specify up to five selectors in a Fargate profile.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

Returns:

See Also:



1399
1400
1401
1402
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1399

def create_fargate_profile(params = {}, options = {})
  req = build_request(:create_fargate_profile, params)
  req.send_request(options)
end

#create_nodegroup(params = {}) ⇒ Types::CreateNodegroupResponse

Creates a managed node group for an Amazon EKS cluster.

You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Launch template support.

An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.

Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.

Examples:

Request syntax with placeholder values


resp = client.create_nodegroup({
  cluster_name: "String", # required
  nodegroup_name: "String", # required
  scaling_config: {
    min_size: 1,
    max_size: 1,
    desired_size: 1,
  },
  disk_size: 1,
  subnets: ["String"], # required
  instance_types: ["String"],
  ami_type: "AL2_x86_64", # accepts AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64, CUSTOM, BOTTLEROCKET_ARM_64, BOTTLEROCKET_x86_64, BOTTLEROCKET_ARM_64_NVIDIA, BOTTLEROCKET_x86_64_NVIDIA, WINDOWS_CORE_2019_x86_64, WINDOWS_FULL_2019_x86_64, WINDOWS_CORE_2022_x86_64, WINDOWS_FULL_2022_x86_64, AL2023_x86_64_STANDARD, AL2023_ARM_64_STANDARD
  remote_access: {
    ec2_ssh_key: "String",
    source_security_groups: ["String"],
  },
  node_role: "String", # required
  labels: {
    "labelKey" => "labelValue",
  },
  taints: [
    {
      key: "taintKey",
      value: "taintValue",
      effect: "NO_SCHEDULE", # accepts NO_SCHEDULE, NO_EXECUTE, PREFER_NO_SCHEDULE
    },
  ],
  tags: {
    "TagKey" => "TagValue",
  },
  client_request_token: "String",
  launch_template: {
    name: "String",
    version: "String",
    id: "String",
  },
  update_config: {
    max_unavailable: 1,
    max_unavailable_percentage: 1,
  },
  capacity_type: "ON_DEMAND", # accepts ON_DEMAND, SPOT
  version: "String",
  release_version: "String",
})

Response structure


resp.nodegroup.nodegroup_name #=> String
resp.nodegroup.nodegroup_arn #=> String
resp.nodegroup.cluster_name #=> String
resp.nodegroup.version #=> String
resp.nodegroup.release_version #=> String
resp.nodegroup.created_at #=> Time
resp.nodegroup.modified_at #=> Time
resp.nodegroup.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "DELETE_FAILED", "DEGRADED"
resp.nodegroup.capacity_type #=> String, one of "ON_DEMAND", "SPOT"
resp.nodegroup.scaling_config.min_size #=> Integer
resp.nodegroup.scaling_config.max_size #=> Integer
resp.nodegroup.scaling_config.desired_size #=> Integer
resp.nodegroup.instance_types #=> Array
resp.nodegroup.instance_types[0] #=> String
resp.nodegroup.subnets #=> Array
resp.nodegroup.subnets[0] #=> String
resp.nodegroup.remote_access.ec2_ssh_key #=> String
resp.nodegroup.remote_access.source_security_groups #=> Array
resp.nodegroup.remote_access.source_security_groups[0] #=> String
resp.nodegroup.ami_type #=> String, one of "AL2_x86_64", "AL2_x86_64_GPU", "AL2_ARM_64", "CUSTOM", "BOTTLEROCKET_ARM_64", "BOTTLEROCKET_x86_64", "BOTTLEROCKET_ARM_64_NVIDIA", "BOTTLEROCKET_x86_64_NVIDIA", "WINDOWS_CORE_2019_x86_64", "WINDOWS_FULL_2019_x86_64", "WINDOWS_CORE_2022_x86_64", "WINDOWS_FULL_2022_x86_64", "AL2023_x86_64_STANDARD", "AL2023_ARM_64_STANDARD"
resp.nodegroup.node_role #=> String
resp.nodegroup.labels #=> Hash
resp.nodegroup.labels["labelKey"] #=> String
resp.nodegroup.taints #=> Array
resp.nodegroup.taints[0].key #=> String
resp.nodegroup.taints[0].value #=> String
resp.nodegroup.taints[0].effect #=> String, one of "NO_SCHEDULE", "NO_EXECUTE", "PREFER_NO_SCHEDULE"
resp.nodegroup.resources.auto_scaling_groups #=> Array
resp.nodegroup.resources.auto_scaling_groups[0].name #=> String
resp.nodegroup.resources.remote_access_security_group #=> String
resp.nodegroup.disk_size #=> Integer
resp.nodegroup.health.issues #=> Array
resp.nodegroup.health.issues[0].code #=> String, one of "AutoScalingGroupNotFound", "AutoScalingGroupInvalidConfiguration", "Ec2SecurityGroupNotFound", "Ec2SecurityGroupDeletionFailure", "Ec2LaunchTemplateNotFound", "Ec2LaunchTemplateVersionMismatch", "Ec2SubnetNotFound", "Ec2SubnetInvalidConfiguration", "IamInstanceProfileNotFound", "Ec2SubnetMissingIpv6Assignment", "IamLimitExceeded", "IamNodeRoleNotFound", "NodeCreationFailure", "AsgInstanceLaunchFailures", "InstanceLimitExceeded", "InsufficientFreeAddresses", "AccessDenied", "InternalFailure", "ClusterUnreachable", "AmiIdNotFound", "AutoScalingGroupOptInRequired", "AutoScalingGroupRateLimitExceeded", "Ec2LaunchTemplateDeletionFailure", "Ec2LaunchTemplateInvalidConfiguration", "Ec2LaunchTemplateMaxLimitExceeded", "Ec2SubnetListTooLong", "IamThrottling", "NodeTerminationFailure", "PodEvictionFailure", "SourceEc2LaunchTemplateNotFound", "LimitExceeded", "Unknown", "AutoScalingGroupInstanceRefreshActive", "KubernetesLabelInvalid", "Ec2LaunchTemplateVersionMaxLimitExceeded"
resp.nodegroup.health.issues[0].message #=> String
resp.nodegroup.health.issues[0].resource_ids #=> Array
resp.nodegroup.health.issues[0].resource_ids[0] #=> String
resp.nodegroup.update_config.max_unavailable #=> Integer
resp.nodegroup.update_config.max_unavailable_percentage #=> Integer
resp.nodegroup.launch_template.name #=> String
resp.nodegroup.launch_template.version #=> String
resp.nodegroup.launch_template.id #=> String
resp.nodegroup.tags #=> Hash
resp.nodegroup.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :nodegroup_name (required, String)

    The unique name to give your node group.

  • :scaling_config (Types::NodegroupScalingConfig)

    The scaling configuration details for the Auto Scaling group that is created for your node group.

  • :disk_size (Integer)

    The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB for Linux and Bottlerocket. The default disk size is 50 GiB for Windows. If you specify launchTemplate, then don't specify diskSize, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :subnets (required, Array<String>)

    The subnets to use for the Auto Scaling group that is created for your node group. If you specify launchTemplate, then don't specify SubnetId in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :instance_types (Array<String>)

    Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the amiType parameter. If you specify launchTemplate, then you can specify zero or one instance type in your launch template or you can specify 0-20 instance types for instanceTypes. If however, you specify an instance type in your launch template and specify any instanceTypes, the node group deployment will fail. If you don't specify an instance type in a launch template or for instanceTypes, then t3.medium is used, by default. If you specify Spot for capacityType, then we recommend specifying multiple values for instanceTypes. For more information, see Managed node group capacity types and Launch template support in the Amazon EKS User Guide.

  • :ami_type (String)

    The AMI type for your node group. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify amiType, or the node group deployment will fail. If your launch template uses a Windows custom AMI, then add eks:kube-proxy-windows to your Windows nodes rolearn in the aws-auth ConfigMap. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :remote_access (Types::RemoteAccessConfig)

    The remote access configuration to use with your node group. For Linux, the protocol is SSH. For Windows, the protocol is RDP. If you specify launchTemplate, then don't specify remoteAccess, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :node_role (required, String)

    The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch nodes and register them into a cluster, you must create an IAM role for those nodes to use when they are launched. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide . If you specify launchTemplate, then don't specify IamInstanceProfile in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :labels (Hash<String,String>)

    The Kubernetes labels to apply to the nodes in the node group when they are created.

  • :taints (Array<Types::Taint>)

    The Kubernetes taints to be applied to the nodes in the node group. For more information, see Node taints on managed node groups.

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :launch_template (Types::LaunchTemplateSpecification)

    An object representing a node group's launch template specification. If specified, then do not specify instanceTypes, diskSize, or remoteAccess and make sure that the launch template meets the requirements in launchTemplateSpecification.

  • :update_config (Types::NodegroupUpdateConfig)

    The node group update configuration.

  • :capacity_type (String)

    The capacity type for your node group.

  • :version (String)

    The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :release_version (String)

    The AMI version of the Amazon EKS optimized AMI to use with your node group. By default, the latest available AMI version for the node group's current Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.

    If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify releaseVersion, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

Returns:

See Also:



1697
1698
1699
1700
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1697

def create_nodegroup(params = {}, options = {})
  req = build_request(:create_nodegroup, params)
  req.send_request(options)
end

#create_pod_identity_association(params = {}) ⇒ Types::CreatePodIdentityAssociationResponse

Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

If a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.

Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn't use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.

Examples:

Request syntax with placeholder values


resp = client.create_pod_identity_association({
  cluster_name: "String", # required
  namespace: "String", # required
  service_account: "String", # required
  role_arn: "String", # required
  client_request_token: "String",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.association.cluster_name #=> String
resp.association.namespace #=> String
resp.association. #=> String
resp.association.role_arn #=> String
resp.association.association_arn #=> String
resp.association.association_id #=> String
resp.association.tags #=> Hash
resp.association.tags["TagKey"] #=> String
resp.association.created_at #=> Time
resp.association.modified_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of the cluster to create the association in.

  • :namespace (required, String)

    The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.

  • :service_account (required, String)

    The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.

  • :role_arn (required, String)

    The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

    The following basic restrictions apply to tags:

    • Maximum number of tags per resource – 50

    • For each resource, each tag key must be unique, and each tag key can have only one value.

    • Maximum key length – 128 Unicode characters in UTF-8

    • Maximum value length – 256 Unicode characters in UTF-8

    • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.

    • Tag keys and values are case-sensitive.

    • Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

Returns:

See Also:



1811
1812
1813
1814
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1811

def create_pod_identity_association(params = {}, options = {})
  req = build_request(:create_pod_identity_association, params)
  req.send_request(options)
end

#delete_access_entry(params = {}) ⇒ Struct

Deletes an access entry.

Deleting an access entry of a type other than Standard can cause your cluster to function improperly. If you delete an access entry in error, you can recreate it.

Examples:

Request syntax with placeholder values


resp = client.delete_access_entry({
  cluster_name: "String", # required
  principal_arn: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The ARN of the IAM principal for the AccessEntry.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1841
1842
1843
1844
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1841

def delete_access_entry(params = {}, options = {})
  req = build_request(:delete_access_entry, params)
  req.send_request(options)
end

#delete_addon(params = {}) ⇒ Types::DeleteAddonResponse

Deletes an Amazon EKS add-on.

When you remove an add-on, it's deleted from the cluster. You can always manually start an add-on on the cluster using the Kubernetes API.

