/AWS1/CL_EKSVPCCONFIGREQUEST¶
An object representing the VPC configuration to use for an Amazon EKS cluster.
CONSTRUCTOR¶
IMPORTING¶
Optional arguments:¶
it_subnetids TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST¶
Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
it_securitygroupids TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST¶
Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .
iv_endpointpublicaccess TYPE /AWS1/EKSBOXEDBOOLEAN /AWS1/EKSBOXEDBOOLEAN¶
Set this value to
falseto disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter istrue, which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of theipFamilyfor the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
iv_endpointprivateaccess TYPE /AWS1/EKSBOXEDBOOLEAN /AWS1/EKSBOXEDBOOLEAN¶
Set this value to
trueto enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter isfalse, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure thatpublicAccessCidrsincludes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
it_publicaccesscidrs TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST¶
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is
0.0.0.0/0and additionally::/0for dual-stackIPv6clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and FargatePodin the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .Note that the public endpoints are dual-stack for only
IPv6clusters that are made after October 2024. You can't addIPv6CIDR blocks toIPv4clusters orIPv6clusters that were made before October 2024.
iv_controlplaneegressmode TYPE /AWS1/EKSCTLPLANEEGRMODETYPE /AWS1/EKSCTLPLANEEGRMODETYPE¶
Specifies the control plane egress routing mode for the cluster. If the cluster is set to
AWS_MANAGED, Amazon EKS manages the egress path from the control plane and you don't need to configure NAT gateways or other routing infrastructure for control plane traffic. If the cluster is set toCUSTOMER_ROUTED, you manage the egress path from the control plane in your VPC subnets. You are responsible for ensuring that the control plane can reach required endpoints such as webhook servers and OIDC providers. The default value isAWS_MANAGED. Once set toCUSTOMER_ROUTED, this setting cannot be changed back toAWS_MANAGEDon the same cluster.Learn more about control plane egress routing in the Amazon EKS User Guide.
Queryable Attributes¶
subnetIds¶
Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_SUBNETIDS() |
Getter for SUBNETIDS, with configurable default |
ASK_SUBNETIDS() |
Getter for SUBNETIDS w/ exceptions if field has no value |
HAS_SUBNETIDS() |
Determine if SUBNETIDS has a value |
securityGroupIds¶
Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see Amazon EKS security group considerations in the Amazon EKS User Guide .
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_SECURITYGROUPIDS() |
Getter for SECURITYGROUPIDS, with configurable default |
ASK_SECURITYGROUPIDS() |
Getter for SECURITYGROUPIDS w/ exceptions if field has no va |
HAS_SECURITYGROUPIDS() |
Determine if SECURITYGROUPIDS has a value |
endpointPublicAccess¶
Set this value to
falseto disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter istrue, which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of theipFamilyfor the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ENDPOINTPUBLICACCESS() |
Getter for ENDPOINTPUBLICACCESS, with configurable default |
ASK_ENDPOINTPUBLICACCESS() |
Getter for ENDPOINTPUBLICACCESS w/ exceptions if field has n |
HAS_ENDPOINTPUBLICACCESS() |
Determine if ENDPOINTPUBLICACCESS has a value |
endpointPrivateAccess¶
Set this value to
trueto enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter isfalse, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure thatpublicAccessCidrsincludes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ENDPOINTPRIVATEACCESS() |
Getter for ENDPOINTPRIVATEACCESS, with configurable default |
ASK_ENDPOINTPRIVATEACCESS() |
Getter for ENDPOINTPRIVATEACCESS w/ exceptions if field has |
HAS_ENDPOINTPRIVATEACCESS() |
Determine if ENDPOINTPRIVATEACCESS has a value |
publicAccessCidrs¶
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is
0.0.0.0/0and additionally::/0for dual-stackIPv6clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and FargatePodin the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .Note that the public endpoints are dual-stack for only
IPv6clusters that are made after October 2024. You can't addIPv6CIDR blocks toIPv4clusters orIPv6clusters that were made before October 2024.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_PUBLICACCESSCIDRS() |
Getter for PUBLICACCESSCIDRS, with configurable default |
ASK_PUBLICACCESSCIDRS() |
Getter for PUBLICACCESSCIDRS w/ exceptions if field has no v |
HAS_PUBLICACCESSCIDRS() |
Determine if PUBLICACCESSCIDRS has a value |
controlPlaneEgressMode¶
Specifies the control plane egress routing mode for the cluster. If the cluster is set to
AWS_MANAGED, Amazon EKS manages the egress path from the control plane and you don't need to configure NAT gateways or other routing infrastructure for control plane traffic. If the cluster is set toCUSTOMER_ROUTED, you manage the egress path from the control plane in your VPC subnets. You are responsible for ensuring that the control plane can reach required endpoints such as webhook servers and OIDC providers. The default value isAWS_MANAGED. Once set toCUSTOMER_ROUTED, this setting cannot be changed back toAWS_MANAGEDon the same cluster.Learn more about control plane egress routing in the Amazon EKS User Guide.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_CONTROLPLANEEGRESSMODE() |
Getter for CONTROLPLANEEGRESSMODE, with configurable default |
ASK_CONTROLPLANEEGRESSMODE() |
Getter for CONTROLPLANEEGRESSMODE w/ exceptions if field has |
HAS_CONTROLPLANEEGRESSMODE() |
Determine if CONTROLPLANEEGRESSMODE has a value |