Package @pulumi/eks

var eks = require("@pulumi/eks");
import * as eks from "@pulumi/eks";

class Cluster

extends ComponentResource

Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.

constructor

new Cluster(name: string, args?: ClusterOptions, opts?: pulumi.ComponentResourceOptions)

Create a new EKS cluster with worker nodes, optional storage classes, and deploy the Kubernetes Dashboard if requested.

  • name The unique name of this component.
  • args The arguments for this cluster.
  • opts A bag of options that control this copmonent's behavior.

method createNodeGroup

createNodeGroup(name: string, args: ClusterNodeGroupOptions): NodeGroup

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property clusterSecurityGroup

public clusterSecurityGroup: aws.ec2.SecurityGroup;

The security group for the EKS cluster.

property core

public core: CoreData;

The EKS cluster and it’s dependencies.

property defaultNodeGroup

public defaultNodeGroup: NodeGroupData | undefined;

The default Node Group configuration, or undefined if skipDefaultNodeGroup was specified.

property eksCluster

public eksCluster: aws.eks.Cluster;

The EKS cluster.

property eksClusterIngressRule

public eksClusterIngressRule: aws.ec2.SecurityGroupRule;

The ingress rule that gives node group access to cluster API server

property instanceRole

public instanceRole: pulumi.Output<aws.iam.Role>;

The service role used by the EKS cluster.

property kubeconfig

public kubeconfig: pulumi.Output<any>;

A kubeconfig that can be used to connect to the EKS cluster. This must be serialized as a string before passing to the Kubernetes provider.

property nodeSecurityGroup

public nodeSecurityGroup: aws.ec2.SecurityGroup;

The security group for the cluster’s nodes.

property provider

public provider: k8s.Provider;

A Kubernetes resource provider that can be used to deploy into this cluster. For example, the code below will create a new Pod in the EKS cluster.

let eks = new Cluster("eks");
let pod = new kubernetes.core.v1.Pod("pod", { ... }, { provider: eks.provider });

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class NodeGroup

extends ComponentResource
implements NodeGroupData

NodeGroup is a component that wraps the AWS EC2 instances that provide compute capacity for an EKS cluster.

constructor

new NodeGroup(name: string, args: NodeGroupOptions, opts?: pulumi.ComponentResourceOptions)

Create a new EKS cluster with worker nodes, optional storage classes, and deploy the Kubernetes Dashboard if requested.

  • name The unique name of this component.
  • args The arguments for this cluster.
  • opts A bag of options that control this copmonent's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property autoScalingGroupName

autoScalingGroupName: pulumi.Output<string>;

The AutoScalingGroup name for the Node group.

property cfnStack

cfnStack: aws.cloudformation.Stack;

The CloudFormation Stack which defines the Node AutoScalingGroup.

property nodeSecurityGroup

public nodeSecurityGroup: aws.ec2.SecurityGroup;

The security group for the cluster’s nodes.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ServiceRole

extends ComponentResource

The ServiceRole component creates an IAM role for a particular service and attaches to it a list of well-known managed policies.

constructor

new ServiceRole(name: string, args: ServiceRoleArgs, opts?: pulumi.ResourceOptions)

Create a new ServiceRole.

  • name The unique name of this component.
  • args The arguments for this cluster.
  • opts A bag of options that control this copmonent's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property role

public role: pulumi.Output<aws.iam.Role>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class VpcCni

extends Resource

VpcCni manages the configuration of the Amazon VPC CNI plugin for Kubernetes by applying its YAML chart. Once Pulumi is able to programatically manage existing infrastructure, we can replace this with a real k8s resource.

constructor

new VpcCni(name: string, kubeconfig: pulumi.Input<any>, args?: VpcCniOptions, opts?: pulumi.CustomResourceOptions)

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function createCore

createCore(name: string, args: ClusterOptions, parent: pulumi.ComponentResource): CoreData

function createDashboard

createDashboard(name: string, args: DashboardOptions, parent: pulumi.ComponentResource, k8sProvider: k8s.Provider): void

function createNodeGroup

createNodeGroup(name: string, args: NodeGroupOptions, parent: pulumi.ComponentResource, k8sProvider: k8s.Provider): NodeGroupData

function createNodeGroupSecurityGroup

createNodeGroupSecurityGroup(name: string, args: NodeGroupSecurityGroupOptions, parent: pulumi.ComponentResource): aws.ec2.SecurityGroup

function createStorageClass

createStorageClass(name: string, storageClass: StorageClass, opts: pulumi.CustomResourceOptions): void

interface ClusterNodeGroupOptions

NodeGroupOptions describes the configuration options accepted by a cluster to create its own node groups. It’s a subset of NodeGroupOptions.

property amiId

amiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the value of Amazon EKS - Optimized AMI if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property desiredCapacity

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property instanceType

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property keyName

keyName?: pulumi.Input<string>;

Name of the key pair to use for SSH access to worker nodes.

property labels

labels?: undefined | {[key: string]: string};

Custom k8s node labels to be attached to each woker node

property maxSize

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodePublicKey

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSecurityGroup

nodeSecurityGroup?: aws.ec2.SecurityGroup;

The security group to use for all nodes in this worker node group.

property nodeSubnetIds

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The IDs of the explicit node subnets to attach to the worker node group.

