@pulumi/eks 2.8.1 → 3.0.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (125) hide show
  1. package/addon.d.ts +61 -13
  2. package/addon.js +45 -18
  3. package/addon.js.map +1 -1
  4. package/cluster.d.ts +291 -585
  5. package/cluster.js +120 -947
  6. package/cluster.js.map +1 -1
  7. package/clusterCreationRoleProvider.d.ts +28 -0
  8. package/clusterCreationRoleProvider.js +47 -0
  9. package/clusterCreationRoleProvider.js.map +1 -0
  10. package/clusterMixins.d.ts +71 -0
  11. package/clusterMixins.js +107 -0
  12. package/clusterMixins.js.map +1 -0
  13. package/index.d.ts +31 -7
  14. package/index.js +80 -34
  15. package/index.js.map +1 -1
  16. package/managedNodeGroup.d.ts +221 -0
  17. package/managedNodeGroup.js +81 -0
  18. package/managedNodeGroup.js.map +1 -0
  19. package/nodeGroup.d.ts +273 -0
  20. package/nodeGroup.js +93 -0
  21. package/nodeGroup.js.map +1 -0
  22. package/nodeGroupSecurityGroup.d.ts +51 -0
  23. package/nodeGroupSecurityGroup.js +60 -0
  24. package/nodeGroupSecurityGroup.js.map +1 -0
  25. package/nodeGroupV2.d.ts +280 -0
  26. package/nodeGroupV2.js +90 -0
  27. package/nodeGroupV2.js.map +1 -0
  28. package/nodegroupMixins.d.ts +203 -0
  29. package/{securitygroup.js → nodegroupMixins.js} +25 -36
  30. package/nodegroupMixins.js.map +1 -0
  31. package/package.json +8 -36
  32. package/provider.d.ts +21 -0
  33. package/provider.js +38 -0
  34. package/provider.js.map +1 -0
  35. package/{storageclass.js → storageclassMixins.js} +1 -14
  36. package/storageclassMixins.js.map +1 -0
  37. package/types/enums/index.d.ts +170 -0
  38. package/types/enums/index.js +145 -0
  39. package/types/enums/index.js.map +1 -0
  40. package/types/index.d.ts +4 -0
  41. package/types/index.js +13 -0
  42. package/types/index.js.map +1 -0
  43. package/types/input.d.ts +745 -0
  44. package/types/input.js +30 -0
  45. package/types/input.js.map +1 -0
  46. package/types/output.d.ts +422 -0
  47. package/types/output.js +5 -0
  48. package/types/output.js.map +1 -0
  49. package/utilities.d.ts +8 -1
  50. package/utilities.js +90 -17
  51. package/utilities.js.map +1 -1
  52. package/vpcCniAddon.d.ts +175 -0
  53. package/vpcCniAddon.js +88 -0
  54. package/vpcCniAddon.js.map +1 -0
  55. package/LICENSE +0 -202
  56. package/README.md +0 -77
  57. package/authenticationMode.d.ts +0 -24
  58. package/authenticationMode.js +0 -172
  59. package/authenticationMode.js.map +0 -1
  60. package/authenticationMode.test.d.ts +0 -1
  61. package/authenticationMode.test.js +0 -208
  62. package/authenticationMode.test.js.map +0 -1
  63. package/cert-thumprint.d.ts +0 -16
  64. package/cert-thumprint.js +0 -113
  65. package/cert-thumprint.js.map +0 -1
  66. package/cmd/provider/addon.d.ts +0 -1
  67. package/cmd/provider/addon.js +0 -40
  68. package/cmd/provider/addon.js.map +0 -1
  69. package/cmd/provider/cluster.d.ts +0 -1
  70. package/cmd/provider/cluster.js +0 -71
  71. package/cmd/provider/cluster.js.map +0 -1
