Core EKS cluster creation and configuration providing comprehensive lifecycle management, networking integration, and security features.
Creates and manages an Amazon EKS cluster with full CDK integration.
/**
* Amazon EKS cluster construct
*/
class Cluster extends Construct implements ICluster {
constructor(scope: Construct, id: string, props: ClusterProps);
/** The VPC in which this Cluster was created */
readonly vpc: ec2.IVpc;
/** The physical name of the Cluster */
readonly clusterName: string;
/** The unique ARN assigned to the service by AWS */
readonly clusterArn: string;
/** The API Server endpoint URL */
readonly clusterEndpoint: string;
/** The certificate-authority-data for your cluster */
readonly clusterCertificateAuthorityData: string;
/** The id of the cluster security group that was created by Amazon EKS */
readonly clusterSecurityGroupId: string;
/** The cluster security group that was created by Amazon EKS */
readonly clusterSecurityGroup: ec2.ISecurityGroup;
/** The Open ID Connect Provider of the cluster */
readonly openIdConnectProvider: iam.IOpenIdConnectProvider;
/** Network connections manager */
readonly connections: ec2.Connections;
/** EKS service role */
readonly role: iam.IRole;
/** Default EC2 capacity if configured */
readonly defaultCapacity?: autoscaling.AutoScalingGroup;
/** Default managed node group if configured */
readonly defaultNodegroup?: Nodegroup;
/** Administrative role for cluster access */
readonly adminRole: iam.Role;
/** Add managed node group capacity */
addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup;
/** Add Fargate profile */
addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile;
/** Add self-managed Auto Scaling Group capacity */
addAutoScalingGroupCapacity(id: string, options: AutoScalingGroupCapacityOptions): autoscaling.AutoScalingGroup;
/** Create service account with IAM role */
addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount;
/** Apply Kubernetes manifest */
addManifest(id: string, ...manifest: Record<string, any>[]): KubernetesManifest;
/** Install Helm chart */
addHelmChart(id: string, options: HelmChartOptions): HelmChart;
/** Get service load balancer address */
getServiceLoadBalancerAddress(serviceName: string, options?: ServiceLoadBalancerAddressOptions): string;
/** Get ingress load balancer address */
getIngressLoadBalancerAddress(ingressName: string, options?: IngressLoadBalancerAddressOptions): string;
/** Connect external Auto Scaling Group to cluster */
connectAutoScalingGroupCapacity(autoScalingGroup: autoscaling.AutoScalingGroup, options: AutoScalingGroupOptions): void;
}
/**
* Cluster properties
*/
interface ClusterProps extends ClusterOptions {
/** VPC to launch the cluster in */
readonly vpc?: ec2.IVpc;
/** VPC subnets to use for the cluster */
readonly vpcSubnets?: ec2.SubnetSelection[];
/** Kubernetes version */
readonly version: KubernetesVersion;
/** IAM role for the EKS service */
readonly role?: iam.IRole;
}
/**
* Cluster configuration options
*/
interface ClusterOptions {
/** Name for the cluster */
readonly clusterName?: string;
/** Logging configuration */
readonly clusterLogging?: ClusterLoggingTypes[];
/** Endpoint access configuration */
readonly endpointAccess?: EndpointAccess;
/** Security groups to apply to the cluster */
readonly securityGroup?: ec2.ISecurityGroup;
/** Default capacity configuration */
readonly defaultCapacity?: number;
/** Default capacity type */
readonly defaultCapacityType?: DefaultCapacityType;
/** Default instance type */
readonly defaultCapacityInstance?: ec2.InstanceType;
/** Masters role ARN output */
readonly outputMastersRoleArn?: boolean;
/** Configure CoreDNS for Fargate */
readonly coreDnsComputeType?: CoreDnsComputeType;
/** Encryption configuration */
readonly secretsEncryptionKey?: kms.IKey;
/** Control plane placement */
readonly placeClusterHandlerInVpc?: boolean;
/** Kubernetes resource pruning */
readonly prune?: boolean;
/** Tags to apply */
readonly tags?: { [key: string]: string };
}Usage Examples:
import * as eks from "@aws-cdk/aws-eks";
import * as ec2 from "@aws-cdk/aws-ec2";
// Basic cluster
const cluster = new eks.Cluster(this, "MyCluster", {
version: eks.KubernetesVersion.V1_21,
});
// Advanced cluster configuration
const vpc = new ec2.Vpc(this, "VPC");
const cluster = new eks.Cluster(this, "AdvancedCluster", {
version: eks.KubernetesVersion.V1_21,
vpc: vpc,
vpcSubnets: [{ subnetType: ec2.SubnetType.Private }],
endpointAccess: eks.EndpointAccess.PRIVATE,
clusterLogging: [
eks.ClusterLoggingTypes.API,
eks.ClusterLoggingTypes.AUDIT,
],
defaultCapacity: 0, // No default capacity
});
// Get load balancer addresses
const serviceAddress = cluster.getServiceLoadBalancerAddress("my-service", {
namespace: "default",
timeout: Duration.minutes(10),
});
const ingressAddress = cluster.getIngressLoadBalancerAddress("my-ingress", {
namespace: "default",
});
// Connect existing Auto Scaling Group
const existingAsg = autoscaling.AutoScalingGroup.fromAutoScalingGroupName(
this, "ExistingASG", "my-existing-asg"
);
cluster.connectAutoScalingGroupCapacity(existingAsg, {
bootstrapOptions: {
useMaxPods: true,
kubeletExtraArgs: "--max-pods=110",
},
mapRole: true,
spotInterruptHandler: true,
});EKS cluster that runs entirely on AWS Fargate.
