eks.ManagedNodeGroup
Explore with Pulumi AI
ManagedNodeGroup is a component that wraps creating an AWS managed node group.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
Create ManagedNodeGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedNodeGroup(name: string, args: ManagedNodeGroupArgs, opts?: CustomResourceOptions);
@overload
def ManagedNodeGroup(resource_name: str,
args: ManagedNodeGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedNodeGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
cluster: Optional[Union[Cluster, CoreDataArgs]] = None,
labels: Optional[Mapping[str, str]] = None,
bootstrap_extra_args: Optional[str] = None,
node_group_name: Optional[str] = None,
cluster_name: Optional[str] = None,
disk_size: Optional[int] = None,
enable_imd_sv2: Optional[bool] = None,
force_update_version: Optional[bool] = None,
instance_types: Optional[Sequence[str]] = None,
node_group_name_prefix: Optional[str] = None,
ami_type: Optional[str] = None,
version: Optional[str] = None,
capacity_type: Optional[str] = None,
kubelet_extra_args: Optional[str] = None,
node_role: Optional[pulumi_aws.iam.Role] = None,
node_role_arn: Optional[str] = None,
release_version: Optional[str] = None,
remote_access: Optional[pulumi_aws.eks.NodeGroupRemoteAccessArgs] = None,
scaling_config: Optional[pulumi_aws.eks.NodeGroupScalingConfigArgs] = None,
subnet_ids: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
taints: Optional[Sequence[pulumi_aws.eks.NodeGroupTaintArgs]] = None,
launch_template: Optional[pulumi_aws.eks.NodeGroupLaunchTemplateArgs] = None)
func NewManagedNodeGroup(ctx *Context, name string, args ManagedNodeGroupArgs, opts ...ResourceOption) (*ManagedNodeGroup, error)
public ManagedNodeGroup(string name, ManagedNodeGroupArgs args, CustomResourceOptions? opts = null)
public ManagedNodeGroup(String name, ManagedNodeGroupArgs args)
public ManagedNodeGroup(String name, ManagedNodeGroupArgs args, CustomResourceOptions options)
type: eks:ManagedNodeGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedNodeGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedNodeGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedNodeGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedNodeGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedNodeGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ManagedNodeGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ManagedNodeGroup resource accepts the following input properties:
- Cluster
Pulumi.
Eks. Cluster | Core Data - The target EKS cluster.
- Ami
Type string - Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to
AL2_x86_64
. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided. - Bootstrap
Extra stringArgs Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters.Note that this field conflicts with
launchTemplate
.- Capacity
Type string - Type of capacity associated with the EKS Node Group. Valid values:
ON_DEMAND
,SPOT
. This provider will only perform drift detection if a configuration value is provided. - Cluster
Name string - Name of the EKS Cluster.
- Disk
Size int - Disk size in GiB for worker nodes. Defaults to
20
. This provider will only perform drift detection if a configuration value is provided. - Enable
IMDSv2 bool Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to
false
.Note that this field conflicts with
launchTemplate
. If you are providing a customlaunchTemplate
, you should enable this feature within thelaunchTemplateMetadataOptions
of the suppliedlaunchTemplate
.- Force
Update boolVersion - Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
- Instance
Types List<string> - Set of instance types associated with the EKS Node Group. Defaults to
["t3.medium"]
. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set. - Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example,kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'
. Note that this field conflicts withlaunchTemplate
. - Labels Dictionary<string, string>
- Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
- Launch
Template Pulumi.Aws. Eks. Inputs. Node Group Launch Template Launch Template settings.
Note: This field is mutually exclusive with
kubeletExtraArgs
andbootstrapExtraArgs
. This type is defined in the AWS Classic package.- Node
Group stringName - Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with
nodeGroupNamePrefix
. - Node
Group stringName Prefix - Creates a unique name beginning with the specified prefix. Conflicts with
nodeGroupName
. - Node
Role Pulumi.Aws. Iam. Role The IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRole
andnodeRoleArn
are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.- Node
Role stringArn Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRoleArn
andnodeRole
are mutually exclusive, and a single option must be used.- Release
Version string - AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
- Remote
Access Pulumi.Aws. Eks. Inputs. Node Group Remote Access - Remote access settings. This type is defined in the AWS Classic package.
- Scaling
Config Pulumi.Aws. Eks. Inputs. Node Group Scaling Config Scaling settings.
Default scaling amounts of the node group autoscaling group are:
- desiredSize: 2
- minSize: 1
- maxSize: 2 This type is defined in the AWS Classic package.
