UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 44.8 kB
1
2
"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.MachineImageType=exports.DefaultCapacityType=exports.CoreDnsComputeType=exports.CpuArch=exports.NodeType=exports.EksOptimizedImage=exports.Cluster=exports.AuthenticationMode=exports.IpFamily=exports.ClusterLoggingTypes=exports.KubernetesVersion=exports.EndpointAccess=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var fs=()=>{var tmp=require("fs");return fs=()=>tmp,tmp},path=()=>{var tmp=require("path");return path=()=>tmp,tmp},constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},YAML=()=>{var tmp=require("yaml");return YAML=()=>tmp,tmp},access_entry_1=()=>{var tmp=require("./access-entry");return access_entry_1=()=>tmp,tmp},addon_1=()=>{var tmp=require("./addon");return addon_1=()=>tmp,tmp},alb_controller_1=()=>{var tmp=require("./alb-controller");return alb_controller_1=()=>tmp,tmp},aws_auth_1=()=>{var tmp=require("./aws-auth");return aws_auth_1=()=>tmp,tmp},cluster_resource_1=()=>{var tmp=require("./cluster-resource");return cluster_resource_1=()=>tmp,tmp},fargate_profile_1=()=>{var tmp=require("./fargate-profile");return fargate_profile_1=()=>tmp,tmp},helm_chart_1=()=>{var tmp=require("./helm-chart");return helm_chart_1=()=>tmp,tmp},instance_types_1=()=>{var tmp=require("./instance-types");return instance_types_1=()=>tmp,tmp},k8s_manifest_1=()=>{var tmp=require("./k8s-manifest");return k8s_manifest_1=()=>tmp,tmp},k8s_object_value_1=()=>{var tmp=require("./k8s-object-value");return k8s_object_value_1=()=>tmp,tmp},k8s_patch_1=()=>{var tmp=require("./k8s-patch");return k8s_patch_1=()=>tmp,tmp},kubectl_provider_1=()=>{var tmp=require("./kubectl-provider");return kubectl_provider_1=()=>tmp,tmp},managed_nodegroup_1=()=>{var tmp=require("./managed-nodegroup");return managed_nodegroup_1=()=>tmp,tmp},oidc_provider_1=()=>{var tmp=require("./oidc-provider");return oidc_provider_1=()=>tmp,tmp},bottlerocket_1=()=>{var tmp=require("./private/bottlerocket");return bottlerocket_1=()=>tmp,tmp},service_account_1=()=>{var tmp=require("./service-account");return service_account_1=()=>tmp,tmp},user_data_1=()=>{var tmp=require("./user-data");return user_data_1=()=>tmp,tmp},autoscaling=()=>{var tmp=require("../../aws-autoscaling");return autoscaling=()=>tmp,tmp},ec2=()=>{var tmp=require("../../aws-ec2");return ec2=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},ssm=()=>{var tmp=require("../../aws-ssm");return ssm=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cx_api_1=()=>{var tmp=require("../../cx-api");return cx_api_1=()=>tmp,tmp};const DEFAULT_CAPACITY_COUNT=2,DEFAULT_CAPACITY_TYPE=ec2().InstanceType.of(ec2().InstanceClass.M5,ec2().InstanceSize.LARGE);class EndpointAccess{_config;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.EndpointAccess",version:"2.247.0"};static PUBLIC=new EndpointAccess({privateAccess:!1,publicAccess:!0});static PRIVATE=new EndpointAccess({privateAccess:!0,publicAccess:!1});static PUBLIC_AND_PRIVATE=new EndpointAccess({privateAccess:!0,publicAccess:!0});constructor(_config){if(this._config=_config,!_config.publicAccess&&_config.publicCidrs&&_config.publicCidrs.length>0)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CidrBlocksOnlyConfigured`,"CIDR blocks can only be configured when public access is enabled")}onlyFrom(...cidr){if(!this._config.privateAccess)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`CannotRestricPublicAccessEndpoint`,"Cannot restric public access to endpoint when private access is disabled. Use PUBLIC_AND_PRIVATE.onlyFrom() instead.");return new EndpointAccess({...this._config,publicCidrs:cidr})}}exports.EndpointAccess=EndpointAccess;class KubernetesVersion{version;static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.KubernetesVersion",version:"2.247.0"};static V1_14=KubernetesVersion.of("1.14");static V1_15=KubernetesVersion.of("1.15");static V1_16=KubernetesVersion.of("1.16");static V1_17=KubernetesVersion.of("1.17");static V1_18=KubernetesVersion.of("1.18");static V1_19=KubernetesVersion.of("1.19");static V1_20=KubernetesVersion.of("1.20");static V1_21=KubernetesVersion.of("1.21");static V1_22=KubernetesVersion.of("1.22");static V1_23=KubernetesVersion.of("1.23");static V1_24=KubernetesVersion.of("1.24");static V1_25=KubernetesVersion.of("1.25");static V1_26=KubernetesVersion.of("1.26");static V1_27=KubernetesVersion.of("1.27");static V1_28=KubernetesVersion.of("1.28");static V1_29=KubernetesVersion.of("1.29");static V1_30=KubernetesVersion.of("1.30");static V1_31=KubernetesVersion.of("1.31");static V1_32=KubernetesVersion.of("1.32");static V1_33=KubernetesVersion.of("1.33");static V1_34=KubernetesVersion.of("1.34");static V1_35=KubernetesVersion.of("1.35");static of(version){return new KubernetesVersion(version)}constructor(version){this.version=version}}exports.KubernetesVersion=KubernetesVersion;var