UNPKG

@pulumi/eks

Version:

[![Build Status](https://github.com/pulumi/pulumi-eks/actions/workflows/master.yml/badge.svg)](https://github.com/pulumi/pulumi-eks/actions/workflows/master.yml) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![n

pulumi.com

pulumi/pulumi-eks

297 lines (296 loc) 14.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as enums from "./types/enums"; import * as pulumiAws from "@pulumi/aws"; import { Cluster } from "./index"; /** * NodeGroup is a component that wraps the AWS EC2 instances that provide compute capacity for an EKS cluster. * * @deprecated NodeGroup uses AWS EC2 LaunchConfiguration which has been deprecated by AWS and doesn't support the newest instance types. Please use NodeGroupV2 instead. */ export declare class NodeGroup extends pulumi.ComponentResource { /** * Returns true if the given object is an instance of NodeGroup. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is NodeGroup; /** * The AutoScalingGroup name for the Node group. */ readonly autoScalingGroupName: pulumi.Output<string>; /** * The CloudFormation Stack which defines the Node AutoScalingGroup. */ readonly cfnStack: pulumi.Output<pulumiAws.cloudformation.Stack>; /** * The additional security groups for the node group that captures user-specific rules. */ readonly extraNodeSecurityGroups: pulumi.Output<pulumiAws.ec2.SecurityGroup[]>; /** * The security group for the node group to communicate with the cluster, or undefined if using `nodeSecurityGroupId`. */ readonly nodeSecurityGroup: pulumi.Output<pulumiAws.ec2.SecurityGroup | undefined>; /** * The ID of the security group for the node group to communicate with the cluster. */ readonly nodeSecurityGroupId: pulumi.Output<string>; /** * Create a NodeGroup resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ /** @deprecated NodeGroup uses AWS EC2 LaunchConfiguration which has been deprecated by AWS and doesn't support the newest instance types. Please use NodeGroupV2 instead. */ constructor(name: string, args: NodeGroupArgs, opts?: pulumi.ComponentResourceOptions); } /** * The set of arguments for constructing a NodeGroup resource. */ export interface NodeGroupArgs { /** * The AMI ID to use for the worker nodes. * * Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store. * * Note: `amiId` and `gpu` are mutually exclusive. * * See for more details: * - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html. */ amiId?: pulumi.Input<string>; /** * The AMI Type to use for the worker nodes. * * Only applicable when setting an AMI ID that is of type `arm64`. * * Note: `amiType` and `gpu` are mutually exclusive. */ amiType?: pulumi.Input<string>; /** * The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack. * * Per AWS, all stack-level tags, including automatically created tags, and the `cloudFormationTags` option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html * * Note: Given the inheritance of auto-generated CF tags and `cloudFormationTags`, you should either supply the tag in `autoScalingGroupTags` or `cloudFormationTags`, but not both. */ autoScalingGroupTags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Additional args to pass directly to `/etc/eks/bootstrap.sh`. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the `--apiserver-endpoint`, `--b64-cluster-ca` and `--kubelet-extra-args` flags are included automatically based on other configuration parameters. */ bootstrapExtraArgs?: pulumi.Input<string>; /** * The configuration settings for Bottlerocket OS. * The settings will get merged with the base settings the provider uses to configure Bottlerocket. * * This includes: * - settings.kubernetes.api-server * - settings.kubernetes.cluster-certificate * - settings.kubernetes.cluster-name * - settings.kubernetes.cluster-dns-ip * * For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/. */ bottlerocketSettings?: pulumi.Input<{ [key: string]: any; }>; /** * The tags to apply to the CloudFormation Stack of the Worker NodeGroup. * * Note: Given the inheritance of auto-generated CF tags and `cloudFormationTags`, you should either supply the tag in `autoScalingGroupTags` or `cloudFormationTags`, but not both. */ cloudFormationTags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * The target EKS cluster. */ cluster: pulumi.Input<Cluster | inputs.CoreDataArgs>; /** * The ingress rule that gives node group access. */ clusterIngressRule?: pulumi.Input<pulumiAws.ec2.SecurityGroupRule>; /** * The ID of the ingress rule that gives node group access. */ clusterIngressRuleId?: pulumi.Input<string>; /** * The number of worker nodes that should be running in the cluster. Defaults to 2. */ desiredCapacity?: pulumi.Input<number>; /** * Enables/disables detailed monitoring of the EC2 instances. * * With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. * When enabled, you can also get aggregated data across groups of similar instances. * * Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. * For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/. */ enableDetailedMonitoring?: pulumi.Input<boolean>; /** * Encrypt the root block device of the nodes in the node group. */ encryptRootBlockDevice?: pulumi.Input<boolean>; /** * Extra security groups to attach on all nodes in this worker node group. * * This additional set of security groups captures any user application