- Subnet
Ids List<string> Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag:
kubernetes.io/cluster/CLUSTER_NAME
(whereCLUSTER_NAME
is replaced with the name of the EKS Cluster).Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:
- core.subnetIds
- core.privateIds
- core.publicSubnetIds
This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11
- Dictionary<string, string>
- Key-value mapping of resource tags.
- Taints
List<Pulumi.
Aws. Eks. Inputs. Node Group Taint> - The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
- Version string
- Cluster
Cluster | Core
Data Args - The target EKS cluster.
- Ami
Type string - Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to
AL2_x86_64
. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided. - Bootstrap
Extra stringArgs Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters.Note that this field conflicts with
launchTemplate
.- Capacity
Type string - Type of capacity associated with the EKS Node Group. Valid values:
ON_DEMAND
,SPOT
. This provider will only perform drift detection if a configuration value is provided. - Cluster
Name string - Name of the EKS Cluster.
- Disk
Size int - Disk size in GiB for worker nodes. Defaults to
20
. This provider will only perform drift detection if a configuration value is provided. - Enable
IMDSv2 bool Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to
false
.Note that this field conflicts with
launchTemplate
. If you are providing a customlaunchTemplate
, you should enable this feature within thelaunchTemplateMetadataOptions
of the suppliedlaunchTemplate
.- Force
Update boolVersion - Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
- Instance
Types []string - Set of instance types associated with the EKS Node Group. Defaults to
["t3.medium"]
. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set. - Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example,kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'
. Note that this field conflicts withlaunchTemplate
. - Labels map[string]string
- Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
- Launch
Template NodeGroup Launch Template Args Launch Template settings.
Note: This field is mutually exclusive with
kubeletExtraArgs
andbootstrapExtraArgs
. This type is defined in the AWS Classic package.- Node
Group stringName - Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with
nodeGroupNamePrefix
. - Node
Group stringName Prefix - Creates a unique name beginning with the specified prefix. Conflicts with
nodeGroupName
. - Node
Role Role The IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRole
andnodeRoleArn
are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.- Node
Role stringArn Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRoleArn
andnodeRole
are mutually exclusive, and a single option must be used.- Release
Version string - AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
- Remote
Access NodeGroup Remote Access Args - Remote access settings. This type is defined in the AWS Classic package.
- Scaling
Config NodeGroup Scaling Config Args Scaling settings.
Default scaling amounts of the node group autoscaling group are:
- desiredSize: 2
- minSize: 1
- maxSize: 2 This type is defined in the AWS Classic package.
- Subnet
Ids []string Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag:
kubernetes.io/cluster/CLUSTER_NAME
(whereCLUSTER_NAME
is replaced with the name of the EKS Cluster).Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:
- core.subnetIds
- core.privateIds
- core.publicSubnetIds
This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11
- map[string]string
- Key-value mapping of resource tags.
- Taints
Node
Group Taint Args - The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
- Version string
- cluster
Cluster | Core
Data - The target EKS cluster.
- ami
Type String - Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to
AL2_x86_64
. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided. - bootstrap
Extra StringArgs Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters.Note that this field conflicts with
launchTemplate
.- capacity
Type String - Type of capacity associated with the EKS Node Group. Valid values:
ON_DEMAND
,SPOT
. This provider will only perform drift detection if a configuration value is provided. - cluster
Name String - Name of the EKS Cluster.
- disk
Size Integer - Disk size in GiB for worker nodes. Defaults to
20
. This provider will only perform drift detection if a configuration value is provided. - enable
IMDSv2 Boolean Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to
false
.Note that this field conflicts with
launchTemplate
. If you are providing a customlaunchTemplate
, you should enable this feature within thelaunchTemplateMetadataOptions
of the suppliedlaunchTemplate
.- force
Update BooleanVersion - Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
- instance
Types List<String> - Set of instance types associated with the EKS Node Group. Defaults to
["t3.medium"]
. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set. - kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example,kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'
. Note that this field conflicts withlaunchTemplate
. - labels Map<String,String>
- Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
- launch
Template NodeGroup Launch Template Launch Template settings.
Note: This field is mutually exclusive with
kubeletExtraArgs
andbootstrapExtraArgs
. This type is defined in the AWS Classic package.- node
Group StringName - Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with
nodeGroupNamePrefix
. - node
Group StringName Prefix - Creates a unique name beginning with the specified prefix. Conflicts with
nodeGroupName
. - node
Role Role The IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRole
andnodeRoleArn
are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.- node
Role StringArn Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRoleArn
andnodeRole
are mutually exclusive, and a single option must be used.- release
Version String - AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
- remote
Access NodeGroup Remote Access - Remote access settings. This type is defined in the AWS Classic package.