This option overrides clusterSubnetIds option.

property nodeUserData

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property spotPrice

spotPrice?: pulumi.Input<string>;

Bidding price for spot instance. If set, only spot instances will be added as worker node

interface ClusterOptions

ClusterOptions describes the configuration options accepted by an EKSCluster component.

property customInstanceRolePolicy

customInstanceRolePolicy?: pulumi.Input<string>;

Attach a custom role policy to worker node instance role

property deployDashboard

deployDashboard?: undefined | false | true;

Whether or not to deploy the Kubernetes dashboard to the cluster. If the dashboard is deployed, it can be accessed as follows:

  1. Retrieve an authentication token for the dashboard by running the following and copying the value of token from the output of the last command:

    $ kubectl -n kube-system get secret | grep eks-admin | awk ‘{print $1}’ $ kubectl -n kube-system describe secret

  2. Start the kubectl proxt:

    $ kubectl proxy

  3. Open http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ in a web browser.
  4. Choose Token authentication, paste the token retrieved earlier into the Token field, and sign in.

Defaults to true.

property desiredCapacity

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property instanceRole

instanceRole?: pulumi.Input<aws.iam.Role>;

The instance role to use for all nodes in this node group.

property instanceType

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property maxSize

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodeAmiId

nodeAmiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the value of Amazon EKS - Optimized AMI if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property nodePublicKey

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSubnetIds

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The subnets to use for worker nodes. Defaults to the value of subnetIds.

property nodeUserData

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property roleMappings

roleMappings?: pulumi.Input<pulumi.Input<RoleMapping>[]>;

Optional mappings from AWS IAM roles to Kubernetes users and groups.

property skipDefaultNodeGroup

skipDefaultNodeGroup?: undefined | false | true;

If this toggle is set to true, the EKS cluster will be created without node group attached.

property storageClasses

storageClasses?: {[name: string]: StorageClass} | EBSVolumeType;

An optional set of StorageClasses to enable for the cluster. If this is a single volume type rather than a map, a single StorageClass will be created for that volume type and made the cluster’s default StorageClass.

Defaults to “gp2”.

property subnetIds

subnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The subnets to attach to the EKS cluster. If either vpcId or subnetIds is unset, the cluster will use the default VPC’s subnets. If the list of subnets includes both public and private subnets, the Kubernetes API server and the worker nodes will only be attached to the private subnets. See https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html for more details.

property userMappings

userMappings?: pulumi.Input<pulumi.Input<UserMapping>[]>;

Optional mappings from AWS IAM users to Kubernetes users and groups.

property vpcCniOptions

vpcCniOptions?: VpcCniOptions;

The configuration of the Amazon VPC CNI plugin for this instance. Defaults are described in the documentation for the VpcCniOptions type.

property vpcId

vpcId?: pulumi.Input<string>;

The VPC in which to create the cluster and its worker nodes. If unset, the cluster will be created in the default VPC.

interface CoreData

CoreData defines the core set of data associated with an EKS cluster, including the network in which is runs.

property cluster

cluster: aws.eks.Cluster;

property clusterSecurityGroup

clusterSecurityGroup: aws.ec2.SecurityGroup;

property eksNodeAccess

eksNodeAccess?: k8s.core.v1.ConfigMap;

property instanceProfile

instanceProfile: aws.iam.InstanceProfile;

property kubeconfig

kubeconfig?: pulumi.Output<any>;

property provider

provider: k8s.Provider;

property subnetIds

subnetIds: pulumi.Output<string[]>;

property vpcCni

vpcCni?: VpcCni;

property vpcId

interface DashboardOptions

interface NodeGroupData

property autoScalingGroupName

autoScalingGroupName: pulumi.Output<string>;

The AutoScalingGroup name for the node group.

property cfnStack

cfnStack: aws.cloudformation.Stack;

The CloudFormation Stack which defines the node group’s AutoScalingGroup.

property nodeSecurityGroup

nodeSecurityGroup: aws.ec2.SecurityGroup;

The security group for the node group.

interface NodeGroupOptions

NodeGroupOptions describes the configuration options accepted by a NodeGroup component.

property amiId

amiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the value of Amazon EKS - Optimized AMI if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property cluster

cluster: Cluster | CoreData;

The target EKS cluster.

property clusterIngressRule

clusterIngressRule?: aws.ec2.SecurityGroupRule;

The ingress rule that gives node group access.

property desiredCapacity

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property instanceType

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property keyName

keyName?: pulumi.Input<string>;

Name of the key pair to use for SSH access to worker nodes.

property labels

labels?: undefined | {[key: string]: string};

Custom k8s node labels to be attached to each woker node

property maxSize

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodePublicKey

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSecurityGroup

nodeSecurityGroup?: aws.ec2.SecurityGroup;

The security group to use for all nodes in this worker node group.

property nodeSubnetIds

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The IDs of the explicit node subnets to attach to the worker node group.

