@aws-sdk/client-eks

import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client"; import { EKSServiceException as __BaseException } from "./EKSServiceException"; /** * @public * @enum */ export declare const AuthenticationMode: { readonly API: "API"; readonly API_AND_CONFIG_MAP: "API_AND_CONFIG_MAP"; readonly CONFIG_MAP: "CONFIG_MAP"; }; /** * @public */ export type AuthenticationMode = (typeof AuthenticationMode)[keyof typeof AuthenticationMode]; /** * The access configuration for the cluster. * @public */ export interface AccessConfigResponse { /** * Specifies whether or not the cluster creator IAM principal was set as a cluster * admin access entry during cluster creation time. * @public */ bootstrapClusterCreatorAdminPermissions?: boolean | undefined; /** * The current authentication mode of the cluster. * @public */ authenticationMode?: AuthenticationMode | undefined; } /** * You don't have permissions to perform the requested operation. The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html">IAM principal</a> * making the request must have at least one IAM permissions policy attached that grants * the required permissions. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html">Access * management</a> in the IAM User Guide. * @public */ export declare class AccessDeniedException extends __BaseException { readonly name: "AccessDeniedException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>); } /** * An access entry allows an IAM principal (user or role) to access your cluster. * Access entries can replace the need to maintain the <code>aws-auth</code> * <code>ConfigMap</code> for authentication. For more information about access entries, * see <a href="https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html">Access * entries</a> in the Amazon EKS User Guide. * @public */ export interface AccessEntry { /** * The name of your cluster. * @public */ clusterName?: string | undefined; /** * The ARN of the IAM principal for the access entry. If you ever delete the IAM * principal with this ARN, the access entry isn't automatically deleted. We recommend * that you delete the access entry with an ARN for an IAM principal that you delete. * If you don't delete the access entry and ever recreate the IAM principal, even if it * has the same ARN, the access entry won't work. This is because even though the ARN * is the same for the recreated IAM principal, the <code>roleID</code> or * <code>userID</code> (you can see this with the Security Token Service * <code>GetCallerIdentity</code> API) is different for the recreated IAM principal * than it was for the original IAM principal. Even though you don't see the IAM * principal's <code>roleID</code> or <code>userID</code> for an access entry, Amazon EKS stores * it with the access entry. * @public */ principalArn?: string | undefined; /** * A <code>name</code> that you've specified in a Kubernetes <code>RoleBinding</code> or * <code>ClusterRoleBinding</code> object so that Kubernetes authorizes the * <code>principalARN</code> access to cluster objects. * @public */ kubernetesGroups?: string[] | undefined; /** * The ARN of the access entry. * @public */ accessEntryArn?: string | undefined; /** * The Unix epoch timestamp at object creation. * @public */ createdAt?: Date | undefined; /** * The Unix epoch timestamp for the last modification to the object. * @public */ modifiedAt?: Date | undefined; /** * Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources. * @public */ tags?: Record<string, string> | undefined; /** * The <code>name</code> of a user that can authenticate to your cluster. * @public */ username?: string | undefined; /** * The type of the access entry. * @public */ type?: string | undefined; } /** * An access policy includes permissions that allow Amazon EKS to authorize an * IAM principal to work with Kubernetes objects on your cluster. The policies are * managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the * policies using the API. The permissions for many of the policies are similar to the * Kubernetes <code>cluster-admin</code>, <code>admin</code>, <code>edit</code>, and * <code>view</code> cluster roles. For more information about these cluster roles, see * <a href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles">User-facing roles</a> in the Kubernetes documentation. To view the contents of the * policies, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions">Access * policy permissions</a> in the Amazon EKS User Guide. * @public */ export interface AccessPolicy { /** * The name of the access policy. * @public */ name?: string | undefined; /** * The ARN of the access policy. * @public */ arn?: string | undefined; } /** * @public * @enum */ export