- scaling
Config NodeGroup Scaling Config Scaling settings.
Default scaling amounts of the node group autoscaling group are:
- desiredSize: 2
- minSize: 1
- maxSize: 2 This type is defined in the AWS Classic package.
- subnet
Ids List<String> Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag:
kubernetes.io/cluster/CLUSTER_NAME
(whereCLUSTER_NAME
is replaced with the name of the EKS Cluster).Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:
- core.subnetIds
- core.privateIds
- core.publicSubnetIds
This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11
- Map<String,String>
- Key-value mapping of resource tags.
- taints
List<Node
Group Taint> - The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
- version String
- cluster
Cluster | Core
Data - The target EKS cluster.
- ami
Type string - Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to
AL2_x86_64
. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided. - bootstrap
Extra stringArgs Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters.Note that this field conflicts with
launchTemplate
.- capacity
Type string - Type of capacity associated with the EKS Node Group. Valid values:
ON_DEMAND
,SPOT
. This provider will only perform drift detection if a configuration value is provided. - cluster
Name string - Name of the EKS Cluster.
- disk
Size number - Disk size in GiB for worker nodes. Defaults to
20
. This provider will only perform drift detection if a configuration value is provided. - enable
IMDSv2 boolean Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to
false
.Note that this field conflicts with
launchTemplate
. If you are providing a customlaunchTemplate
, you should enable this feature within thelaunchTemplateMetadataOptions
of the suppliedlaunchTemplate
.- force
Update booleanVersion - Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
- instance
Types string[] - Set of instance types associated with the EKS Node Group. Defaults to
["t3.medium"]
. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set. - kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example,kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'
. Note that this field conflicts withlaunchTemplate
. - labels {[key: string]: string}
- Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
- launch
Template pulumiAwstypesinputeks Node Group Launch Template Launch Template settings.
Note: This field is mutually exclusive with
kubeletExtraArgs
andbootstrapExtraArgs
. This type is defined in the AWS Classic package.- node
Group stringName - Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with
nodeGroupNamePrefix
. - node
Group stringName Prefix - Creates a unique name beginning with the specified prefix. Conflicts with
nodeGroupName
. - node
Role pulumiAwsiam Role The IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRole
andnodeRoleArn
are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.- node
Role stringArn Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRoleArn
andnodeRole
are mutually exclusive, and a single option must be used.- release
Version string - AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
- remote
Access pulumiAwstypesinputeks Node Group Remote Access - Remote access settings. This type is defined in the AWS Classic package.
- scaling
Config pulumiAwstypesinputeks Node Group Scaling Config Scaling settings.
Default scaling amounts of the node group autoscaling group are:
- desiredSize: 2
- minSize: 1
- maxSize: 2 This type is defined in the AWS Classic package.
- subnet
Ids string[] Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag:
kubernetes.io/cluster/CLUSTER_NAME
(whereCLUSTER_NAME
is replaced with the name of the EKS Cluster).Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:
- core.subnetIds
- core.privateIds
- core.publicSubnetIds
This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11
- {[key: string]: string}
- Key-value mapping of resource tags.
- taints
pulumi
Awstypesinputeks Node Group Taint[] - The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
- version string
- cluster
Cluster | Core
Data Args - The target EKS cluster.
- ami_
type str - Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to
AL2_x86_64
. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided. - bootstrap_
extra_ strargs Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters.Note that this field conflicts with
launchTemplate
.- capacity_
type str - Type of capacity associated with the EKS Node Group. Valid values:
ON_DEMAND
,SPOT
. This provider will only perform drift detection if a configuration value is provided. - cluster_
name str - Name of the EKS Cluster.
- disk_
size int - Disk size in GiB for worker nodes. Defaults to
20
. This provider will only perform drift detection if a configuration value is provided. - enable_
imd_ boolsv2 Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to
false
.Note that this field conflicts with
launchTemplate
. If you are providing a customlaunchTemplate
, you should enable this feature within thelaunchTemplateMetadataOptions
of the suppliedlaunchTemplate
.- force_
update_ boolversion - Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
- instance_
types Sequence[str] - Set of instance types associated with the EKS Node Group. Defaults to
["t3.medium"]
. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set. - kubelet_
extra_ strargs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example,kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'
. Note that this field conflicts withlaunchTemplate
. - labels Mapping[str, str]
- Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
- launch_
template pulumi_aws.eks. Node Group Launch Template Args Launch Template settings.