  72. package/cmd/provider/cni.d.ts +0 -2
  73. package/cmd/provider/cni.js +0 -291
  74. package/cmd/provider/cni.js.map +0 -1
  75. package/cmd/provider/index.d.ts +0 -1
  76. package/cmd/provider/index.js +0 -171
  77. package/cmd/provider/index.js.map +0 -1
  78. package/cmd/provider/nodegroup.d.ts +0 -1
  79. package/cmd/provider/nodegroup.js +0 -89
  80. package/cmd/provider/nodegroup.js.map +0 -1
  81. package/cmd/provider/randomSuffix.d.ts +0 -1
  82. package/cmd/provider/randomSuffix.js +0 -52
  83. package/cmd/provider/randomSuffix.js.map +0 -1
  84. package/cmd/provider/schema.json +0 -1909
  85. package/cmd/provider/securitygroup.d.ts +0 -1
  86. package/cmd/provider/securitygroup.js +0 -41
  87. package/cmd/provider/securitygroup.js.map +0 -1
  88. package/cni/README.md +0 -6
  89. package/cni/aws-k8s-cni.yaml +0 -602
  90. package/cni.d.ts +0 -177
  91. package/cni.js +0 -64
  92. package/cni.js.map +0 -1
  93. package/dashboard/heapster-rbac.yaml +0 -12
  94. package/dashboard/heapster.yaml +0 -46
  95. package/dashboard/influxdb.yaml +0 -40
  96. package/dashboard/kubernetes-dashboard.yaml +0 -167
  97. package/dashboard.d.ts +0 -5
  98. package/dashboard.js +0 -58
  99. package/dashboard.js.map +0 -1
  100. package/dependencies.d.ts +0 -2
  101. package/dependencies.js +0 -81
  102. package/dependencies.js.map +0 -1
  103. package/dependencies.test.d.ts +0 -1
  104. package/dependencies.test.js +0 -133
  105. package/dependencies.test.js.map +0 -1
  106. package/nodegroup.d.ts +0 -515
  107. package/nodegroup.js +0 -1152
  108. package/nodegroup.js.map +0 -1
  109. package/nodegroup.test.d.ts +0 -1
  110. package/nodegroup.test.js +0 -336
  111. package/nodegroup.test.js.map +0 -1
  112. package/package.json.dev +0 -67
  113. package/randomSuffix.d.ts +0 -1
  114. package/randomSuffix.js +0 -51
  115. package/randomSuffix.js.map +0 -1
  116. package/securitygroup.d.ts +0 -52
  117. package/securitygroup.js.map +0 -1
  118. package/servicerole.d.ts +0 -43
  119. package/servicerole.js +0 -72
  120. package/servicerole.js.map +0 -1
  121. package/storageclass.js.map +0 -1
  122. package/utils.d.ts +0 -23
  123. package/utils.js +0 -16
  124. package/utils.js.map +0 -1
  125. /package/{storageclass.d.ts → storageclassMixins.d.ts} +0 -0
package/cluster.js CHANGED
@@ -1,832 +1,133 @@
1
1
  "use strict";
2
- // Copyright 2016-2022, Pulumi Corporation.
3
- //
4
- // Licensed under the Apache License, Version 2.0 (the "License");
5
- // you may not use this file except in compliance with the License.
6
- // You may obtain a copy of the License at
7
- //
8
- // http://www.apache.org/licenses/LICENSE-2.0
9
- //
10
- // Unless required by applicable law or agreed to in writing, software
11
- // distributed under the License is distributed on an "AS IS" BASIS,
12
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- // See the License for the specific language governing permissions and
14
- // limitations under the License.