Examples:

Request syntax with placeholder values


resp = client.delete_addon({
  cluster_name: "ClusterName", # required
  addon_name: "String", # required
  preserve: false,
})

Response structure


resp.addon.addon_name #=> String
resp.addon.cluster_name #=> String
resp.addon.status #=> String, one of "CREATING", "ACTIVE", "CREATE_FAILED", "UPDATING", "DELETING", "DELETE_FAILED", "DEGRADED", "UPDATE_FAILED"
resp.addon.addon_version #=> String
resp.addon.health.issues #=> Array
resp.addon.health.issues[0].code #=> String, one of "AccessDenied", "InternalFailure", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.addon.health.issues[0].message #=> String
resp.addon.health.issues[0].resource_ids #=> Array
resp.addon.health.issues[0].resource_ids[0] #=> String
resp.addon.addon_arn #=> String
resp.addon.created_at #=> Time
resp.addon.modified_at #=> Time
resp.addon. #=> String
resp.addon.tags #=> Hash
resp.addon.tags["TagKey"] #=> String
resp.addon.publisher #=> String
resp.addon.owner #=> String
resp.addon.marketplace_information.product_id #=> String
resp.addon.marketplace_information.product_url #=> String
resp.addon.configuration_values #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :addon_name (required, String)

    The name of the add-on. The name must match one of the names returned by ListAddons .

  • :preserve (Boolean)

    Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it isn't removed.

Returns:

See Also:



1907
1908
1909
1910
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 1907

def delete_addon(params = {}, options = {})
  req = build_request(:delete_addon, params)
  req.send_request(options)
end

#delete_cluster(params = {}) ⇒ Types::DeleteClusterResponse

Deletes an Amazon EKS cluster control plane.

If you have active services in your cluster that are associated with a load balancer, you must delete those services before deleting the cluster so that the load balancers are deleted properly. Otherwise, you can have orphaned resources in your VPC that prevent you from being able to delete the VPC. For more information, see Deleting a cluster in the Amazon EKS User Guide.

If you have managed node groups or Fargate profiles attached to the cluster, you must delete them first. For more information, see DeleteNodgroup and DeleteFargateProfile.

Examples:

Example: To delete a cluster


# This example command deletes a cluster named `devel` in your default region.

resp = client.delete_cluster({
  name: "devel", 
})

resp.to_h outputs the following:
{
}

Request syntax with placeholder values


resp = client.delete_cluster({
  name: "String", # required
})

Response structure


resp.cluster.name #=> String
resp.cluster.arn #=> String
resp.cluster.created_at #=> Time
resp.cluster.version #=> String
resp.cluster.endpoint #=> String
resp.cluster.role_arn #=> String
resp.cluster.resources_vpc_config.subnet_ids #=> Array
resp.cluster.resources_vpc_config.subnet_ids[0] #=> String
resp.cluster.resources_vpc_config.security_group_ids #=> Array
resp.cluster.resources_vpc_config.security_group_ids[0] #=> String
resp.cluster.resources_vpc_config.cluster_security_group_id #=> String
resp.cluster.resources_vpc_config.vpc_id #=> String
resp.cluster.resources_vpc_config.endpoint_public_access #=> Boolean
resp.cluster.resources_vpc_config.endpoint_private_access #=> Boolean
resp.cluster.resources_vpc_config.public_access_cidrs #=> Array
resp.cluster.resources_vpc_config.public_access_cidrs[0] #=> String
resp.cluster.kubernetes_network_config.service_ipv_4_cidr #=> String
resp.cluster.kubernetes_network_config.service_ipv_6_cidr #=> String
resp.cluster.kubernetes_network_config.ip_family #=> String, one of "ipv4", "ipv6"
resp.cluster.logging.cluster_logging #=> Array
resp.cluster.logging.cluster_logging[0].types #=> Array
resp.cluster.logging.cluster_logging[0].types[0] #=> String, one of "api", "audit", "authenticator", "controllerManager", "scheduler"
resp.cluster.logging.cluster_logging[0].enabled #=> Boolean
resp.cluster.identity.oidc.issuer #=> String
resp.cluster.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "FAILED", "UPDATING", "PENDING"
resp.cluster.certificate_authority.data #=> String
resp.cluster.client_request_token #=> String
resp.cluster.platform_version #=> String
resp.cluster.tags #=> Hash
resp.cluster.tags["TagKey"] #=> String
resp.cluster.encryption_config #=> Array
resp.cluster.encryption_config[0].resources #=> Array
resp.cluster.encryption_config[0].resources[0] #=> String
resp.cluster.encryption_config[0].provider.key_arn #=> String
resp.cluster.connector_config.activation_id #=> String
resp.cluster.connector_config.activation_code #=> String
resp.cluster.connector_config.activation_expiry #=> Time
resp.cluster.connector_config.provider #=> String
resp.cluster.connector_config.role_arn #=> String
resp.cluster.id #=> String
resp.cluster.health.issues #=> Array
resp.cluster.health.issues[0].code #=> String, one of "AccessDenied", "ClusterUnreachable", "ConfigurationConflict", "InternalFailure", "ResourceLimitExceeded", "ResourceNotFound", "IamRoleNotFound", "VpcNotFound", "InsufficientFreeAddresses", "Ec2ServiceNotSubscribed", "Ec2SubnetNotFound", "Ec2SecurityGroupNotFound", "KmsGrantRevoked", "KmsKeyNotFound", "KmsKeyMarkedForDeletion", "KmsKeyDisabled", "StsRegionalEndpointDisabled", "UnsupportedVersion", "Other"
resp.cluster.health.issues[0].message #=> String
resp.cluster.health.issues[0].resource_ids #=> Array
resp.cluster.health.issues[0].resource_ids[0] #=> String
resp.cluster.outpost_config.outpost_arns #=> Array
resp.cluster.outpost_config.outpost_arns[0] #=> String
resp.cluster.outpost_config.control_plane_instance_type #=> String
resp.cluster.outpost_config.control_plane_placement.group_name #=> String
resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the cluster to delete.

Returns:

See Also:



2013
2014
2015
2016
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2013

def delete_cluster(params = {}, options = {})
  req = build_request(:delete_cluster, params)
  req.send_request(options)
end

#delete_eks_anywhere_subscription(params = {}) ⇒ Types::DeleteEksAnywhereSubscriptionResponse

Deletes an expired or inactive subscription. Deleting inactive subscriptions removes them from the Amazon Web Services Management Console view and from list/describe API responses. Subscriptions can only be cancelled within 7 days of creation and are cancelled by creating a ticket in the Amazon Web Services Support Center.

Examples:

Request syntax with placeholder values


resp = client.delete_eks_anywhere_subscription({
  id: "String", # required
})

Response structure


resp.subscription.id #=> String
resp.subscription.arn #=> String
resp.subscription.created_at #=> Time
resp.subscription.effective_date #=> Time
resp.subscription.expiration_date #=> Time
resp.subscription.license_quantity #=> Integer
resp.subscription.license_type #=> String, one of "Cluster"
resp.subscription.term.duration #=> Integer
resp.subscription.term.unit #=> String, one of "MONTHS"
resp.subscription.status #=> String
resp.subscription.auto_renew #=> Boolean
resp.subscription.license_arns #=> Array
resp.subscription.license_arns[0] #=> String
resp.subscription.tags #=> Hash
resp.subscription.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :id (required, String)

    The ID of the subscription.

Returns:

See Also:



2059
2060
2061
2062
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2059

def delete_eks_anywhere_subscription(params = {}, options = {})
  req = build_request(:delete_eks_anywhere_subscription, params)
  req.send_request(options)
end

#delete_fargate_profile(params = {}) ⇒ Types::DeleteFargateProfileResponse

Deletes an Fargate profile.

When you delete a Fargate profile, any Pod running on Fargate that was created with the profile is deleted. If the Pod matches another Fargate profile, then it is scheduled on Fargate with that profile. If it no longer matches any Fargate profiles, then it's not scheduled on Fargate and may remain in a pending state.

Only one Fargate profile in a cluster can be in the DELETING status at a time. You must wait for a Fargate profile to finish deleting before you can delete any other profiles in that cluster.

Examples:

Request syntax with placeholder values


resp = client.delete_fargate_profile({
  cluster_name: "String", # required
  fargate_profile_name: "String", # required
})

Response structure


resp.fargate_profile.fargate_profile_name #=> String
resp.fargate_profile.fargate_profile_arn #=> String
resp.fargate_profile.cluster_name #=> String
resp.fargate_profile.created_at #=> Time
resp.fargate_profile.pod_execution_role_arn #=> String
resp.fargate_profile.subnets #=> Array
resp.fargate_profile.subnets[0] #=> String
resp.fargate_profile.selectors #=> Array
resp.fargate_profile.selectors[0].namespace #=> String
resp.fargate_profile.selectors[0].labels #=> Hash
resp.fargate_profile.selectors[0].labels["String"] #=> String
resp.fargate_profile.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "CREATE_FAILED", "DELETE_FAILED"
resp.fargate_profile.tags #=> Hash
resp.fargate_profile.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :fargate_profile_name (required, String)

    The name of the Fargate profile to delete.

Returns:

See Also:



2114
2115
2116
2117
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2114

def delete_fargate_profile(params = {}, options = {})
  req = build_request(:delete_fargate_profile, params)
  req.send_request(options)
end

#delete_nodegroup(params = {}) ⇒ Types::DeleteNodegroupResponse

Deletes a managed node group.

Examples:

Request syntax with placeholder values


resp = client.delete_nodegroup({
  cluster_name: "String", # required
  nodegroup_name: "String", # required
})

