tessl/npm-aws-cdk--aws-eks
AWS CDK v1 constructs for Amazon Elastic Kubernetes Service (EKS) clusters, node groups, Fargate profiles, and Kubernetes resource management
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
To install, run
npx @tessl/cli install tessl/npm-aws-cdk--aws-eks@1.204.0index.mddocs/
AWS CDK EKS
AWS CDK EKS provides AWS CDK v1 constructs for Amazon Elastic Kubernetes Service (EKS). It enables Infrastructure as Code for EKS clusters, managed node groups, Fargate profiles, service accounts, and comprehensive Kubernetes resource management through CDK constructs.
Note: This is part of AWS CDK v1 which reached End-of-Support on 2023-06-01. Users should migrate to AWS CDK v2 for continued support and updates.
Package Information
- Package Name: @aws-cdk/aws-eks
- Package Type: npm
- Language: TypeScript
- Installation:
npm install @aws-cdk/aws-eks - Version: 1.204.0
- License: Apache-2.0
Core Imports
import * as eks from "@aws-cdk/aws-eks";
import { Cluster, KubernetesVersion, NodegroupAmiType } from "@aws-cdk/aws-eks";For CommonJS:
const eks = require("@aws-cdk/aws-eks");
const { Cluster, KubernetesVersion, NodegroupAmiType } = require("@aws-cdk/aws-eks");Basic Usage
import * as cdk from "@aws-cdk/core";
import * as ec2 from "@aws-cdk/aws-ec2";
import * as eks from "@aws-cdk/aws-eks";
export class EksStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create EKS cluster
const cluster = new eks.Cluster(this, "MyCluster", {
version: eks.KubernetesVersion.V1_21,
defaultCapacity: 2,
});
// Add managed node group
cluster.addNodegroupCapacity("NodeGroup", {
instanceTypes: [new ec2.InstanceType("t3.medium")],
minSize: 1,
maxSize: 5,
});
// Deploy Kubernetes manifest
cluster.addManifest("MyPod", {
apiVersion: "v1",
kind: "Pod",
metadata: { name: "hello-kubernetes" },
spec: {
containers: [
{
name: "hello",
image: "paulbouwer/hello-kubernetes:1.5",
ports: [{ containerPort: 8080 }],
},
],
},
});
}
}Architecture
AWS CDK EKS is built around several key components:
- Cluster Management:
ClusterandFargateClusterclasses provide comprehensive EKS cluster lifecycle management - Compute Options: Support for managed node groups, self-managed EC2 instances, and AWS Fargate
- Kubernetes Integration: Direct manifest deployment, Helm chart installation, and CDK8s integration
- IAM Integration: Service accounts with IAM role binding (IRSA), aws-auth ConfigMap management
- Networking: VPC integration, security group management, and endpoint access control
- Resource Providers: Lambda-based kubectl provider for custom resource operations
Capabilities
Cluster Management
Core EKS cluster creation and configuration with support for multiple compute types, networking options, and security features.
class Cluster extends Construct implements ICluster {
constructor(scope: Construct, id: string, props: ClusterProps);
readonly vpc: ec2.IVpc;
readonly clusterName: string;
readonly clusterArn: string;
readonly clusterEndpoint: string;
addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup;
addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile;
addAutoScalingGroupCapacity(id: string, options: AutoScalingGroupCapacityOptions): autoscaling.AutoScalingGroup;
}
interface ClusterProps extends ClusterOptions {
readonly vpc?: ec2.IVpc;
readonly vpcSubnets?: ec2.SubnetSelection[];
readonly version: KubernetesVersion;
readonly role?: iam.IRole;
}Node Groups
Managed and self-managed node group configuration with support for multiple instance types, scaling policies, and launch templates.
class Nodegroup extends Construct implements INodegroup {
constructor(scope: Construct, id: string, props: NodegroupProps);
readonly nodegroupName: string;
readonly nodegroupArn: string;
readonly cluster: ICluster;
}
interface NodegroupOptions {
readonly instanceTypes?: ec2.InstanceType[];
readonly amiType?: NodegroupAmiType;
readonly capacityType?: CapacityType;
readonly minSize?: number;
readonly maxSize?: number;
readonly desiredSize?: number;
}Fargate Profiles
AWS Fargate integration for serverless Kubernetes workloads with namespace and selector-based scheduling.