15
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
16
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
17
- return new (P || (P = Promise))(function (resolve, reject) {
18
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
19
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
20
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
21
- step((generator = generator.apply(thisArg, _arguments || [])).next());
22
- });
23
- };
2
+ // *** WARNING: this file was generated by pulumi-gen-eks. ***
3
+ // *** Do not edit by hand unless you're certain you know what you are doing! ***
24
4
  Object.defineProperty(exports, "__esModule", { value: true });
25
- exports.ClusterInternal = exports.createCluster = exports.Cluster = exports.AccessEntryType = exports.AuthenticationMode = exports.createCore = exports.getRoleProvider = exports.ClusterCreationRoleProvider = exports.generateKubeconfig = void 0;
26
- const aws = require("@pulumi/aws");
27
- const k8s = require("@pulumi/kubernetes");
5
+ exports.Cluster = void 0;
28
6
  const pulumi = require("@pulumi/pulumi");
29
- const childProcess = require("child_process");
30
- const fs = require("fs");
31
- const https = require("https");
32
- const HttpsProxyAgent = require("https-proxy-agent");
33
- const process = require("process");
34
- const tmp = require("tmp");
35
- const url = require("url");
36
- const authenticationMode_1 = require("./authenticationMode");
37
- const cert_thumprint_1 = require("./cert-thumprint");
38
- const cni_1 = require("./cni");
39
- const dashboard_1 = require("./dashboard");
40
- const dependencies_1 = require("./dependencies");
41
- const nodegroup_1 = require("./nodegroup");
42
- const securitygroup_1 = require("./securitygroup");
43
- const servicerole_1 = require("./servicerole");
44
- const storageclass_1 = require("./storageclass");
45
- function createOrGetInstanceProfile(name, parent, instanceRoleName, instanceProfileName, provider) {
46
- let instanceProfile;
47
- if (instanceProfileName) {
48
- instanceProfile = aws.iam.InstanceProfile.get(`${name}-instanceProfile`, instanceProfileName, undefined, { parent, provider });
49
- }
50
- else {
51
- instanceProfile = new aws.iam.InstanceProfile(`${name}-instanceProfile`, {
52
- role: instanceRoleName,
53
- }, { parent, provider });
54
- }
55
- return instanceProfile;
56
- }
57
- /** @internal */
58
- function generateKubeconfig(clusterName, clusterEndpoint, includeProfile, certData, opts) {
59
- let args = ["eks", "get-token", "--cluster-name", clusterName, "--output", "json"];
60
- const env = [
61
- {
62
- name: "KUBERNETES_EXEC_INFO",
63
- value: `{"apiVersion": "client.authentication.k8s.io/v1beta1"}`,
64
- },
65
- ];
66
- if (opts === null || opts === void 0 ? void 0 : opts.roleArn) {
67
- args = [...args, "--role", opts.roleArn];
68
- }
69
- if (includeProfile && (opts === null || opts === void 0 ? void 0 : opts.profileName)) {
70
- env.push({ name: "AWS_PROFILE", value: opts.profileName });
71
- }
72
- return pulumi.all([args, env]).apply(([tokenArgs, envvars]) => {
73
- return {
74
- apiVersion: "v1",
75
- clusters: [
76
- {
77
- cluster: {
78
- server: clusterEndpoint,
79
- "certificate-authority-data": certData,
80
- },
81
- name: "kubernetes",
82
- },
83
- ],
84
- contexts: [
85
- {
86
- context: {
87
- cluster: "kubernetes",
88
- user: "aws",
89
- },
90
- name: "aws",
91
- },
92
- ],
93
- "current-context": "aws",
94
- kind: "Config",
95
- users: [
96
- {
97
- name: "aws",
98
- user: {
99
- exec: {
100
- apiVersion: "client.authentication.k8s.io/v1beta1",
101
- command: "aws",
102
- args: tokenArgs,
103
- env: envvars,
104
- },
105
- },
106
- },
107
- ],
108
- };
109
- });
110
- }
111
- exports.generateKubeconfig = generateKubeconfig;
7
+ const inputs = require("./types/input");
8
+ const utilities = require("./utilities");
112
9
  /**
113
- * ClusterCreationRoleProvider is a component that wraps creating a role provider that can be passed to
114
- * `new eks.Cluster("test", { creationRoleProvider: ... })`. This can be used to provide a
115
- * specific role to use for the creation of the EKS cluster different from the role being used
116
- * to run the Pulumi deployment.
10
+ * Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.
11
+ *
12
+ * ## Example Usage
13
+ *
14
+ * ### Provisioning a New EKS Cluster
15
+ *
16
+ * <!--Start PulumiCodeChooser -->
17
+ * ```typescript
18
+ * import * as pulumi from "@pulumi/pulumi";
19
+ * import * as eks from "@pulumi/eks";
20
+ *
21
+ * // Create an EKS cluster with the default configuration.
22
+ * const cluster = new eks.Cluster("cluster", {});
23
+ *
24
+ * // Export the cluster's kubeconfig.
25
+ * export const kubeconfig = cluster.kubeconfig;
26
+ * ```
27
+ * <!--End PulumiCodeChooser -->
117
28
  */
118
- class ClusterCreationRoleProvider extends pulumi.ComponentResource {
29
+ class Cluster extends pulumi.ComponentResource {
119
30
  /**
120
- * Creates a role provider that can be passed to `new eks.Cluster("test", { creationRoleProvider: ... })`.