ClusterLoggingTypes;(function(ClusterLoggingTypes2){ClusterLoggingTypes2.API="api",ClusterLoggingTypes2.AUDIT="audit",ClusterLoggingTypes2.AUTHENTICATOR="authenticator",ClusterLoggingTypes2.CONTROLLER_MANAGER="controllerManager",ClusterLoggingTypes2.SCHEDULER="scheduler"})(ClusterLoggingTypes||(exports.ClusterLoggingTypes=ClusterLoggingTypes={}));var IpFamily;(function(IpFamily2){IpFamily2.IP_V4="ipv4",IpFamily2.IP_V6="ipv6"})(IpFamily||(exports.IpFamily=IpFamily={}));var AuthenticationMode;(function(AuthenticationMode2){AuthenticationMode2.CONFIG_MAP="CONFIG_MAP",AuthenticationMode2.API_AND_CONFIG_MAP="API_AND_CONFIG_MAP",AuthenticationMode2.API="API"})(AuthenticationMode||(exports.AuthenticationMode=AuthenticationMode={}));class ClusterBase extends core_1().Resource{_spotInterruptHandler;_awsAuth;addManifest(id,...manifest){return new(k8s_manifest_1()).KubernetesManifest(this,`manifest-${id}`,{cluster:this,manifest})}addHelmChart(id,options){return new(helm_chart_1()).HelmChart(this,`chart-${id}`,{cluster:this,...options})}addCdk8sChart(id,chart,options={}){const cdk8sChart=chart;if(typeof cdk8sChart.toJson!="function")throw new(core_1()).ValidationError((0,literal_string_1().lit)`InvalidCdkChartContainJson`,`Invalid cdk8s chart. Must contain a 'toJson' method, but found ${typeof cdk8sChart.toJson}`,this);return new(k8s_manifest_1()).KubernetesManifest(this,id,{cluster:this,manifest:cdk8sChart.toJson(),...options})}addServiceAccount(id,options={}){return new(service_account_1()).ServiceAccount(this,id,{...options,cluster:this})}addSpotInterruptHandler(){return this._spotInterruptHandler||(this._spotInterruptHandler=this.addHelmChart("spot-interrupt-handler",{chart:"aws-node-termination-handler",version:"0.27.0",repository:"oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler",namespace:"kube-system",values:{nodeSelector:{lifecycle:user_data_1().LifecycleLabel.SPOT}}})),this._spotInterruptHandler}connectAutoScalingGroupCapacity(autoScalingGroup,options){autoScalingGroup.connections.allowInternally(ec2().Port.allTraffic()),autoScalingGroup.connections.allowFrom(this,ec2().Port.tcp(443)),autoScalingGroup.connections.allowFrom(this,ec2().Port.tcpRange(1025,65535)),autoScalingGroup.connections.allowTo(this,ec2().Port.tcp(443)),autoScalingGroup.connections.allowToAnyIpv4(ec2().Port.allTcp()),autoScalingGroup.connections.allowToAnyIpv4(ec2().Port.allUdp()),autoScalingGroup.connections.allowToAnyIpv4(ec2().Port.allIcmp()),autoScalingGroup.addSecurityGroup(this.clusterSecurityGroup);const bootstrapEnabled=options.bootstrapEnabled??!0;if(options.bootstrapOptions&&!bootstrapEnabled)throw new(core_1()).ValidationError((0,literal_string_1().lit)`CannotSpecifyBootstrapOptionsBootstrap`,'Cannot specify "bootstrapOptions" if "bootstrapEnabled" is false',this);if(bootstrapEnabled){const userData=options.machineImageType===MachineImageType.BOTTLEROCKET?(0,user_data_1().renderBottlerocketUserData)(this):(0,user_data_1().renderAmazonLinuxUserData)(this,autoScalingGroup,options.bootstrapOptions);autoScalingGroup.addUserData(...userData)}autoScalingGroup.role.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSWorkerNodePolicy")),autoScalingGroup.role.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEKS_CNI_Policy")),autoScalingGroup.role.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEC2ContainerRegistryReadOnly")),core_1().Tags.of(autoScalingGroup).add(`kubernetes.io/cluster/${this.clusterName}`,"owned",{applyToLaunchedInstances:!0,excludeResourceTypes:["AWS::EC2::SecurityGroup"]});let mapRole=options.mapRole??!0;mapRole&&!(this instanceof Cluster)&&(core_1().Annotations.of(autoScalingGroup).addWarningV2("@aws-cdk/aws-eks:clusterUnsupportedAutoMappingAwsAutoRole","Auto-mapping aws-auth role for imported cluster is not supported, please map role manually"),mapRole=!1),mapRole?this.awsAuth.addRoleMapping(autoScalingGroup.role,{username:"system:node:{{EC2PrivateDNSName}}",groups:["system:bootstrappers","system:nodes"]}):new(core_1()).CfnOutput(autoScalingGroup,"InstanceRoleARN",{value:autoScalingGroup.role.roleArn});const addSpotInterruptHandler=options.spotInterruptHandler??!0;autoScalingGroup.spotPrice&&addSpotInterruptHandler&&this.addSpotInterruptHandler(),this instanceof Cluster&&this.albController&&constructs_1().Node.of(this.albController).addDependency(autoScalingGroup)}get clusterRef(){return{clusterArn:this.clusterArn,clusterName:this.clusterName}}}let Cluster=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=ClusterBase,_instanceExtraInitializers=[],_get_clusterName_decorators,_get_clusterArn_decorators,_grantAccess_decorators,_getServiceLoadBalancerAddress_decorators,_getIngressLoadBalancerAddress_decorators,_addAutoScalingGroupCapacity_decorators,_addNodegroupCapacity_decorators,_addFargateProfile_decorators;var Cluster2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_get_clusterName_decorators=[helpers_internal_1().memoizedGetter],_get_clusterArn_decorators=[helpers_internal_1().memoizedGetter],_grantAccess_decorators=[(0,metadata_resource_1().MethodMetadata)()],_getServiceLoadBalancerAddress_decorators=[(0,metadata_resource_1().MethodMetadata)()],_getIngressLoadBalancerAddress_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addAutoScalingGroupCapacity_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addNodegroupCapacity_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addFargateProfile_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_get_clusterName_decorators,{kind:"getter",name:"clusterName",static:!1,private:!1,access:{has:obj=>"clusterName"in