Response structure


resp.nodegroup.nodegroup_name #=> String
resp.nodegroup.nodegroup_arn #=> String
resp.nodegroup.cluster_name #=> String
resp.nodegroup.version #=> String
resp.nodegroup.release_version #=> String
resp.nodegroup.created_at #=> Time
resp.nodegroup.modified_at #=> Time
resp.nodegroup.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "DELETE_FAILED", "DEGRADED"
resp.nodegroup.capacity_type #=> String, one of "ON_DEMAND", "SPOT"
resp.nodegroup.scaling_config.min_size #=> Integer
resp.nodegroup.scaling_config.max_size #=> Integer
resp.nodegroup.scaling_config.desired_size #=> Integer
resp.nodegroup.instance_types #=> Array
resp.nodegroup.instance_types[0] #=> String
resp.nodegroup.subnets #=> Array
resp.nodegroup.subnets[0] #=> String
resp.nodegroup.remote_access.ec2_ssh_key #=> String
resp.nodegroup.remote_access.source_security_groups #=> Array
resp.nodegroup.remote_access.source_security_groups[0] #=> String
resp.nodegroup.ami_type #=> String, one of "AL2_x86_64", "AL2_x86_64_GPU", "AL2_ARM_64", "CUSTOM", "BOTTLEROCKET_ARM_64", "BOTTLEROCKET_x86_64", "BOTTLEROCKET_ARM_64_NVIDIA", "BOTTLEROCKET_x86_64_NVIDIA", "WINDOWS_CORE_2019_x86_64", "WINDOWS_FULL_2019_x86_64", "WINDOWS_CORE_2022_x86_64", "WINDOWS_FULL_2022_x86_64", "AL2023_x86_64_STANDARD", "AL2023_ARM_64_STANDARD"
resp.nodegroup.node_role #=> String
resp.nodegroup.labels #=> Hash
resp.nodegroup.labels["labelKey"] #=> String
resp.nodegroup.taints #=> Array
resp.nodegroup.taints[0].key #=> String
resp.nodegroup.taints[0].value #=> String
resp.nodegroup.taints[0].effect #=> String, one of "NO_SCHEDULE", "NO_EXECUTE", "PREFER_NO_SCHEDULE"
resp.nodegroup.resources.auto_scaling_groups #=> Array
resp.nodegroup.resources.auto_scaling_groups[0].name #=> String
resp.nodegroup.resources.remote_access_security_group #=> String
resp.nodegroup.disk_size #=> Integer
resp.nodegroup.health.issues #=> Array
resp.nodegroup.health.issues[0].code #=> String, one of "AutoScalingGroupNotFound", "AutoScalingGroupInvalidConfiguration", "Ec2SecurityGroupNotFound", "Ec2SecurityGroupDeletionFailure", "Ec2LaunchTemplateNotFound", "Ec2LaunchTemplateVersionMismatch", "Ec2SubnetNotFound", "Ec2SubnetInvalidConfiguration", "IamInstanceProfileNotFound", "Ec2SubnetMissingIpv6Assignment", "IamLimitExceeded", "IamNodeRoleNotFound", "NodeCreationFailure", "AsgInstanceLaunchFailures", "InstanceLimitExceeded", "InsufficientFreeAddresses", "AccessDenied", "InternalFailure", "ClusterUnreachable", "AmiIdNotFound", "AutoScalingGroupOptInRequired", "AutoScalingGroupRateLimitExceeded", "Ec2LaunchTemplateDeletionFailure", "Ec2LaunchTemplateInvalidConfiguration", "Ec2LaunchTemplateMaxLimitExceeded", "Ec2SubnetListTooLong", "IamThrottling", "NodeTerminationFailure", "PodEvictionFailure", "SourceEc2LaunchTemplateNotFound", "LimitExceeded", "Unknown", "AutoScalingGroupInstanceRefreshActive", "KubernetesLabelInvalid", "Ec2LaunchTemplateVersionMaxLimitExceeded"
resp.nodegroup.health.issues[0].message #=> String
resp.nodegroup.health.issues[0].resource_ids #=> Array
resp.nodegroup.health.issues[0].resource_ids[0] #=> String
resp.nodegroup.update_config.max_unavailable #=> Integer
resp.nodegroup.update_config.max_unavailable_percentage #=> Integer
resp.nodegroup.launch_template.name #=> String
resp.nodegroup.launch_template.version #=> String
resp.nodegroup.launch_template.id #=> String
resp.nodegroup.tags #=> Hash
resp.nodegroup.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :nodegroup_name (required, String)

    The name of the node group to delete.

Returns:

See Also:



2188
2189
2190
2191
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2188

def delete_nodegroup(params = {}, options = {})
  req = build_request(:delete_nodegroup, params)
  req.send_request(options)
end

#delete_pod_identity_association(params = {}) ⇒ Types::DeletePodIdentityAssociationResponse

Deletes a EKS Pod Identity association.

The temporary Amazon Web Services credentials from the previous IAM role session might still be valid until the session expiry. If you need to immediately revoke the temporary session credentials, then go to the role in the IAM console.

Examples:

Request syntax with placeholder values


resp = client.delete_pod_identity_association({
  cluster_name: "String", # required
  association_id: "String", # required
})

Response structure


resp.association.cluster_name #=> String
resp.association.namespace #=> String
resp.association. #=> String
resp.association.role_arn #=> String
resp.association.association_arn #=> String
resp.association.association_id #=> String
resp.association.tags #=> Hash
resp.association.tags["TagKey"] #=> String
resp.association.created_at #=> Time
resp.association.modified_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The cluster name that

  • :association_id (required, String)

    The ID of the association to be deleted.

Returns:

See Also:



2234
2235
2236
2237
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2234

def delete_pod_identity_association(params = {}, options = {})
  req = build_request(:delete_pod_identity_association, params)
  req.send_request(options)
end

#deregister_cluster(params = {}) ⇒ Types::DeregisterClusterResponse

Deregisters a connected cluster to remove it from the Amazon EKS control plane.

A connected cluster is a Kubernetes cluster that you've connected to your control plane using the Amazon EKS Connector.

Examples:

Request syntax with placeholder values


resp = client.deregister_cluster({
  name: "String", # required
})

Response structure


resp.cluster.name #=> String
resp.cluster.arn #=> String
resp.cluster.created_at #=> Time
resp.cluster.version #=> String
resp.cluster.endpoint #=> String
resp.cluster.role_arn #=> String
resp.cluster.resources_vpc_config.subnet_ids #=> Array
resp.cluster.resources_vpc_config.subnet_ids[0] #=> String
resp.cluster.resources_vpc_config.security_group_ids #=> Array
resp.cluster.resources_vpc_config.security_group_ids[0] #=> String
resp.cluster.resources_vpc_config.cluster_security_group_id #=> String
resp.cluster.resources_vpc_config.vpc_id #=> String
resp.cluster.resources_vpc_config.endpoint_public_access #=> Boolean
resp.cluster.resources_vpc_config.endpoint_private_access #=> Boolean
resp.cluster.resources_vpc_config.public_access_cidrs #=> Array
resp.cluster.resources_vpc_config.public_access_cidrs[0] #=> String
resp.cluster.kubernetes_network_config.service_ipv_4_cidr #=> String
resp.cluster.kubernetes_network_config.service_ipv_6_cidr #=> String
resp.cluster.kubernetes_network_config.ip_family #=> String, one of "ipv4", "ipv6"
resp.cluster.logging.cluster_logging #=> Array
resp.cluster.logging.cluster_logging[0].types #=> Array
resp.cluster.logging.cluster_logging[0].types[0] #=> String, one of "api", "audit", "authenticator", "controllerManager", "scheduler"
resp.cluster.logging.cluster_logging[0].enabled #=> Boolean
resp.cluster.identity.oidc.issuer #=> String
resp.cluster.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "FAILED", "UPDATING", "PENDING"
resp.cluster.certificate_authority.data #=> String
resp.cluster.client_request_token #=> String
resp.cluster.platform_version #=> String
resp.cluster.tags #=> Hash
resp.cluster.tags["TagKey"] #=> String
resp.cluster.encryption_config #=> Array
resp.cluster.encryption_config[0].resources #=> Array
resp.cluster.encryption_config[0].resources[0] #=> String
resp.cluster.encryption_config[0].provider.key_arn #=> String
resp.cluster.connector_config.activation_id #=> String
resp.cluster.connector_config.activation_code #=> String
resp.cluster.connector_config.activation_expiry #=> Time
resp.cluster.connector_config.provider #=> String
resp.cluster.connector_config.role_arn #=> String
resp.cluster.id #=> String
resp.cluster.health.issues #=> Array
resp.cluster.health.issues[0].code #=> String, one of "AccessDenied", "ClusterUnreachable", "ConfigurationConflict", "InternalFailure", "ResourceLimitExceeded", "ResourceNotFound", "IamRoleNotFound", "VpcNotFound", "InsufficientFreeAddresses", "Ec2ServiceNotSubscribed", "Ec2SubnetNotFound", "Ec2SecurityGroupNotFound", "KmsGrantRevoked", "KmsKeyNotFound", "KmsKeyMarkedForDeletion", "KmsKeyDisabled", "StsRegionalEndpointDisabled", "UnsupportedVersion", "Other"
resp.cluster.health.issues[0].message #=> String
resp.cluster.health.issues[0].resource_ids #=> Array
resp.cluster.health.issues[0].resource_ids[0] #=> String
resp.cluster.outpost_config.outpost_arns #=> Array
resp.cluster.outpost_config.outpost_arns[0] #=> String
resp.cluster.outpost_config.control_plane_instance_type #=> String
resp.cluster.outpost_config.control_plane_placement.group_name #=> String
resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the connected cluster to deregister.

Returns:

See Also:



2320
2321
2322
2323
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2320

def deregister_cluster(params = {}, options = {})
  req = build_request(:deregister_cluster, params)
  req.send_request(options)
end

#describe_access_entry(params = {}) ⇒ Types::DescribeAccessEntryResponse

Describes an access entry.

Examples:

Request syntax with placeholder values


resp = client.describe_access_entry({
  cluster_name: "String", # required
  principal_arn: "String", # required
})

Response structure


resp.access_entry.cluster_name #=> String
resp.access_entry.principal_arn #=> String
resp.access_entry.kubernetes_groups #=> Array
resp.access_entry.kubernetes_groups[0] #=> String
resp.access_entry.access_entry_arn #=> String
resp.access_entry.created_at #=> Time
resp.access_entry.modified_at #=> Time
resp.access_entry.tags #=> Hash
resp.access_entry.tags["TagKey"] #=> String
resp.access_entry.username #=> String
resp.access_entry.type #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The ARN of the IAM principal for the AccessEntry.

Returns:

See Also:



2362
2363
2364
2365
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2362

def describe_access_entry(params = {}, options = {})
  req = build_request(:describe_access_entry, params)
  req.send_request(options)
end

#describe_addon(params = {}) ⇒ Types::DescribeAddonResponse

Describes an Amazon EKS add-on.

The following waiters are defined for this operation (see #wait_until for detailed usage):

  • addon_active
  • addon_deleted

Examples:

Request syntax with placeholder values


resp = client.describe_addon({
  cluster_name: "ClusterName", # required
  addon_name: "String", # required
})

Response structure


resp.addon.addon_name #=> String
resp.addon.cluster_name #=> String
resp.addon.status #=> String, one of "CREATING", "ACTIVE", "CREATE_FAILED", "UPDATING", "DELETING", "DELETE_FAILED", "DEGRADED", "UPDATE_FAILED"
resp.addon.addon_version #=> String
resp.addon.health.issues #=> Array
resp.addon.health.issues[0].code #=> String, one of "AccessDenied", "InternalFailure", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.addon.health.issues[0].message #=> String
resp.addon.health.issues[0].resource_ids #=> Array
resp.addon.health.issues[0].resource_ids[0] #=> String
resp.addon.addon_arn #=> String
resp.addon.created_at #=> Time
resp.addon.modified_at #=> Time
resp.addon. #=> String
resp.addon.tags #=> Hash
resp.addon.tags["TagKey"] #=> String
resp.addon.publisher #=> String
resp.addon.owner #=> String
resp.addon.marketplace_information.product_id #=> String
resp.addon.marketplace_information.product_url #=> String
resp.addon.configuration_values #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :addon_name (required, String)

    The name of the add-on. The name must match one of the names returned by ListAddons .

Returns:

See Also:



2424
2425
2426
2427
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2424

def describe_addon(params = {}, options = {})
  req = build_request(:describe_addon, params)
  req.send_request(options)
end

#describe_addon_configuration(params = {}) ⇒ Types::DescribeAddonConfigurationResponse

Returns configuration options.

Examples:

Request syntax with placeholder values


resp = client.describe_addon_configuration({
  addon_name: "String", # required
  addon_version: "String", # required
})

Response structure


resp.addon_name #=> String
resp.addon_version #=> String
resp.configuration_schema #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :addon_name (required, String)

    The name of the add-on. The name must match one of the names returned by DescribeAddonVersions.

  • :addon_version (required, String)

    The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .

Returns:

See Also:



2466
2467
2468
2469
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2466

def describe_addon_configuration(params = {}, options = {})
  req = build_request(:describe_addon_configuration, params)
  req.send_request(options)
end

#describe_addon_versions(params = {}) ⇒ Types::DescribeAddonVersionsResponse

Describes the versions for an add-on.

Information such as the Kubernetes versions that you can use the add-on with, the owner, publisher, and the type of the add-on are returned.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.describe_addon_versions({
  kubernetes_version: "String",
  max_results: 1,
  next_token: "String",
  addon_name: "String",
  types: ["String"],
  publishers: ["String"],
  owners: ["String"],
})

Response structure


resp.addons #=> Array
resp.addons[0].addon_name #=> String
resp.addons[0].type #=> String
resp.addons[0].addon_versions #=> Array
resp.addons[0].addon_versions[0].addon_version #=> String
resp.addons[0].addon_versions[0].architecture #=> Array
resp.addons[0].addon_versions[0].architecture[0] #=> String
resp.addons[0].addon_versions[0].compatibilities #=> Array
resp.addons[0].addon_versions[0].compatibilities[0].cluster_version #=> String
resp.addons[0].addon_versions[0].compatibilities[0].platform_versions #=> Array
resp.addons[0].addon_versions[0].compatibilities[0].platform_versions[0] #=> String
resp.addons[0].addon_versions[0].compatibilities[0].default_version #=> Boolean
resp.addons[0].addon_versions[0].requires_configuration #=> Boolean
resp.addons[0].publisher #=> String
resp.addons[0].owner #=> String
resp.addons[0].marketplace_information.product_id #=> String
resp.addons[0].marketplace_information.product_url #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :kubernetes_version (String)

    The Kubernetes versions that you can use the add-on with.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

  • :addon_name (String)

    The name of the add-on. The name must match one of the names returned by ListAddons .

  • :types (Array<String>)

    The type of the add-on. For valid types, don't specify a value for this property.

  • :publishers (Array<String>)

    The publisher of the add-on. For valid publishers, don't specify a value for this property.

  • :owners (Array<String>)

    The owner of the add-on. For valid owners, don't specify a value for this property.

Returns:

See Also:



2566
2567
2568
2569
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2566

def describe_addon_versions(params = {}, options = {})
  req = build_request(:describe_addon_versions, params)
  req.send_request(options)
end

#describe_cluster(params = {}) ⇒ Types::DescribeClusterResponse

Describes an Amazon EKS cluster.

The API server endpoint and certificate authority data returned by this operation are required for kubelet and kubectl to communicate with your Kubernetes API server. For more information, see Creating or updating a kubeconfig file for an Amazon EKS cluster.

The API server endpoint and certificate authority data aren't available until the cluster reaches the ACTIVE state.

The following waiters are defined for this operation (see #wait_until for detailed usage):

  • cluster_active
  • cluster_deleted

Examples:

Example: To describe a cluster


# This example command provides a description of the specified cluster in your default region.

resp = client.describe_cluster({
  name: "devel", 
})

resp.to_h outputs the following:
{
  cluster: {
    version: "1.10", 
    name: "devel", 
    arn: "arn:aws:eks:us-west-2:012345678910:cluster/devel", 
    certificate_authority: {
      data: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", 
    }, 
    created_at: Time.parse(1527807879.988), 
    endpoint: "https://A0DCCD80A04F01705DD065655C30CC3D.yl4.us-west-2.eks.amazonaws.com", 
    resources_vpc_config: {
      security_group_ids: [
        "sg-6979fe18", 
      ], 
      subnet_ids: [
        "subnet-6782e71e", 
        "subnet-e7e761ac", 
      ], 
      vpc_id: "vpc-950809ec", 
    }, 
    role_arn: "arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI", 
    status: "ACTIVE", 
  }, 
}

Request syntax with placeholder values


resp = client.describe_cluster({
  name: "String", # required
})

Response structure


resp.cluster.name #=> String
resp.cluster.arn #=> String
resp.cluster.created_at #=> Time
resp.cluster.version #=> String
resp.cluster.endpoint #=> String
resp.cluster.role_arn #=> String
resp.cluster.resources_vpc_config.subnet_ids #=> Array
resp.cluster.resources_vpc_config.subnet_ids[0] #=> String
resp.cluster.resources_vpc_config.security_group_ids #=> Array
resp.cluster.resources_vpc_config.security_group_ids[0] #=> String
resp.cluster.resources_vpc_config.cluster_security_group_id #=> String
resp.cluster.resources_vpc_config.vpc_id #=> String
resp.cluster.resources_vpc_config.endpoint_public_access #=> Boolean
resp.cluster.resources_vpc_config.endpoint_private_access #=> Boolean
resp.cluster.resources_vpc_config.public_access_cidrs #=> Array
resp.cluster.resources_vpc_config.public_access_cidrs[0] #=> String
resp.cluster.kubernetes_network_config.service_ipv_4_cidr #=> String
resp.cluster.kubernetes_network_config.service_ipv_6_cidr #=> String
resp.cluster.kubernetes_network_config.ip_family #=> String, one of "ipv4", "ipv6"
resp.cluster.logging.cluster_logging #=> Array
resp.cluster.logging.cluster_logging[0].types #=> Array
resp.cluster.logging.cluster_logging[0].types[0] #=> String, one of "api", "audit", "authenticator", "controllerManager", "scheduler"
resp.cluster.logging.cluster_logging[0].enabled #=> Boolean
resp.cluster.identity.oidc.issuer #=> String
resp.cluster.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "FAILED", "UPDATING", "PENDING"
resp.cluster.certificate_authority.data #=> String
resp.cluster.client_request_token #=> String
resp.cluster.platform_version #=> String
resp.cluster.tags #=> Hash
resp.cluster.tags["TagKey"] #=> String
resp.cluster.encryption_config #=> Array
resp.cluster.encryption_config[0].resources #=> Array
resp.cluster.encryption_config[0].resources[0] #=> String
resp.cluster.encryption_config[0].provider.key_arn #=> String
resp.cluster.connector_config.activation_id #=> String
resp.cluster.connector_config.activation_code #=> String
resp.cluster.connector_config.activation_expiry #=> Time
resp.cluster.connector_config.provider #=> String
resp.cluster.connector_config.role_arn #=> String
resp.cluster.id #=> String
resp.cluster.health.issues #=> Array
resp.cluster.health.issues[0].code #=> String, one of "AccessDenied", "ClusterUnreachable", "ConfigurationConflict", "InternalFailure", "ResourceLimitExceeded", "ResourceNotFound", "IamRoleNotFound", "VpcNotFound", "InsufficientFreeAddresses", "Ec2ServiceNotSubscribed", "Ec2SubnetNotFound", "Ec2SecurityGroupNotFound", "KmsGrantRevoked", "KmsKeyNotFound", "KmsKeyMarkedForDeletion", "KmsKeyDisabled", "StsRegionalEndpointDisabled", "UnsupportedVersion", "Other"
resp.cluster.health.issues[0].message #=> String
resp.cluster.health.issues[0].resource_ids #=> Array
resp.cluster.health.issues[0].resource_ids[0] #=> String
resp.cluster.outpost_config.outpost_arns #=> Array
resp.cluster.outpost_config.outpost_arns[0] #=> String
resp.cluster.outpost_config.control_plane_instance_type #=> String
resp.cluster.outpost_config.control_plane_placement.group_name #=> String
resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of your cluster.

Returns:

See Also:



2699
2700
2701
2702
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2699

def describe_cluster(params = {}, options = {})
  req = build_request(:describe_cluster, params)
  req.send_request(options)
end

#describe_eks_anywhere_subscription(params = {}) ⇒ Types::DescribeEksAnywhereSubscriptionResponse

Returns descriptive information about a subscription.

Examples:

Request syntax with placeholder values


resp = client.describe_eks_anywhere_subscription({
  id: "String", # required
})

Response structure


resp.subscription.id #=> String
resp.subscription.arn #=> String
resp.subscription.created_at #=> Time
resp.subscription.effective_date #=> Time
resp.subscription.expiration_date #=> Time
resp.subscription.license_quantity #=> Integer
resp.subscription.license_type #=> String, one of "Cluster"
resp.subscription.term.duration #=> Integer
resp.subscription.term.unit #=> String, one of "MONTHS"
resp.subscription.status #=> String
resp.subscription.auto_renew #=> Boolean
resp.subscription.license_arns #=> Array
resp.subscription.license_arns[0] #=> String
resp.subscription.tags #=> Hash
resp.subscription.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :id (required, String)

    The ID of the subscription.

Returns:

See Also:



2741
2742
2743
2744
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2741

def describe_eks_anywhere_subscription(params = {}, options = {})
  req = build_request(:describe_eks_anywhere_subscription, params)
  req.send_request(options)
end

#describe_fargate_profile(params = {}) ⇒ Types::DescribeFargateProfileResponse

Describes an Fargate profile.

The following waiters are defined for this operation (see #wait_until for detailed usage):

  • fargate_profile_active
  • fargate_profile_deleted

Examples:

Request syntax with placeholder values


resp = client.describe_fargate_profile({
  cluster_name: "String", # required
  fargate_profile_name: "String", # required
})

Response structure


resp.fargate_profile.fargate_profile_name #=> String
resp.fargate_profile.fargate_profile_arn #=> String
resp.fargate_profile.cluster_name #=> String
resp.fargate_profile.created_at #=> Time
resp.fargate_profile.pod_execution_role_arn #=> String
resp.fargate_profile.subnets #=> Array
resp.fargate_profile.subnets[0] #=> String
resp.fargate_profile.selectors #=> Array
resp.fargate_profile.selectors[0].namespace #=> String
resp.fargate_profile.selectors[0].labels #=> Hash
resp.fargate_profile.selectors[0].labels["String"] #=> String
resp.fargate_profile.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "CREATE_FAILED", "DELETE_FAILED"
resp.fargate_profile.tags #=> Hash
resp.fargate_profile.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :fargate_profile_name (required, String)

    The name of the Fargate profile to describe.

Returns:

See Also:



2792
2793
2794
2795
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2792

def describe_fargate_profile(params = {}, options = {})
  req = build_request(:describe_fargate_profile, params)
  req.send_request(options)
end

#describe_identity_provider_config(params = {}) ⇒ Types::DescribeIdentityProviderConfigResponse

Describes an identity provider configuration.

Examples:

Request syntax with placeholder values


resp = client.describe_identity_provider_config({
  cluster_name: "String", # required
  identity_provider_config: { # required
    type: "String", # required
    name: "String", # required
  },
})

Response structure


resp.identity_provider_config.oidc.identity_provider_config_name #=> String
resp.identity_provider_config.oidc.identity_provider_config_arn #=> String
resp.identity_provider_config.oidc.cluster_name #=> String
resp.identity_provider_config.oidc.issuer_url #=> String
resp.identity_provider_config.oidc.client_id #=> String
resp.identity_provider_config.oidc.username_claim #=> String
resp.identity_provider_config.oidc.username_prefix #=> String
resp.identity_provider_config.oidc.groups_claim #=> String
resp.identity_provider_config.oidc.groups_prefix #=> String
resp.identity_provider_config.oidc.required_claims #=> Hash
resp.identity_provider_config.oidc.required_claims["requiredClaimsKey"] #=> String
resp.identity_provider_config.oidc.tags #=> Hash
resp.identity_provider_config.oidc.tags["TagKey"] #=> String
resp.identity_provider_config.oidc.status #=> String, one of "CREATING", "DELETING", "ACTIVE"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :identity_provider_config (required, Types::IdentityProviderConfig)

    An object representing an identity provider configuration.