declare const AccessScopeType: { readonly cluster: "cluster"; readonly namespace: "namespace"; }; /** * @public */ export type AccessScopeType = (typeof AccessScopeType)[keyof typeof AccessScopeType]; /** * The scope of an <code>AccessPolicy</code> that's associated to an * <code>AccessEntry</code>. * @public */ export interface AccessScope { /** * The scope type of an access policy. * @public */ type?: AccessScopeType | undefined; /** * A Kubernetes <code>namespace</code> that an access policy is scoped to. A value is required * if you specified <code>namespace</code> for <code>Type</code>. * @public */ namespaces?: string[] | undefined; } /** * @public * @enum */ export declare const AddonIssueCode: { readonly ACCESS_DENIED: "AccessDenied"; readonly ADDON_PERMISSION_FAILURE: "AddonPermissionFailure"; readonly ADDON_SUBSCRIPTION_NEEDED: "AddonSubscriptionNeeded"; readonly ADMISSION_REQUEST_DENIED: "AdmissionRequestDenied"; readonly CLUSTER_UNREACHABLE: "ClusterUnreachable"; readonly CONFIGURATION_CONFLICT: "ConfigurationConflict"; readonly INSUFFICIENT_NUMBER_OF_REPLICAS: "InsufficientNumberOfReplicas"; readonly INTERNAL_FAILURE: "InternalFailure"; readonly K8S_RESOURCE_NOT_FOUND: "K8sResourceNotFound"; readonly UNSUPPORTED_ADDON_MODIFICATION: "UnsupportedAddonModification"; }; /** * @public */ export type AddonIssueCode = (typeof AddonIssueCode)[keyof typeof AddonIssueCode]; /** * An issue related to an add-on. * @public */ export interface AddonIssue { /** * A code that describes the type of issue. * @public */ code?: AddonIssueCode | undefined; /** * A message that provides details about the issue and what might cause it. * @public */ message?: string | undefined; /** * The resource IDs of the issue. * @public */ resourceIds?: string[] | undefined; } /** * The health of the add-on. * @public */ export interface AddonHealth { /** * An object representing the health issues for an add-on. * @public */ issues?: AddonIssue[] | undefined; } /** * Information about an Amazon EKS add-on from the Amazon Web Services Marketplace. * @public */ export interface MarketplaceInformation { /** * The product ID from the Amazon Web Services Marketplace. * @public */ productId?: string | undefined; /** * The product URL from the Amazon Web Services Marketplace. * @public */ productUrl?: string | undefined; } /** * @public * @enum */ export declare const AddonStatus: { readonly ACTIVE: "ACTIVE"; readonly CREATE_FAILED: "CREATE_FAILED"; readonly CREATING: "CREATING"; readonly DEGRADED: "DEGRADED"; readonly DELETE_FAILED: "DELETE_FAILED"; readonly DELETING: "DELETING"; readonly UPDATE_FAILED: "UPDATE_FAILED"; readonly UPDATING: "UPDATING"; }; /** * @public */ export type AddonStatus = (typeof AddonStatus)[keyof typeof AddonStatus]; /** * An Amazon EKS add-on. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html">Amazon EKS add-ons</a> in the * Amazon EKS User Guide. * @public */ export interface Addon { /** * The name of the add-on. * @public */ addonName?: string | undefined; /** * The name of your cluster. * @public */ clusterName?: string | undefined; /** * The status of the add-on. * @public */ status?: AddonStatus | undefined; /** * The version of the add-on. * @public */ addonVersion?: string | undefined; /** * An object that represents the health of the add-on. * @public */ health?: AddonHealth | undefined; /** * The Amazon Resource Name (ARN) of the add-on. * @public */ addonArn?: string | undefined; /** * The Unix epoch timestamp at object creation. * @public */ createdAt?: Date | undefined; /** * The Unix epoch timestamp for the last modification to the object. * @public */ modifiedAt?: Date | undefined; /** * The Amazon Resource Name (ARN) of the IAM role that's bound to the Kubernetes <code>ServiceAccount</code> * object that the add-on uses. * @public */ serviceAccountRoleArn?: string | undefined; /** * Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources. * @public */ tags?: Record<string, string> | undefined; /** * The publisher of the add-on. * @public */ publisher?: string | undefined; /** * The owner of the add-on. * @public */ owner?: string | undefined; /** * Information about an Amazon EKS add-on from the Amazon Web Services Marketplace. * @public */ marketplaceInformation?: MarketplaceInformation | undefined; /** * The configuration values that you provided. * @public */ configurationValues?: string | undefined; /** * An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity * association maps a role to a service account in a namespace in the cluster. * For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html">Attach an IAM Role to an Amazon EKS add-on * using Pod Identity</a> in the Amazon EKS User Guide. * @public */ podIdentityAssociations?: string[] | undefined; } /** * The summary information about the Amazon EKS add-on compatibility for the next Kubernetes * version for an insight check in the <code>UPGRADE_READINESS</code> category. * @public */ export interface AddonCompatibilityDetail { /** * The name of the Amazon EKS add-on. * @public */ name?: string | undefined; /** * The list of compatible Amazon EKS add-on versions for the next Kubernetes version. * @public */ compatibleVersions?: string[] | undefined; } /** * Compatibility information. * @public */ export interface Compatibility { /** * The supported Kubernetes version of the cluster. * @public */ clusterVersion?: string | undefined; /** * The supported compute platform. * @public */ platformVersions?: string[] | undefined; /** * The supported default version. * @public */ defaultVersion?: boolean | undefined; } /** * Information about an add-on version. * @public */ export interface AddonVersionInfo { /** * The version of the add-on. * @public */ addonVersion?: string | undefined; /** * The architectures that the version supports. * @public */ architecture?: string[] | undefined; /** * Indicates the compute type of the addon version. * @public */ computeTypes?: string[] | undefined; /** * An object representing the compatibilities of a version. * @public */ compatibilities?: Compatibility[] | undefined; /** * Whether the add-on requires configuration. * @public */ requiresConfiguration?: boolean | undefined; /** * Indicates if the Addon requires IAM Permissions to operate, such as networking * permissions. * @public */ requiresIamPermissions?: boolean | undefined; } /** * Information about an add-on. * @public */ export interface AddonInfo { /** * The name of the add-on. * @public */ addonName?: string | undefined; /** * The type of the add-on. * @public */ type?: string | undefined; /** * An object representing information about available add-on versions and compatible * Kubernetes versions. * @public */ addonVersions?: AddonVersionInfo[] | undefined; /** * The publisher of the add-on. * @public */ publisher?: string | undefined; /** * The owner of the add-on. * @public */ owner?: string | undefined; /** * Information about the add-on from the Amazon Web Services Marketplace. * @public */ marketplaceInformation?: MarketplaceInformation | undefined; } /** * A type of Pod Identity Association owned by an Amazon EKS Add-on. * Each EKS Pod Identity Association maps a role to a service account in a namespace in * the cluster. * For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html">Attach an IAM Role to an Amazon EKS add-on * using Pod Identity</a> in the Amazon EKS User Guide. * @public */ export interface AddonPodIdentityAssociations { /** * The name of a Kubernetes Service Account. * @public */ serviceAccount: string | undefined; /** * The ARN of an IAM Role. * @public */ roleArn: string | undefined; } /** * Information about how to configure IAM for an Addon. * @public */ export interface AddonPodIdentityConfiguration { /** * The Kubernetes Service Account name used by the addon. * @public */ serviceAccount?: string | undefined; /** * A suggested IAM Policy for the addon. * @public */ recommendedManagedPolicies?: string[] | undefined; } /** * @public * @enum */ export declare const AMITypes: { readonly AL2023_ARM_64_STANDARD: "AL2023_ARM_64_STANDARD"; readonly AL2023_x86_64_NEURON: "AL2023_x86_64_NEURON"; readonly AL2023_x86_64_NVIDIA: "AL2023_x86_64_NVIDIA"; readonly AL2023_x86_64_STANDARD: "AL2023_x86_64_STANDARD"; readonly AL2_ARM_64: "AL2_ARM_64"; readonly AL2_x86_64: "AL2_x86_64"; readonly AL2_x86_64_GPU: "AL2_x86_64_GPU"; readonly BOTTLEROCKET_ARM_64: "BOTTLEROCKET_ARM_64"; readonly BOTTLEROCKET_ARM_64_NVIDIA: "BOTTLEROCKET_ARM_64_NVIDIA"; readonly BOTTLEROCKET_x86_64: "BOTTLEROCKET_x86_64"; readonly BOTTLEROCKET_x86_64_NVIDIA: "BOTTLEROCKET_x86_64_NVIDIA"; readonly CUSTOM: "CUSTOM"; readonly WINDOWS_CORE_2019_x86_64: "WINDOWS_CORE_2019_x86_64"; readonly WINDOWS_CORE_2022_x86_64: "WINDOWS_CORE_2022_x86_64"; readonly WINDOWS_FULL_2019_x86_64: "WINDOWS_FULL_2019_x86_64"; readonly WINDOWS_FULL_2022_x86_64: "WINDOWS_FULL_2022_x86_64"; }; /** * @public */ export type AMITypes = (typeof AMITypes)[keyof typeof AMITypes]; /** * @public */ export interface AssociateAccessPolicyRequest { /** * The name of your cluster. * @public */ clusterName: string | undefined; /** * The Amazon Resource Name (ARN) of the IAM user or role for the <code>AccessEntry</code> that you're * associating the access policy to. * @public */ principalArn: string | undefined; /** * The ARN of the <code>AccessPolicy</code> that you're associating. For a list of * ARNs, use <code>ListAccessPolicies</code>. * @public */ policyArn: string | undefined; /** * The scope for the <code>AccessPolicy</code>. You can scope access policies to an * entire cluster or to specific Kubernetes namespaces. * @public */ accessScope: AccessScope | undefined; } /** * An access policy association. * @public */ export interface AssociatedAccessPolicy { /** * The ARN of the <code>AccessPolicy</code>. * @public */ policyArn?: string | undefined; /** * The scope of the access policy. * @public */ accessScope?: AccessScope | undefined; /** * The date and time the <code>AccessPolicy</code> was associated with an * <code>AccessEntry</code>. * @public */ associatedAt?: Date | undefined; /** * The Unix epoch timestamp for the last modification to the object. * @public */ modifiedAt?: Date | undefined; } /** * @public */ export interface AssociateAccessPolicyResponse { /** * The name of your cluster. * @public */ clusterName?: string | undefined; /** * The ARN of the IAM principal for the <code>AccessEntry</code>. * @public */ principalArn?: string | undefined; /** * The <code>AccessPolicy</code> and scope associated to the * <code>AccessEntry</code>. * @public */ associatedAccessPolicy?: AssociatedAccessPolicy | undefined; } /** * The specified parameter is invalid. Review the available parameters for the API * request. * @public */ export declare class InvalidParameterException extends __BaseException { readonly name: "InvalidParameterException"; readonly $fault: "client"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The Fargate profile associated with the exception. * @public */ fargateProfileName?: string | undefined; /** * The specified parameter for the add-on name is invalid. Review the available * parameters for the API request * @public */ addonName?: string | undefined; /** * The Amazon EKS subscription ID with the exception. * @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidParameterException, __BaseException>); } /** * The request is invalid given the state of the cluster. Check the state of the cluster * and the associated operations. * @public */ export declare class InvalidRequestException extends __BaseException { readonly name: "InvalidRequestException"; readonly $fault: "client"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The request is invalid given the state of the add-on name. Check the state of the * cluster and the associated operations. * @public */ addonName?: string | undefined; /** * The Amazon EKS subscription ID with the exception. * @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<InvalidRequestException, __BaseException>); } /** * The specified resource could not be found. You can view your available clusters with * <code>ListClusters</code>. You can view your available managed node groups with * <code>ListNodegroups</code>. Amazon EKS clusters and node groups are Amazon Web Services Region * specific. * @public */ export declare class ResourceNotFoundException extends __BaseException { readonly name: "ResourceNotFoundException"; readonly $fault: "client"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The Fargate profile associated with the exception. * @public */ fargateProfileName?: string | undefined; /** * The Amazon EKS add-on name associated with the exception. * @public */ addonName?: string | undefined; /** * The Amazon EKS subscription ID with the exception. * @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>); } /** * These errors are usually caused by a server-side issue. * @public */ export declare class ServerException extends __BaseException { readonly name: "ServerException"; readonly $fault: "server"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The Amazon EKS add-on name associated with the exception. * @public */ addonName?: string | undefined; /** * The Amazon EKS subscription ID with the exception. * @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<ServerException, __BaseException>); } /** * Identifies the Key Management Service (KMS) key used to encrypt the secrets. * @public */ export interface Provider { /** * Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in * the same Amazon Web Services Region as the cluster. If the KMS key was created in a different * account, the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html">IAM principal</a> must have access to the KMS key. For more information, * see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html">Allowing * users in other accounts to use a KMS key</a> in the Key Management Service * Developer Guide. * @public */ keyArn?: string | undefined; } /** * The encryption configuration for the cluster. * @public */ export interface EncryptionConfig { /** * Specifies the resources to be encrypted. The only supported value is * <code>secrets</code>. * @public */ resources?: string[] | undefined; /** * Key Management Service (KMS) key. Either the ARN or the alias can be used. * @public */ provider?: Provider | undefined; } /** * @public */ export interface AssociateEncryptionConfigRequest { /** * The name of your cluster. * @public */ clusterName: string | undefined; /** * The configuration you are using for encryption. * @public */ encryptionConfig: EncryptionConfig[] | undefined; /** * A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request. * @public */ clientRequestToken?: string | undefined; } /** * @public * @enum */ export declare const ErrorCode: { readonly ACCESS_DENIED: "AccessDenied"; readonly ADMISSION_REQUEST_DENIED: "AdmissionRequestDenied"; readonly CLUSTER_UNREACHABLE: "ClusterUnreachable"; readonly CONFIGURATION_CONFLICT: "ConfigurationConflict"; readonly ENI_LIMIT_REACHED: "EniLimitReached"; readonly INSUFFICIENT_FREE_ADDRESSES: "InsufficientFreeAddresses"; readonly INSUFFICIENT_NUMBER_OF_REPLICAS: "InsufficientNumberOfReplicas"; readonly IP_NOT_AVAILABLE: "IpNotAvailable"; readonly K8S_RESOURCE_NOT_FOUND: "K8sResourceNotFound"; readonly NODE_CREATION_FAILURE: "NodeCreationFailure"; readonly OPERATION_NOT_PERMITTED: "OperationNotPermitted"; readonly POD_EVICTION_FAILURE: "PodEvictionFailure"; readonly SECURITY_GROUP_NOT_FOUND: "SecurityGroupNotFound"; readonly SUBNET_NOT_FOUND: "SubnetNotFound"; readonly UNKNOWN: "Unknown"; readonly UNSUPPORTED_ADDON_MODIFICATION: "UnsupportedAddonModification"; readonly VPC_ID_NOT_FOUND: "VpcIdNotFound"; }; /** * @public */ export type ErrorCode = (typeof ErrorCode)[keyof typeof ErrorCode]; /** * An object representing an error when an asynchronous operation fails. * @public */ export interface ErrorDetail { /** * A brief description of the error. * <ul> * <li> * * SubnetNotFound: We couldn't find one of the * subnets associated with the cluster. * </li> * <li> * * SecurityGroupNotFound: We couldn't find one * of the security groups associated with the cluster. * </li> * <li> * * EniLimitReached: You have reached the elastic * network interface limit for your account. * </li> * <li> * * IpNotAvailable: A subnet associated with the * cluster doesn't have any available IP addresses. * </li> * <li> * * AccessDenied: You don't have permissions to * perform the specified operation. * </li> * <li> * * OperationNotPermitted: The service role * associated with the cluster doesn't have the required access permissions for * Amazon EKS. * </li> * <li> * * VpcIdNotFound: We couldn't find the VPC * associated with the cluster. * </li> * </ul> * @public */ errorCode?: ErrorCode | undefined; /** * A more complete description of the error. * @public */ errorMessage?: string | undefined; /** * An optional field that contains the resource IDs associated with the error. * @public */ resourceIds?: string[] | undefined; } /** * @public * @enum */ export declare const UpdateParamType: { readonly ADDON_VERSION: "AddonVersion"; readonly AUTHENTICATION_MODE: "AuthenticationMode"; readonly CLUSTER_LOGGING: "ClusterLogging"; readonly COMPUTE_CONFIG: "ComputeConfig"; readonly CONFIGURATION_VALUES: "ConfigurationValues"; readonly DESIRED_SIZE: "DesiredSize"; readonly ENCRYPTION_CONFIG: "EncryptionConfig"; readonly ENDPOINT_PRIVATE_ACCESS: "EndpointPrivateAccess"; readonly ENDPOINT_PUBLIC_ACCESS: "EndpointPublicAccess"; readonly IDENTITY_PROVIDER_CONFIG: "IdentityProviderConfig"; readonly KUBERNETES_NETWORK_CONFIG: "KubernetesNetworkConfig"; readonly LABELS_TO_ADD: "LabelsToAdd"; readonly LABELS_TO_REMOVE: "LabelsToRemove"; readonly LAUNCH_TEMPLATE_NAME: "LaunchTemplateName"; readonly LAUNCH_TEMPLATE_VERSION: "LaunchTemplateVersion"; readonly MAX_SIZE: "MaxSize"; readonly MAX_UNAVAILABLE: "MaxUnavailable"; readonly MAX_UNAVAILABLE_PERCENTAGE: "MaxUnavailablePercentage"; readonly MIN_SIZE: "MinSize"; readonly NODE_REPAIR_ENABLED: "NodeRepairEnabled"; readonly PLATFORM_VERSION: "PlatformVersion"; readonly POD_IDENTITY_ASSOCIATIONS: "PodIdentityAssociations"; readonly PUBLIC_ACCESS_CIDRS: "PublicAccessCidrs"; readonly RELEASE_VERSION: "ReleaseVersion"; readonly RESOLVE_CONFLICTS: "ResolveConflicts"; readonly SECURITY_GROUPS: "SecurityGroups"; readonly SERVICE_ACCOUNT_ROLE_ARN: "ServiceAccountRoleArn"; readonly STORAGE_CONFIG: "StorageConfig"; readonly SUBNETS: "Subnets"; readonly TAINTS_TO_ADD: "TaintsToAdd"; readonly TAINTS_TO_REMOVE: "TaintsToRemove"; readonly UPDATE_STRATEGY: "UpdateStrategy"; readonly UPGRADE_POLICY: "UpgradePolicy"; readonly VERSION: "Version"; readonly ZONAL_SHIFT_CONFIG: "ZonalShiftConfig"; }; /** * @public */ export type UpdateParamType = (typeof UpdateParamType)[keyof typeof UpdateParamType]; /** * An object representing the details of an update request. * @public */ export interface UpdateParam { /** * The keys associated with an update request. * @public */ type?: UpdateParamType | undefined; /** * The value of the keys submitted as part of an update request. * @public */ value?: string | undefined; } /** * @public * @enum */ export declare const UpdateStatus: { readonly CANCELLED: "Cancelled"; readonly FAILED: "Failed"; readonly IN_PROGRESS: "InProgress"; readonly SUCCESSFUL: "Successful"; }; /** * @public */ export type UpdateStatus = (typeof UpdateStatus)[keyof typeof UpdateStatus]; /** * @public * @enum */ export declare const UpdateType: { readonly ACCESS_CONFIG_UPDATE: "AccessConfigUpdate"; readonly ADDON_UPDATE: "AddonUpdate"; readonly ASSOCIATE_ENCRYPTION_CONFIG: "AssociateEncryptionConfig"; readonly ASSOCIATE_IDENTITY_PROVIDER_CONFIG: "AssociateIdentityProviderConfig"; readonly AUTO_MODE_UPDATE: "AutoModeUpdate"; readonly CONFIG_UPDATE: "ConfigUpdate"; readonly DISASSOCIATE_IDENTITY_PROVIDER_CONFIG: "DisassociateIdentityProviderConfig"; readonly ENDPOINT_ACCESS_UPDATE: "EndpointAccessUpdate"; readonly LOGGING_UPDATE: "LoggingUpdate"; readonly UPGRADE_POLICY_UPDATE: "UpgradePolicyUpdate"; readonly VERSION_UPDATE: "VersionUpdate"; readonly VPC_CONFIG_UPDATE: "VpcConfigUpdate"; readonly ZONAL_SHIFT_CONFIG_UPDATE: "ZonalShiftConfigUpdate"; }; /** * @public */ export type UpdateType = (typeof UpdateType)[keyof typeof UpdateType]; /** * An object representing an asynchronous update. * @public */ export interface Update { /** * A UUID that is used to track the update. * @public */ id?: string | undefined; /** * The current status of the update. * @public */ status?: UpdateStatus | undefined; /** * The type of the update. * @public */ type?: UpdateType | undefined; /** * A key-value map that contains the parameters associated with the update. * @public */ params?: UpdateParam[] | undefined; /** * The Unix epoch timestamp at object creation. * @public */ createdAt?: Date | undefined; /** * Any errors associated with a <code>Failed</code> update. * @public */ errors?: ErrorDetail[] | undefined; } /** * @public */ export interface AssociateEncryptionConfigResponse { /** * An object representing an asynchronous update. * @public */ update?: Update | undefined; } /** * These errors are usually caused by a client action. Actions can include using an * action or resource on behalf of an <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html">IAM principal</a> that doesn't have permissions to use * the action or resource or specifying an identifier that is not valid. * @public */ export declare class ClientException extends __BaseException { readonly name: "ClientException"; readonly $fault: "client"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The Amazon EKS add-on name associated with the exception. * @public */ addonName?: string | undefined; /** * The Amazon EKS subscription ID with the exception. * @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<ClientException, __BaseException>); } /** * The specified resource is in use. * @public */ export declare class ResourceInUseException extends __BaseException { readonly name: "ResourceInUseException"; readonly $fault: "client"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The specified add-on name is in use. * @public */ addonName?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<ResourceInUseException, __BaseException>); } /** * An object representing an OpenID Connect (OIDC) configuration. Before associating an * OIDC identity provider to your cluster, review the considerations in <a href="https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html">Authenticating * users for your cluster from an OIDC identity provider</a> in the * Amazon EKS User Guide. * @public */ export interface OidcIdentityProviderConfigRequest { /** * The name of the OIDC provider configuration. * @public */ identityProviderConfigName: string | undefined; /** * The URL of the OIDC identity provider that allows the API server to discover public * signing keys for verifying tokens. The URL must begin with <code>https://</code> and * should correspond to the <code>iss</code> claim in the provider's OIDC ID tokens. * Based on the OIDC standard, path components are allowed but query parameters are not. * Typically the URL consists of only a hostname, like * <code>https://server.example.org</code> or <code>https://example.com</code>. This * URL should point to the level below <code>.well-known/openid-configuration</code> and * must be publicly accessible over the internet. * @public */ issuerUrl: string | undefined; /** * This is also known as audience. The ID for the client application * that makes authentication requests to the OIDC identity provider. * @public */ clientId: string | undefined; /** * The JSON Web Token (JWT) claim to use as the username. The default is * <code>sub</code>, which is expected to be a unique identifier of the end user. You can * choose other claims, such as <code>email</code> or <code>name</code>, depending on the * OIDC identity provider. Claims other than <code>email</code> are prefixed with the * issuer URL to prevent naming clashes with other plug-ins. * @public */ usernameClaim?: string | undefined; /** * The prefix that is prepended to username claims to prevent clashes with existing * names. If you do not provide this field, and <code>username</code> is a value other than * <code>email</code>, the prefix defaults to <code>issuerurl#</code>. You can use the * value <code>-</code> to disable all prefixing. * @public */ usernamePrefix?: string | undefined; /** * The JWT claim that the provider uses to return your groups. * @public */ groupsClaim?: string | undefined; /** * The prefix that is prepended to group claims to prevent clashes with existing names * (such as <code>system:</code> groups). For example, the value<code> oidc:</code> will * create group names like <code>oidc:engineering</code> and * <code>oidc:infra</code>. * @public */ groupsPrefix?: string | undefined; /** * The key value pairs that describe required claims in the identity token. If set, each * claim is verified to be present in the token with a matching value. For the maximum * number of claims that you can require, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html">Amazon EKS service quotas</a> in the * Amazon EKS User Guide. * @public */ requiredClaims?: Record<string, string> | undefined; } /** * @public */ export interface AssociateIdentityProviderConfigRequest { /** * The name of your cluster. * @public */ clusterName: string | undefined; /** * An object representing an OpenID Connect (OIDC) identity provider configuration. * @public */ oidc: OidcIdentityProviderConfigRequest | undefined; /** * Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources. * @public */ tags?: Record<string, string> | undefined; /** * A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request. * @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface AssociateIdentityProviderConfigResponse { /** * An object representing an asynchronous update. * @public */ update?: Update | undefined; /** * The tags for the resource. * @public */ tags?: Record<string, string> | undefined; } /** * An Auto Scaling group that is associated with an Amazon EKS managed node group. * @public */ export interface AutoScalingGroup { /** * The name of the Auto Scaling group associated with an Amazon EKS managed node group. * @public */ name?: string | undefined; } /** * @public */ export interface CreateAccessEntryRequest { /** * The name of your cluster. * @public */ clusterName: string | undefined; /** * The ARN of the IAM principal for the <code>AccessEntry</code>. You can specify one ARN for each access entry. You can't specify the * same ARN in more than one access entry. This value can't be changed after access entry * creation. * The valid principals differ depending on the type of the access entry in the * <code>type</code> field. For <code>STANDARD</code> access entries, you can use every * IAM principal type. For nodes (<code>EC2</code> (for EKS Auto Mode), * <code>EC2_LINUX</code>, <code>EC2_WINDOWS</code>, <code>FARGATE_LINUX</code>, and * <code>HYBRID_LINUX</code>), the only valid ARN is IAM roles. * * You can't use the STS session principal type with access entries because this is a * temporary principal for each session and not a permanent identity that can be assigned * permissions. * * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp">IAM best * practices</a> recommend using IAM roles with temporary credentials, rather * than IAM users with long-term credentials. * @public */ principalArn: string | undefined; /** * The value for <code>name</code> that you've specified for <code>kind: Group</code> as * a <code>subject</code> in a Kubernetes <code>RoleBinding</code> or * <code>ClusterRoleBinding</code> object. Amazon EKS doesn't confirm that the value for * <code>name</code> exists in any bindings on your cluster. You can specify one or * more names. * Kubernetes authorizes the <code>principalArn</code> of the access entry to access any * cluster objects that you've specified in a Kubernetes <code>Role</code> or * <code>ClusterRole</code> object that is also specified in a binding's * <code>roleRef</code>. For more information about creating Kubernetes * <code>RoleBinding</code>, <code>ClusterRoleBinding</code>, <code>Role</code>, or * <code>ClusterRole</code> objects, see <a href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/">Using