Class: AWSCDK::EKS::CfnCluster::ResourcesVPCConfigProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::EKS::CfnCluster::ResourcesVPCConfigProperty
- Defined in:
- eks/cfn_cluster.rb
Overview
An object representing the VPC configuration to use for an Amazon EKS cluster.
When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them:
EndpointPublicAccessEndpointPrivateAccessPublicAccessCidrs
Instance Attribute Summary collapse
-
#control_plane_egress_mode ⇒ String?
readonly
Specify the egress mode for the cluster control plane.
-
#endpoint_private_access ⇒ Boolean, ...
readonly
Set this value to
trueto enable private access for your cluster's Kubernetes API server endpoint. -
#endpoint_public_access ⇒ Boolean, ...
readonly
Set this value to
falseto disable public access to your cluster's Kubernetes API server endpoint. -
#public_access_cidrs ⇒ Array<String>?
readonly
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
-
#security_group_ids ⇒ Array<String>?
readonly
Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane.
-
#subnet_ids ⇒ Array<String>
readonly
Specify subnets for your Amazon EKS nodes.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(subnet_ids:, control_plane_egress_mode: nil, endpoint_private_access: nil, endpoint_public_access: nil, public_access_cidrs: nil, security_group_ids: nil) ⇒ ResourcesVPCConfigProperty
constructor
A new instance of ResourcesVPCConfigProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(subnet_ids:, control_plane_egress_mode: nil, endpoint_private_access: nil, endpoint_public_access: nil, public_access_cidrs: nil, security_group_ids: nil) ⇒ ResourcesVPCConfigProperty
Returns a new instance of ResourcesVPCConfigProperty.
1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 |
# File 'eks/cfn_cluster.rb', line 1708 def initialize(subnet_ids:, control_plane_egress_mode: nil, endpoint_private_access: nil, endpoint_public_access: nil, public_access_cidrs: nil, security_group_ids: nil) @subnet_ids = subnet_ids Jsii::Type.check_type(@subnet_ids, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "subnetIds") @control_plane_egress_mode = control_plane_egress_mode Jsii::Type.check_type(@control_plane_egress_mode, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "controlPlaneEgressMode") unless @control_plane_egress_mode.nil? @endpoint_private_access = endpoint_private_access Jsii::Type.check_type(@endpoint_private_access, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "endpointPrivateAccess") unless @endpoint_private_access.nil? @endpoint_public_access = endpoint_public_access Jsii::Type.check_type(@endpoint_public_access, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "endpointPublicAccess") unless @endpoint_public_access.nil? @public_access_cidrs = public_access_cidrs Jsii::Type.check_type(@public_access_cidrs, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "publicAccessCidrs") unless @public_access_cidrs.nil? @security_group_ids = security_group_ids Jsii::Type.check_type(@security_group_ids, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "securityGroupIds") unless @security_group_ids.nil? end |
Instance Attribute Details
#control_plane_egress_mode ⇒ String? (readonly)
Specify the egress mode for the cluster control plane.
If you set this to CUSTOMER_ROUTED, the control plane routes traffic through your VPC subnets instead of using AWS managed networking.
1736 1737 1738 |
# File 'eks/cfn_cluster.rb', line 1736 def control_plane_egress_mode @control_plane_egress_mode end |
#endpoint_private_access ⇒ Boolean, ... (readonly)
Set this value to true to enable private access for your cluster's Kubernetes API server endpoint.
If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that public_access_cidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
1743 1744 1745 |
# File 'eks/cfn_cluster.rb', line 1743 def endpoint_private_access @endpoint_private_access end |
#endpoint_public_access ⇒ Boolean, ... (readonly)
Set this value to false to disable public access to your cluster's Kubernetes API server endpoint.
If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true , which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of the ip_family for the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
1750 1751 1752 |
# File 'eks/cfn_cluster.rb', line 1750 def endpoint_public_access @endpoint_public_access end |
#public_access_cidrs ⇒ Array<String>? (readonly)
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0 and additionally ::/0 for dual-stack IPv6 clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and AWS Fargate Pod in the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
Note that the public endpoints are dual-stack for only IPv6 clusters that are made after October 2024. You can't add IPv6 CIDR blocks to IPv4 clusters or IPv6 clusters that were made before October 2024.
1759 1760 1761 |
# File 'eks/cfn_cluster.rb', line 1759 def public_access_cidrs @public_access_cidrs end |
#security_group_ids ⇒ Array<String>? (readonly)
Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane.
If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .
1766 1767 1768 |
# File 'eks/cfn_cluster.rb', line 1766 def security_group_ids @security_group_ids end |
#subnet_ids ⇒ Array<String> (readonly)
Specify subnets for your Amazon EKS nodes.
Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
1729 1730 1731 |
# File 'eks/cfn_cluster.rb', line 1729 def subnet_ids @subnet_ids end |
Class Method Details
.jsii_properties ⇒ Object
1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 |
# File 'eks/cfn_cluster.rb', line 1768 def self.jsii_properties { :subnet_ids => "subnetIds", :control_plane_egress_mode => "controlPlaneEgressMode", :endpoint_private_access => "endpointPrivateAccess", :endpoint_public_access => "endpointPublicAccess", :public_access_cidrs => "publicAccessCidrs", :security_group_ids => "securityGroupIds", } end |
Instance Method Details
#to_jsii ⇒ Object
1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 |
# File 'eks/cfn_cluster.rb', line 1779 def to_jsii result = {} result.merge!({ "subnetIds" => @subnet_ids, "controlPlaneEgressMode" => @control_plane_egress_mode, "endpointPrivateAccess" => @endpoint_private_access, "endpointPublicAccess" => @endpoint_public_access, "publicAccessCidrs" => @public_access_cidrs, "securityGroupIds" => @security_group_ids, }) result.compact end |