1. Docs
  2. Reference
  3. API
  4. @pulumi/eks

Package @pulumi/eks

TypeScript JavaScript 
var eks = require("@pulumi/eks");

import * as eks from "@pulumi/eks";

Resources

Others

Resources

Resource Cluster 

class Cluster extends ComponentResource

Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.

constructor 

new Cluster(name: string, args?: ClusterOptions, opts?: pulumi.ComponentResourceOptions)

Create a new EKS cluster with worker nodes, optional storage classes, and deploy the Kubernetes Dashboard if requested.

  • name The unique name of this component.
  • args The arguments for this cluster.
  • opts A bag of options that control this component's behavior.

method createNodeGroup 

createNodeGroup(name: string, args: ClusterNodeGroupOptions): NodeGroup

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs 

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property clusterSecurityGroup 

public clusterSecurityGroup: aws.ec2.SecurityGroup;

The security group for the EKS cluster.

property core 

public core: CoreData;

The EKS cluster and it’s dependencies.

property defaultNodeGroup 

public defaultNodeGroup: NodeGroupData | undefined;

The default Node Group configuration, or undefined if skipDefaultNodeGroup was specified.

property eksCluster 

public eksCluster: aws.eks.Cluster;

The EKS cluster.

property eksClusterIngressRule 

public eksClusterIngressRule: aws.ec2.SecurityGroupRule;

The ingress rule that gives node group access to cluster API server

property instanceRoles 

public instanceRoles: pulumi.Output<aws.iam.Role[]>;

The service roles used by the EKS cluster.

property kubeconfig 

public kubeconfig: pulumi.Output<any>;

A kubeconfig that can be used to connect to the EKS cluster. This must be serialized as a string before passing to the Kubernetes provider.

property nodeSecurityGroup 

public nodeSecurityGroup: aws.ec2.SecurityGroup;

The security group for the cluster’s nodes.

property provider 

public provider: k8s.Provider;

A Kubernetes resource provider that can be used to deploy into this cluster. For example, the code below will create a new Pod in the EKS cluster.

let eks = new Cluster("eks");
let pod = new kubernetes.core.v1.Pod("pod", { ... }, { provider: eks.provider });

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource NodeGroup 

 implements NodeGroupData

NodeGroup is a component that wraps the AWS EC2 instances that provide compute capacity for an EKS cluster.

constructor 

new NodeGroup(name: string, args: NodeGroupOptions, opts?: pulumi.ComponentResourceOptions)

Create a new EKS cluster with worker nodes, optional storage classes, and deploy the Kubernetes Dashboard if requested.

  • name The unique name of this component.
  • args The arguments for this cluster.
  • opts A bag of options that control this component's behavior.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs 

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property autoScalingGroupName 

autoScalingGroupName: pulumi.Output<string>;

The AutoScalingGroup name for the Node group.

property cfnStack 

cfnStack: aws.cloudformation.Stack;

The CloudFormation Stack which defines the Node AutoScalingGroup.

property nodeSecurityGroup 

public nodeSecurityGroup: aws.ec2.SecurityGroup;

The security group for the cluster’s nodes.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ServiceRole 

class ServiceRole extends ComponentResource

The ServiceRole component creates an IAM role for a particular service and attaches to it a list of well-known managed policies.

constructor 

new ServiceRole(name: string, args: ServiceRoleArgs, opts?: pulumi.ResourceOptions)

Create a new ServiceRole.

  • name The unique name of this component.
  • args The arguments for this cluster.
  • opts A bag of options that control this component's behavior.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs 

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

property role 

public role: pulumi.Output<aws.iam.Role>;

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource VpcCni 

class VpcCni extends Resource

VpcCni manages the configuration of the Amazon VPC CNI plugin for Kubernetes by applying its YAML chart. Once Pulumi is able to programatically manage existing infrastructure, we can replace this with a real k8s resource.

constructor 

new VpcCni(name: string, kubeconfig: pulumi.Input<any>, args?: VpcCniOptions, opts?: pulumi.CustomResourceOptions)

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface ClusterNodeGroupOptions 

interface ClusterNodeGroupOptions extends NodeGroupBaseOptions

ClusterNodeGroupOptions describes the configuration options accepted by a cluster to create its own node groups. It’s a subset of NodeGroupOptions.

