Class: AWSCDK::EKS::CfnCluster::ResourcesVPCConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
eks/cfn_cluster.rb

Overview

An object representing the VPC configuration to use for an Amazon EKS cluster.

When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them:

  • EndpointPublicAccess
  • EndpointPrivateAccess
  • PublicAccessCidrs

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(subnet_ids:, control_plane_egress_mode: nil, endpoint_private_access: nil, endpoint_public_access: nil, public_access_cidrs: nil, security_group_ids: nil) ⇒ ResourcesVPCConfigProperty

Returns a new instance of ResourcesVPCConfigProperty.

Parameters:

  • subnet_ids (Array<String>)

    Specify subnets for your Amazon EKS nodes.

  • control_plane_egress_mode (String, nil) (defaults to: nil)

    Specify the egress mode for the cluster control plane.

  • endpoint_private_access (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    Set this value to true to enable private access for your cluster's Kubernetes API server endpoint.

  • endpoint_public_access (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    Set this value to false to disable public access to your cluster's Kubernetes API server endpoint.

  • public_access_cidrs (Array<String>, nil) (defaults to: nil)

    The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.

  • security_group_ids (Array<String>, nil) (defaults to: nil)

    Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane.



1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
# File 'eks/cfn_cluster.rb', line 1708

def initialize(subnet_ids:, control_plane_egress_mode: nil, endpoint_private_access: nil, endpoint_public_access: nil, public_access_cidrs: nil, security_group_ids: nil)
  @subnet_ids = subnet_ids
  Jsii::Type.check_type(@subnet_ids, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "subnetIds")
  @control_plane_egress_mode = control_plane_egress_mode
  Jsii::Type.check_type(@control_plane_egress_mode, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "controlPlaneEgressMode") unless @control_plane_egress_mode.nil?
  @endpoint_private_access = endpoint_private_access
  Jsii::Type.check_type(@endpoint_private_access, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "endpointPrivateAccess") unless @endpoint_private_access.nil?
  @endpoint_public_access = endpoint_public_access
  Jsii::Type.check_type(@endpoint_public_access, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "endpointPublicAccess") unless @endpoint_public_access.nil?
  @public_access_cidrs = public_access_cidrs
  Jsii::Type.check_type(@public_access_cidrs, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "publicAccessCidrs") unless @public_access_cidrs.nil?
  @security_group_ids = security_group_ids
  Jsii::Type.check_type(@security_group_ids, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "securityGroupIds") unless @security_group_ids.nil?
end

Instance Attribute Details

#control_plane_egress_modeString? (readonly)

Specify the egress mode for the cluster control plane.

If you set this to CUSTOMER_ROUTED, the control plane routes traffic through your VPC subnets instead of using AWS managed networking.



1736
1737
1738
# File 'eks/cfn_cluster.rb', line 1736

def control_plane_egress_mode
  @control_plane_egress_mode
end

#endpoint_private_accessBoolean, ... (readonly)

Set this value to true to enable private access for your cluster's Kubernetes API server endpoint.

If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that public_access_cidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .



1743
1744
1745
# File 'eks/cfn_cluster.rb', line 1743

def endpoint_private_access
  @endpoint_private_access
end

#endpoint_public_accessBoolean, ... (readonly)

Set this value to false to disable public access to your cluster's Kubernetes API server endpoint.

If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true , which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of the ip_family for the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .



1750
1751
1752
# File 'eks/cfn_cluster.rb', line 1750

def endpoint_public_access
  @endpoint_public_access
end

#public_access_cidrsArray<String>? (readonly)

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.

Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0 and additionally ::/0 for dual-stack IPv6 clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and AWS Fargate Pod in the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

Note that the public endpoints are dual-stack for only IPv6 clusters that are made after October 2024. You can't add IPv6 CIDR blocks to IPv4 clusters or IPv6 clusters that were made before October 2024.



1759
1760
1761
# File 'eks/cfn_cluster.rb', line 1759

def public_access_cidrs
  @public_access_cidrs
end

#security_group_idsArray<String>? (readonly)

Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane.

If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .



1766
1767
1768
# File 'eks/cfn_cluster.rb', line 1766

def security_group_ids
  @security_group_ids
end

#subnet_idsArray<String> (readonly)

Specify subnets for your Amazon EKS nodes.

Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.



1729
1730
1731
# File 'eks/cfn_cluster.rb', line 1729

def subnet_ids
  @subnet_ids
end

Class Method Details

.jsii_propertiesObject



1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
# File 'eks/cfn_cluster.rb', line 1768

def self.jsii_properties
  {
    :subnet_ids => "subnetIds",
    :control_plane_egress_mode => "controlPlaneEgressMode",
    :endpoint_private_access => "endpointPrivateAccess",
    :endpoint_public_access => "endpointPublicAccess",
    :public_access_cidrs => "publicAccessCidrs",
    :security_group_ids => "securityGroupIds",
  }
end

Instance Method Details

#to_jsiiObject



1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
# File 'eks/cfn_cluster.rb', line 1779

def to_jsii
  result = {}
  result.merge!({
    "subnetIds" => @subnet_ids,
    "controlPlaneEgressMode" => @control_plane_egress_mode,
    "endpointPrivateAccess" => @endpoint_private_access,
    "endpointPublicAccess" => @endpoint_public_access,
    "publicAccessCidrs" => @public_access_cidrs,
    "securityGroupIds" => @security_group_ids,
  })
  result.compact
end