obj,get:obj=>obj.clusterName},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_get_clusterArn_decorators,{kind:"getter",name:"clusterArn",static:!1,private:!1,access:{has:obj=>"clusterArn"in obj,get:obj=>obj.clusterArn},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_grantAccess_decorators,{kind:"method",name:"grantAccess",static:!1,private:!1,access:{has:obj=>"grantAccess"in obj,get:obj=>obj.grantAccess},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_getServiceLoadBalancerAddress_decorators,{kind:"method",name:"getServiceLoadBalancerAddress",static:!1,private:!1,access:{has:obj=>"getServiceLoadBalancerAddress"in obj,get:obj=>obj.getServiceLoadBalancerAddress},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_getIngressLoadBalancerAddress_decorators,{kind:"method",name:"getIngressLoadBalancerAddress",static:!1,private:!1,access:{has:obj=>"getIngressLoadBalancerAddress"in obj,get:obj=>obj.getIngressLoadBalancerAddress},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addAutoScalingGroupCapacity_decorators,{kind:"method",name:"addAutoScalingGroupCapacity",static:!1,private:!1,access:{has:obj=>"addAutoScalingGroupCapacity"in obj,get:obj=>obj.addAutoScalingGroupCapacity},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addNodegroupCapacity_decorators,{kind:"method",name:"addNodegroupCapacity",static:!1,private:!1,access:{has:obj=>"addNodegroupCapacity"in obj,get:obj=>obj.addNodegroupCapacity},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addFargateProfile_decorators,{kind:"method",name:"addFargateProfile",static:!1,private:!1,access:{has:obj=>"addFargateProfile"in obj,get:obj=>obj.addFargateProfile},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),Cluster2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.Cluster",version:"2.247.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-eks.Cluster";static fromClusterAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_ClusterAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromClusterAttributes),error}return new ImportedCluster(scope,id,attrs)}accessEntries=(__runInitializers(this,_instanceExtraInitializers),new Map);vpc;get clusterName(){return this.getResourceNameAttribute(this._clusterResource.ref)}get clusterArn(){return this.getResourceArnAttribute(this._clusterResource.attrArn,(0,cluster_resource_1().clusterArnComponents)(this.physicalName))}clusterEndpoint;clusterCertificateAuthorityData;clusterSecurityGroupId;clusterSecurityGroup;clusterEncryptionConfigKeyArn;connections;role;defaultCapacity;defaultNodegroup;kubectlRole;kubectlLambdaRole;kubectlEnvironment;kubectlSecurityGroup;kubectlPrivateSubnets;ipFamily;adminRole;_fargateProfiles=[];_openIdConnectProvider;_eksPodIdentityAgent;kubectlLayer;awscliLayer;kubectlMemory;clusterHandlerSecurityGroup;onEventLayer;prune;albController;authenticationMode;_clusterResource;_neuronDevicePlugin;endpointAccess;vpcSubnets;version;logging;_kubectlReadyBarrier;_kubectlResourceProvider;_removalPolicy;constructor(scope,id,props){super(scope,id,{physicalName:props.clusterName});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_ClusterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Cluster2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const stack=core_1().Stack.of(this);this.prune=props.prune??!0,this.vpc=props.vpc||new(ec2()).Vpc(this,"DefaultVpc"),this.version=props.version,this.kubectlLambdaRole=props.kubectlLambdaRole?props.kubectlLambdaRole:new(iam()).Role(this,"KubectlHandlerRole",{assumedBy:new(iam()).ServicePrincipal("lambda.amazonaws.com"),managedPolicies:[iam().ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole")]}),this.tagSubnets(),this.role=props.role||new(iam()).Role(this,"Role",{assumedBy:new(iam()).ServicePrincipal("eks.amazonaws.com"),managedPolicies:[iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSClusterPolicy")]});const securityGroup=props.securityGroup||new(ec2()).SecurityGroup(this,"ControlPlaneSecurityGroup",{vpc:this.vpc,description:"EKS Control Plane Security Group"});this.vpcSubnets=props.vpcSubnets??[{subnetType:ec2().SubnetType.PUBLIC},{subnetType:ec2().SubnetType.PRIVATE_WITH_EGRESS}];const selectedSubnetIdsPerGroup=this.vpcSubnets.map(s=>this.vpc.selectSubnets(s).subnetIds);if(selectedSubnetIdsPerGroup.some(core_1().Token.isUnresolved)&&selectedSubnetIdsPerGroup.length>1)throw new(core_1()).ValidationError((0,literal_string_1().lit)`EksClusterCannotSelectMultiple`,"eks.Cluster: cannot select multiple subnet groups from a VPC imported from list tokens with unknown length. Select only one subnet group, pass a length to Fn.split, or switch to Vpc.fromLookup.",this);const subnetIds=Array.from(new Set(flatten(selectedSubnetIdsPerGroup)));this.logging=props.clusterLogging?