This option overrides clusterSubnetIds option.

property nodeUserData

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property spotPrice

spotPrice?: pulumi.Input<string>;

Bidding price for spot instance. If set, only spot instances will be added as worker node

interface NodeGroupSecurityGroupOptions

property clusterSecurityGroup

clusterSecurityGroup: aws.ec2.SecurityGroup;

The security group associated with the EKS cluster.

property eksCluster

eksCluster: aws.eks.Cluster;

The security group associated with the EKS cluster.

property vpcId

vpcId: pulumi.Input<string>;

The VPC in which to create the worker node group.

interface RoleMapping

RoleMapping describes a mapping from an AWS IAM role to a Kubernetes user and groups.

property groups

groups: pulumi.Input<pulumi.Input<string>[]>;

A list of groups within Kubernetes to which the role is mapped.

property roleArn

roleArn: pulumi.Input<aws.ARN>;

The ARN of the IAM role to add.

property username

username: pulumi.Input<string>;

The user name within Kubernetes to map to the IAM role. By default, the user name is the ARN of the IAM role.

interface ServiceRoleArgs

ServiceRoleArgs describe the parameters to a ServiceRole component.

property description

description?: pulumi.Input<string>;

The description of the role.

property managedPolicyArns

managedPolicyArns?: string[];

One or more managed policy ARNs to attach to this role.

property service

service: pulumi.Input<string>;

The service associated with this role.

interface StorageClass

StorageClass describes the inputs to a single Kubernetes StorageClass provisioned by AWS. Any number of storage classes can be added to a cluster at creation time. One of these storage classes may be configured the default storage class for the cluster.

property allowVolumeExpansion

allowVolumeExpansion?: pulumi.Input<boolean>;

AllowVolumeExpansion shows whether the storage class allow volume expand

property default

default?: pulumi.Input<boolean>;

True if this storage class should be the default storage class for the cluster.

property encrypted

encrypted?: pulumi.Input<boolean>;

Denotes whether the EBS volume should be encrypted.

property iopsPerGb

iopsPerGb?: pulumi.Input<number>;

I/O operations per second per GiB for “io1” volumes. The AWS volume plugin multiplies this with the size of a requested volume to compute IOPS of the volume and caps the result at 20,000 IOPS.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

The full Amazon Resource Name of the key to use when encrypting the volume. If none is supplied but encrypted is true, a key is generated by AWS.

property metadata

metadata?: pulumi.Input<k8sInputs.meta.v1.ObjectMeta>;

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

property mountOptions

mountOptions?: pulumi.Input<string[]>;

Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. [“ro”, “soft”]. Not validated - mount of the PVs will simply fail if one is invalid.

property reclaimPolicy

reclaimPolicy?: pulumi.Input<string>;

Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete.

property type

type: pulumi.Input<EBSVolumeType>;

The EBS volume type.

property volumeBindingMode

volumeBindingMode?: pulumi.Input<string>;

VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is alpha-level and is only honored by servers that enable the VolumeScheduling feature.

property zones

zones?: pulumi.Input<pulumi.Input<string>[]>;

The AWS zone or zones for the EBS volume. If zones is not specified, volumes are generally round-robin-ed across all active zones where Kubernetes cluster has a node. zone and zones parameters must not be used at the same time.

interface UserMapping

UserMapping describes a mapping from an AWS IAM user to a Kubernetes user and groups.

property groups

groups: pulumi.Input<pulumi.Input<string>[]>;

A list of groups within Kubernetes to which the user is mapped to.

property userArn

userArn: pulumi.Input<aws.ARN>;

The ARN of the IAM user to add.

property username

username: pulumi.Input<string>;

The user name within Kubernetes to map to the IAM user. By default, the user name is the ARN of the IAM user.

interface VpcCniOptions

VpcCniOptions describes the configuration options available for the Amazon VPC CNI plugin for Kubernetes.

property customNetworkConfig

customNetworkConfig?: pulumi.Input<boolean>;

Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster’s resourcesVpcConfig.

Defaults to false.

property externalSnat

externalSnat?: pulumi.Input<boolean>;

Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.

Defaults to false.

property nodePortSupport

nodePortSupport?: pulumi.Input<boolean>;

Specifies whether NodePort services are enabled on a worker node’s primary network interface. This requires additional iptables rules and that the kernel’s reverse path filter on the primary interface is set to loose.

Defaults to true.

property warmEniTarget

warmEniTarget?: pulumi.Input<number>;

Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.

Defaults to 1.

property warmIpTarget

warmIpTarget?: pulumi.Input<number>;

Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.

type EBSVolumeType

type EBSVolumeType = "io1" | "gp2" | "sc1" | "st1";

EBSVolumeType lists the set of volume types accepted by an EKS storage class.