UNPKG

@pulumi/eks

Version:

[![Build Status](https://github.com/pulumi/pulumi-eks/actions/workflows/master.yml/badge.svg)](https://github.com/pulumi/pulumi-eks/actions/workflows/master.yml) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![n

pulumi.com

pulumi/pulumi-eks

250 lines • 11.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
"use strict"; // *** WARNING: this file was generated by pulumi-gen-eks. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.ManagedNodeGroup = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("./utilities"); /** * Manages an EKS Node Group, which can provision and optionally update an Auto Scaling Group of Kubernetes worker nodes compatible with EKS. Additional documentation about this functionality can be found in the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). * * ## Example Usage * ### Basic Managed Node Group * This example demonstrates creating a managed node group with typical defaults. The node group uses the latest EKS-optimized Amazon Linux AMI, creates 2 nodes, and runs on t3.medium instances. Instance security groups are automatically configured. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as awsx from "@pulumi/awsx"; * import * as eks from "@pulumi/eks"; * * const eksVpc = new awsx.ec2.Vpc("eks-vpc", { * enableDnsHostnames: true, * cidrBlock: "10.0.0.0/16", * }); * const eksCluster = new eks.Cluster("eks-cluster", { * vpcId: eksVpc.vpcId, * authenticationMode: eks.AuthenticationMode.Api, * publicSubnetIds: eksVpc.publicSubnetIds, * privateSubnetIds: eksVpc.privateSubnetIds, * skipDefaultNodeGroup: true, * }); * const nodeRole = new aws.iam.Role("node-role", {assumeRolePolicy: JSON.stringify({ * Version: "2012-10-17", * Statement: [{ * Action: "sts:AssumeRole", * Effect: "Allow", * Sid: "", * Principal: { * Service: "ec2.amazonaws.com", * }, * }], * })}); * const workerNodePolicy = new aws.iam.RolePolicyAttachment("worker-node-policy", { * role: nodeRole.name, * policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", * }); * const cniPolicy = new aws.iam.RolePolicyAttachment("cni-policy", { * role: nodeRole.name, * policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", * }); * const registryPolicy = new aws.iam.RolePolicyAttachment("registry-policy", { * role: nodeRole.name, * policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", * }); * const nodeGroup = new eks.ManagedNodeGroup("node-group", { * cluster: eksCluster, * nodeRole: nodeRole, * }); * * ``` * ### Enabling EFA Support * * Enabling EFA support for a node group will do the following: * - All EFA interfaces supported by the instance will be exposed on the launch template used by the node group * - A `clustered` placement group will be created and passed to the launch template * - Checks will be performed to ensure that the instance type supports EFA and that the specified AZ is supported by the chosen instance type * * The GPU optimized AMIs include all necessary drivers and libraries to support EFA. If you're choosing an instance type without GPU acceleration you will need to install the drivers and libraries manually and bake a custom AMI. * * You can use the [aws-efa-k8s-device-plugin](https://github.com/aws/eks-charts/tree/master/stable/aws-efa-k8s-device-plugin) Helm chart to expose the EFA interfaces on the nodes as an extended resource, and allow pods to request these interfaces to be mounted to their containers. * Your application container will need to have the necessary libraries and runtimes in order to leverage the EFA interfaces (e.g. libfabric). * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as awsx from "@pulumi/awsx"; * import * as eks from "@pulumi/eks"; * import * as kubernetes from "@pulumi/kubernetes"; * * const eksVpc = new awsx.ec2.Vpc("eks-vpc", { * enableDnsHostnames: true, * cidrBlock: "10.0.0.0/16", * }); * const eksCluster = new eks.Cluster("eks-cluster", { * vpcId: eksVpc.vpcId, * authenticationMode: eks.AuthenticationMode.Api, * publicSubnetIds: eksVpc.publicSubnetIds, * privateSubnetIds: eksVpc.privateSubnetIds, * skipDefaultNodeGroup: true, * }); * const k8SProvider = new kubernetes.Provider("k8sProvider", {kubeconfig: eksCluster.kubeconfig}); * const nodeRole = new aws.iam.Role("node-role", {assumeRolePolicy: JSON.stringify({ * Version: "2012-10-17", * Statement: [{ * Action: "sts:AssumeRole", * Effect: "Allow", * Sid: "", * Principal: { * Service: "ec2.amazonaws.com", * }, * }], * })}); * const workerNodePolicy = new aws.iam.RolePolicyAttachment("worker-node-policy", { * role: nodeRole.name, * policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", * }); * const cniPolicy = new aws.iam.RolePolicyAttachment("cni-policy", { * role: nodeRole.name, * policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", * }); * const registryPolicy = new aws.iam.RolePolicyAttachment("registry-policy", { * role: nodeRole.name, * policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", * }); * * // The node group for running system pods (e.g. coredns, etc.) * const systemNodeGroup = new eks.ManagedNodeGroup("system-node-group", { * cluster: eksCluster, * nodeRole: nodeRole, * }); * * // The EFA device plugin for exposing EFA interfaces as extended resources * const devicePlugin = new kubernetes.helm.v3.Release("device-plugin", { * version: "0.5.7", * repositoryOpts: { * repo: "https://aws.github.io/eks-charts", * }, * chart: "aws-efa-k8s-device-plugin", * namespace: "kube-system", * atomic: true, * values: { * tolerations: [{ * key: "efa-enabled", * operator: "Exists", * effect: "NoExecute", * }], * }, * }, { * provider: k8SProvider, * }); * * // The node group for running EFA enabled workloads * const efaNodeGroup = new eks.ManagedNodeGroup("efa-node-group", { * cluster: eksCluster, * nodeRole: nodeRole, * instanceTypes: ["g6.8xlarge"], * gpu: true, * scalingConfig: { * minSize: 2, * desiredSize: 2, * maxSize: 4, * }, * enableEfaSupport: true, * placementGroupAvailabilityZone: "us-west-2b", * * // Taint the nodes so that only pods with the efa-enabled label can be scheduled on them * taints: [{ * key: "efa-enabled", * value: "true", * effect: "NO_EXECUTE", * }], * * // Instances with GPUs usually have nvme instance store volumes, so we can mount them in RAID-0 for kubelet and containerd * // These are faster than the regular EBS volumes * nodeadmExtraOptions: [{ * contentType: "application/node.eks.aws", * content: `apiVersion: node.eks.aws/v1alpha1 * kind: NodeConfig * spec: * instance: * localStorage: * strategy: RAID0 * `, * }], * }); * * ``` */ class ManagedNodeGroup extends pulumi.ComponentResource { /** * Returns true if the given object is an instance of ManagedNodeGroup. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === ManagedNodeGroup.__pulumiType; } /** * Create a ManagedNodeGroup resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name, args, opts) { let resourceInputs = {}; opts = opts || {}; if (!opts.id) { if ((!args || args.cluster === undefined) && !opts.urn) { throw new Error("Missing required property 'cluster'"); } resourceInputs["amiId"] = args ? args.amiId : undefined; resourceInputs["amiType"] = args ? args.amiType : undefined; resourceInputs["bootstrapExtraArgs"] = args ? args.bootstrapExtraArgs : undefined; resourceInputs["bottlerocketSettings"] = args ? args.bottlerocketSettings : undefined; resourceInputs["capacityType"] = args ? args.capacityType : undefined; resourceInputs["cluster"] = args ? args.cluster : undefined; resourceInputs["clusterName"] = args ? args.clusterName : undefined; resourceInputs["diskSize"] = args ? args.diskSize : undefined; resourceInputs["enableEfaSupport"] = args ? args.enableEfaSupport : undefined; resourceInputs["enableIMDSv2"] = args ? args.enableIMDSv2 : undefined; resourceInputs["forceUpdateVersion"] = args ? args.forceUpdateVersion : undefined; resourceInputs["gpu"] = args ? args.gpu : undefined; resourceInputs["ignoreScalingChanges"] = args ? args.ignoreScalingChanges : undefined; resourceInputs["instanceTypes"] = args ? args.instanceTypes : undefined; resourceInputs["kubeletExtraArgs"] = args ? args.kubeletExtraArgs : undefined; resourceInputs["labels"] = args ? args.labels : undefined; resourceInputs["launchTemplate"] = args ? args.launchTemplate : undefined; resourceInputs["nodeGroupName"] = args ? args.nodeGroupName : undefined; resourceInputs["nodeGroupNamePrefix"] = args ? args.nodeGroupNamePrefix : undefined; resourceInputs["nodeRole"] = args ? args.nodeRole : undefined; resourceInputs["nodeRoleArn"] = args ? args.nodeRoleArn : undefined; resourceInputs["nodeadmExtraOptions"] = args ? args.nodeadmExtraOptions : undefined; resourceInputs["operatingSystem"] = args ? args.operatingSystem : undefined; resourceInputs["placementGroupAvailabilityZone"] = args ? args.placementGroupAvailabilityZone : undefined; resourceInputs["releaseVersion"] = args ? args.releaseVersion : undefined; resourceInputs["remoteAccess"] = args ? args.remoteAccess : undefined; resourceInputs["scalingConfig"] = args ? args.scalingConfig : undefined; resourceInputs["subnetIds"] = args ? args.subnetIds : undefined; resourceInputs["tags"] = args ? args.tags : undefined; resourceInputs["taints"] = args ? args.taints : undefined; resourceInputs["userData"] = args ? args.userData : undefined; resourceInputs["version"] = args ? args.version : undefined; resourceInputs["nodeGroup"] = undefined /*out*/; resourceInputs["placementGroupName"] = undefined /*out*/; } else { resourceInputs["nodeGroup"] = undefined /*out*/; resourceInputs["placementGroupName"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ManagedNodeGroup.__pulumiType, name, resourceInputs, opts, true /*remote*/); } } exports.ManagedNodeGroup = ManagedNodeGroup; /** @internal */ ManagedNodeGroup.__pulumiType = 'eks:index:ManagedNodeGroup'; //# sourceMappingURL=managedNodeGroup.js.map