Returns:

See Also:



2840
2841
2842
2843
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2840

def describe_identity_provider_config(params = {}, options = {})
  req = build_request(:describe_identity_provider_config, params)
  req.send_request(options)
end

#describe_insight(params = {}) ⇒ Types::DescribeInsightResponse

Returns details about an insight that you specify using its ID.

Examples:

Request syntax with placeholder values


resp = client.describe_insight({
  cluster_name: "String", # required
  id: "String", # required
})

Response structure


resp.insight.id #=> String
resp.insight.name #=> String
resp.insight.category #=> String, one of "UPGRADE_READINESS"
resp.insight.kubernetes_version #=> String
resp.insight.last_refresh_time #=> Time
resp.insight.last_transition_time #=> Time
resp.insight.description #=> String
resp.insight.insight_status.status #=> String, one of "PASSING", "WARNING", "ERROR", "UNKNOWN"
resp.insight.insight_status.reason #=> String
resp.insight.recommendation #=> String
resp.insight.additional_info #=> Hash
resp.insight.additional_info["String"] #=> String
resp.insight.resources #=> Array
resp.insight.resources[0].insight_status.status #=> String, one of "PASSING", "WARNING", "ERROR", "UNKNOWN"
resp.insight.resources[0].insight_status.reason #=> String
resp.insight.resources[0].kubernetes_resource_uri #=> String
resp.insight.resources[0].arn #=> String
resp.insight.category_specific_summary.deprecation_details #=> Array
resp.insight.category_specific_summary.deprecation_details[0].usage #=> String
resp.insight.category_specific_summary.deprecation_details[0].replaced_with #=> String
resp.insight.category_specific_summary.deprecation_details[0].stop_serving_version #=> String
resp.insight.category_specific_summary.deprecation_details[0].start_serving_replacement_version #=> String
resp.insight.category_specific_summary.deprecation_details[0].client_stats #=> Array
resp.insight.category_specific_summary.deprecation_details[0].client_stats[0].user_agent #=> String
resp.insight.category_specific_summary.deprecation_details[0].client_stats[0].number_of_requests_last_30_days #=> Integer
resp.insight.category_specific_summary.deprecation_details[0].client_stats[0].last_request_time #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of the cluster to describe the insight for.

  • :id (required, String)

    The identity of the insight to describe.

Returns:

See Also:



2897
2898
2899
2900
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2897

def describe_insight(params = {}, options = {})
  req = build_request(:describe_insight, params)
  req.send_request(options)
end

#describe_nodegroup(params = {}) ⇒ Types::DescribeNodegroupResponse

Describes a managed node group.

The following waiters are defined for this operation (see #wait_until for detailed usage):

  • nodegroup_active
  • nodegroup_deleted

Examples:

Request syntax with placeholder values


resp = client.describe_nodegroup({
  cluster_name: "String", # required
  nodegroup_name: "String", # required
})

Response structure


resp.nodegroup.nodegroup_name #=> String
resp.nodegroup.nodegroup_arn #=> String
resp.nodegroup.cluster_name #=> String
resp.nodegroup.version #=> String
resp.nodegroup.release_version #=> String
resp.nodegroup.created_at #=> Time
resp.nodegroup.modified_at #=> Time
resp.nodegroup.status #=> String, one of "CREATING", "ACTIVE", "UPDATING", "DELETING", "CREATE_FAILED", "DELETE_FAILED", "DEGRADED"
resp.nodegroup.capacity_type #=> String, one of "ON_DEMAND", "SPOT"
resp.nodegroup.scaling_config.min_size #=> Integer
resp.nodegroup.scaling_config.max_size #=> Integer
resp.nodegroup.scaling_config.desired_size #=> Integer
resp.nodegroup.instance_types #=> Array
resp.nodegroup.instance_types[0] #=> String
resp.nodegroup.subnets #=> Array
resp.nodegroup.subnets[0] #=> String
resp.nodegroup.remote_access.ec2_ssh_key #=> String
resp.nodegroup.remote_access.source_security_groups #=> Array
resp.nodegroup.remote_access.source_security_groups[0] #=> String
resp.nodegroup.ami_type #=> String, one of "AL2_x86_64", "AL2_x86_64_GPU", "AL2_ARM_64", "CUSTOM", "BOTTLEROCKET_ARM_64", "BOTTLEROCKET_x86_64", "BOTTLEROCKET_ARM_64_NVIDIA", "BOTTLEROCKET_x86_64_NVIDIA", "WINDOWS_CORE_2019_x86_64", "WINDOWS_FULL_2019_x86_64", "WINDOWS_CORE_2022_x86_64", "WINDOWS_FULL_2022_x86_64", "AL2023_x86_64_STANDARD", "AL2023_ARM_64_STANDARD"
resp.nodegroup.node_role #=> String
resp.nodegroup.labels #=> Hash
resp.nodegroup.labels["labelKey"] #=> String
resp.nodegroup.taints #=> Array
resp.nodegroup.taints[0].key #=> String
resp.nodegroup.taints[0].value #=> String
resp.nodegroup.taints[0].effect #=> String, one of "NO_SCHEDULE", "NO_EXECUTE", "PREFER_NO_SCHEDULE"
resp.nodegroup.resources.auto_scaling_groups #=> Array
resp.nodegroup.resources.auto_scaling_groups[0].name #=> String
resp.nodegroup.resources.remote_access_security_group #=> String
resp.nodegroup.disk_size #=> Integer
resp.nodegroup.health.issues #=> Array
resp.nodegroup.health.issues[0].code #=> String, one of "AutoScalingGroupNotFound", "AutoScalingGroupInvalidConfiguration", "Ec2SecurityGroupNotFound", "Ec2SecurityGroupDeletionFailure", "Ec2LaunchTemplateNotFound", "Ec2LaunchTemplateVersionMismatch", "Ec2SubnetNotFound", "Ec2SubnetInvalidConfiguration", "IamInstanceProfileNotFound", "Ec2SubnetMissingIpv6Assignment", "IamLimitExceeded", "IamNodeRoleNotFound", "NodeCreationFailure", "AsgInstanceLaunchFailures", "InstanceLimitExceeded", "InsufficientFreeAddresses", "AccessDenied", "InternalFailure", "ClusterUnreachable", "AmiIdNotFound", "AutoScalingGroupOptInRequired", "AutoScalingGroupRateLimitExceeded", "Ec2LaunchTemplateDeletionFailure", "Ec2LaunchTemplateInvalidConfiguration", "Ec2LaunchTemplateMaxLimitExceeded", "Ec2SubnetListTooLong", "IamThrottling", "NodeTerminationFailure", "PodEvictionFailure", "SourceEc2LaunchTemplateNotFound", "LimitExceeded", "Unknown", "AutoScalingGroupInstanceRefreshActive", "KubernetesLabelInvalid", "Ec2LaunchTemplateVersionMaxLimitExceeded"
resp.nodegroup.health.issues[0].message #=> String
resp.nodegroup.health.issues[0].resource_ids #=> Array
resp.nodegroup.health.issues[0].resource_ids[0] #=> String
resp.nodegroup.update_config.max_unavailable #=> Integer
resp.nodegroup.update_config.max_unavailable_percentage #=> Integer
resp.nodegroup.launch_template.name #=> String
resp.nodegroup.launch_template.version #=> String
resp.nodegroup.launch_template.id #=> String
resp.nodegroup.tags #=> Hash
resp.nodegroup.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :nodegroup_name (required, String)

    The name of the node group to describe.

Returns:

See Also:



2977
2978
2979
2980
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 2977

def describe_nodegroup(params = {}, options = {})
  req = build_request(:describe_nodegroup, params)
  req.send_request(options)
end

#describe_pod_identity_association(params = {}) ⇒ Types::DescribePodIdentityAssociationResponse

Returns descriptive information about an EKS Pod Identity association.

This action requires the ID of the association. You can get the ID from the response to the CreatePodIdentityAssocation for newly created associations. Or, you can list the IDs for associations with ListPodIdentityAssociations and filter the list by namespace or service account.

Examples:

Request syntax with placeholder values


resp = client.describe_pod_identity_association({
  cluster_name: "String", # required
  association_id: "String", # required
})

Response structure


resp.association.cluster_name #=> String
resp.association.namespace #=> String
resp.association. #=> String
resp.association.role_arn #=> String
resp.association.association_arn #=> String
resp.association.association_id #=> String
resp.association.tags #=> Hash
resp.association.tags["TagKey"] #=> String
resp.association.created_at #=> Time
resp.association.modified_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of the cluster that the association is in.

  • :association_id (required, String)

    The ID of the association that you want the description of.

Returns:

See Also:



3024
3025
3026
3027
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3024

def describe_pod_identity_association(params = {}, options = {})
  req = build_request(:describe_pod_identity_association, params)
  req.send_request(options)
end

#describe_update(params = {}) ⇒ Types::DescribeUpdateResponse

Describes an update to an Amazon EKS resource.

When the status of the update is Succeeded, the update is complete. If an update fails, the status is Failed, and an error detail explains the reason for the failure.

Examples:

Request syntax with placeholder values


resp = client.describe_update({
  name: "String", # required
  update_id: "String", # required
  nodegroup_name: "String",
  addon_name: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Amazon EKS cluster associated with the update.

  • :update_id (required, String)

    The ID of the update to describe.

  • :nodegroup_name (String)

    The name of the Amazon EKS node group associated with the update. This parameter is required if the update is a node group update.

  • :addon_name (String)

    The name of the add-on. The name must match one of the names returned by ListAddons . This parameter is required if the update is an add-on update.

Returns:

See Also:



3086
3087
3088
3089
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3086

def describe_update(params = {}, options = {})
  req = build_request(:describe_update, params)
  req.send_request(options)
end

#disassociate_access_policy(params = {}) ⇒ Struct

Disassociates an access policy from an access entry.

Examples:

Request syntax with placeholder values


resp = client.disassociate_access_policy({
  cluster_name: "String", # required
  principal_arn: "String", # required
  policy_arn: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The ARN of the IAM principal for the AccessEntry.

  • :policy_arn (required, String)

    The ARN of the policy to disassociate from the access entry. For a list of associated policies ARNs, use ListAssociatedAccessPolicies.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3117
3118
3119
3120
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3117

def disassociate_access_policy(params = {}, options = {})
  req = build_request(:disassociate_access_policy, params)
  req.send_request(options)
end

#disassociate_identity_provider_config(params = {}) ⇒ Types::DisassociateIdentityProviderConfigResponse

Disassociates an identity provider configuration from a cluster.

If you disassociate an identity provider from your cluster, users included in the provider can no longer access the cluster. However, you can still access the cluster with IAM principals.