property amiId 

amiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the current value of Amazon EKS - Optimized AMI at time of resource creation if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property autoScalingGroupTags 

autoScalingGroupTags?: InputTags;

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

property bootstrapExtraArgs 

bootstrapExtraArgs?: undefined | string;

Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

property cloudFormationTags 

cloudFormationTags?: InputTags;

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

property clusterIngressRule 

clusterIngressRule?: aws.ec2.SecurityGroupRule;

The ingress rule that gives node group access.

property desiredCapacity 

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property instanceProfile 

instanceProfile?: aws.iam.InstanceProfile;

The instance profile to use for this node group. Note, the role for the instance profile must be supplied in the ClusterOptions as either: ‘instanceRole’, or as a role of ‘instanceRoles’.

property instanceType 

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property keyName 

keyName?: pulumi.Input<string>;

Name of the key pair to use for SSH access to worker nodes.

property kubeletExtraArgs 

kubeletExtraArgs?: undefined | string;

Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the expicit kubeletExtraArgs.

property labels 

labels?: undefined | {[key: string]: string};

Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the --node-labels kubelet argument.

property maxSize 

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize 

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodeAssociatePublicIpAddress 

nodeAssociatePublicIpAddress?: undefined | false | true;

Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.

property nodePublicKey 

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize 

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSecurityGroup 

nodeSecurityGroup?: aws.ec2.SecurityGroup;

The security group to use for all nodes in this worker node group.

Note: The nodeSecurityGroup option and the cluster option nodeSecurityGroupTags are mutually exclusive.

property nodeSubnetIds 

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

property nodeUserData 

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property spotPrice 

spotPrice?: pulumi.Input<string>;

Bidding price for spot instance. If set, only spot instances will be added as worker node

property taints 

taints?: undefined | {[key: string]: Taint};

Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument.

property version 

version?: pulumi.Input<string>;

Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

interface ClusterOptions 

interface ClusterOptions

ClusterOptions describes the configuration options accepted by an EKSCluster component.

property clusterSecurityGroup 

clusterSecurityGroup?: aws.ec2.SecurityGroup;

The security group to use for the cluster API endpoint. If not provided, a new security group will be created with full internet egress and ingress from node groups.

property clusterSecurityGroupTags 

clusterSecurityGroupTags?: InputTags;

The tags to apply to the cluster security group.

property creationRoleProvider 

creationRoleProvider?: CreationRoleProvider;

The IAM Role Provider used to create & authenticate against the EKS cluster. This role is given [system:masters] permission in K8S, See: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

property customInstanceRolePolicy

DEPRECATED This option has been replaced with the use of instanceRole or instanceRoles. The role provided to either option should already include all required policies.

Attach a custom role policy to worker node instance role 

customInstanceRolePolicy?: pulumi.Input<string>;

property deployDashboard

DEPRECATED This option has been deprecated due to a lack of support for it on EKS, and the general community recommendation to avoid using it for security concerns. If you'd like alternatives to deploy the dashboard, consider writing it in Pulumi, or using the Helm chart.

Whether or not to deploy the Kubernetes dashboard to the cluster. If the dashboard is deployed, it can be accessed as follows:

  1. Retrieve an authentication token for the dashboard by running the following and copying the value of token from the output of the last command:

    $ kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}' $ kubectl -n kube-system describe secret <output from previous command>

  2. Start the kubectl proxy:

    $ kubectl proxy

  3. Open http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ in a web browser.

  4. Choose Token authentication, paste the token retrieved earlier into the Token field, and sign in.

Defaults to true. 

deployDashboard?: undefined | false | true;

property desiredCapacity 

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property enabledClusterLogTypes 

enabledClusterLogTypes?: pulumi.Input<pulumi.Input<string>[]>;

Enable EKS control plane logging. This sends logs to cloudwatch. Possible list of values are: [“api”, “audit”, “authenticator”, “controllerManager”, “scheduler”]. By default it is off.

property endpointPrivateAccess 

endpointPrivateAccess?: undefined | false | true;

Indicates whether or not the Amazon EKS private API server endpoint is enabled. The default is false.

property endpointPublicAccess 

endpointPublicAccess?: undefined | false | true;

Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.

property fargate 

fargate?: boolean | FargateProfile;

Add support for launching pods in Fargate. Defaults to launching pods in the default namespace. If specified, the default node group is skipped as though skipDefaultNodeGroup: true had been passed.

property instanceProfileName 

instanceProfileName?: pulumi.Input<string>;

The default IAM InstanceProfile to use on the Worker NodeGroups, if one is not already set in the NodeGroup.

property instanceRole 

instanceRole?: pulumi.Input<aws.iam.Role>;

This enables the simple case of only registering a single IAM instance role with the cluster, that is required to be shared by all node groups in their instance profiles.