121
- * This can be used to provide a specific role to use for the creation of the EKS cluster different from
122
- * the role being used to run the Pulumi deployment.
123
- *
124
- * @param name The _unique_ name of this component.
125
- * @param args The arguments for this component.
126
- * @param opts A bag of options that control this component's behavior.
31
+ * Returns true if the given object is an instance of Cluster. This is designed to work even
32
+ * when multiple copies of the Pulumi SDK have been loaded into the same process.
127
33
  */
128
- constructor(name, args, opts) {
129
- super("eks:index:ClusterCreationRoleProvider", name, args, opts);
130
- const result = getRoleProvider(name, args === null || args === void 0 ? void 0 : args.region, args === null || args === void 0 ? void 0 : args.profile, this, opts === null || opts === void 0 ? void 0 : opts.provider);
131
- this.role = result.role;
132
- this.provider = result.provider;
133
- this.registerOutputs(undefined);
134
- }
135
- }
136
- exports.ClusterCreationRoleProvider = ClusterCreationRoleProvider;
137
- /**
138
- * getRoleProvider creates a role provider that can be passed to `new eks.Cluster("test", {
139
- * creationRoleProvider: ... })`. This can be used to provide a specific role to use for the
140
- * creation of the EKS cluster different from the role being used to run the Pulumi deployment.
141
- */
142
- function getRoleProvider(name, region, profile, parent, provider) {
143
- const partition = aws.getPartitionOutput({}, { parent }).partition;
144
- const accountId = pulumi.output(aws.getCallerIdentity({}, { parent })).accountId;
145
- const iamRole = new aws.iam.Role(`${name}-eksClusterCreatorRole`, {
146
- assumeRolePolicy: pulumi.interpolate `{
147
- "Version": "2012-10-17",
148
- "Statement": [
149
- {
150
- "Effect": "Allow",
151
- "Principal": {
152
- "AWS": "arn:${partition}:iam::${accountId}:root"
153
- },
154
- "Action": "sts:AssumeRole"
155
- }
156
- ]
157
- }`,
158
- description: `Admin access to eks-${name}`,
159
- }, { parent, provider });
160
- // `eks:*` is needed to create/read/update/delete the EKS cluster, `iam:PassRole` is needed to pass the EKS service role to the cluster
161
- // https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html
162
- const rolePolicy = new aws.iam.RolePolicy(`${name}-eksClusterCreatorPolicy`, {
163
- role: iamRole,
164
- policy: {
165
- Version: "2012-10-17",
166
- Statement: [
167
- {
168
- Effect: "Allow",
169
- Action: "eks:*",
170
- Resource: "*",
171
- },
172
- {
173
- Effect: "Allow",
174
- Action: "iam:PassRole",
175
- Resource: "*",
176
- },
177
- ],
178
- },
179
- }, { parent: iamRole, provider });
180
- const creatorProvider = new aws.Provider(`${name}-eksClusterCreatorEntity`, {
181
- region: region,
182
- profile: profile,
183
- assumeRole: {
184
- roleArn: iamRole.arn.apply((arn) => __awaiter(this, void 0, void 0, function* () {
185
- // wait 30 seconds to assume the IAM Role https://github.com/pulumi/pulumi-aws/issues/673
186
- if (!pulumi.runtime.isDryRun()) {
187
- yield new Promise((resolve) => setTimeout(resolve, 30 * 1000));
188
- }
189
- return arn;
190
- })),
191
- },
192
- }, { parent: iamRole, provider });
193
- return {
194
- role: iamRole,
195
- provider: creatorProvider,
196
- };
197
- }
198
- exports.getRoleProvider = getRoleProvider;
199
- /**
200
- * Create the core components and settings required for the EKS cluster.
201
- */
202
- function createCore(name, rawArgs, parent, provider) {
203
- // Check to ensure that a compatible version of aws CLI is installed, as we'll need it in order
204
- // to retrieve a token to login to the EKS cluster later.
205
- (0, dependencies_1.assertCompatibleAWSCLIExists)();
206
- // Check to ensure that a compatible kubectl is installed, as we'll need it in order to deploy
207
- // k8s resources later.