/**
* EKS cluster running entirely on AWS Fargate
*/
class FargateCluster extends Cluster {
constructor(scope: Construct, id: string, props: FargateClusterProps);
/** Default Fargate profile */
readonly defaultProfile: FargateProfile;
}
/**
* Fargate cluster properties
*/
interface FargateClusterProps extends ClusterOptions {
/** VPC to launch the cluster in */
readonly vpc?: ec2.IVpc;
/** Kubernetes version */
readonly version: KubernetesVersion;
/** Default profile selectors */
readonly defaultProfile?: FargateProfileOptions;
}/**
* Import an existing cluster
*/
static fromClusterAttributes(scope: Construct, id: string, attrs: ClusterAttributes): ICluster;
interface ClusterAttributes {
readonly clusterName: string;
readonly clusterArn?: string;
readonly vpc?: ec2.IVpc;
readonly clusterEndpoint?: string;
readonly clusterCertificateAuthorityData?: string;
readonly clusterSecurityGroupId?: string;
readonly clusterEncryptionConfigKeyArn?: string;
readonly kubectlRoleArn?: string;
readonly kubectlEnvironment?: { [key: string]: string };
readonly kubectlLambdaRole?: iam.IRole;
readonly kubectlLayer?: lambda.ILayerVersion;
readonly kubectlMemory?: Size;
readonly prune?: boolean;
readonly openIdConnectProvider?: iam.IOpenIdConnectProvider;
}/**
* Kubernetes version management
*/
class KubernetesVersion {
/** Create custom version */
static of(version: string): KubernetesVersion;
/** Kubernetes 1.14 */
static readonly V1_14: KubernetesVersion;
/** Kubernetes 1.15 */
static readonly V1_15: KubernetesVersion;
/** Kubernetes 1.16 */
static readonly V1_16: KubernetesVersion;
/** Kubernetes 1.17 */
static readonly V1_17: KubernetesVersion;
/** Kubernetes 1.18 */
static readonly V1_18: KubernetesVersion;
/** Kubernetes 1.19 */
static readonly V1_19: KubernetesVersion;
/** Kubernetes 1.20 */
static readonly V1_20: KubernetesVersion;
/** Kubernetes 1.21 */
static readonly V1_21: KubernetesVersion;
}/**
* EKS cluster endpoint access configuration
*/
class EndpointAccess {
/** Publicly accessible */
static readonly PUBLIC: EndpointAccess;
/** Privately accessible only */
static readonly PRIVATE: EndpointAccess;
/** Both public and private access */
static readonly PUBLIC_AND_PRIVATE: EndpointAccess;
/** Configure public access from specific CIDR blocks */
static onlyFrom(...cidr: string[]): EndpointAccess;
}/**
* EKS cluster logging types
*/
enum ClusterLoggingTypes {
/** API server logs */
API = "api",
/** Audit logs */
AUDIT = "audit",
/** Authenticator logs */
AUTHENTICATOR = "authenticator",
/** Controller manager logs */
CONTROLLER_MANAGER = "controllerManager",
/** Scheduler logs */
SCHEDULER = "scheduler"
}/**
* Default cluster capacity type
*/
enum DefaultCapacityType {
/** Managed node group */
NODEGROUP = "nodegroup",
/** Self-managed EC2 instances */
EC2 = "ec2"
}
/**
* CoreDNS compute type
*/
enum CoreDnsComputeType {
/** Run on EC2 instances */
EC2 = "ec2",
/** Run on Fargate */
FARGATE = "fargate"
}
/**
* Machine image type
*/
enum MachineImageType {
/** Amazon Linux 2 */
AMAZON_LINUX_2 = "AL2_x86_64",
/** Bottlerocket */
BOTTLEROCKET = "BOTTLEROCKET_x86_64"
}/**
* Options for getting service load balancer addresses
*/
interface ServiceLoadBalancerAddressOptions {
/** Timeout for waiting on the address */
readonly timeout?: Duration;
/** Kubernetes namespace */
readonly namespace?: string;
}
/**
* Options for getting ingress load balancer addresses
*/
interface IngressLoadBalancerAddressOptions extends ServiceLoadBalancerAddressOptions {}
/**
* Options for connecting Auto Scaling Groups
*/
interface AutoScalingGroupOptions {
/** Bootstrap options */
readonly bootstrapOptions?: BootstrapOptions;
/** Auto Scaling Group name */
readonly autoScalingGroupName?: string;
/** Machine image type */
readonly machineImageType?: MachineImageType;
/** Spot interrupt handler */
readonly spotInterruptHandler?: boolean;
/** Map role to aws-auth */
readonly mapRole?: boolean;
/** Enable bootstrap */
readonly bootstrapEnabled?: boolean;
}