Note: options instanceRole and instanceRoles are mutually exclusive.

property instanceRoles 

instanceRoles?: pulumi.Input<pulumi.Input<aws.iam.Role>[]>;

This enables the advanced case of registering many IAM instance roles with the cluster for per node group IAM, instead of the simpler, shared case of instanceRole.

Note: options instanceRole and instanceRoles are mutually exclusive.

property instanceType 

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property maxSize 

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize 

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodeAmiId 

nodeAmiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the value of Amazon EKS - Optimized AMI if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property nodeAssociatePublicIpAddress 

nodeAssociatePublicIpAddress?: undefined | false | true;

Whether or not to auto-assign the EKS worker nodes public IP addresses. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.

property nodeGroupOptions 

nodeGroupOptions?: ClusterNodeGroupOptions;

The common configuration settings for NodeGroups.

property nodePublicKey 

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize 

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSecurityGroupTags 

nodeSecurityGroupTags?: InputTags;

The tags to apply to the default nodeSecurityGroup created by the cluster.

Note: The nodeSecurityGroupTags option and the node group option nodeSecurityGroup are mutually exclusive.

property nodeSubnetIds 

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The subnets to use for worker nodes. Defaults to the value of subnetIds.

property nodeUserData 

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property privateSubnetIds 

privateSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

property publicSubnetIds 

publicSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The set of public subnets to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.

If vpcId is not set, the cluster will use the AWS account’s default VPC subnets.

Worker network architecture options: - Private-only: Only set privateSubnetIds. - Default workers to run in a private subnet. In this setting, Kubernetes cannot create public, internet-facing load balancers for your pods. - Public-only: Only set publicSubnetIds. - Default workers to run in a public subnet. - Mixed (recommended): Set both privateSubnetIds and publicSubnetIds. - Default all worker nodes to run in private subnets, and use the public subnets for internet-facing load balancers.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.

Note: The use of subnetIds, along with publicSubnetIds and/or privateSubnetIds is mutually exclusive. The use of publicSubnetIds and privateSubnetIds is encouraged.

property roleMappings 

roleMappings?: pulumi.Input<pulumi.Input<RoleMapping>[]>;

Optional mappings from AWS IAM roles to Kubernetes users and groups.

property serviceRole 

serviceRole?: pulumi.Input<aws.iam.Role>;

IAM Service Role for EKS to use to manage the cluster.

property skipDefaultNodeGroup 

skipDefaultNodeGroup?: undefined | false | true;

If this toggle is set to true, the EKS cluster will be created without node group attached. Defaults to false, unless fargate input is provided.

property storageClasses 

storageClasses?: {[name: string]: StorageClass} | EBSVolumeType;

An optional set of StorageClasses to enable for the cluster. If this is a single volume type rather than a map, a single StorageClass will be created for that volume type.

Note: As of Kubernetes v1.11+ on EKS, a default gp2 storage class will always be created automatically for the cluster by the EKS service. See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html

property subnetIds 

subnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The set of all subnets, public and private, to use for the worker node groups on the EKS cluster. These subnets are automatically tagged by EKS for Kubernetes purposes.

If vpcId is not set, the cluster will use the AWS account’s default VPC subnets.

If the list of subnets includes both public and private subnets, the worker nodes will only be attached to the private subnets, and the public subnets will be used for internet-facing load balancers.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html.

