CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

eks.mddocs/compute/

EKS - Elastic Kubernetes Service

Amazon EKS is a managed Kubernetes service for running Kubernetes without managing control plane.

Common Tasks

Create an EKS cluster with node group

const cluster = new aws.eks.Cluster("my-cluster", {
    roleArn: clusterRole.arn,
    vpcConfig: {
        subnetIds: [subnet1.id, subnet2.id],
    },
    version: "1.28",
});

const nodeGroup = new aws.eks.NodeGroup("nodes", {
    clusterName: cluster.name,
    nodeRoleArn: nodeRole.arn,
    subnetIds: [subnet1.id, subnet2.id],
    scalingConfig: {
        desiredSize: 2,
        maxSize: 3,
        minSize: 1,
    },
    instanceTypes: ["t3.medium"],
});

Configure kubeconfig for cluster access

export const kubeconfig = pulumi.interpolate`
apiVersion: v1
clusters:
- cluster:
    server: ${cluster.endpoint}
    certificate-authority-data: ${cluster.certificateAuthority.data}
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: aws
      args:
        - eks
        - get-token
        - --cluster-name
        - ${cluster.name}
`;

Core Resources

Cluster

class Cluster extends pulumi.CustomResource {
    constructor(name: string, args?: ClusterArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
    readonly endpoint: pulumi.Output<string>;
    readonly certificateAuthority: pulumi.Output<ClusterCertificateAuthority>;
}

interface ClusterArgs {
    roleArn: pulumi.Input<string>;
    vpcConfig: pulumi.Input<ClusterVpcConfig>;
    version?: pulumi.Input<string>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface ClusterCertificateAuthority {
    data: pulumi.Output<string>;
}

interface ClusterVpcConfig {
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
    securityGroupIds?: pulumi.Input<pulumi.Input<string>[]>;
    endpointPublicAccess?: pulumi.Input<boolean>;
    endpointPrivateAccess?: pulumi.Input<boolean>;
    publicAccessCidrs?: pulumi.Input<pulumi.Input<string>[]>;
}

Usage Example:

// Create EKS cluster role
const clusterRole = new aws.iam.Role("eks-cluster-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "eks.amazonaws.com" },
        }],
    }),
});

new aws.iam.RolePolicyAttachment("eks-cluster-policy", {
    role: clusterRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
});

// Create EKS cluster
const cluster = new aws.eks.Cluster("my-cluster", {
    roleArn: clusterRole.arn,
    vpcConfig: {
        subnetIds: [subnet1.id, subnet2.id],
        endpointPrivateAccess: true,
        endpointPublicAccess: true,
        publicAccessCidrs: ["0.0.0.0/0"],
    },
    version: "1.28",
    tags: { Environment: "production" },
});

export const clusterEndpoint = cluster.endpoint;
export const clusterName = cluster.name;

NodeGroup

class NodeGroup extends pulumi.CustomResource {
    constructor(name: string, args: NodeGroupArgs, opts?: pulumi.CustomResourceOptions);
}

interface NodeGroupArgs {
    clusterName: pulumi.Input<string>;
    nodeRoleArn: pulumi.Input<string>;
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
    scalingConfig?: pulumi.Input<NodeGroupScalingConfig>;
    instanceTypes?: pulumi.Input<pulumi.Input<string>[]>;
}

interface NodeGroupScalingConfig {
    desiredSize?: pulumi.Input<number>;
    maxSize: pulumi.Input<number>;
    minSize: pulumi.Input<number>;
}

Usage Example:

// Create node role
const nodeRole = new aws.iam.Role("eks-node-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "ec2.amazonaws.com" },
        }],
    }),
});

// Attach required policies
new aws.iam.RolePolicyAttachment("eks-worker-node-policy", {
    role: nodeRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
});

new aws.iam.RolePolicyAttachment("eks-cni-policy", {
    role: nodeRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
});

new aws.iam.RolePolicyAttachment("eks-container-registry", {
    role: nodeRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
});

// Create node group
const nodeGroup = new aws.eks.NodeGroup("app-nodes", {
    clusterName: cluster.name,
    nodeRoleArn: nodeRole.arn,
    subnetIds: [subnet1.id, subnet2.id],
    scalingConfig: {
        desiredSize: 2,
        maxSize: 4,
        minSize: 1,
    },
    instanceTypes: ["t3.medium"],
    tags: { Environment: "production" },
});

Usage Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create EKS cluster role
const clusterRole = new aws.iam.Role("eks-cluster-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "eks.amazonaws.com" },
        }],
    }),
});

new aws.iam.RolePolicyAttachment("eks-cluster-policy", {
    role: clusterRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
});

// Create EKS cluster
const cluster = new aws.eks.Cluster("my-cluster", {
    roleArn: clusterRole.arn,
    vpcConfig: {
        subnetIds: [subnet1.id, subnet2.id],
    },
    version: "1.28",
});

// Create node role
const nodeRole = new aws.iam.Role("eks-node-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "ec2.amazonaws.com" },
        }],
    }),
});

// Attach required policies
new aws.iam.RolePolicyAttachment("eks-worker-node-policy", {
    role: nodeRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
});

new aws.iam.RolePolicyAttachment("eks-cni-policy", {
    role: nodeRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
});

// Create node group
const nodeGroup = new aws.eks.NodeGroup("app-nodes", {
    clusterName: cluster.name,
    nodeRoleArn: nodeRole.arn,
    subnetIds: [subnet1.id, subnet2.id],
    scalingConfig: {
        desiredSize: 2,
        maxSize: 3,
        minSize: 1,
    },
    instanceTypes: ["t3.medium"],
});

export const clusterEndpoint = cluster.endpoint;
export const clusterName = cluster.name;

For complete EKS API, see All Services.

Related Services

  • EC2 - Provides compute instances for EKS worker nodes
  • VPC - Network isolation and configuration for EKS clusters
  • IAM - Manage cluster and node permissions
  • ECR - Store container images for Kubernetes workloads
  • ELB - Load balance traffic to Kubernetes services
  • Auto Scaling - Automatically scale EKS node groups
  • CloudWatch - Monitor EKS cluster and application metrics
  • KMS - Encrypt Kubernetes secrets at rest

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws@7.16.0

docs

compute

autoscaling.md

batch.md

ec2.md

ecr.md

ecs.md

eks.md

lambda.md

overview.md

index.md

quickstart.md

README.md

tile.json