{clusterLogging:[{enabled:!0,types:Object.values(props.clusterLogging)}]}:void 0,this.endpointAccess=props.endpointAccess??EndpointAccess.PUBLIC_AND_PRIVATE,this.kubectlEnvironment=props.kubectlEnvironment,this.kubectlLayer=props.kubectlLayer,this.awscliLayer=props.awscliLayer,this.kubectlMemory=props.kubectlMemory,this.ipFamily=props.ipFamily??IpFamily.IP_V4,this.onEventLayer=props.onEventLayer,this.clusterHandlerSecurityGroup=props.clusterHandlerSecurityGroup,this._removalPolicy=props.removalPolicy;const privateSubnets=this.selectPrivateSubnets().slice(0,16),publicAccessDisabled=!this.endpointAccess._config.publicAccess,publicAccessRestricted=!publicAccessDisabled&&this.endpointAccess._config.publicCidrs&&this.endpointAccess._config.publicCidrs.length!==0,hasPendingLookup=this.vpcSubnets.some(placement=>this.vpc.selectSubnets(placement).isPendingLookup);if(!hasPendingLookup){if(privateSubnets.length===0&&publicAccessDisabled)throw new(core_1()).ValidationError((0,literal_string_1().lit)`VpcContainPrivateSubnetsPublic`,"Vpc must contain private subnets when public endpoint access is disabled",this);if(privateSubnets.length===0&&publicAccessRestricted)throw new(core_1()).ValidationError((0,literal_string_1().lit)`VpcContainPrivateSubnetsPublic`,"Vpc must contain private subnets when public endpoint access is restricted",this)}const placeClusterHandlerInVpc=props.placeClusterHandlerInVpc??!1;if(!hasPendingLookup&&placeClusterHandlerInVpc&&privateSubnets.length===0)throw new(core_1()).ValidationError((0,literal_string_1().lit)`CannotPlaceClusterHandlerSince`,"Cannot place cluster handler in the VPC since no private subnets could be selected",this);if(props.clusterHandlerSecurityGroup&&!placeClusterHandlerInVpc)throw new(core_1()).ValidationError((0,literal_string_1().lit)`CannotSpecifyClusterHandlerSecurity`,"Cannot specify clusterHandlerSecurityGroup without placeClusterHandlerInVpc set to true",this);if(props.serviceIpv4Cidr&&props.ipFamily==IpFamily.IP_V6)throw new(core_1()).ValidationError((0,literal_string_1().lit)`CannotSpecifyServiceIpvCidr`,"Cannot specify serviceIpv4Cidr with ipFamily equal to IpFamily.IP_V6",this);if(!core_1().Token.isUnresolved(this.physicalName)&&this.physicalName.length>100)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClusterNameCannotCharacters`,"Cluster name cannot be more than 100 characters",this);this.validateRemoteNetworkConfig(props),this.authenticationMode=props.authenticationMode;const resource=this._clusterResource=new(cluster_resource_1()).ClusterResource(this,"Resource",{name:this.physicalName,environment:props.clusterHandlerEnvironment,roleArn:this.role.roleArn,version:props.version.version,accessconfig:{authenticationMode:props.authenticationMode,bootstrapClusterCreatorAdminPermissions:props.bootstrapClusterCreatorAdminPermissions},...props.remoteNodeNetworks?{remoteNetworkConfig:{remoteNodeNetworks:props.remoteNodeNetworks,...props.remotePodNetworks?{remotePodNetworks:props.remotePodNetworks}:{}}}:{},resourcesVpcConfig:{securityGroupIds:[securityGroup.securityGroupId],subnetIds},...props.secretsEncryptionKey?{encryptionConfig:[{provider:{keyArn:props.secretsEncryptionKey.keyRef.keyArn},resources:["secrets"]}]}:{},kubernetesNetworkConfig:{ipFamily:this.ipFamily,serviceIpv4Cidr:props.serviceIpv4Cidr},endpointPrivateAccess:this.endpointAccess._config.privateAccess,endpointPublicAccess:this.endpointAccess._config.publicAccess,publicAccessCidrs:this.endpointAccess._config.publicCidrs,secretsEncryptionKey:props.secretsEncryptionKey,vpc:this.vpc,subnets:placeClusterHandlerInVpc?privateSubnets:void 0,clusterHandlerSecurityGroup:this.clusterHandlerSecurityGroup,onEventLayer:this.onEventLayer,tags:props.tags,logging:this.logging,bootstrapSelfManagedAddons:props.bootstrapSelfManagedAddons});if(this.endpointAccess._config.privateAccess&&privateSubnets.length!==0){if(this.vpc instanceof ec2().Vpc&&!(this.vpc.dnsHostnamesEnabled&&this.vpc.dnsSupportEnabled))throw new(core_1()).ValidationError((0,literal_string_1().lit)`RequiresPrivateEndpointAccess`,"Private endpoint access requires the VPC to have DNS support and DNS hostnames enabled. Use `enableDnsHostnames: true` and `enableDnsSupport: true` when creating the VPC.",this);if(this.vpc instanceof ec2().Vpc){const isolatedSubnetIds=new Set(this.vpc.isolatedSubnets.map(s=>s.subnetId));if(privateSubnets.some(s=>isolatedSubnetIds.has(s.subnetId)))throw new(core_1()).ValidationError((0,literal_string_1().lit)`IsolatedKubectlSubnet`,"Isolated subnets cannot be used for kubectl private subnets. Isolated subnets have no internet access, which is required for the kubectl Lambda to reach the EKS API, STS, and other AWS service endpoints. Use PRIVATE_WITH_EGRESS subnets with a NAT Gateway instead, or configure VPC endpoints for STS, EKS, ECR, S3 and other AWS services detailed here