Note: This field is mutually exclusive with
kubeletExtraArgs
andbootstrapExtraArgs
. This type is defined in the AWS Classic package.- node_
group_ strname - Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with
nodeGroupNamePrefix
. - node_
group_ strname_ prefix - Creates a unique name beginning with the specified prefix. Conflicts with
nodeGroupName
. - node_
role pulumi_aws.iam. Role The IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRole
andnodeRoleArn
are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.- node_
role_ strarn Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRoleArn
andnodeRole
are mutually exclusive, and a single option must be used.- release_
version str - AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
- remote_
access pulumi_aws.eks. Node Group Remote Access Args - Remote access settings. This type is defined in the AWS Classic package.
- scaling_
config pulumi_aws.eks. Node Group Scaling Config Args Scaling settings.
Default scaling amounts of the node group autoscaling group are:
- desiredSize: 2
- minSize: 1
- maxSize: 2 This type is defined in the AWS Classic package.
- subnet_
ids Sequence[str] Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag:
kubernetes.io/cluster/CLUSTER_NAME
(whereCLUSTER_NAME
is replaced with the name of the EKS Cluster).Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:
- core.subnetIds
- core.privateIds
- core.publicSubnetIds
This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11
- Mapping[str, str]
- Key-value mapping of resource tags.
- taints
Sequence[pulumi_
aws.eks. Node Group Taint Args] - The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
- version str
- cluster eks:Cluster | Property Map
- The target EKS cluster.
- ami
Type String - Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to
AL2_x86_64
. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided. - bootstrap
Extra StringArgs Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters.Note that this field conflicts with
launchTemplate
.- capacity
Type String - Type of capacity associated with the EKS Node Group. Valid values:
ON_DEMAND
,SPOT
. This provider will only perform drift detection if a configuration value is provided. - cluster
Name String - Name of the EKS Cluster.
- disk
Size Number - Disk size in GiB for worker nodes. Defaults to
20
. This provider will only perform drift detection if a configuration value is provided. - enable
IMDSv2 Boolean Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to
false
.Note that this field conflicts with
launchTemplate
. If you are providing a customlaunchTemplate
, you should enable this feature within thelaunchTemplateMetadataOptions
of the suppliedlaunchTemplate
.- force
Update BooleanVersion - Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
- instance
Types List<String> - Set of instance types associated with the EKS Node Group. Defaults to
["t3.medium"]
. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set. - kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example,kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'
. Note that this field conflicts withlaunchTemplate
. - labels Map<String>
- Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
- launch
Template Property Map Launch Template settings.
Note: This field is mutually exclusive with
kubeletExtraArgs
andbootstrapExtraArgs
. This type is defined in the AWS Classic package.- node
Group StringName - Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with
nodeGroupNamePrefix
. - node
Group StringName Prefix - Creates a unique name beginning with the specified prefix. Conflicts with
nodeGroupName
. - node
Role aws:iam:Role The IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRole
andnodeRoleArn
are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.- node
Role StringArn Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
Note,
nodeRoleArn
andnodeRole
are mutually exclusive, and a single option must be used.- release
Version String - AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
- remote
Access Property Map - Remote access settings. This type is defined in the AWS Classic package.
- scaling
Config Property Map Scaling settings.
Default scaling amounts of the node group autoscaling group are:
- desiredSize: 2
- minSize: 1
- maxSize: 2 This type is defined in the AWS Classic package.
- subnet
Ids List<String> Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag:
kubernetes.io/cluster/CLUSTER_NAME
(whereCLUSTER_NAME
is replaced with the name of the EKS Cluster).Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:
- core.subnetIds
- core.privateIds
- core.publicSubnetIds
This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11
- Map<String>
- Key-value mapping of resource tags.
- taints List<Property Map>
- The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
- version String
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedNodeGroup resource produces the following output properties:
- Node
Group Pulumi.Aws. Eks. Node Group - The AWS managed node group. This type is defined in the AWS Classic package.
- Node
Group NodeGroup - The AWS managed node group. This type is defined in the AWS Classic package.
- node
Group NodeGroup - The AWS managed node group. This type is defined in the AWS Classic package.
- node
Group pulumiAwseks Node Group - The AWS managed node group. This type is defined in the AWS Classic package.
- node_
group pulumi_aws.eks. Node Group - The AWS managed node group. This type is defined in the AWS Classic package.
- node
Group aws:eks:NodeGroup - The AWS managed node group. This type is defined in the AWS Classic package.
Supporting Types
AccessEntry, AccessEntryArgs
- Principal
Arn string - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- Access
Policies Dictionary<string, AccessPolicy Association> - The access policies to associate to the access entry.
- Kubernetes
Groups List<string> - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Dictionary<string, string>
- The tags to apply to the AccessEntry.
- Type
Pulumi.