208
- (0, dependencies_1.assertCompatibleKubectlVersionExists)();
209
- const args = (0, authenticationMode_1.validateAuthenticationMode)(rawArgs);
210
- if (args.instanceRole && args.instanceRoles) {
211
- throw new Error("instanceRole and instanceRoles are mutually exclusive, and cannot both be set.");
212
- }
213
- if (args.subnetIds && (args.publicSubnetIds || args.privateSubnetIds)) {
214
- throw new Error("subnetIds, and the use of publicSubnetIds and/or privateSubnetIds are mutually exclusive. Choose a single approach.");
215
- }
216
- if (args.nodeGroupOptions &&
217
- (args.nodeSubnetIds ||
218
- args.nodeAssociatePublicIpAddress ||
219
- args.instanceType ||
220
- args.instanceProfileName ||
221
- args.nodePublicKey ||
222
- args.nodeRootVolumeSize ||
223
- args.nodeUserData ||
224
- args.minSize ||
225
- args.maxSize ||
226
- args.desiredCapacity ||
227
- args.nodeAmiId ||
228
- args.gpu)) {
229
- throw new Error("Setting nodeGroupOptions, and any set of singular node group option(s) on the cluster, is mutually exclusive. Choose a single approach.");
230
- }
231
- // Configure the node group options.
232
- const nodeGroupOptions = args.nodeGroupOptions || {
233
- nodeSubnetIds: args.nodeSubnetIds,
234
- nodeAssociatePublicIpAddress: args.nodeAssociatePublicIpAddress,
235
- instanceType: args.instanceType,
236
- nodePublicKey: args.nodePublicKey,
237
- nodeRootVolumeEncrypted: args.nodeRootVolumeEncrypted,
238
- nodeRootVolumeSize: args.nodeRootVolumeSize,
239
- nodeUserData: args.nodeUserData,
240
- minSize: args.minSize,
241
- maxSize: args.maxSize,
242
- desiredCapacity: args.desiredCapacity,
243
- amiId: args.nodeAmiId,
244
- gpu: args.gpu,
245
- version: args.version,
246
- };
247
- const { partition, dnsSuffix } = aws.getPartitionOutput({}, { parent });
248
- // Configure default networking architecture.
249
- let vpcId = args.vpcId;
250
- let clusterSubnetIds = [];
251
- // If no VPC is set, use the default VPC's subnets.
252
- if (!args.vpcId) {
253
- const invokeOpts = { parent, async: true };
254
- const vpc = aws.ec2.getVpc({ default: true }, invokeOpts);
255
- vpcId = vpc.then((v) => v.id);
256
- clusterSubnetIds = vpc
257
- .then((v) => aws.ec2.getSubnets({ filters: [{ name: "vpc-id", values: [v.id] }] }, invokeOpts))
258
- .then((subnets) => subnets.ids);
259
- }
260
- // Form the subnetIds to use on the cluster from either:
261
- // - subnetIds
262
- // - A combination of privateSubnetIds and/or publicSubnetIds.