https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html",this)}this.kubectlPrivateSubnets=privateSubnets,this._clusterResource.node.addDependency(this.vpc)}this.adminRole=resource.adminRole,this._kubectlReadyBarrier=new(core_1()).CfnResource(this,"KubectlReadyBarrier",{type:"AWS::SSM::Parameter",properties:{Type:"String",Value:"aws:cdk:eks:kubectl-ready"}}),this._kubectlReadyBarrier.node.addDependency(this._clusterResource),this.clusterEndpoint=resource.attrEndpoint,this.clusterCertificateAuthorityData=resource.attrCertificateAuthorityData,this.clusterSecurityGroupId=resource.attrClusterSecurityGroupId,this.clusterEncryptionConfigKeyArn=resource.attrEncryptionConfigKeyArn,this.clusterSecurityGroup=ec2().SecurityGroup.fromSecurityGroupId(this,"ClusterSecurityGroup",this.clusterSecurityGroupId),this.connections=new(ec2()).Connections({securityGroups:[this.clusterSecurityGroup,securityGroup],defaultPort:ec2().Port.tcp(443)}),this.kubectlSecurityGroup=this.clusterSecurityGroup,this.adminRole.assumeRolePolicy?.addStatements(new(iam()).PolicyStatement({actions:["sts:AssumeRole"],principals:[this.kubectlLambdaRole]})),this.kubectlRole=this.adminRole,this._kubectlResourceProvider=this.defineKubectlProvider(props.removalPolicy);const updateConfigCommandPrefix=`aws eks update-kubeconfig --name ${this.clusterName}`,getTokenCommandPrefix=`aws eks get-token --cluster-name ${this.clusterName}`,commonCommandOptions=[`--region ${stack.region}`];props.outputClusterName&&new(core_1()).CfnOutput(this,"ClusterName",{value:this.clusterName});const supportAuthenticationApi=this.authenticationMode===AuthenticationMode.API||this.authenticationMode===AuthenticationMode.API_AND_CONFIG_MAP;if(props.mastersRole){const mastersRole=props.mastersRole;supportAuthenticationApi?this.grantAccess("mastersRoleAccess",props.mastersRole.roleArn,[access_entry_1().AccessPolicy.fromAccessPolicyName("AmazonEKSClusterAdminPolicy",{accessScopeType:access_entry_1().AccessScopeType.CLUSTER})]):this.awsAuth.addMastersRole(mastersRole),props.outputMastersRoleArn&&new(core_1()).CfnOutput(this,"MastersRoleArn",{value:mastersRole.roleArn}),commonCommandOptions.push(`--role-arn ${mastersRole.roleArn}`)}props.albController&&(this.albController=alb_controller_1().AlbController.create(this,{...props.albController,cluster:this}));const minCapacity=props.defaultCapacity??DEFAULT_CAPACITY_COUNT;if(minCapacity>0){const instanceType=props.defaultCapacityInstance||DEFAULT_CAPACITY_TYPE;this.defaultCapacity=props.defaultCapacityType===DefaultCapacityType.EC2?this.addAutoScalingGroupCapacity("DefaultCapacity",{instanceType,minCapacity}):void 0,this.defaultNodegroup=props.defaultCapacityType!==DefaultCapacityType.EC2?this.addNodegroupCapacity("DefaultCapacity",{instanceTypes:[instanceType],minSize:minCapacity}):void 0}if(props.outputConfigCommand&&!props.mastersRole&&core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-eks:clusterMastersroleNotSpecified","'outputConfigCommand' will be ignored as 'mastersRole' has not been specified."),(props.outputConfigCommand??!0)&&props.mastersRole){const postfix=commonCommandOptions.join(" ");new(core_1()).CfnOutput(this,"ConfigCommand",{value:`${updateConfigCommandPrefix} ${postfix}`}),new(core_1()).CfnOutput(this,"GetTokenCommand",{value:`${getTokenCommandPrefix} ${postfix}`})}this.defineCoreDnsComputeType(props.coreDnsComputeType??CoreDnsComputeType.EC2),props.removalPolicy&&core_1().RemovalPolicies.of(this).apply(props.removalPolicy)}grantAccess(id,principal,accessPolicies,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_GrantAccessOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantAccess),error}this.addToAccessEntry({id,principal,policies:accessPolicies,accessEntryType:options?.accessEntryType})}getServiceLoadBalancerAddress(serviceName,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_ServiceLoadBalancerAddressOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.getServiceLoadBalancerAddress),error}return new(k8s_object_value_1()).KubernetesObjectValue(this,`${serviceName}LoadBalancerAddress`,{cluster:this,objectType:"service",objectName:serviceName,objectNamespace:options.namespace,jsonPath:".status.loadBalancer.ingress[0].hostname",timeout:options.timeout}).value}getIngressLoadBalancerAddress(ingressName,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_IngressLoadBalancerAddressOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.getIngressLoadBalancerAddress),error}return new(k8s_object_value_1()).KubernetesObjectValue(this,`${ingressName}LoadBalancerAddress`,{cluster:this,objectType:"ingress",objectName:ingressName,objectNamespace:options.namespace,jsonPath:".status.loadBalancer.ingress[0].hostname",timeout:options.timeout}).value}addAutoScalingGroupCapacity(id,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AutoScalingGroupCapacityOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addAutoScalingGroupCapacity),error}if(options.machineImageType===MachineImageType.BOTTLEROCKET&&options.bootstrapOptions!