L2 Construct

Cluster

A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.

Import

import { Cluster } from 'aws-cdk-lib/aws-eks-v2';

Or use the module namespace:

import * as eks_v2 from 'aws-cdk-lib/aws-eks-v2';
// eks_v2.Cluster

Properties

Configuration passed to the constructor as ClusterProps.

bootstrapClusterCreatorAdminPermissionsOptional

boolean

Whether or not IAM principal of the cluster creator was set as a cluster admin access entry during cluster creation time. Changing this value after the cluster has been created will result in the cluster being replaced.

Default: true

bootstrapSelfManagedAddonsOptional

boolean

If you set this value to False when creating a cluster, the default networking add-ons will not be installed. The default networking addons include vpc-cni, coredns, and kube-proxy. Use this option when you plan to install third-party alternative add-ons or self-manage the default networking add-ons. Changing this value after the cluster has been created will result in the cluster being replaced.

Default: true if the mode is not EKS Auto Mode

computeOptional

ComputeConfig

Configuration for compute settings in Auto Mode. When enabled, EKS will automatically manage compute resources.

Default: - Auto Mode compute disabled

defaultCapacityOptional

number

Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through `defaultCapacityInstanceType`, which defaults to `m5.large`. Use `cluster.addAutoScalingGroupCapacity` to add additional customized capacity. Set this to `0` is you wish to avoid the initial capacity allocation.

Default: 2

defaultCapacityInstanceOptional

InstanceType

The instance type to use for the default capacity. This will only be taken into account if `defaultCapacity` is > 0.

Default: m5.large

defaultCapacityTypeOptional

DefaultCapacityType

The default capacity type for the cluster.

Default: AUTOMODE

outputConfigCommandOptional

boolean

Determines whether a CloudFormation output with the `aws eks update-kubeconfig` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role.

Default: true

20 properties inherited from ClusterCommonOptions

versionRequiredinherited from ClusterCommonOptions

KubernetesVersion

The Kubernetes version to run in the cluster.

albControllerOptionalinherited from ClusterCommonOptions

AlbControllerOptions

Install the AWS Load Balancer Controller onto the cluster.

Default: - The controller is not installed.

clusterLoggingOptionalinherited from ClusterCommonOptions

ClusterLoggingTypes[]

The cluster log types which you want to enable.

Default: - none

clusterNameOptionalinherited from ClusterCommonOptions

string

Name for the cluster.

Default: - Automatically generated name

coreDnsComputeTypeOptionalinherited from ClusterCommonOptions

CoreDnsComputeType

Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.

Default: CoreDnsComputeType.EC2 (for `FargateCluster` the default is FARGATE)

endpointAccessOptionalinherited from ClusterCommonOptions

EndpointAccess

Configure access to the Kubernetes API server endpoint..

Default: EndpointAccess.PUBLIC_AND_PRIVATE

ipFamilyOptionalinherited from ClusterCommonOptions

IpFamily

Specify which IP family is used to assign Kubernetes pod and service IP addresses.

Default: IpFamily.IP_V4

kubectlProviderOptionsOptionalinherited from ClusterCommonOptions

KubectlProviderOptions

Options for creating the kubectl provider - a lambda function that executes `kubectl` and `helm` against the cluster. If defined, `kubectlLayer` is a required property.

Default: - kubectl provider will not be created

mastersRoleOptionalinherited from ClusterCommonOptions

IRole

An IAM role that will be added to the `system:masters` Kubernetes RBAC group.

Default: - no masters role.

pruneOptionalinherited from ClusterCommonOptions

boolean

Indicates whether Kubernetes resources added through `addManifest()` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the `kubectl apply` operation with the `--prune` switch.

Default: true

remoteNodeNetworksOptionalinherited from ClusterCommonOptions

RemoteNodeNetwork[]

IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster.

Default: - none

remotePodNetworksOptionalinherited from ClusterCommonOptions

RemotePodNetwork[]

IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes.

Default: - none

removalPolicyOptionalinherited from ClusterCommonOptions

RemovalPolicy

The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct.

Default: - Resources will be deleted.

roleOptionalinherited from ClusterCommonOptions

IRole

Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.

Default: - A role is automatically created for you

secretsEncryptionKeyOptionalinherited from ClusterCommonOptions

IKeyRef

KMS secret for envelope encryption for Kubernetes secrets.

Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.

securityGroupOptionalinherited from ClusterCommonOptions

ISecurityGroup

Security Group to use for Control Plane ENIs.

Default: - A security group is automatically created

serviceIpv4CidrOptionalinherited from ClusterCommonOptions

string

The CIDR block to assign Kubernetes service IP addresses from.

Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks

tagsOptionalinherited from ClusterCommonOptions

{ [key: string]: string }

The tags assigned to the EKS cluster.

Default: - none

vpcOptionalinherited from ClusterCommonOptions

IVpc

The VPC in which to create the Cluster.

Default: - a VPC with default configuration will be created and can be accessed through `cluster.vpc`.

vpcSubnetsOptionalinherited from ClusterCommonOptions

SubnetSelection[]

Where to place EKS Control Plane ENIs. For example, to only select private subnets, supply the following: `vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]`

Default: - All public and private subnets

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL2 (Higher-level)

Moduleaws-eks-v2

Properties27

Related Constructs

External Links

CDK API Documentation