263
- if (args.subnetIds !== undefined) {
264
- clusterSubnetIds = args.subnetIds;
265
- }
266
- else if (args.publicSubnetIds !== undefined || args.privateSubnetIds !== undefined) {
267
- clusterSubnetIds = pulumi
268
- .all([args.publicSubnetIds || [], args.privateSubnetIds || []])
269
- .apply(([publicIds, privateIds]) => {
270
- return [...publicIds, ...privateIds];
271
- });
272
- }
273
- // Create the EKS service role
274
- let eksRole;
275
- if (args.serviceRole) {
276
- eksRole = pulumi.output(args.serviceRole);
277
- }
278
- else {
279
- eksRole = new servicerole_1.ServiceRole(`${name}-eksRole`, {
280
- service: "eks.amazonaws.com",
281
- description: "Allows EKS to manage clusters on your behalf.",
282
- managedPolicyArns: [
283
- {
284
- id: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
285
- arn: pulumi.interpolate `arn:${partition}:iam::aws:policy/AmazonEKSClusterPolicy`,
286
- },
287
- ],
288
- tags: args.tags,
289
- }, { parent, provider }).role;
290
- }
291
- // Create the EKS cluster security group
292
- let eksClusterSecurityGroup;
293
- if (args.clusterSecurityGroup) {
294
- eksClusterSecurityGroup = args.clusterSecurityGroup;
295
- }
296
- else {
297
- eksClusterSecurityGroup = new aws.ec2.SecurityGroup(`${name}-eksClusterSecurityGroup`, {
298
- vpcId: vpcId,
299
- revokeRulesOnDelete: true,
300
- tags: pulumi.all([args.tags, args.clusterSecurityGroupTags]).apply(([tags, clusterSecurityGroupTags]) => (Object.assign(Object.assign({ Name: `${name}-eksClusterSecurityGroup` }, clusterSecurityGroupTags), tags))),
301
- }, { parent, provider });
302
- const eksClusterInternetEgressRule = new aws.ec2.SecurityGroupRule(`${name}-eksClusterInternetEgressRule`, {
303
- description: "Allow internet access.",
304
- type: "egress",
305
- fromPort: 0,
306
- toPort: 0,
307
- protocol: "-1",
308
- cidrBlocks: ["0.0.0.0/0"],
309
- securityGroupId: eksClusterSecurityGroup.id,
310
- }, { parent, provider });
311
- }
312
- // Create the cluster encryption provider for using envelope encryption on
313
- // Kubernetes secrets.
314
- let encryptionProvider;
315
- let encryptionConfig;
316
- if (args.encryptionConfigKeyArn) {
317
- encryptionProvider = pulumi.output(args.encryptionConfigKeyArn).apply((keyArn) => ({
318
- keyArn,
319
- }));
320
- encryptionConfig = encryptionProvider.apply((ep) => ({
321
- provider: ep,
322
- resources: ["secrets"], // Only valid values are: "secrets"
323
- }));
324
- }
325
- let kubernetesNetworkConfig;
326
- if (args.kubernetesServiceIpAddressRange || args.ipFamily) {
327
- kubernetesNetworkConfig = pulumi
328
- .all([args.kubernetesServiceIpAddressRange, args.ipFamily])
329
- .apply(([serviceIpv4Cidr, ipFamily = "ipv4"]) => ({
330
- serviceIpv4Cidr: ipFamily === "ipv4" ? serviceIpv4Cidr : undefined,
331
- ipFamily: ipFamily,
332
- }));
333
- }
334
- // Create the EKS cluster
335
- const eksCluster = new aws.eks.Cluster(`${name}-eksCluster`, {
336
- name: args.name,
337
- roleArn: eksRole.apply((r) => r.arn),
338
- vpcConfig: {
339
- securityGroupIds: [eksClusterSecurityGroup.id],
340
- subnetIds: clusterSubnetIds,
341
- endpointPrivateAccess: args.endpointPrivateAccess,
342
- endpointPublicAccess: args.endpointPublicAccess,
343
- publicAccessCidrs: args.publicAccessCidrs,
344
- },
345
- version: args.version,
346
- enabledClusterLogTypes: args.enabledClusterLogTypes,
347
- defaultAddonsToRemoves: args.defaultAddonsToRemove,
348
- tags: pulumi.all([args.tags, args.clusterTags]).apply(([tags, clusterTags]) => (Object.assign(Object.assign({ Name: `${name}-eksCluster` }, clusterTags), tags))),
349
- encryptionConfig,
350
- kubernetesNetworkConfig,
351
- accessConfig: args.authenticationMode
352
- ? {
353
- authenticationMode: args.authenticationMode,
354
- // Explicitely grants the principal creating the cluster admin access to the cluster.
355
- // This is the default behavior of EKS when no accessConfig is provided.
356
- // It is required for this component because it deploys charts to the cluster.
357
- bootstrapClusterCreatorAdminPermissions: true,
358
- }
359
- : undefined,
360
- }, {
361
- parent,
362
- provider: args.creationRoleProvider ? args.creationRoleProvider.provider : provider,
363
- // ignore changes to the bootstrapClusterCreatorAdminPermissions field because it has bi-modal default behavior
364
- // in upstream and would cause replacements for users upgrading from older versions of the EKS provider (<=2.7.3).
365
- // See https://github.com/pulumi/pulumi-aws/issues/3997#issuecomment-2223201333 for more details.