RBAC * Authorization in the Kubernetes documentation</a>. * If you want Amazon EKS to authorize the <code>principalArn</code> (instead of, or in * addition to Kubernetes authorizing the <code>principalArn</code>), you can associate one or * more access policies to the access entry using <code>AssociateAccessPolicy</code>. If * you associate any access policies, the <code>principalARN</code> has all permissions * assigned in the associated access policies and all permissions in any Kubernetes * <code>Role</code> or <code>ClusterRole</code> objects that the group names are bound * to. * @public */ kubernetesGroups?: string[] | undefined; /** * Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources. * @public */ tags?: Record<string, string> | undefined; /** * A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request. * @public */ clientRequestToken?: string | undefined; /** * The username to authenticate to Kubernetes with. We recommend not specifying a username and * letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies * for you, or constraints before specifying your own username, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries">Creating * access entries</a> in the Amazon EKS User Guide. * @public */ username?: string | undefined; /** * The type of the new access entry. Valid values are <code>STANDARD</code>, * <code>FARGATE_LINUX</code>, <code>EC2_LINUX</code>, <code>EC2_WINDOWS</code>, * <code>EC2</code> (for EKS Auto Mode), <code>HYBRID_LINUX</code>, and * <code>HYPERPOD_LINUX</code>. * If the <code>principalArn</code> is for an IAM role that's used for self-managed * Amazon EC2 nodes, specify <code>EC2_LINUX</code> or <code>EC2_WINDOWS</code>. Amazon EKS grants * the necessary permissions to the node for you. If the <code>principalArn</code> is for * any other purpose, specify <code>STANDARD</code>. If you don't specify a value, Amazon EKS * sets the value to <code>STANDARD</code>. If you have the access mode of the cluster set * to <code>API_AND_CONFIG_MAP</code>, it's unnecessary to create access entries for IAM * roles used with Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS creates entries * in the <code>aws-auth</code> * <code>ConfigMap</code> for the roles. You can't change this value once you've created * the access entry. * If you set the value to <code>EC2_LINUX</code> or <code>EC2_WINDOWS</code>, you can't * specify values for <code>kubernetesGroups</code>, or associate an * <code>AccessPolicy</code> to the access entry. * @public */ type?: string | undefined; } /** * @public */ export interface CreateAccessEntryResponse { /** * An access entry allows an IAM principal (user or role) to access your cluster. * Access entries can replace the need to maintain the <code>aws-auth</code> * <code>ConfigMap</code> for authentication. For more information about access entries, * see <a href="https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html">Access * entries</a> in the Amazon EKS User Guide. * @public */ accessEntry?: AccessEntry | undefined; } /** * You have encountered a service limit on the specified resource. * @public */ export declare class ResourceLimitExceededException extends __BaseException { readonly name: "ResourceLimitExceededException"; readonly $fault: "client"; /** * The Amazon EKS cluster associated with the exception. * @public */ clusterName?: string | undefined; /** * The Amazon EKS managed node group associated with the exception. * @public */ nodegroupName?: string | undefined; /** * The Amazon EKS subscription ID with the exception. * @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionType<ResourceLimitExceededException, __BaseException>); } /** * @public * @enum */ export declare const ResolveConflicts: { readonly NONE: "NONE"; readonly OVERWRITE: "OVERWRITE"; readonly PRESERVE: "PRESERVE"; }; /** * @public */ export type ResolveConflicts = (typeof ResolveConflicts)[keyof typeof ResolveConflicts]; /** * @public */ export interface CreateAddonRequest { /** * The name of your cluster. * @public */ clusterName: string | undefined; /** * The name of the add-on. The name must match one of the names returned by * <code>DescribeAddonVersions</code>. * @public */ addonName: string | undefined; /** * The version of the add-on. The version must match one of the versions returned by <a href="https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html"> * <code>DescribeAddonVersions</code> * </a>. * @public */ addonVersion?: string | undefined; /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the * permissions assigned to the node IAM role. For more information, see <a href="https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html">Amazon EKS node IAM role</a> in the <i