Examples:

Request syntax with placeholder values


resp = client.disassociate_identity_provider_config({
  cluster_name: "String", # required
  identity_provider_config: { # required
    type: "String", # required
    name: "String", # required
  },
  client_request_token: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :identity_provider_config (required, Types::IdentityProviderConfig)

    An object representing an identity provider configuration.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



3175
3176
3177
3178
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3175

def disassociate_identity_provider_config(params = {}, options = {})
  req = build_request(:disassociate_identity_provider_config, params)
  req.send_request(options)
end

#list_access_entries(params = {}) ⇒ Types::ListAccessEntriesResponse

Lists the access entries for your cluster.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_access_entries({
  cluster_name: "String", # required
  associated_policy_arn: "String",
  max_results: 1,
  next_token: "String",
})

Response structure


resp.access_entries #=> Array
resp.access_entries[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :associated_policy_arn (String)

    The ARN of an AccessPolicy. When you specify an access policy ARN, only the access entries associated to that access policy are returned. For a list of available policy ARNs, use ListAccessPolicies.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3238
3239
3240
3241
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3238

def list_access_entries(params = {}, options = {})
  req = build_request(:list_access_entries, params)
  req.send_request(options)
end

#list_access_policies(params = {}) ⇒ Types::ListAccessPoliciesResponse

Lists the available access policies.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_access_policies({
  max_results: 1,
  next_token: "String",
})

Response structure


resp.access_policies #=> Array
resp.access_policies[0].name #=> String
resp.access_policies[0].arn #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3292
3293
3294
3295
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3292

def list_access_policies(params = {}, options = {})
  req = build_request(:list_access_policies, params)
  req.send_request(options)
end

#list_addons(params = {}) ⇒ Types::ListAddonsResponse

Lists the installed add-ons.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_addons({
  cluster_name: "ClusterName", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.addons #=> Array
resp.addons[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3349
3350
3351
3352
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3349

def list_addons(params = {}, options = {})
  req = build_request(:list_addons, params)
  req.send_request(options)
end

#list_associated_access_policies(params = {}) ⇒ Types::ListAssociatedAccessPoliciesResponse

Lists the access policies associated with an access entry.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_associated_access_policies({
  cluster_name: "String", # required
  principal_arn: "String", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.cluster_name #=> String
resp.principal_arn #=> String
resp.next_token #=> String
resp.associated_access_policies #=> Array
resp.associated_access_policies[0].policy_arn #=> String
resp.associated_access_policies[0].access_scope.type #=> String, one of "cluster", "namespace"
resp.associated_access_policies[0].access_scope.namespaces #=> Array
resp.associated_access_policies[0].access_scope.namespaces[0] #=> String
resp.associated_access_policies[0].associated_at #=> Time
resp.associated_access_policies[0].modified_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The ARN of the IAM principal for the AccessEntry.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3419
3420
3421
3422
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3419

def list_associated_access_policies(params = {}, options = {})
  req = build_request(:list_associated_access_policies, params)
  req.send_request(options)
end

#list_clusters(params = {}) ⇒ Types::ListClustersResponse

Lists the Amazon EKS clusters in your Amazon Web Services account in the specified Amazon Web Services Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Example: To list your available clusters


# This example command lists all of your available clusters in your default region.

resp = client.list_clusters({
})

resp.to_h outputs the following:
{
  clusters: [
    "devel", 
    "prod", 
  ], 
}

Request syntax with placeholder values


resp = client.list_clusters({
  max_results: 1,
  next_token: "String",
  include: ["String"],
})

Response structure


resp.clusters #=> Array
resp.clusters[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

  • :include (Array<String>)

    Indicates whether external clusters are included in the returned list. Use 'all' to return https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.htmlconnected clusters, or blank to return only Amazon EKS clusters. 'all' must be in lowercase otherwise an error occurs.

Returns:

See Also:



3501
3502
3503
3504
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3501

def list_clusters(params = {}, options = {})
  req = build_request(:list_clusters, params)
  req.send_request(options)
end

#list_eks_anywhere_subscriptions(params = {}) ⇒ Types::ListEksAnywhereSubscriptionsResponse

Displays the full description of the subscription.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_eks_anywhere_subscriptions({
  max_results: 1,
  next_token: "String",
  include_status: ["CREATING"], # accepts CREATING, ACTIVE, UPDATING, EXPIRING, EXPIRED, DELETING
})

Response structure


resp.subscriptions #=> Array
resp.subscriptions[0].id #=> String
resp.subscriptions[0].arn #=> String
resp.subscriptions[0].created_at #=> Time
resp.subscriptions[0].effective_date #=> Time
resp.subscriptions[0].expiration_date #=> Time
resp.subscriptions[0].license_quantity #=> Integer
resp.subscriptions[0].license_type #=> String, one of "Cluster"
resp.subscriptions[0].term.duration #=> Integer
resp.subscriptions[0].term.unit #=> String, one of "MONTHS"
resp.subscriptions[0].status #=> String
resp.subscriptions[0].auto_renew #=> Boolean
resp.subscriptions[0].license_arns #=> Array
resp.subscriptions[0].license_arns[0] #=> String
resp.subscriptions[0].tags #=> Hash
resp.subscriptions[0].tags["TagKey"] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of cluster results returned by ListEksAnywhereSubscriptions in paginated output. When you use this parameter, ListEksAnywhereSubscriptions returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListEksAnywhereSubscriptions request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListEksAnywhereSubscriptions returns up to 10 results and a nextToken value if applicable.

  • :next_token (String)

    The nextToken value returned from a previous paginated ListEksAnywhereSubscriptions request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.

  • :include_status (Array<String>)

    An array of subscription statuses to filter on.

Returns:

See Also:



3568
3569
3570
3571
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3568

def list_eks_anywhere_subscriptions(params = {}, options = {})
  req = build_request(:list_eks_anywhere_subscriptions, params)
  req.send_request(options)
end

#list_fargate_profiles(params = {}) ⇒ Types::ListFargateProfilesResponse

Lists the Fargate profiles associated with the specified cluster in your Amazon Web Services account in the specified Amazon Web Services Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_fargate_profiles({
  cluster_name: "String", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.fargate_profile_names #=> Array
resp.fargate_profile_names[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3627
3628
3629
3630
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3627

def list_fargate_profiles(params = {}, options = {})
  req = build_request(:list_fargate_profiles, params)
  req.send_request(options)
end

#list_identity_provider_configs(params = {}) ⇒ Types::ListIdentityProviderConfigsResponse

Lists the identity provider configurations for your cluster.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_identity_provider_configs({
  cluster_name: "String", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.identity_provider_configs #=> Array
resp.identity_provider_configs[0].type #=> String
resp.identity_provider_configs[0].name #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3685
3686
3687
3688
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3685

def list_identity_provider_configs(params = {}, options = {})
  req = build_request(:list_identity_provider_configs, params)
  req.send_request(options)
end

#list_insights(params = {}) ⇒ Types::ListInsightsResponse

Returns a list of all insights checked for against the specified cluster. You can filter which insights are returned by category, associated Kubernetes version, and status.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_insights({
  cluster_name: "String", # required
  filter: {
    categories: ["UPGRADE_READINESS"], # accepts UPGRADE_READINESS
    kubernetes_versions: ["String"],
    statuses: ["PASSING"], # accepts PASSING, WARNING, ERROR, UNKNOWN
  },
  max_results: 1,
  next_token: "String",
})

Response structure


resp.insights #=> Array
resp.insights[0].id #=> String
resp.insights[0].name #=> String
resp.insights[0].category #=> String, one of "UPGRADE_READINESS"
resp.insights[0].kubernetes_version #=> String
resp.insights[0].last_refresh_time #=> Time
resp.insights[0].last_transition_time #=> Time
resp.insights[0].description #=> String
resp.insights[0].insight_status.status #=> String, one of "PASSING", "WARNING", "ERROR", "UNKNOWN"
resp.insights[0].insight_status.reason #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of the Amazon EKS cluster associated with the insights.

  • :filter (Types::InsightsFilter)

    The criteria to filter your list of insights for your cluster. You can filter which insights are returned by category, associated Kubernetes version, and status.

  • :max_results (Integer)

    The maximum number of identity provider configurations returned by ListInsights in paginated output. When you use this parameter, ListInsights returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListInsights request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListInsights returns up to 100 results and a nextToken value, if applicable.

  • :next_token (String)

    The nextToken value returned from a previous paginated ListInsights request. When the results of a ListInsights request exceed maxResults, you can use this value to retrieve the next page of results. This value is null when there are no more results to return.

Returns:

See Also:



3757
3758
3759
3760
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3757

def list_insights(params = {}, options = {})
  req = build_request(:list_insights, params)
  req.send_request(options)
end

#list_nodegroups(params = {}) ⇒ Types::ListNodegroupsResponse

Lists the managed node groups associated with the specified cluster in your Amazon Web Services account in the specified Amazon Web Services Region. Self-managed node groups aren't listed.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_nodegroups({
  cluster_name: "String", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.nodegroups #=> Array
resp.nodegroups[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3816
3817
3818
3819
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3816

def list_nodegroups(params = {}, options = {})
  req = build_request(:list_nodegroups, params)
  req.send_request(options)
end

#list_pod_identity_associations(params = {}) ⇒ Types::ListPodIdentityAssociationsResponse

List the EKS Pod Identity associations in a cluster. You can filter the list by the namespace that the association is in or the service account that the association uses.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_pod_identity_associations({
  cluster_name: "String", # required
  namespace: "String",
  service_account: "String",
  max_results: 1,
  next_token: "String",
})

Response structure


resp.associations #=> Array
resp.associations[0].cluster_name #=> String
resp.associations[0].namespace #=> String
resp.associations[0]. #=> String
resp.associations[0].association_arn #=> String
resp.associations[0].association_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of the cluster that the associations are in.

  • :namespace (String)

    The name of the Kubernetes namespace inside the cluster that the associations are in.

  • :service_account (String)

    The name of the Kubernetes service account that the associations use.

  • :max_results (Integer)

    The maximum number of EKS Pod Identity association results returned by ListPodIdentityAssociations in paginated output. When you use this parameter, ListPodIdentityAssociations returns only maxResults results in a single page along with a nextToken response element. You can see the remaining results of the initial request by sending another ListPodIdentityAssociations request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, ListPodIdentityAssociations returns up to 100 results and a nextToken value if applicable.

  • :next_token (String)

    The nextToken value returned from a previous paginated ListUpdates request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

Returns:

See Also:



3889
3890
3891
3892
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3889

def list_pod_identity_associations(params = {}, options = {})
  req = build_request(:list_pod_identity_associations, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

List the tags for an Amazon EKS resource.

Examples:

Example: To list tags for a cluster


# This example lists all of the tags for the `beta` cluster.

resp = client.list_tags_for_resource({
  resource_arn: "arn:aws:eks:us-west-2:012345678910:cluster/beta", 
})

resp.to_h outputs the following:
{
  tags: {
    "aws:tag:domain" => "beta", 
  }, 
}

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  resource_arn: "String", # required
})

Response structure


resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) that identifies the resource to list tags for.

Returns:

See Also:



3935
3936
3937
3938
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 3935

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#list_updates(params = {}) ⇒ Types::ListUpdatesResponse

Lists the updates associated with an Amazon EKS resource in your Amazon Web Services account, in the specified Amazon Web Services Region.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_updates({
  name: "String", # required
  nodegroup_name: "String",
  addon_name: "String",
  next_token: "String",
  max_results: 1,
})

Response structure


resp.update_ids #=> Array
resp.update_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Amazon EKS cluster to list updates for.

  • :nodegroup_name (String)

    The name of the Amazon EKS managed node group to list updates for.

  • :addon_name (String)

    The names of the installed add-ons that have available updates.

  • :next_token (String)

    The nextToken value returned from a previous paginated request, where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

    This token should be treated as an opaque identifier that is used only to retrieve the next items in a list and not for other programmatic purposes.