Note: The use of subnetIds, along with publicSubnetIds and/or privateSubnetIds is mutually exclusive. The use of publicSubnetIds and privateSubnetIds is encouraged.

property tags 

tags?: InputTags;

Key-value mapping of tags that are automatically applied to all AWS resources directly under management with this cluster, which support tagging.

property userMappings 

userMappings?: pulumi.Input<pulumi.Input<UserMapping>[]>;

Optional mappings from AWS IAM users to Kubernetes users and groups.

property version 

version?: pulumi.Input<string>;

Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

property vpcCniOptions 

vpcCniOptions?: VpcCniOptions;

The configuration of the Amazon VPC CNI plugin for this instance. Defaults are described in the documentation for the VpcCniOptions type.

property vpcId 

vpcId?: pulumi.Input<string>;

The VPC in which to create the cluster and its worker nodes. If unset, the cluster will be created in the default VPC.

function computeWorkerSubnets 

computeWorkerSubnets(parent: pulumi.Resource, subnetIds: string[]): Promise<string[]>

interface CoreData 

interface CoreData

CoreData defines the core set of data associated with an EKS cluster, including the network in which it runs.

property cluster 

cluster: aws.eks.Cluster;

property clusterSecurityGroup 

clusterSecurityGroup: aws.ec2.SecurityGroup;

property eksNodeAccess 

eksNodeAccess?: k8s.core.v1.ConfigMap;

property fargateProfile 

fargateProfile?: aws.eks.FargateProfile;

property instanceRoles 

instanceRoles: pulumi.Output<aws.iam.Role[]>;

property kubeconfig 

kubeconfig?: pulumi.Output<any>;

property nodeGroupOptions 

nodeGroupOptions: ClusterNodeGroupOptions;

property nodeSecurityGroupTags 

nodeSecurityGroupTags?: InputTags;

property privateSubnetIds 

privateSubnetIds?: pulumi.Output<string[]>;

property provider 

provider: k8s.Provider;

property publicSubnetIds 

publicSubnetIds?: pulumi.Output<string[]>;

property storageClasses 

storageClasses?: UserStorageClasses;

property subnetIds 

subnetIds: pulumi.Output<string[]>;

property tags 

tags?: InputTags;

property vpcCni 

vpcCni?: VpcCni;

property vpcId 

vpcId: pulumi.Output<string>;

function createCore 

createCore(name: string, args: ClusterOptions, parent: pulumi.ComponentResource): CoreData

function createDashboard 

createDashboard(name: string, args: DashboardOptions, parent: pulumi.ComponentResource, k8sProvider: k8s.Provider): void

function createManagedNodeGroup 

createManagedNodeGroup(name: string, args: ManagedNodeGroupOptions, parent: pulumi.ComponentResource): aws.eks.NodeGroup

function createNodeGroup 

createNodeGroup(name: string, args: NodeGroupOptions, parent: pulumi.ComponentResource): NodeGroupData

function createNodeGroupSecurityGroup 

createNodeGroupSecurityGroup(name: string, args: NodeGroupSecurityGroupOptions, parent: pulumi.ComponentResource): [, aws.ec2.SecurityGroup, aws.ec2.SecurityGroupRule]

createNodeGroupSecurityGroup creates a security group for node groups with the default ingress & egress rules required to connect and work with the EKS cluster security group.

function createStorageClass 

createStorageClass(name: string, storageClass: StorageClass, opts: pulumi.CustomResourceOptions): k8s.storage.v1.StorageClass

interface CreationRoleProvider 

interface CreationRoleProvider

CreationRoleProvider is a component containing the AWS Role and Provider necessary to override the [system:master] entity ARN. This is an optional argument used in ClusterOptions. Read more: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

property provider 

provider: pulumi.ProviderResource;

property role 

role: aws.iam.Role;

interface DashboardOptions 

interface DashboardOptions

type EBSVolumeType 

type EBSVolumeType = "io1" | "gp2" | "sc1" | "st1";

EBSVolumeType lists the set of volume types accepted by an EKS storage class.

interface FargateProfile 

interface FargateProfile

FargateProfile defines how Kubernetes pods are executed in Fargate. See aws.eks.FargateProfileArgs for reference.

property podExecutionRoleArn 

podExecutionRoleArn?: pulumi.Input<string>;

Specify a custom role to use for executing pods in Fargate. Defaults to creating a new role with the arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy policy attached.

property selectors 

selectors?: pulumi.Input<pulumi.Input<aws.types.input.eks.FargateProfileSelector>[]>;