rules that will be needed for the nodes. */ extraNodeSecurityGroups?: pulumi.Input<pulumi.Input<pulumiAws.ec2.SecurityGroup>[]>; /** * Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store. * * Defaults to false. * * Note: `gpu` and `amiId` are mutually exclusive. * * See for more details: * - https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html * - https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html */ gpu?: pulumi.Input<boolean>; /** * The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. */ instanceProfile?: pulumiAws.iam.InstanceProfile; /** * The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. */ instanceProfileName?: pulumi.Input<string>; /** * The instance type to use for the cluster's nodes. Defaults to "t3.medium". */ instanceType?: pulumi.Input<string>; /** * Name of the key pair to use for SSH access to worker nodes. */ keyName?: pulumi.Input<string>; /** * Extra args to pass to the Kubelet. Corresponds to the options passed in the `--kubeletExtraArgs` flag to `/etc/eks/bootstrap.sh`. For example, '--port=10251 --address=0.0.0.0'. Note that the `labels` and `taints` properties will be applied to this list (using `--node-labels` and `--register-with-taints` respectively) after to the explicit `kubeletExtraArgs`. */ kubeletExtraArgs?: pulumi.Input<string>; /** * Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the `--node-labels` kubelet argument. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * The maximum number of worker nodes running in the cluster. Defaults to 2. */ maxSize?: pulumi.Input<number>; /** * The minimum number of worker nodes running in the cluster. Defaults to 1. */ minSize?: pulumi.Input<number>; /** * Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs. */ nodeAssociatePublicIpAddress?: pulumi.Input<boolean>; /** * Public key material for SSH access to worker nodes. See allowed formats at: * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html * If not provided, no SSH access is enabled on VMs. */ nodePublicKey?: pulumi.Input<string>; /** * Whether the root block device should be deleted on termination of the instance. Defaults to true. */ nodeRootVolumeDeleteOnTermination?: pulumi.Input<boolean>; /** * Whether to encrypt a cluster node's root volume. Defaults to false. */ nodeRootVolumeEncrypted?: pulumi.Input<boolean>; /** * The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'. */ nodeRootVolumeIops?: pulumi.Input<number>; /** * The size in GiB of a cluster node's root volume. Defaults to 20. */ nodeRootVolumeSize?: pulumi.Input<number>; /** * Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'. */ nodeRootVolumeThroughput?: pulumi.Input<number>; /** * Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'. */ nodeRootVolumeType?: pulumi.Input<string>; /** * The security group for the worker node group to communicate with the cluster. * * This security group requires specific inbound and outbound rules. * * See for more details: * https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html * * Note: The `nodeSecurityGroup` option and the cluster option`nodeSecurityGroupTags` are mutually exclusive. */ nodeSecurityGroup?: pulumi.Input<pulumiAws.ec2.SecurityGroup>; /** * The ID of the security group for the worker node group to communicate with the cluster. * * This security group requires specific inbound and outbound rules. * * See for more details: * https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html * * Note: The `nodeSecurityGroupId` option and the cluster option `nodeSecurityGroupTags` are mutually exclusive. */ nodeSecurityGroupId?: pulumi.Input<string>; /** * The set of subnets to override and use for the worker node group. * * Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's `subnetIds` is set, or if `publicSubnetIds` and/or `privateSubnetIds` were set. */ nodeSubnetIds?: pulumi.Input<pulumi.Input<string>[]>; /** * Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a `#!`). */ nodeUserData?: pulumi.Input<string>; /** * User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows). * * See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html */ nodeUserDataOverride?: pulumi.Input<string>; /** * Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. * The base settings the provider sets are: * - cluster.name * - cluster.apiServerEndpoint * - cluster.certificateAuthority * - cluster.cidr * * Note: This is only applicable when using AL2023. * See for more details: * - https://awslabs.github.io/amazon-eks-ami/nodeadm/ * - https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/ */ nodeadmExtraOptions?: pulumi.Input<pulumi.Input<inputs.NodeadmOptionsArgs>[]>; /** * The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. * Valid values are `RECOMMENDED`, `AL2`, `AL2023` and `Bottlerocket`. * * Defaults to the current recommended OS. */ operatingSystem?: pulumi.Input<enums.OperatingSystem>; /** * Bidding price for spot instance. If set, only spot instances will be added as worker node. */ spotPrice?: pulumi.Input<string>; /** * Custom k8s node taints to be attached to each worker node. Adds the given taints to the `--register-with-taints` kubelet argument */ taints?: pulumi.Input<{ [key: string]: pulumi.Input<inputs.TaintArgs>; }>; /** * Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used. */ version?: pulumi.Input<string>; }