==void 0)throw new(core_1()).ValidationError((0,literal_string_1().lit)`BootstrapOptionsSupportedBottlerocket`,"bootstrapOptions is not supported for Bottlerocket",this);const asg=new(autoscaling()).AutoScalingGroup(this,id,{...options,vpc:this.vpc,machineImage:options.machineImageType===MachineImageType.BOTTLEROCKET?new(bottlerocket_1()).BottleRocketImage({kubernetesVersion:this.version.version}):new EksOptimizedImage({nodeType:nodeTypeForInstanceType(options.instanceType),cpuArch:cpuArchForInstanceType(options.instanceType),kubernetesVersion:this.version.version})});return this.connectAutoScalingGroupCapacity(asg,{mapRole:options.mapRole,bootstrapOptions:options.bootstrapOptions,bootstrapEnabled:options.bootstrapEnabled,machineImageType:options.machineImageType,spotInterruptHandler:options.spotInterruptHandler}),(nodeTypeForInstanceType(options.instanceType)===NodeType.INFERENTIA||nodeTypeForInstanceType(options.instanceType)===NodeType.TRAINIUM)&&this.addNeuronDevicePlugin(),asg}addNodegroupCapacity(id,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_NodegroupOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addNodegroupCapacity),error}return[options?.instanceType,...options?.instanceTypes??[]].some(i=>i&&(nodeTypeForInstanceType(i)===NodeType.INFERENTIA||nodeTypeForInstanceType(i)===NodeType.TRAINIUM))&&this.addNeuronDevicePlugin(),new(managed_nodegroup_1()).Nodegroup(this,`Nodegroup${id}`,{cluster:this,...options})}get awsAuth(){return this._awsAuth||(this._awsAuth=new(aws_auth_1()).AwsAuth(this,"AwsAuth",{cluster:this})),this._awsAuth}get clusterOpenIdConnectIssuerUrl(){return this._clusterResource.attrOpenIdConnectIssuerUrl}get clusterOpenIdConnectIssuer(){return this._clusterResource.attrOpenIdConnectIssuer}get openIdConnectProvider(){return this._openIdConnectProvider||(core_1().FeatureFlags.of(this).isEnabled(cx_api_1().EKS_USE_NATIVE_OIDC_PROVIDER)?this._openIdConnectProvider=new(oidc_provider_1()).OidcProviderNative(this,"OidcProviderNative",{url:this.clusterOpenIdConnectIssuerUrl,removalPolicy:this._removalPolicy}):this._openIdConnectProvider=new(oidc_provider_1()).OpenIdConnectProvider(this,"OpenIdConnectProvider",{url:this.clusterOpenIdConnectIssuerUrl,removalPolicy:this._removalPolicy})),this._openIdConnectProvider}get eksPodIdentityAgent(){return this._eksPodIdentityAgent||(this._eksPodIdentityAgent=new(addon_1()).Addon(this,"EksPodIdentityAgentAddon",{cluster:this,addonName:"eks-pod-identity-agent",removalPolicy:this._removalPolicy})),this._eksPodIdentityAgent}addFargateProfile(id,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_FargateProfileOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addFargateProfile),error}return new(fargate_profile_1()).FargateProfile(this,`fargate-profile-${id}`,{...options,cluster:this})}_attachFargateProfile(fargateProfile){return this._fargateProfiles.push(fargateProfile),this._kubectlReadyBarrier.node.addDependency(fargateProfile),this._fargateProfiles}_attachKubectlResourceScope(resourceScope){return constructs_1().Node.of(resourceScope).addDependency(this._kubectlReadyBarrier),this._kubectlResourceProvider}addToAccessEntry(props){const entry=this.accessEntries.get(props.principal);if(entry)entry.addAccessPolicies(props.policies);else{const newEntry=new(access_entry_1()).AccessEntry(this,props.id,{principal:props.principal,cluster:this,accessPolicies:props.policies,accessEntryType:props.accessEntryType});this.accessEntries.set(props.principal,newEntry)}}defineKubectlProvider(removalPolicy){const uid="@aws-cdk/aws-eks.KubectlProvider";if(this.stack.node.tryFindChild(uid))throw new(core_1()).ValidationError((0,literal_string_1().lit)`SingleClusterDefinedWithinCloud`,"Only a single EKS cluster can be defined within a CloudFormation stack",this);return new(kubectl_provider_1()).KubectlProvider(this.stack,uid,{cluster:this,removalPolicy})}selectPrivateSubnets(){const privateSubnets=[],vpcPrivateSubnetIds=this.vpc.privateSubnets.map(s=>s.subnetId),vpcPublicSubnetIds=this.vpc.publicSubnets.map(s=>s.subnetId);for(const placement of this.vpcSubnets)for(const subnet of this.vpc.selectSubnets(placement).subnets){if(vpcPrivateSubnetIds.includes(subnet.subnetId)){privateSubnets.push(subnet);continue}vpcPublicSubnetIds.includes(subnet.subnetId)||privateSubnets.push(subnet)}return privateSubnets}addNeuronDevicePlugin(){if(!this._neuronDevicePlugin){const fileContents=fs().readFileSync(path().join(__dirname,"addons","neuron-device-plugin.yaml"),"utf8"),sanitized=YAML().parse(fileContents);this._neuronDevicePlugin=this.addManifest("NeuronDevicePlugin",sanitized)}return this._neuronDevicePlugin}tagSubnets(){const tagAllSubnets=(type,subnets,tag)=>{for(const subnet of subnets){if(!ec2().Subnet.isVpcSubnet(subnet)){const subnetID=core_1().Token.isUnresolved(subnet.subnetId)||core_1().Token.isUnresolved([subnet.subnetId])?"":` ${subnet.subnetId}`;core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-eks:clusterMustManuallyTagSubnet",`Could not auto-tag ${type} subnet${subnetID} with "${tag}=1", please remember to do this manually`);continue}core_1().Tags.of(subnet).add(tag,"1")}};tagAllSubnets("private",this.vpc.privateSubnets,"kubernetes.io/role/internal-elb"),tagAllSubnets("public",this.vpc.publicSubnets,"kubernetes.io/role/elb")}defineCoreDnsComputeType(type){if(type===CoreDnsComputeType.EC2)return;const