KubectlProviderOptions

class aws_cdk.aws_eks_v2.KubectlProviderOptions(*, kubectl_layer, awscli_layer=None, environment=None, memory=None, private_subnets=None, removal_policy=None, role=None, security_group=None)

Bases: object

Options for creating the kubectl provider - a lambda function that executes kubectl and helm against the cluster.

Parameters:

  • kubectl_layer (ILayerVersion) – An AWS Lambda layer that includes kubectl and helm.

  • awscli_layer (Optional[ILayerVersion]) – An AWS Lambda layer that contains the aws CLI. Default: - If not defined, a default layer will be used containing the AWS CLI 2.x.

  • environment (Optional[Mapping[str, str]]) – Custom environment variables when running kubectl against this cluster. Default: - No custom environment variables

  • memory (Optional[Size]) – The amount of memory allocated to the kubectl provider’s lambda function. Default: - 1024

  • private_subnets (Optional[Sequence[ISubnet]]) – Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. Default: - the k8s is accessible publicly

  • removal_policy (Optional[RemovalPolicy]) – The removal policy applied to the custom resource that provides kubectl. The removal policy controls what happens to the resource if it stops being managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it - The stack is deleted, so CloudFormation stops managing all resources in it Default: RemovalPolicy.DESTROY

  • role (Optional[IRole]) – An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the system:masters Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.

  • security_group (Optional[ISecurityGroup]) – A security group to use for kubectl execution. Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

ExampleMetadata:

infused

Example:

from aws_cdk.lambda_layer_kubectl_v34 import KubectlV34Layer


cluster = eks.Cluster(self, "hello-eks",
    version=eks.KubernetesVersion.V1_34,
    kubectl_provider_options=eks.KubectlProviderOptions(
        kubectl_layer=KubectlV34Layer(self, "kubectl"),
        environment={
            "http_proxy": "http://proxy.myproxy.com"
        }
    )
)

Attributes

awscli_layer

An AWS Lambda layer that contains the aws CLI.

Default:

  • If not defined, a default layer will be used containing the AWS CLI 2.x.

environment

Custom environment variables when running kubectl against this cluster.

Default:

  • No custom environment variables

kubectl_layer

An AWS Lambda layer that includes kubectl and helm.

memory

The amount of memory allocated to the kubectl provider’s lambda function.

Default:

  • 1024

private_subnets

Subnets to host the kubectl compute resources.

If not specified, the k8s endpoint is expected to be accessible publicly.

Default:

  • the k8s is accessible publicly

removal_policy

The removal policy applied to the custom resource that provides kubectl.

The removal policy controls what happens to the resource if it stops being managed by CloudFormation. This can happen in one of three situations:

  • The resource is removed from the template, so CloudFormation stops managing it

  • A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it

  • The stack is deleted, so CloudFormation stops managing all resources in it

Default:

RemovalPolicy.DESTROY

role

An IAM role that can perform kubectl operations against this cluster.

The role should be mapped to the system:masters Kubernetes RBAC role.

This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster.

Default:

  • if not specified, the default role created by a lambda function will

be used.

security_group

A security group to use for kubectl execution.

Default:

  • If not specified, the k8s endpoint is expected to be accessible

publicly.