Eks. Access Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- Username string
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- Principal
Arn string - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- Access
Policies map[string]AccessPolicy Association - The access policies to associate to the access entry.
- Kubernetes
Groups []string - A list of groups within Kubernetes to which the IAM principal is mapped to.
- map[string]string
- The tags to apply to the AccessEntry.
- Type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- Username string
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal
Arn String - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access
Policies Map<String,AccessPolicy Association> - The access policies to associate to the access entry.
- kubernetes
Groups List<String> - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Map<String,String>
- The tags to apply to the AccessEntry.
- type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username String
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal
Arn string - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access
Policies {[key: string]: AccessPolicy Association} - The access policies to associate to the access entry.
- kubernetes
Groups string[] - A list of groups within Kubernetes to which the IAM principal is mapped to.
- {[key: string]: string}
- The tags to apply to the AccessEntry.
- type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username string
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal_
arn str - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access_
policies Mapping[str, AccessPolicy Association] - The access policies to associate to the access entry.
- kubernetes_
groups Sequence[str] - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Mapping[str, str]
- The tags to apply to the AccessEntry.
- type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username str
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal
Arn String - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access
Policies Map<Property Map> - The access policies to associate to the access entry.
- kubernetes
Groups List<String> - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Map<String>
- The tags to apply to the AccessEntry.
- type "STANDARD" | "FARGATE_LINUX" | "EC2_LINUX" | "EC2_WINDOWS"
- The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username String
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
AccessEntryType, AccessEntryTypeArgs
- Standard
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Fargate
Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2Linux
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2Windows
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- Access
Entry Type Standard - STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Access
Entry Type Fargate Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- Access
Entry Type EC2Linux - EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- Access
Entry Type EC2Windows - EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- Standard
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Fargate
Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2Linux
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2Windows
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- Standard
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Fargate
Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2Linux
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2Windows
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- STANDARD
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- FARGATE_LINUX
- FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2_LINUX
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2_WINDOWS
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- "STANDARD"
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- "FARGATE_LINUX"
- FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- "EC2_LINUX"
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- "EC2_WINDOWS"
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
AccessPolicyAssociation, AccessPolicyAssociationArgs
- Access
Scope Pulumi.Aws. Eks. Inputs. Access Policy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- Policy
Arn string - The ARN of the access policy to associate with the principal
- Access
Scope AccessPolicy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- Policy
Arn string - The ARN of the access policy to associate with the principal
- access
Scope AccessPolicy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy
Arn String - The ARN of the access policy to associate with the principal
- access
Scope pulumiAwstypesinputeks Access Policy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy
Arn string - The ARN of the access policy to associate with the principal
- access_
scope pulumi_aws.eks. Access Policy Association Access Scope Args - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy_
arn str - The ARN of the access policy to associate with the principal
- access
Scope Property Map - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy
Arn String - The ARN of the access policy to associate with the principal
ClusterNodeGroupOptions, ClusterNodeGroupOptionsArgs
- Ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- Ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Dictionary<string, string>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Dictionary<string, string>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Cluster
Ingress Pulumi.Rule Aws. Ec2. Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Desired
Capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- Enable
Detailed boolMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- Encrypt
Root boolBlock Device - Encrypt the root block device of the nodes in the node group.
- Extra
Node List<Pulumi.Security Groups Aws. Ec2. Security Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- Gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- Instance
Profile Pulumi.Aws. Iam. Instance Profile - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t2.medium".
- Key
Name string - Name of the key pair to use for SSH access to worker nodes.
- Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - Labels Dictionary<string, string>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - Max
Size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- Min
Size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- Node
Associate boolPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- Node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- Node
Root boolVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- Node
Root boolVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- Node
Root intVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- Node
Root intVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- Node
Root intVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- Node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- Node
Security Pulumi.Group Aws. Ec2. Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- Node
Subnet List<string>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- Node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - Node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- Spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- Taints Dictionary<string, Taint>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - Version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- Ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- Ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- map[string]string
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - map[string]string
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Cluster
Ingress SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Desired
Capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- Enable
Detailed boolMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- Encrypt
Root boolBlock Device - Encrypt the root block device of the nodes in the node group.
- Extra
Node SecuritySecurity Groups Group Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- Gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- Instance
Profile InstanceProfile - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t2.medium".
- Key
Name string - Name of the key pair to use for SSH access to worker nodes.
- Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - Labels map[string]string
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - Max
Size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- Min
Size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- Node
Associate boolPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- Node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- Node
Root boolVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- Node
Root boolVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- Node
Root intVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- Node
Root intVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- Node
Root intVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- Node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- Node
Security SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- Node
Subnet []stringIds The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- Node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - Node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- Spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- Taints map[string]Taint
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - Version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami
Id String The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type String The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Map<String,String>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra StringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Map<String,String>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- desired
Capacity Integer - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed BooleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root BooleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node List<SecuritySecurity Groups Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu Boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance
Profile InstanceProfile - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- instance
Type String - The instance type to use for the cluster's nodes. Defaults to "t2.medium".
- key
Name String - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Map<String,String>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max
Size Integer - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Size Integer - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate BooleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public StringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root BooleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root BooleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root IntegerVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root IntegerVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root IntegerVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root StringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Subnet List<String>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User StringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User StringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- spot
Price String - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Map<String,Taint>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version String
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- {[key: string]: string}
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - {[key: string]: string}
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress pulumiRule Awsec2Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- desired
Capacity number - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed booleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root booleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node pulumiSecurity Groups Awsec2Security Group[] Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance
Profile pulumiAwsiam Instance Profile - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t2.medium".
- key
Name string - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels {[key: string]: string}
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max
Size number - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Size number - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate booleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root booleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root booleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root numberVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root numberVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root numberVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security pulumiGroup Awsec2Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Subnet string[]Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints {[key: string]: Taint}
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami_
id str The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami_
type str The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Mapping[str, str]
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap_
extra_ strargs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Mapping[str, str]
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster_
ingress_ pulumi_rule aws.ec2. Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- desired_
capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable_
detailed_ boolmonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt_
root_ boolblock_ device - Encrypt the root block device of the nodes in the node group.
- extra_
node_ Sequence[pulumi_security_ groups aws.ec2. Security Group] Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance_
profile pulumi_aws.iam. Instance Profile - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- instance_
type str - The instance type to use for the cluster's nodes. Defaults to "t2.medium".
- key_
name str - Name of the key pair to use for SSH access to worker nodes.
- kubelet_
extra_ strargs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Mapping[str, str]
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max_
size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min_
size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node_
associate_ boolpublic_ ip_ address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node_
public_ strkey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node_
root_ boolvolume_ delete_ on_ termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node_
root_ boolvolume_ encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node_
root_ intvolume_ iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node_
root_ intvolume_ size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node_
root_ intvolume_ throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node_
root_ strvolume_ type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node_
security_ pulumi_group aws.ec2. Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node_
subnet_ Sequence[str]ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node_
user_ strdata - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node_
user_ strdata_ override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- spot_
price str - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Mapping[str, Taint]
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version str
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami
Id String The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type String The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Map<String>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra StringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Map<String>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress aws:ec2:SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- desired
Capacity Number - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed BooleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root BooleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node List<aws:ec2:SecuritySecurity Groups Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu Boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance
Profile aws:iam:InstanceProfile - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- instance
Type String - The instance type to use for the cluster's nodes. Defaults to "t2.medium".
- key
Name String - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Map<String>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max
Size Number - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Size Number - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate BooleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public StringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root BooleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root BooleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root NumberVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root NumberVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root NumberVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root StringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security aws:ec2:SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Subnet List<String>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User StringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User StringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- spot
Price String - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Map<Property Map>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version String
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
CoreData, CoreDataArgs
- Cluster
Pulumi.
Aws. Eks. Cluster - This type is defined in the AWS Classic package.
- Cluster
Iam Pulumi.Role Aws. Iam. Role - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- Cluster
Security Pulumi.Group Aws. Ec2. Security Group - This type is defined in the AWS Classic package.
- Endpoint string
- The EKS cluster's Kubernetes API server endpoint.
- Instance
Roles List<Pulumi.Aws. Iam. Role> - The IAM instance roles for the cluster's nodes.
- Node
Group ClusterOptions Node Group Options - The cluster's node group options.
- Provider
Pulumi.
Kubernetes. Provider - This type is defined in the pulumi package.
- Subnet
Ids List<string> - List of subnet IDs for the EKS cluster.
- Vpc
Id string - ID of the cluster's VPC.
- Access
Entries List<AccessEntry> - The access entries added to the cluster.
- Aws
Provider Pulumi.Aws. Provider - This type is defined in the pulumi package.
- Eks
Node Pulumi.Access Kubernetes. Core. V1. Config Map - This type is defined in the Kubernetes package.
- Encryption
Config Pulumi.Aws. Eks. Inputs. Cluster Encryption Config - This type is defined in the AWS Classic package.
- Fargate
Profile Pulumi.Aws. Eks. Fargate Profile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- Kubeconfig object
- The kubeconfig file for the cluster.