  • :max_results (Integer)

    The maximum number of results, returned in paginated output. You receive maxResults in a single page, along with a nextToken response element. You can see the remaining results of the initial request by sending another request with the returned nextToken value. This value can be between 1 and 100. If you don't use this parameter, 100 results and a nextToken value, if applicable, are returned.

Returns:

See Also:



4002
4003
4004
4005
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4002

def list_updates(params = {}, options = {})
  req = build_request(:list_updates, params)
  req.send_request(options)
end

#register_cluster(params = {}) ⇒ Types::RegisterClusterResponse

Connects a Kubernetes cluster to the Amazon EKS control plane.

Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes.

Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control plane.

Second, a Manifest containing the activationID and activationCode must be applied to the Kubernetes cluster through it's native provider to provide visibility.

After the manifest is updated and applied, the connected cluster is visible to the Amazon EKS control plane. If the manifest isn't applied within three days, the connected cluster will no longer be visible and must be deregistered using DeregisterCluster.

Examples:

Request syntax with placeholder values


resp = client.register_cluster({
  name: "ClusterName", # required
  connector_config: { # required
    role_arn: "String", # required
    provider: "EKS_ANYWHERE", # required, accepts EKS_ANYWHERE, ANTHOS, GKE, AKS, OPENSHIFT, TANZU, RANCHER, EC2, OTHER
  },
  client_request_token: "String",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.cluster.name #=> String
resp.cluster.arn #=> String
resp.cluster.created_at #=> Time
resp.cluster.version #=> String
resp.cluster.endpoint #=> String
resp.cluster.role_arn #=> String
resp.cluster.resources_vpc_config.subnet_ids #=> Array
resp.cluster.resources_vpc_config.subnet_ids[0] #=> String
resp.cluster.resources_vpc_config.security_group_ids #=> Array
resp.cluster.resources_vpc_config.security_group_ids[0] #=> String
resp.cluster.resources_vpc_config.cluster_security_group_id #=> String
resp.cluster.resources_vpc_config.vpc_id #=> String
resp.cluster.resources_vpc_config.endpoint_public_access #=> Boolean
resp.cluster.resources_vpc_config.endpoint_private_access #=> Boolean
resp.cluster.resources_vpc_config.public_access_cidrs #=> Array
resp.cluster.resources_vpc_config.public_access_cidrs[0] #=> String
resp.cluster.kubernetes_network_config.service_ipv_4_cidr #=> String
resp.cluster.kubernetes_network_config.service_ipv_6_cidr #=> String
resp.cluster.kubernetes_network_config.ip_family #=> String, one of "ipv4", "ipv6"
resp.cluster.logging.cluster_logging #=> Array
resp.cluster.logging.cluster_logging[0].types #=> Array
resp.cluster.logging.cluster_logging[0].types[0] #=> String, one of "api", "audit", "authenticator", "controllerManager", "scheduler"
resp.cluster.logging.cluster_logging[0].enabled #=> Boolean
resp.cluster.identity.oidc.issuer #=> String
resp.cluster.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "FAILED", "UPDATING", "PENDING"
resp.cluster.certificate_authority.data #=> String
resp.cluster.client_request_token #=> String
resp.cluster.platform_version #=> String
resp.cluster.tags #=> Hash
resp.cluster.tags["TagKey"] #=> String
resp.cluster.encryption_config #=> Array
resp.cluster.encryption_config[0].resources #=> Array
resp.cluster.encryption_config[0].resources[0] #=> String
resp.cluster.encryption_config[0].provider.key_arn #=> String
resp.cluster.connector_config.activation_id #=> String
resp.cluster.connector_config.activation_code #=> String
resp.cluster.connector_config.activation_expiry #=> Time
resp.cluster.connector_config.provider #=> String
resp.cluster.connector_config.role_arn #=> String
resp.cluster.id #=> String
resp.cluster.health.issues #=> Array
resp.cluster.health.issues[0].code #=> String, one of "AccessDenied", "ClusterUnreachable", "ConfigurationConflict", "InternalFailure", "ResourceLimitExceeded", "ResourceNotFound", "IamRoleNotFound", "VpcNotFound", "InsufficientFreeAddresses", "Ec2ServiceNotSubscribed", "Ec2SubnetNotFound", "Ec2SecurityGroupNotFound", "KmsGrantRevoked", "KmsKeyNotFound", "KmsKeyMarkedForDeletion", "KmsKeyDisabled", "StsRegionalEndpointDisabled", "UnsupportedVersion", "Other"
resp.cluster.health.issues[0].message #=> String
resp.cluster.health.issues[0].resource_ids #=> Array
resp.cluster.health.issues[0].resource_ids[0] #=> String
resp.cluster.outpost_config.outpost_arns #=> Array
resp.cluster.outpost_config.outpost_arns[0] #=> String
resp.cluster.outpost_config.control_plane_instance_type #=> String
resp.cluster.outpost_config.control_plane_placement.group_name #=> String
resp.cluster.access_config.bootstrap_cluster_creator_admin_permissions #=> Boolean
resp.cluster.access_config.authentication_mode #=> String, one of "API", "API_AND_CONFIG_MAP", "CONFIG_MAP"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    A unique name for this cluster in your Amazon Web Services Region.

  • :connector_config (required, Types::ConnectorConfigRequest)

    The configuration settings required to connect the Kubernetes cluster to the Amazon EKS control plane.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

Returns:

See Also:



4123
4124
4125
4126
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4123

def register_cluster(params = {}, options = {})
  req = build_request(:register_cluster, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Associates the specified tags to an Amazon EKS resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they aren't changed. When a resource is deleted, the tags associated with that resource are also deleted. Tags that you create for Amazon EKS resources don't propagate to any other resources associated with the cluster. For example, if you tag a cluster with this operation, that tag doesn't automatically propagate to the subnets and nodes associated with the cluster.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  resource_arn: "String", # required
  tags: { # required
    "TagKey" => "TagValue",
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource to add tags to.

  • :tags (required, Hash<String,String>)

    Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



4161
4162
4163
4164
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4161

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Deletes specified tags from an Amazon EKS resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  resource_arn: "String", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource to delete tags from.

  • :tag_keys (required, Array<String>)

    The keys of the tags to remove.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



4187
4188
4189
4190
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4187

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_access_entry(params = {}) ⇒ Types::UpdateAccessEntryResponse

Updates an access entry.

Examples:

Request syntax with placeholder values


resp = client.update_access_entry({
  cluster_name: "String", # required
  principal_arn: "String", # required
  kubernetes_groups: ["String"],
  client_request_token: "String",
  username: "String",
})

Response structure


resp.access_entry.cluster_name #=> String
resp.access_entry.principal_arn #=> String
resp.access_entry.kubernetes_groups #=> Array
resp.access_entry.kubernetes_groups[0] #=> String
resp.access_entry.access_entry_arn #=> String
resp.access_entry.created_at #=> Time
resp.access_entry.modified_at #=> Time
resp.access_entry.tags #=> Hash
resp.access_entry.tags["TagKey"] #=> String
resp.access_entry.username #=> String
resp.access_entry.type #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :principal_arn (required, String)

    The ARN of the IAM principal for the AccessEntry.

  • :kubernetes_groups (Array<String>)

    The value for name that you've specified for kind: Group as a subject in a Kubernetes RoleBinding or ClusterRoleBinding object. Amazon EKS doesn't confirm that the value for name exists in any bindings on your cluster. You can specify one or more names.

    Kubernetes authorizes the principalArn of the access entry to access any cluster objects that you've specified in a Kubernetes Role or ClusterRole object that is also specified in a binding's roleRef. For more information about creating Kubernetes RoleBinding, ClusterRoleBinding, Role, or ClusterRole objects, see Using RBAC Authorization in the Kubernetes documentation.

    If you want Amazon EKS to authorize the principalArn (instead of, or in addition to Kubernetes authorizing the principalArn), you can associate one or more access policies to the access entry using AssociateAccessPolicy. If you associate any access policies, the principalARN has all permissions assigned in the associated access policies and all permissions in any Kubernetes Role or ClusterRole objects that the group names are bound to.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :username (String)

    The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies for you, or constraints before specifying your own username, see Creating access entries in the Amazon EKS User Guide.

Returns:

See Also:



4275
4276
4277
4278
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4275

def update_access_entry(params = {}, options = {})
  req = build_request(:update_access_entry, params)
  req.send_request(options)
end

#update_addon(params = {}) ⇒ Types::UpdateAddonResponse

Updates an Amazon EKS add-on.

Examples:

Request syntax with placeholder values


resp = client.update_addon({
  cluster_name: "ClusterName", # required
  addon_name: "String", # required
  addon_version: "String",
  service_account_role_arn: "RoleArn",
  resolve_conflicts: "OVERWRITE", # accepts OVERWRITE, NONE, PRESERVE
  client_request_token: "String",
  configuration_values: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :addon_name (required, String)

    The name of the add-on. The name must match one of the names returned by ListAddons .

  • :addon_version (String)

    The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions .

  • :service_account_role_arn (String)

    The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.

    To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.

  • :resolve_conflicts (String)

    How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Conflicts are handled based on the option you choose:

    • None – Amazon EKS doesn't change the value. The update might fail.

    • Overwrite – Amazon EKS overwrites the changed value back to the Amazon EKS default value.

    • Preserve – Amazon EKS preserves the value. If you choose this option, we recommend that you test any field and value changes on a non-production cluster before updating the add-on on your production cluster.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :configuration_values (String)

    The set of configuration values for the add-on that's created. The values that you provide are validated against the schema returned by DescribeAddonConfiguration.

Returns:

See Also:



4384
4385
4386
4387
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4384

def update_addon(params = {}, options = {})
  req = build_request(:update_addon, params)
  req.send_request(options)
end

#update_cluster_config(params = {}) ⇒ Types::UpdateClusterConfigResponse

Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with DescribeUpdate"/>.

You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

Examples:

Request syntax with placeholder values


resp = client.update_cluster_config({
  name: "String", # required
  resources_vpc_config: {
    subnet_ids: ["String"],
    security_group_ids: ["String"],
    endpoint_public_access: false,
    endpoint_private_access: false,
    public_access_cidrs: ["String"],
  },
  logging: {
    cluster_logging: [
      {
        types: ["api"], # accepts api, audit, authenticator, controllerManager, scheduler
        enabled: false,
      },
    ],
  },
  client_request_token: "String",
  access_config: {
    authentication_mode: "API", # accepts API, API_AND_CONFIG_MAP, CONFIG_MAP
  },
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Amazon EKS cluster to update.

  • :resources_vpc_config (Types::VpcConfigRequest)

    An object representing the VPC configuration to use for an Amazon EKS cluster.

  • :logging (Types::Logging)

    Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS cluster control plane logs in the Amazon EKS User Guide .

    CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :access_config (Types::UpdateAccessConfigRequest)

    The access configuration for the cluster.

Returns:

See Also:



4517
4518
4519
4520
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4517

def update_cluster_config(params = {}, options = {})
  req = build_request(:update_cluster_config, params)
  req.send_request(options)
end

#update_cluster_version(params = {}) ⇒ Types::UpdateClusterVersionResponse

Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

If your cluster has managed node groups attached to it, all of your node groups’ Kubernetes versions must match the cluster’s Kubernetes version in order to update the cluster to a new Kubernetes version.

Examples:

Request syntax with placeholder values


resp = client.update_cluster_version({
  name: "String", # required
  version: "String", # required
  client_request_token: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Amazon EKS cluster to update.