Specify the namespace and label selectors to use for launching pods into Fargate.

property subnetIds 

subnetIds?: pulumi.Input<pulumi.Input<string>[]>;

Specify the subnets in which to execute Fargate tasks for pods. Defaults to the private subnets associated with the cluster.

function getRoleProvider 

getRoleProvider(name: string, region?: aws.Region, profile?: undefined | string): CreationRoleProvider

type ManagedNodeGroupOptions 

type ManagedNodeGroupOptions = Omit<aws.eks.NodeGroupArgs, "clusterName" | "subnetIds" | "scalingConfig"> & {
    cluster: Cluster | CoreData;
    clusterName: pulumi.Output<string>;
    scalingConfig: pulumi.Input<awsInputs.eks.NodeGroupScalingConfig>;
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
};

ManagedNodeGroupOptions describes the configuration options accepted by an EKS Managed NodeGroup.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html

interface NodeGroupBaseOptions 

interface NodeGroupBaseOptions

NodeGroupArgs represents the common configuration settings for NodeGroups.

property amiId 

amiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the current value of Amazon EKS - Optimized AMI at time of resource creation if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property autoScalingGroupTags 

autoScalingGroupTags?: InputTags;

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

property bootstrapExtraArgs 

bootstrapExtraArgs?: undefined | string;

Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

property cloudFormationTags 

cloudFormationTags?: InputTags;

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

property clusterIngressRule 

clusterIngressRule?: aws.ec2.SecurityGroupRule;

The ingress rule that gives node group access.

property desiredCapacity 

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property instanceProfile 

instanceProfile?: aws.iam.InstanceProfile;

The instance profile to use for this node group. Note, the role for the instance profile must be supplied in the ClusterOptions as either: ‘instanceRole’, or as a role of ‘instanceRoles’.

property instanceType 

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property keyName 

keyName?: pulumi.Input<string>;

Name of the key pair to use for SSH access to worker nodes.

property kubeletExtraArgs 

kubeletExtraArgs?: undefined | string;

Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the expicit kubeletExtraArgs.

property labels 

labels?: undefined | {[key: string]: string};

Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the --node-labels kubelet argument.

property maxSize 

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize 

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodeAssociatePublicIpAddress 

nodeAssociatePublicIpAddress?: undefined | false | true;

Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.

property nodePublicKey 

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize 

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSecurityGroup 

nodeSecurityGroup?: aws.ec2.SecurityGroup;

The security group to use for all nodes in this worker node group.

Note: The nodeSecurityGroup option and the cluster option nodeSecurityGroupTags are mutually exclusive.

property nodeSubnetIds 

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

property nodeUserData 

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property spotPrice 

spotPrice?: pulumi.Input<string>;

Bidding price for spot instance. If set, only spot instances will be added as worker node

property taints 

taints?: undefined | {[key: string]: Taint};

Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument.

property version 

version?: pulumi.Input<string>;

Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

interface NodeGroupData 

interface NodeGroupData

property autoScalingGroupName 

autoScalingGroupName: pulumi.Output<string>;

The AutoScalingGroup name for the node group.

property cfnStack 

cfnStack: aws.cloudformation.Stack;

The CloudFormation Stack which defines the node group’s AutoScalingGroup.

property nodeSecurityGroup 

nodeSecurityGroup: aws.ec2.SecurityGroup;

The security group for the node group.

interface NodeGroupOptions 

interface NodeGroupOptions extends NodeGroupBaseOptions

NodeGroupOptions describes the configuration options accepted by a NodeGroup component.

property amiId 

amiId?: pulumi.Input<string>;

The AMI to use for worker nodes. Defaults to the current value of Amazon EKS - Optimized AMI at time of resource creation if no value is provided. More information about the AWS eks optimized ami is available at https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. Use the information provided by AWS if you want to build your own AMI.

property autoScalingGroupTags 

autoScalingGroupTags?: InputTags;

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

property bootstrapExtraArgs 

bootstrapExtraArgs?: undefined | string;

Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

property cloudFormationTags 

cloudFormationTags?: InputTags;

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

property cluster 

cluster: Cluster | CoreData;

The target EKS cluster.

property clusterIngressRule 

clusterIngressRule?: aws.ec2.SecurityGroupRule;