renderPatch=computeType=>({spec:{template:{metadata:{annotations:{"eks.amazonaws.com/compute-type":computeType}}}}});new(k8s_patch_1()).KubernetesPatch(this,"CoreDnsComputeTypePatch",{cluster:this,resourceName:"deployment/coredns",resourceNamespace:"kube-system",applyPatch:renderPatch(CoreDnsComputeType.FARGATE),restorePatch:renderPatch(CoreDnsComputeType.EC2)})}validateRemoteNetworkConfig(props){if(!props.remoteNodeNetworks){props.remotePodNetworks&&core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-eks:clusterRemotePodNetworksWithoutNodeNetworks","remotePodNetworks is specified without remoteNodeNetworks. remotePodNetworks will be ignored.");return}this.validateNetworkCidrs(props.remoteNodeNetworks,"node"),props.remotePodNetworks&&(this.validateNetworkCidrs(props.remotePodNetworks,"pod"),this.validateCrossNetworkOverlap(props.remoteNodeNetworks,props.remotePodNetworks))}validateNetworkCidrs(networks,networkType){const resolvedCidrs=networks.map(n=>n.cidrs.filter(c=>!core_1().Token.isUnresolved(c)));resolvedCidrs.forEach((cidrs,index)=>{for(let i=0;i<cidrs.length;i++)for(let j=i+1;j<cidrs.length;j++)if(ec2().NetworkUtils.validateCidrPairOverlap(cidrs[i],cidrs[j]))throw new(core_1()).ValidationError((0,literal_string_1().lit)`RemoteNetworkCidrOverlap`,`CIDR ${cidrs[i]} should not overlap with another CIDR in remote ${networkType} network #${index+1}`,this)});for(let i=0;i<resolvedCidrs.length;i++)if(resolvedCidrs[i].length!==0)for(let j=i+1;j<resolvedCidrs.length;j++){if(resolvedCidrs[j].length===0)continue;const[overlap,cidr1,cidr2]=ec2().NetworkUtils.validateCidrBlocksOverlap(resolvedCidrs[i],resolvedCidrs[j]);if(overlap)throw new(core_1()).ValidationError((0,literal_string_1().lit)`RemoteNetworkCidrBlockOverlap`,`CIDR block ${cidr1} in remote ${networkType} network #${i+1} should not overlap with CIDR block ${cidr2} in remote ${networkType} network #${j+1}`,this)}}validateCrossNetworkOverlap(nodeNetworks,podNetworks){for(const nodeNetwork of nodeNetworks){const nodeCidrs=nodeNetwork.cidrs.filter(c=>!core_1().Token.isUnresolved(c));if(nodeCidrs.length!==0)for(const podNetwork of podNetworks){const podCidrs=podNetwork.cidrs.filter(c=>!core_1().Token.isUnresolved(c));if(podCidrs.length===0)continue;const[overlap,nodeCidr,podCidr]=ec2().NetworkUtils.validateCidrBlocksOverlap(nodeCidrs,podCidrs);if(overlap)throw new(core_1()).ValidationError((0,literal_string_1().lit)`RemoteNodePodNetworkOverlap`,`Remote node network CIDR block ${nodeCidr} should not overlap with remote pod network CIDR block ${podCidr}`,this)}}}static{__runInitializers(_classThis,_classExtraInitializers)}};return Cluster2=_classThis})();exports.Cluster=Cluster;let ImportedCluster=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=ClusterBase;var ImportedCluster2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),ImportedCluster2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}props;static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-eks.ImportedCluster";clusterName;clusterArn;connections=new(ec2()).Connections;kubectlRole;kubectlLambdaRole;kubectlEnvironment;kubectlSecurityGroup;kubectlPrivateSubnets;kubectlLayer;ipFamily;awscliLayer;kubectlProvider;onEventLayer;kubectlMemory;clusterHandlerSecurityGroup;prune;_clusterSecurityGroup;constructor(scope,id,props){super(scope,id),this.props=props,(0,metadata_resource_1().addConstructMetadata)(this,props),this.clusterName=props.clusterName,this.clusterArn=this.stack.formatArn((0,cluster_resource_1().clusterArnComponents)(props.clusterName)),this.kubectlRole=props.kubectlRoleArn?iam().Role.fromRoleArn(this,"KubectlRole",props.kubectlRoleArn):void 0,this.kubectlLambdaRole=props.kubectlLambdaRole,this.kubectlSecurityGroup=props.kubectlSecurityGroupId?ec2().SecurityGroup.fromSecurityGroupId(this,"KubectlSecurityGroup",props.kubectlSecurityGroupId):void 0,this.kubectlEnvironment=props.kubectlEnvironment,this.kubectlPrivateSubnets=props.kubectlPrivateSubnetIds?props.kubectlPrivateSubnetIds.map((subnetid,index)=>ec2().Subnet.fromSubnetId(this,`KubectlSubnet${index}`,subnetid)):void 0,this.kubectlLayer=props.kubectlLayer,this.ipFamily=props.ipFamily,this.awscliLayer=props.awscliLayer,this.kubectlMemory=props.kubectlMemory,this.clusterHandlerSecurityGroup=props.clusterHandlerSecurityGroupId?ec2().SecurityGroup.fromSecurityGroupId(this,"ClusterHandlerSecurityGroup",props.clusterHandlerSecurityGroupId):void 0,this.kubectlProvider=props.kubectlProvider,this.onEventLayer=props.onEventLayer,this.prune=props.prune??!0;let i=1;for(const sgid of props.securityGroupIds??