UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

152 lines (151 loc) 4.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
import type { IConstruct } from 'constructs'; import { Construct } from 'constructs'; import type { ICluster } from './cluster'; import type * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as lambda from '../../aws-lambda'; import type { RemovalPolicy, Size } from '../../core'; /** * Options for creating the kubectl provider - a lambda function that executes `kubectl` and `helm` * against the cluster. */ export interface KubectlProviderOptions { /** * An IAM role that can perform kubectl operations against this cluster. * * The role should be mapped to the `system:masters` Kubernetes RBAC role. * * This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. * @default - if not specified, the default role created by a lambda function will * be used. */ readonly role?: iam.IRole; /** * An AWS Lambda layer that contains the `aws` CLI. * * @default - If not defined, a default layer will be used containing the AWS CLI 2.x. */ readonly awscliLayer?: lambda.ILayerVersion; /** * * Custom environment variables when running `kubectl` against this cluster. * * @default - No custom environment variables */ readonly environment?: { [key: string]: string; }; /** * A security group to use for `kubectl` execution. * * @default - If not specified, the k8s endpoint is expected to be accessible * publicly. * @deprecated Use `securityGroups` instead. */ readonly securityGroup?: ec2.ISecurityGroup; /** * Security groups to use for `kubectl` execution. * * @default - If not specified, the k8s endpoint is expected to be accessible * publicly. */ readonly securityGroups?: ec2.ISecurityGroup[]; /** * The amount of memory allocated to the kubectl provider's lambda function. * * @default - 1024 */ readonly memory?: Size; /** * An AWS Lambda layer that includes `kubectl` and `helm` */ readonly kubectlLayer: lambda.ILayerVersion; /** * Subnets to host the `kubectl` compute resources. If not specified, the k8s * endpoint is expected to be accessible publicly. * * @default - the k8s is accessible publicly */ readonly privateSubnets?: ec2.ISubnet[]; /** * The removal policy applied to the custom resource that provides kubectl. * * The removal policy controls what happens to the resource if it stops being managed by CloudFormation. * This can happen in one of three situations: * * - The resource is removed from the template, so CloudFormation stops managing it * - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it * - The stack is deleted, so CloudFormation stops managing all resources in it * * @default RemovalPolicy.DESTROY */ readonly removalPolicy?: RemovalPolicy; } /** * Properties for a KubectlProvider */ export interface KubectlProviderProps extends KubectlProviderOptions { /** * The cluster to control. */ readonly cluster: ICluster; } /** * Kubectl Provider Attributes */ export interface KubectlProviderAttributes { /** * The kubectl provider lambda arn */ readonly serviceToken: string; /** * The role of the provider lambda function. * Only required if you deploy helm charts using this imported provider. * * @default - no role. */ readonly role?: iam.IRole; } /** * Imported KubectlProvider that can be used in place of the default one created by CDK */ export interface IKubectlProvider extends IConstruct { /** * The custom resource provider's service token. */ readonly serviceToken: string; /** * The role of the provider lambda function. If undefined, * you cannot use this provider to deploy helm charts. */ readonly role?: iam.IRole; } /** * Implementation of Kubectl Lambda */ export declare class KubectlProvider extends Construct implements IKubectlProvider { /** * Take existing provider on cluster * * @param scope Construct * @param cluster k8s cluster */ static getKubectlProvider(scope: Construct, cluster: ICluster): IKubectlProvider | undefined; /** * Import an existing provider * * @param scope Construct * @param id an id of resource * @param attrs attributes for the provider */ static fromKubectlProviderAttributes(scope: Construct, id: string, attrs: KubectlProviderAttributes): IKubectlProvider; /** * The custom resource provider's service token. */ readonly serviceToken: string; /** * The IAM execution role of the handler. */ readonly role?: iam.IRole; constructor(scope: Construct, id: string, props: KubectlProviderProps); }