class FargateProfile extends Construct {
constructor(scope: Construct, id: string, props: FargateProfileProps);
readonly fargateProfileName: string;
readonly fargateProfileArn: string;
readonly podExecutionRole: iam.IRole;
}
interface FargateProfileOptions {
readonly selectors: Selector[];
readonly podExecutionRole?: iam.IRole;
readonly vpc?: ec2.IVpc;
readonly subnets?: ec2.SubnetSelection;
}Service Accounts
Kubernetes service accounts with IAM role binding (IRSA) for secure AWS service access from pods.
class ServiceAccount extends Construct implements iam.IPrincipal {
constructor(scope: Construct, id: string, props: ServiceAccountProps);
readonly role: iam.IRole;
readonly serviceAccountName: string;
readonly serviceAccountNamespace: string;
addToPrincipalPolicy(statement: iam.PolicyStatement): iam.AddToPrincipalPolicyResult;
}
interface ServiceAccountOptions {
readonly name?: string;
readonly namespace?: string;
readonly annotations?: { [key: string]: string };
readonly labels?: { [key: string]: string };
}Kubernetes Resources
Direct Kubernetes resource management including manifests, Helm charts, patches, and value queries.
class KubernetesManifest extends Construct {
constructor(scope: Construct, id: string, props: KubernetesManifestProps);
}
class HelmChart extends Construct {
constructor(scope: Construct, id: string, props: HelmChartProps);
}
class KubernetesPatch extends Construct {
constructor(scope: Construct, id: string, props: KubernetesPatchProps);
}
class KubernetesObjectValue extends Construct {
constructor(scope: Construct, id: string, props: KubernetesObjectValueProps);
readonly value: string;
}Authentication & Authorization
IAM to Kubernetes RBAC integration through aws-auth ConfigMap management and OIDC provider configuration.
class AwsAuth extends Construct {
constructor(scope: Construct, id: string, props: AwsAuthProps);
addMastersRole(role: iam.IRole, username?: string): void;
addRoleMapping(role: iam.IRole, mapping: AwsAuthMapping): void;
addUserMapping(user: iam.IUser, mapping: AwsAuthMapping): void;
addAccount(accountId: string): void;
}
class OpenIdConnectProvider extends iam.OpenIdConnectProvider {
constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps);
}Authentication & Authorization
Load Balancer Controller
AWS Load Balancer Controller installation and configuration for ingress and service load balancing.
class AlbController extends Construct {
constructor(scope: Construct, id: string, props: AlbControllerProps);
static create(scope: Construct, props: AlbControllerProps): AlbController;
}
interface AlbControllerOptions {
readonly version?: AlbControllerVersion;
readonly repository?: string;
readonly namespace?: string;
}Kubectl Provider
Lambda-based custom resource provider for executing kubectl operations in EKS clusters.
class KubectlProvider extends NestedStack implements IKubectlProvider {
constructor(scope: Construct, id: string, props: KubectlProviderProps);
readonly serviceToken: string;
readonly roleArn: string;
readonly handlerRole: iam.IRole;
static getOrCreate(scope: Construct, cluster: ICluster): IKubectlProvider;
static fromKubectlProviderAttributes(scope: Construct, id: string, attrs: KubectlProviderAttributes): IKubectlProvider;
}
interface KubectlProviderProps {
readonly cluster: ICluster;
}Utilities
Helper functions and constants for EKS node configuration and instance type classification.
function renderAmazonLinuxUserData(
cluster: ICluster,
autoScalingGroup: autoscaling.AutoScalingGroup,
options?: BootstrapOptions
): string[];
function renderBottlerocketUserData(cluster: ICluster): string[];
const INSTANCE_TYPES: {
readonly gpu: string[];
readonly inferentia: string[];
readonly graviton: string[];
readonly graviton2: string[];
};
enum LifecycleLabel {
ON_DEMAND = "OnDemand",
SPOT = "Ec2Spot"
}