- Dictionary<string, string>
- Tags attached to the security groups associated with the cluster's worker nodes.
- Oidc
Provider Pulumi.Aws. Iam. Open Id Connect Provider - This type is defined in the AWS Classic package.
- Private
Subnet List<string>Ids - List of subnet IDs for the private subnets.
- Public
Subnet List<string>Ids - List of subnet IDs for the public subnets.
- Storage
Classes Dictionary<string, Pulumi.Kubernetes. Storage. V1. Storage Class> - The storage class used for persistent storage by the cluster.
- Dictionary<string, string>
- A map of tags assigned to the EKS cluster.
- Vpc
Cni Pulumi.Eks. Vpc Cni - The VPC CNI for the cluster.
- Cluster Cluster
- This type is defined in the AWS Classic package.
- Cluster
Iam RoleRole - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- Cluster
Security SecurityGroup Group - This type is defined in the AWS Classic package.
- Endpoint string
- The EKS cluster's Kubernetes API server endpoint.
- Instance
Roles Role - The IAM instance roles for the cluster's nodes.
- Node
Group ClusterOptions Node Group Options - The cluster's node group options.
- Provider Provider
- This type is defined in the pulumi package.
- Subnet
Ids []string - List of subnet IDs for the EKS cluster.
- Vpc
Id string - ID of the cluster's VPC.
- Access
Entries []AccessEntry - The access entries added to the cluster.
- Aws
Provider Provider - This type is defined in the pulumi package.
- Eks
Node ConfigAccess Map - This type is defined in the Kubernetes package.
- Encryption
Config ClusterEncryption Config - This type is defined in the AWS Classic package.
- Fargate
Profile FargateProfile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- Kubeconfig interface{}
- The kubeconfig file for the cluster.
- map[string]string
- Tags attached to the security groups associated with the cluster's worker nodes.
- Oidc
Provider OpenId Connect Provider - This type is defined in the AWS Classic package.
- Private
Subnet []stringIds - List of subnet IDs for the private subnets.
- Public
Subnet []stringIds - List of subnet IDs for the public subnets.
- Storage
Classes StorageClass - The storage class used for persistent storage by the cluster.
- map[string]string
- A map of tags assigned to the EKS cluster.
- Vpc
Cni VpcCni - The VPC CNI for the cluster.
- cluster Cluster
- This type is defined in the AWS Classic package.
- cluster
Iam RoleRole - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- cluster
Security SecurityGroup Group - This type is defined in the AWS Classic package.
- endpoint String
- The EKS cluster's Kubernetes API server endpoint.
- instance
Roles List<Role> - The IAM instance roles for the cluster's nodes.
- node
Group ClusterOptions Node Group Options - The cluster's node group options.
- provider Provider
- This type is defined in the pulumi package.
- subnet
Ids List<String> - List of subnet IDs for the EKS cluster.
- vpc
Id String - ID of the cluster's VPC.
- access
Entries List<AccessEntry> - The access entries added to the cluster.
- aws
Provider Provider - This type is defined in the pulumi package.
- eks
Node ConfigAccess Map - This type is defined in the Kubernetes package.
- encryption
Config ClusterEncryption Config - This type is defined in the AWS Classic package.
- fargate
Profile FargateProfile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig Object
- The kubeconfig file for the cluster.
- Map<String,String>
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc
Provider OpenId Connect Provider - This type is defined in the AWS Classic package.
- private
Subnet List<String>Ids - List of subnet IDs for the private subnets.
- public
Subnet List<String>Ids - List of subnet IDs for the public subnets.
- storage
Classes Map<String,StorageClass> - The storage class used for persistent storage by the cluster.
- Map<String,String>
- A map of tags assigned to the EKS cluster.
- vpc
Cni VpcCni - The VPC CNI for the cluster.
- cluster
pulumi
Awseks Cluster - This type is defined in the AWS Classic package.
- cluster
Iam pulumiRole Awsiam Role - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- cluster
Security pulumiGroup Awsec2Security Group - This type is defined in the AWS Classic package.
- endpoint string
- The EKS cluster's Kubernetes API server endpoint.
- instance
Roles pulumiAwsiam Role[] - The IAM instance roles for the cluster's nodes.
- node
Group ClusterOptions Node Group Options - The cluster's node group options.
- provider
pulumi
Kubernetes Provider - This type is defined in the pulumi package.
- subnet
Ids string[] - List of subnet IDs for the EKS cluster.
- vpc
Id string - ID of the cluster's VPC.
- access
Entries AccessEntry[] - The access entries added to the cluster.
- aws
Provider pulumiAws Provider - This type is defined in the pulumi package.
