KubectlProvider

class aws_cdk.aws_eks_v2.KubectlProvider(scope, id, *, cluster, kubectl_layer, awscli_layer=None, environment=None, memory=None, private_subnets=None, removal_policy=None, role=None, security_group=None)

Bases: Construct

Implementation of Kubectl Lambda.

ExampleMetadata:

infused

Example:

handler_role = iam.Role.from_role_arn(self, "HandlerRole", "arn:aws:iam::123456789012:role/lambda-role")
# get the serivceToken from the custom resource provider
function_arn = lambda_.Function.from_function_name(self, "ProviderOnEventFunc", "ProviderframeworkonEvent-XXX").function_arn
kubectl_provider = eks.KubectlProvider.from_kubectl_provider_attributes(self, "KubectlProvider",
    service_token=function_arn,
    role=handler_role
)

cluster = eks.Cluster.from_cluster_attributes(self, "Cluster",
    cluster_name="cluster",
    kubectl_provider=kubectl_provider
)

Parameters:

• scope (Construct)

• id (str)

• cluster (ICluster) – The cluster to control.

• kubectl_layer (ILayerVersion) – An AWS Lambda layer that includes kubectl and helm.

• awscli_layer (Optional[ILayerVersion]) – An AWS Lambda layer that contains the aws CLI. Default: - If not defined, a default layer will be used containing the AWS CLI 2.x.

• environment (Optional[Mapping[str, str]]) – Custom environment variables when running kubectl against this cluster. Default: - No custom environment variables

• memory (Optional[Size]) – The amount of memory allocated to the kubectl provider’s lambda function. Default: - 1024

• private_subnets (Optional[Sequence[ISubnet]]) – Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - the k8s is accessible publicly

• removal_policy (Optional[RemovalPolicy]) – The removal policy applied to the custom resource that provides kubectl. The removal policy controls what happens to the resource if it stops being managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it - The stack is deleted, so CloudFormation stops managing all resources in it Default: RemovalPolicy.DESTROY

• role (Optional[IRole]) – An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the system:masters Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.

• security_group (Optional[ISecurityGroup]) – A security group to use for kubectl execution. Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

Methods

to_string()

Returns a string representation of this construct.

Return type:

str

with_(*mixins)

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

Parameters:

mixins (IMixin) – The mixins to apply.

Return type:

IConstruct

Returns:

This construct for chaining

Attributes

node

The tree node.

role

The IAM execution role of the handler.

service_token

The custom resource provider’s service token.

Static Methods

classmethod from_kubectl_provider_attributes(scope, id, *, service_token, role=None)

Import an existing provider.

Parameters:

• scope (Construct) – Construct.

• id (str) – an id of resource.

• service_token (str) – The kubectl provider lambda arn.

• role (Optional[IRole]) – The role of the provider lambda function. Only required if you deploy helm charts using this imported provider. Default: - no role.

Return type:

IKubectlProvider

classmethod get_kubectl_provider(scope, cluster)

Take existing provider on cluster.

Parameters:

• scope (Construct) – Construct.

• cluster (ICluster) – k8s cluster.

Return type:

Optional[IKubectlProvider]

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.