The ingress rule that gives node group access.

property desiredCapacity 

desiredCapacity?: pulumi.Input<number>;

The number of worker nodes that should be running in the cluster. Defaults to 2.

property instanceProfile 

instanceProfile?: aws.iam.InstanceProfile;

The instance profile to use for this node group. Note, the role for the instance profile must be supplied in the ClusterOptions as either: ‘instanceRole’, or as a role of ‘instanceRoles’.

property instanceType 

instanceType?: pulumi.Input<aws.ec2.InstanceType>;

The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.

property keyName 

keyName?: pulumi.Input<string>;

Name of the key pair to use for SSH access to worker nodes.

property kubeletExtraArgs 

kubeletExtraArgs?: undefined | string;

Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the expicit kubeletExtraArgs.

property labels 

labels?: undefined | {[key: string]: string};

Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the --node-labels kubelet argument.

property maxSize 

maxSize?: pulumi.Input<number>;

The maximum number of worker nodes running in the cluster. Defaults to 2.

property minSize 

minSize?: pulumi.Input<number>;

The minimum number of worker nodes running in the cluster. Defaults to 1.

property nodeAssociatePublicIpAddress 

nodeAssociatePublicIpAddress?: undefined | false | true;

Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.

property nodePublicKey 

nodePublicKey?: pulumi.Input<string>;

Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.

property nodeRootVolumeSize 

nodeRootVolumeSize?: pulumi.Input<number>;

The size in GiB of a cluster node’s root volume. Defaults to 20.

property nodeSecurityGroup 

nodeSecurityGroup?: aws.ec2.SecurityGroup;

The security group to use for all nodes in this worker node group.

Note: The nodeSecurityGroup option and the cluster option nodeSecurityGroupTags are mutually exclusive.

property nodeSubnetIds 

nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>;

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

property nodeUserData 

nodeUserData?: pulumi.Input<string>;

Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).

property spotPrice 

spotPrice?: pulumi.Input<string>;

Bidding price for spot instance. If set, only spot instances will be added as worker node

property taints 

taints?: undefined | {[key: string]: Taint};

Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument.

property version 

version?: pulumi.Input<string>;

Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

interface NodeGroupSecurityGroupOptions 

interface NodeGroupSecurityGroupOptions

property clusterSecurityGroup 

clusterSecurityGroup: aws.ec2.SecurityGroup;

The security group associated with the EKS cluster.

property eksCluster 

eksCluster: aws.eks.Cluster;

The EKS cluster associated with the worker node group.

property tags 

tags?: InputTags;

property vpcId 

vpcId: pulumi.Input<string>;

The VPC in which to create the worker node group.

interface RoleMapping 

interface RoleMapping

RoleMapping describes a mapping from an AWS IAM role to a Kubernetes user and groups.

property groups 

groups: pulumi.Input<pulumi.Input<string>[]>;

A list of groups within Kubernetes to which the role is mapped.

property roleArn 

roleArn: pulumi.Input<aws.ARN>;

The ARN of the IAM role to add.

property username 

username: pulumi.Input<string>;

The user name within Kubernetes to map to the IAM role. By default, the user name is the ARN of the IAM role.

interface ServiceRoleArgs 

interface ServiceRoleArgs

ServiceRoleArgs describe the parameters to a ServiceRole component.

property description 

description?: pulumi.Input<string>;

The description of the role.

property managedPolicyArns 

managedPolicyArns?: string[];

One or more managed policy ARNs to attach to this role.

property service 

service: pulumi.Input<string>;

The service associated with this role.

interface StorageClass 

interface StorageClass

StorageClass describes the inputs to a single Kubernetes StorageClass provisioned by AWS. Any number of storage classes can be added to a cluster at creation time. One of these storage classes may be configured the default storage class for the cluster.

property allowVolumeExpansion 

allowVolumeExpansion?: pulumi.Input<boolean>;

AllowVolumeExpansion shows whether the storage class allow volume expand

property default 

default?: pulumi.Input<boolean>;

True if this storage class should be a default storage class for the cluster.