[])this.connections.addSecurityGroup(ec2().SecurityGroup.fromSecurityGroupId(this,`SecurityGroup${i}`,sgid)),i++;props.clusterSecurityGroupId&&(this._clusterSecurityGroup=ec2().SecurityGroup.fromSecurityGroupId(this,"ClusterSecurityGroup",this.clusterSecurityGroupId),this.connections.addSecurityGroup(this._clusterSecurityGroup))}get vpc(){if(!this.props.vpc)throw new(core_1()).ValidationError((0,literal_string_1().lit)`VpcDefinedImportedCluster`,'"vpc" is not defined for this imported cluster',this);return this.props.vpc}get clusterSecurityGroup(){if(!this._clusterSecurityGroup)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClusterSecurityGroupDefinedImported`,'"clusterSecurityGroup" is not defined for this imported cluster',this);return this._clusterSecurityGroup}get clusterSecurityGroupId(){if(!this.props.clusterSecurityGroupId)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClusterSecurityGroupIdDefined`,'"clusterSecurityGroupId" is not defined for this imported cluster',this);return this.props.clusterSecurityGroupId}get clusterEndpoint(){if(!this.props.clusterEndpoint)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClusterendpointDefinedImportedCluster`,'"clusterEndpoint" is not defined for this imported cluster',this);return this.props.clusterEndpoint}get clusterCertificateAuthorityData(){if(!this.props.clusterCertificateAuthorityData)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClusterCertificateAuthorityDataDefined`,'"clusterCertificateAuthorityData" is not defined for this imported cluster',this);return this.props.clusterCertificateAuthorityData}get clusterEncryptionConfigKeyArn(){if(!this.props.clusterEncryptionConfigKeyArn)throw new(core_1()).ValidationError((0,literal_string_1().lit)`ClusterEncryptionConfigKeyArn`,'"clusterEncryptionConfigKeyArn" is not defined for this imported cluster',this);return this.props.clusterEncryptionConfigKeyArn}get openIdConnectProvider(){if(!this.props.openIdConnectProvider)throw new(core_1()).ValidationError((0,literal_string_1().lit)`OpenIdConnectProviderDefined`,'"openIdConnectProvider" is not defined for this imported cluster',this);return this.props.openIdConnectProvider}get awsAuth(){throw new(core_1()).ValidationError((0,literal_string_1().lit)`AwsauthSupportedImportedClusters`,'"awsAuth" is not supported on imported clusters',this)}static{__runInitializers(_classThis,_classExtraInitializers)}};return ImportedCluster2=_classThis})();class EksOptimizedImage{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.EksOptimizedImage",version:"2.247.0"};nodeType;cpuArch;kubernetesVersion;amiParameterName;constructor(props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_EksOptimizedImageProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,EksOptimizedImage),error}this.nodeType=props.nodeType??NodeType.STANDARD,this.cpuArch=props.cpuArch??CpuArch.X86_64,this.kubernetesVersion=props.kubernetesVersion??LATEST_KUBERNETES_VERSION,this.amiParameterName=`/aws/service/eks/optimized-ami/${this.kubernetesVersion}/`+(this.nodeType===NodeType.STANDARD?this.cpuArch===CpuArch.X86_64?"amazon-linux-2/":"amazon-linux-2-arm64/":"")+(this.nodeType===NodeType.GPU?"amazon-linux-2-gpu/":"")+(this.nodeType===NodeType.INFERENTIA?"amazon-linux-2-gpu/":"")+(this.nodeType===NodeType.TRAINIUM?"amazon-linux-2-gpu/":"")+"recommended/image_id"}getImage(scope){return{imageId:ssm().StringParameter.valueForStringParameter(scope,this.amiParameterName),osType:ec2().OperatingSystemType.LINUX,userData:ec2().UserData.forLinux()}}}exports.EksOptimizedImage=EksOptimizedImage;const LATEST_KUBERNETES_VERSION="1.24";var NodeType;(function(NodeType2){NodeType2.STANDARD="Standard",NodeType2.GPU="GPU",NodeType2.INFERENTIA="INFERENTIA",NodeType2.TRAINIUM="TRAINIUM"})(NodeType||(exports.NodeType=NodeType={}));var CpuArch;(function(CpuArch2){CpuArch2.ARM_64="arm64",CpuArch2.X86_64="x86_64"})(CpuArch||(exports.CpuArch=CpuArch={}));var CoreDnsComputeType;(function(CoreDnsComputeType2){CoreDnsComputeType2.EC2="ec2",CoreDnsComputeType2.FARGATE="fargate"})(CoreDnsComputeType||(exports.CoreDnsComputeType=CoreDnsComputeType={}));var DefaultCapacityType;(function(DefaultCapacityType2){DefaultCapacityType2[DefaultCapacityType2.NODEGROUP=0]="NODEGROUP",DefaultCapacityType2[DefaultCapacityType2.EC2=1]="EC2"})(DefaultCapacityType||(exports.DefaultCapacityType=DefaultCapacityType={}));var MachineImageType;(function(MachineImageType2){MachineImageType2[MachineImageType2.AMAZON_LINUX_2=0]="AMAZON_LINUX_2",MachineImageType2[MachineImageType2.BOTTLEROCKET=1]="BOTTLEROCKET"})(MachineImageType||(exports.MachineImageType=MachineImageType={}));function nodeTypeForInstanceType(instanceType){return instance_types_1().INSTANCE_TYPES.gpu.includes(instanceType.toString().substring(0,2))?NodeType.GPU:instance_types_1().INSTANCE_TYPES.inferentia.includes(instanceType.toString().substring(0,4))?NodeType.INFERENTIA:instance_types_1().INSTANCE_TYPES.trainium.includes(instanceType.toString().substring(0,4))?NodeType.TRAINIUM:NodeType.STANDARD}function cpuArchForInstanceType(instanceType){return instance_types_1().INSTANCE_TYPES.graviton2.includes(instanceType.toString().substring(0,3))||instance_types_1().INSTANCE_TYPES.graviton3.includes(instanceType.toString().substring(0,3))||instance_types_1().INSTANCE_TYPES.graviton.includes(instanceType.toString().substring(0,2))?CpuArch.ARM_64:CpuArch.X86_64}function flatten(xss){return Array.prototype.concat.call([],...xss)}