366
- ignoreChanges: ["accessConfig.bootstrapClusterCreatorAdminPermissions"],
367
- });
368
- // Instead of using the kubeconfig directly, we also add a wait of up to 5 minutes or until we
369
- // can reach the API server for the Output that provides access to the kubeconfig string so that
370
- // there is time for the cluster API server to become completely available. Ideally we
371
- // would rely on the EKS API only returning once this was available, but we have seen frequent
372
- // cases where it is not yet available immediately after provisioning - possibly due to DNS
373
- // propagation delay or other non-deterministic factors.
374
- const endpoint = eksCluster.endpoint.apply((clusterEndpoint) => __awaiter(this, void 0, void 0, function* () {
375
- if (!pulumi.runtime.isDryRun() && args.endpointPublicAccess) {
376
- // For up to 300 seconds, try to contact the API cluster healthz
377
- // endpoint, and verify that it is reachable.
378
- const healthz = `${clusterEndpoint}/healthz`;
379
- const agent = createHttpAgent(args.proxy);
380
- const maxRetries = 60;
381
- const reqTimeoutMilliseconds = 1000; // HTTPS request timeout
382
- const timeoutMilliseconds = 5000; // Retry timeout
383
- for (let i = 0; i < maxRetries; i++) {
384
- try {
385
- yield new Promise((resolve, reject) => {
386
- const options = Object.assign(Object.assign({}, url.parse(healthz)), { rejectUnauthorized: false, agent: agent, timeout: reqTimeoutMilliseconds });
387
- const req = https.request(options, (res) => {
388
- res.statusCode === 200 ? resolve(undefined) : reject(); // Verify healthz returns 200
389
- });
390
- req.on("timeout", reject);
391
- req.on("error", reject);
392
- req.end();
393
- });
394
- pulumi.log.info(`Cluster is ready`, eksCluster, undefined, true);
395
- break;
396
- }
397
- catch (e) {
398
- const retrySecondsLeft = ((maxRetries - i) * timeoutMilliseconds) / 1000;
399
- pulumi.log.info(`Waiting up to (${retrySecondsLeft}) more seconds for cluster readiness...`, eksCluster, undefined, true);
400
- }
401
- yield new Promise((resolve) => setTimeout(resolve, timeoutMilliseconds));
402
- }
403
- }
404
- return clusterEndpoint;
405
- }));
406
- // Compute the required kubeconfig. Note that we do not export this value: we want the exported config to
407
- // depend on the autoscaling group we'll create later so that nothing attempts to use the EKS cluster before
408
- // its worker nodes have come up.
409
- const genKubeconfig = (useProfileName) => {
410
- const kubeconfig = pulumi
411
- .all([
412
- eksCluster.name,
413
- endpoint,
414
- eksCluster.certificateAuthority,
415
- args.providerCredentialOpts,
416
- ])
417
- .apply(([clusterName, clusterEndpoint, clusterCertificateAuthority, providerCredentialOpts,]) => {
418
- let config = {};
419
- if (args.creationRoleProvider) {
420
- config = args.creationRoleProvider.role.arn.apply((arn) => {
421
- const opts = { roleArn: arn };
422
- return generateKubeconfig(clusterName, clusterEndpoint, useProfileName, clusterCertificateAuthority === null || clusterCertificateAuthority === void 0 ? void 0 : clusterCertificateAuthority.data, opts);
423
- });
424
- }
425
- else if (providerCredentialOpts) {
426
- config = generateKubeconfig(clusterName, clusterEndpoint, useProfileName, clusterCertificateAuthority === null || clusterCertificateAuthority === void 0 ? void 0 : clusterCertificateAuthority.data, providerCredentialOpts);
427
- }
428
- else {
429
- config = generateKubeconfig(clusterName, clusterEndpoint, useProfileName, clusterCertificateAuthority === null || clusterCertificateAuthority === void 0 ? void 0 : clusterCertificateAuthority.data);
430
- }
431
- return config;
432
- });
433
- return kubeconfig;
434
- };
435
- // We need 2 forms of kubeconfig, one with the profile name and one without. The one with the profile name
436
- // is required to interact with the cluster by this provider. The one without is used by the user to interact
437
- // with the cluster and enable multi-user access.