  • :version (required, String)

    The desired Kubernetes version following a successful update.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



4581
4582
4583
4584
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4581

def update_cluster_version(params = {}, options = {})
  req = build_request(:update_cluster_version, params)
  req.send_request(options)
end

#update_eks_anywhere_subscription(params = {}) ⇒ Types::UpdateEksAnywhereSubscriptionResponse

Update an EKS Anywhere Subscription. Only auto renewal and tags can be updated after subscription creation.

Examples:

Request syntax with placeholder values


resp = client.update_eks_anywhere_subscription({
  id: "String", # required
  auto_renew: false, # required
  client_request_token: "String",
})

Response structure


resp.subscription.id #=> String
resp.subscription.arn #=> String
resp.subscription.created_at #=> Time
resp.subscription.effective_date #=> Time
resp.subscription.expiration_date #=> Time
resp.subscription.license_quantity #=> Integer
resp.subscription.license_type #=> String, one of "Cluster"
resp.subscription.term.duration #=> Integer
resp.subscription.term.unit #=> String, one of "MONTHS"
resp.subscription.status #=> String
resp.subscription.auto_renew #=> Boolean
resp.subscription.license_arns #=> Array
resp.subscription.license_arns[0] #=> String
resp.subscription.tags #=> Hash
resp.subscription.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :id (required, String)

    The ID of the subscription.

  • :auto_renew (required, Boolean)

    A boolean indicating whether or not to automatically renew the subscription.

  • :client_request_token (String)

    Unique, case-sensitive identifier to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



4637
4638
4639
4640
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4637

def update_eks_anywhere_subscription(params = {}, options = {})
  req = build_request(:update_eks_anywhere_subscription, params)
  req.send_request(options)
end

#update_nodegroup_config(params = {}) ⇒ Types::UpdateNodegroupConfigResponse

Updates an Amazon EKS managed node group configuration. Your node group continues to function during the update. The response output includes an update ID that you can use to track the status of your node group update with the DescribeUpdate API operation. Currently you can update the Kubernetes labels for a node group or the scaling configuration.

Examples:

Request syntax with placeholder values


resp = client.update_nodegroup_config({
  cluster_name: "String", # required
  nodegroup_name: "String", # required
  labels: {
    add_or_update_labels: {
      "labelKey" => "labelValue",
    },
    remove_labels: ["String"],
  },
  taints: {
    add_or_update_taints: [
      {
        key: "taintKey",
        value: "taintValue",
        effect: "NO_SCHEDULE", # accepts NO_SCHEDULE, NO_EXECUTE, PREFER_NO_SCHEDULE
      },
    ],
    remove_taints: [
      {
        key: "taintKey",
        value: "taintValue",
        effect: "NO_SCHEDULE", # accepts NO_SCHEDULE, NO_EXECUTE, PREFER_NO_SCHEDULE
      },
    ],
  },
  scaling_config: {
    min_size: 1,
    max_size: 1,
    desired_size: 1,
  },
  update_config: {
    max_unavailable: 1,
    max_unavailable_percentage: 1,
  },
  client_request_token: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :nodegroup_name (required, String)

    The name of the managed node group to update.

  • :labels (Types::UpdateLabelsPayload)

    The Kubernetes labels to apply to the nodes in the node group after the update.

  • :taints (Types::UpdateTaintsPayload)

    The Kubernetes taints to be applied to the nodes in the node group after the update. For more information, see Node taints on managed node groups.

  • :scaling_config (Types::NodegroupScalingConfig)

    The scaling configuration details for the Auto Scaling group after the update.

  • :update_config (Types::NodegroupUpdateConfig)

    The node group update configuration.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



4744
4745
4746
4747
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4744

def update_nodegroup_config(params = {}, options = {})
  req = build_request(:update_nodegroup_config, params)
  req.send_request(options)
end

#update_nodegroup_version(params = {}) ⇒ Types::UpdateNodegroupVersionResponse

Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.

You can update a node group using a launch template only if the node group was originally deployed with a launch template. If you need to update a custom AMI in a node group that was deployed with a launch template, then update your custom AMI, specify the new ID in a new version of the launch template, and then update the node group to the new version of the launch template.

If you update without a launch template, then you can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.

You cannot roll back a node group to an earlier Kubernetes version or AMI version.

When a node in a managed node group is terminated due to a scaling action or update, every Pod on that node is drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force the update if Amazon EKS is unable to drain the nodes as a result of a Pod disruption budget issue.

Examples:

Request syntax with placeholder values


resp = client.update_nodegroup_version({
  cluster_name: "String", # required
  nodegroup_name: "String", # required
  version: "String",
  release_version: "String",
  launch_template: {
    name: "String",
    version: "String",
    id: "String",
  },
  force: false,
  client_request_token: "String",
})

Response structure


resp.update.id #=> String
resp.update.status #=> String, one of "InProgress", "Failed", "Cancelled", "Successful"
resp.update.type #=> String, one of "VersionUpdate", "EndpointAccessUpdate", "LoggingUpdate", "ConfigUpdate", "AssociateIdentityProviderConfig", "DisassociateIdentityProviderConfig", "AssociateEncryptionConfig", "AddonUpdate", "VpcConfigUpdate", "AccessConfigUpdate"
resp.update.params #=> Array
resp.update.params[0].type #=> String, one of "Version", "PlatformVersion", "EndpointPrivateAccess", "EndpointPublicAccess", "ClusterLogging", "DesiredSize", "LabelsToAdd", "LabelsToRemove", "TaintsToAdd", "TaintsToRemove", "MaxSize", "MinSize", "ReleaseVersion", "PublicAccessCidrs", "LaunchTemplateName", "LaunchTemplateVersion", "IdentityProviderConfig", "EncryptionConfig", "AddonVersion", "ServiceAccountRoleArn", "ResolveConflicts", "MaxUnavailable", "MaxUnavailablePercentage", "ConfigurationValues", "SecurityGroups", "Subnets", "AuthenticationMode"
resp.update.params[0].value #=> String
resp.update.created_at #=> Time
resp.update.errors #=> Array
resp.update.errors[0].error_code #=> String, one of "SubnetNotFound", "SecurityGroupNotFound", "EniLimitReached", "IpNotAvailable", "AccessDenied", "OperationNotPermitted", "VpcIdNotFound", "Unknown", "NodeCreationFailure", "PodEvictionFailure", "InsufficientFreeAddresses", "ClusterUnreachable", "InsufficientNumberOfReplicas", "ConfigurationConflict", "AdmissionRequestDenied", "UnsupportedAddonModification", "K8sResourceNotFound"
resp.update.errors[0].error_message #=> String
resp.update.errors[0].resource_ids #=> Array
resp.update.errors[0].resource_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of your cluster.

  • :nodegroup_name (required, String)

    The name of the managed node group to update.

  • :version (String)

    The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :release_version (String)

    The AMI version of the Amazon EKS optimized AMI to use for the update. By default, the latest available AMI version for the node group's Kubernetes version is used. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases of the Windows AMIs. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.

    If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify releaseVersion, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.

  • :launch_template (Types::LaunchTemplateSpecification)

    An object representing a node group's launch template specification. You can only update a node group using a launch template if the node group was originally deployed with a launch template.

  • :force (Boolean)

    Force the update if any Pod on the existing node group can't be drained due to a Pod disruption budget issue. If an update fails because all Pods can't be drained, you can force the update after it fails to terminate the old node whether or not any Pod is running on the node.

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



4883
4884
4885
4886
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4883

def update_nodegroup_version(params = {}, options = {})
  req = build_request(:update_nodegroup_version, params)
  req.send_request(options)
end

#update_pod_identity_association(params = {}) ⇒ Types::UpdatePodIdentityAssociationResponse

Updates a EKS Pod Identity association. Only the IAM role can be changed; an association can't be moved between clusters, namespaces, or service accounts. If you need to edit the namespace or service account, you need to delete the association and then create a new association with your desired settings.

Examples:

Request syntax with placeholder values


resp = client.update_pod_identity_association({
  cluster_name: "String", # required
  association_id: "String", # required
  role_arn: "String",
  client_request_token: "String",
})

Response structure


resp.association.cluster_name #=> String
resp.association.namespace #=> String
resp.association. #=> String
resp.association.role_arn #=> String
resp.association.association_arn #=> String
resp.association.association_id #=> String
resp.association.tags #=> Hash
resp.association.tags["TagKey"] #=> String
resp.association.created_at #=> Time
resp.association.modified_at #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :cluster_name (required, String)

    The name of the cluster that you want to update the association in.

  • :association_id (required, String)

    The ID of the association to be updated.

  • :role_arn (String)

    The new IAM role to change the

  • :client_request_token (String)

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



4940
4941
4942
4943
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 4940

def update_pod_identity_association(params = {}, options = {})
  req = build_request(:update_pod_identity_association, params)
  req.send_request(options)
end

#wait_until(waiter_name, params = {}, options = {}) {|w.waiter| ... } ⇒ Boolean

Polls an API operation until a resource enters a desired state.

Basic Usage

A waiter will call an API operation until:

  • It is successful
  • It enters a terminal state
  • It makes the maximum number of attempts

In between attempts, the waiter will sleep.

# polls in a loop, sleeping between attempts
client.wait_until(waiter_name, params)

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. You can pass configuration as the final arguments hash.

# poll for ~25 seconds
client.wait_until(waiter_name, params, {
  max_attempts: 5,
  delay: 5,
})

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
client.wait_until(waiter_name, params, {

  # disable max attempts
  max_attempts: nil,

  # poll for 1 hour, instead of a number of attempts
  before_wait: -> (attempts, response) do
    throw :failure if Time.now - started_at > 3600
  end
})

Handling Errors

When a waiter is unsuccessful, it will raise an error. All of the failure errors extend from Waiters::Errors::WaiterFailed.

begin
  client.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

Valid Waiters

The following table lists the valid waiter names, the operations they call, and the default :delay and :max_attempts values.

waiter_name params :delay :max_attempts
addon_active #describe_addon 10 60
addon_deleted #describe_addon 10 60
cluster_active #describe_cluster 30 40
cluster_deleted #describe_cluster 30 40
fargate_profile_active #describe_fargate_profile 10 60
fargate_profile_deleted #describe_fargate_profile 30 60
nodegroup_active #describe_nodegroup 30 80
nodegroup_deleted #describe_nodegroup 30 40

Parameters:

  • waiter_name (Symbol)
  • params (Hash) (defaults to: {})

    ({})

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :max_attempts (Integer)
  • :delay (Integer)
  • :before_attempt (Proc)
  • :before_wait (Proc)

Yields:

  • (w.waiter)

Returns:

  • (Boolean)

    Returns true if the waiter was successful.

Raises:

  • (Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  • (Errors::TooManyAttemptsError)

    Raised when the configured maximum number of attempts have been made, and the waiter is not yet successful.

  • (Errors::UnexpectedError)

    Raised when an error is encounted while polling for a resource that is not expected.

  • (Errors::NoSuchWaiterError)

    Raised when you request to wait for an unknown state.



5057
5058
5059
5060
5061
# File 'gems/aws-sdk-eks/lib/aws-sdk-eks/client.rb', line 5057

def wait_until(waiter_name, params = {}, options = {})
  w = waiter(waiter_name, options)
  yield(w.waiter) if block_given? # deprecated
  w.wait(params)
end