Note: As of Kubernetes v1.11+ on EKS, a default gp2 storage class will always be created automatically for the cluster by the EKS service. See https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html

Please note that at most one storage class can be marked as default. If two or more of them are marked as default, a PersistentVolumeClaim without storageClassName explicitly specified cannot be created. See: https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/#changing-the-default-storageclass

property encrypted 

encrypted?: pulumi.Input<boolean>;

Denotes whether the EBS volume should be encrypted.

property iopsPerGb 

iopsPerGb?: pulumi.Input<number>;

I/O operations per second per GiB for “io1” volumes. The AWS volume plugin multiplies this with the size of a requested volume to compute IOPS of the volume and caps the result at 20,000 IOPS.

property kmsKeyId 

kmsKeyId?: pulumi.Input<string>;

The full Amazon Resource Name of the key to use when encrypting the volume. If none is supplied but encrypted is true, a key is generated by AWS.

property metadata 

metadata?: pulumi.Input<k8sInputs.meta.v1.ObjectMeta>;

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

property mountOptions 

mountOptions?: pulumi.Input<string[]>;

Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. [“ro”, “soft”]. Not validated - mount of the PVs will simply fail if one is invalid.

property reclaimPolicy 

reclaimPolicy?: pulumi.Input<string>;

Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete.

property type 

type: pulumi.Input<EBSVolumeType>;

The EBS volume type.

property volumeBindingMode 

volumeBindingMode?: pulumi.Input<string>;

VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is alpha-level and is only honored by servers that enable the VolumeScheduling feature.

property zones 

zones?: pulumi.Input<pulumi.Input<string>[]>;

The AWS zone or zones for the EBS volume. If zones is not specified, volumes are generally round-robin-ed across all active zones where Kubernetes cluster has a node. zone and zones parameters must not be used at the same time.

interface Taint 

interface Taint

Taint represents a Kubernetes taint to apply to all Nodes in a NodeGroup. See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/.

property effect 

effect: "NoSchedule" | "NoExecute" | "PreferNoSchedule";

The effect of the taint.

property value 

value: string;

The value of the taint.

interface UserMapping 

interface UserMapping

UserMapping describes a mapping from an AWS IAM user to a Kubernetes user and groups.

property groups 

groups: pulumi.Input<pulumi.Input<string>[]>;

A list of groups within Kubernetes to which the user is mapped to.

property userArn 

userArn: pulumi.Input<aws.ARN>;

The ARN of the IAM user to add.

property username 

username: pulumi.Input<string>;

The user name within Kubernetes to map to the IAM user. By default, the user name is the ARN of the IAM user.

interface VpcCniOptions 

interface VpcCniOptions

VpcCniOptions describes the configuration options available for the Amazon VPC CNI plugin for Kubernetes.

property customNetworkConfig 

customNetworkConfig?: pulumi.Input<boolean>;

Specifies that your pods may use subnets and security groups (within the same VPC as your control plane resources) that are independent of your cluster’s resourcesVpcConfig.

Defaults to false.

property externalSnat 

externalSnat?: pulumi.Input<boolean>;

Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to true, the SNAT iptables rule and off-VPC IP rule are not applied, and these rules are removed if they have already been applied.

Defaults to false.

property image 

image?: pulumi.Input<string>;

Specifies the container image to use in the AWS CNI cluster DaemonSet.

Defaults to the official AWS CNI image in ECR.

property logFile 

logFile?: pulumi.Input<string>;

Specifies the file path used for logs.

Defaults to “stdout” to emit Pod logs for kubectl logs.

property logLevel 

logLevel?: pulumi.Input<string>;

Specifies the log level used for logs.

Defaults to “DEBUG”. See more options: https://git.io/fj92K

property nodePortSupport 

nodePortSupport?: pulumi.Input<boolean>;

Specifies whether NodePort services are enabled on a worker node’s primary network interface. This requires additional iptables rules and that the kernel’s reverse path filter on the primary interface is set to loose.

Defaults to true.

property warmEniTarget 

warmEniTarget?: pulumi.Input<number>;

Specifies the number of free elastic network interfaces (and all of their available IP addresses) that the ipamD daemon should attempt to keep available for pod assignment on the node.

Defaults to 1.

property warmIpTarget 

warmIpTarget?: pulumi.Input<number>;

Specifies the number of free IP addresses that the ipamD daemon should attempt to keep available for pod assignment on the node.