KubectlProvider

class aws_cdk.aws_eks_v2_alpha.KubectlProvider(scope, id, *, cluster, kubectl_layer, awscli_layer=None, environment=None, memory=None, private_subnets=None, removal_policy=None, role=None, security_group=None)

Bases: Construct

(experimental) Implementation of Kubectl Lambda.

Stability:

experimental

ExampleMetadata:

infused

Example:

handler_role = iam.Role.from_role_arn(self, "HandlerRole", "arn:aws:iam::123456789012:role/lambda-role")
# get the serivceToken from the custom resource provider
function_arn = lambda_.Function.from_function_name(self, "ProviderOnEventFunc", "ProviderframeworkonEvent-XXX").function_arn
kubectl_provider = eks.KubectlProvider.from_kubectl_provider_attributes(self, "KubectlProvider",
    service_token=function_arn,
    role=handler_role
)

cluster = eks.Cluster.from_cluster_attributes(self, "Cluster",
    cluster_name="cluster",
    kubectl_provider=kubectl_provider
)

Parameters:

• scope (Construct)

• id (str)

• cluster (ICluster) – (experimental) The cluster to control.

• kubectl_layer (ILayerVersion) – (experimental) An AWS Lambda layer that includes kubectl and helm.

• awscli_layer (Optional[ILayerVersion]) – (experimental) An AWS Lambda layer that contains the aws CLI. If not defined, a default layer will be used containing the AWS CLI 2.x.

• environment (Optional[Mapping[str, str]]) – (experimental) Custom environment variables when running kubectl against this cluster.

• memory (Optional[Size]) – (experimental) The amount of memory allocated to the kubectl provider’s lambda function.

• private_subnets (Optional[Sequence[ISubnet]]) – (experimental) Subnets to host the kubectl compute resources. If not specified, the k8s endpoint is expected to be accessible publicly.

• removal_policy (Optional[RemovalPolicy]) – (experimental) The removal policy applied to the custom resource that provides kubectl. The removal policy controls what happens to the resource if it stops being managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it - The stack is deleted, so CloudFormation stops managing all resources in it Default: RemovalPolicy.DESTROY

• role (Optional[IRole]) – (experimental) An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the system:masters Kubernetes RBAC role. This role is directly passed to the lambda handler that sends Kube Ctl commands to the cluster. Default: - if not specified, the default role created by a lambda function will be used.

• security_group (Optional[ISecurityGroup]) – (experimental) A security group to use for kubectl execution. Default: - If not specified, the k8s endpoint is expected to be accessible publicly.

Stability:

experimental

Methods

to_string()

Returns a string representation of this construct.

Return type:

str

Attributes

node

The tree node.

role

(experimental) The IAM execution role of the handler.

Stability:

experimental

service_token

(experimental) The custom resource provider’s service token.

Stability:

experimental

Static Methods

classmethod from_kubectl_provider_attributes(scope, id, *, service_token, role=None)

(experimental) Import an existing provider.

Parameters:

• scope (Construct) – Construct.

• id (str) – an id of resource.

• service_token (str) – (experimental) The kubectl provider lambda arn.

• role (Optional[IRole]) – (experimental) The role of the provider lambda function. Only required if you deploy helm charts using this imported provider. Default: - no role.

Stability:

experimental

Return type:

IKubectlProvider

classmethod get_kubectl_provider(scope, cluster)

(experimental) Take existing provider on cluster.

Parameters:

• scope (Construct) – Construct.

• cluster (ICluster) – k8s cluster.

Stability:

experimental

Return type:

Optional[IKubectlProvider]

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.