- eks
Node pulumiAccess Kubernetescorev1Config Map - This type is defined in the Kubernetes package.
- encryption
Config pulumiAwstypesinputeks Cluster Encryption Config - This type is defined in the AWS Classic package.
- fargate
Profile pulumiAwseks Fargate Profile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig any
- The kubeconfig file for the cluster.
- {[key: string]: string}
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc
Provider pulumiAwsiam Open Id Connect Provider - This type is defined in the AWS Classic package.
- private
Subnet string[]Ids - List of subnet IDs for the private subnets.
- public
Subnet string[]Ids - List of subnet IDs for the public subnets.
- storage
Classes {[key: string]: pulumiKubernetesstoragev1Storage Class} - The storage class used for persistent storage by the cluster.
- {[key: string]: string}
- A map of tags assigned to the EKS cluster.
- vpc
Cni VpcCni - The VPC CNI for the cluster.
- cluster
pulumi_
aws.eks. Cluster - This type is defined in the AWS Classic package.
- cluster_
iam_ pulumi_role aws.iam. Role - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- cluster_
security_ pulumi_group aws.ec2. Security Group - This type is defined in the AWS Classic package.
- endpoint str
- The EKS cluster's Kubernetes API server endpoint.
- instance_
roles Sequence[pulumi_aws.iam. Role] - The IAM instance roles for the cluster's nodes.
- node_
group_ Clusteroptions Node Group Options - The cluster's node group options.
- provider
pulumi_
kubernetes. Provider - This type is defined in the pulumi package.
- subnet_
ids Sequence[str] - List of subnet IDs for the EKS cluster.
- vpc_
id str - ID of the cluster's VPC.
- access_
entries Sequence[AccessEntry] - The access entries added to the cluster.
- aws_
provider pulumi_aws. Provider - This type is defined in the pulumi package.
- eks_
node_ pulumi_access kubernetes.core.v1. Config Map - This type is defined in the Kubernetes package.
- encryption_
config pulumi_aws.eks. Cluster Encryption Config Args - This type is defined in the AWS Classic package.
- fargate_
profile pulumi_aws.eks. Fargate Profile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig Any
- The kubeconfig file for the cluster.
- Mapping[str, str]
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc_
provider pulumi_aws.iam. Open Id Connect Provider - This type is defined in the AWS Classic package.
- private_
subnet_ Sequence[str]ids - List of subnet IDs for the private subnets.
- public_
subnet_ Sequence[str]ids - List of subnet IDs for the public subnets.
- storage_
classes Mapping[str, pulumi_kubernetes.storage.v1. Storage Class] - The storage class used for persistent storage by the cluster.
- Mapping[str, str]
- A map of tags assigned to the EKS cluster.
- vpc_
cni VpcCni - The VPC CNI for the cluster.
- cluster aws:eks:Cluster
- This type is defined in the AWS Classic package.
- cluster
Iam aws:iam:RoleRole - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- cluster
Security aws:ec2:SecurityGroup Group - This type is defined in the AWS Classic package.
- endpoint String
- The EKS cluster's Kubernetes API server endpoint.
- instance
Roles List<aws:iam:Role> - The IAM instance roles for the cluster's nodes.
- node
Group Property MapOptions - The cluster's node group options.
- provider pulumi:providers:kubernetes
- This type is defined in the pulumi package.
- subnet
Ids List<String> - List of subnet IDs for the EKS cluster.
- vpc
Id String - ID of the cluster's VPC.
- access
Entries List<Property Map> - The access entries added to the cluster.
- aws
Provider pulumi:providers:aws - This type is defined in the pulumi package.
- eks
Node kubernetes:core/v1:ConfigAccess Map - This type is defined in the Kubernetes package.
- encryption
Config Property Map - This type is defined in the AWS Classic package.
- fargate
Profile aws:eks:FargateProfile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig Any
- The kubeconfig file for the cluster.
- Map<String>
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc
Provider aws:iam:OpenId Connect Provider - This type is defined in the AWS Classic package.
- private
Subnet List<String>Ids - List of subnet IDs for the private subnets.
- public
Subnet List<String>Ids - List of subnet IDs for the public subnets.
- storage
Classes Map<kubernetes:storage.k8s.io/v1:StorageClass> - The storage class used for persistent storage by the cluster.
- Map<String>
- A map of tags assigned to the EKS cluster.
- vpc
Cni eks:VpcCni - The VPC CNI for the cluster.
Taint, TaintArgs
Package Details
- Repository
- Amazon EKS pulumi/pulumi-eks
- License
- Apache-2.0