438
- const kubeconfig = genKubeconfig(true);
439
- const kubeconfigWithoutProfile = genKubeconfig(false);
440
- const k8sProvider = new k8s.Provider(`${name}-eks-k8s`, {
441
- kubeconfig: kubeconfig.apply(JSON.stringify),
442
- enableConfigMapMutable: args.enableConfigMapMutable,
443
- }, { parent: parent });
444
- const skipDefaultNodeGroup = args.skipDefaultNodeGroup || args.fargate;
445
- let instanceRoles;
446
- let defaultInstanceRole;
447
- // Create role mappings of the instance roles specified for aws-auth.
448
- if (args.instanceRoles) {
449
- instanceRoles = pulumi.output(args.instanceRoles);
450
- }
451
- else if (args.instanceRole) {
452
- // Create an instance profile if using a default node group
453
- if (!skipDefaultNodeGroup) {
454
- nodeGroupOptions.instanceProfile = createOrGetInstanceProfile(name, parent, args.instanceRole, args.instanceProfileName);
455
- }
456
- instanceRoles = pulumi.output([args.instanceRole]);
457
- defaultInstanceRole = pulumi.output(args.instanceRole);
458
- }
459
- else {
460
- const instanceRole = new servicerole_1.ServiceRole(`${name}-instanceRole`, {
461
- service: pulumi.interpolate `ec2.${dnsSuffix}`,
462
- managedPolicyArns: [
463
- {
464
- id: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
465
- arn: pulumi.interpolate `arn:${partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy`,
466
- },
467
- {
468
- id: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
469
- arn: pulumi.interpolate `arn:${partition}:iam::aws:policy/AmazonEKS_CNI_Policy`,
470
- },
471
- {
472
- id: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
473
- arn: pulumi.interpolate `arn:${partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly`,
474
- },
475
- ],
476
- tags: args.tags,
477
- }, { parent, provider }).role;
478
- defaultInstanceRole = instanceRole;
479
- instanceRoles = pulumi.output([instanceRole]);
480
- // Create a new policy for the role, if specified.
481
- if (args.customInstanceRolePolicy) {
482
- pulumi.log.warn("Option `customInstanceRolePolicy` has been deprecated. Please use `instanceRole` or `instanceRoles`. The role provided to either option should already include all required policies.", eksCluster);
483
- const customRolePolicy = new aws.iam.RolePolicy(`${name}-EKSWorkerCustomPolicy`, {
484
- role: instanceRole,
485
- policy: args.customInstanceRolePolicy,
486
- }, { parent, provider });
487
- }
488
- // Create an instance profile if using a default node group
489
- if (!skipDefaultNodeGroup) {
490
- nodeGroupOptions.instanceProfile = createOrGetInstanceProfile(name, parent, instanceRole, args.instanceProfileName);
491
- }
492
- }
493
- let eksNodeAccess = undefined;
494
- if ((0, authenticationMode_1.supportsConfigMap)(args.authenticationMode)) {
495
- // Create the aws-auth ConfigMap if the authentication mode supports it. This maps instance roles, regular IAM roles, and IAM users to
496
- // Kubernetes RBAC users and groups.
497
- const nodeAccessData = (0, authenticationMode_1.createAwsAuthData)(instanceRoles, args.roleMappings, args.userMappings);
498
- eksNodeAccess = new k8s.core.v1.ConfigMap(`${name}-nodeAccess`, {
499
- apiVersion: "v1",
500
- immutable: false,
501
- metadata: {
502
- name: `aws-auth`,
503
- namespace: "kube-system",
504
- annotations: {
505
- "pulumi.com/patchForce": "true",
506
- },
507
- },
508
- data: nodeAccessData,
509
- }, { parent, provider: k8sProvider });
510
- }
511
- // Create the access entries if the authentication mode supports it.
512
- let accessEntries = undefined;
513
- if ((0, authenticationMode_1.supportsAccessEntries)(args.authenticationMode)) {
514
- // This additionally maps the defaultInstanceRole to a EC2_LINUX access entry which allows the nodes to register & communicate with the EKS control plane.
515
- if (defaultInstanceRole) {
516
- accessEntries = (0, authenticationMode_1.createAccessEntries)(name, eksCluster.name, {
517
- defaultNodeGroupInstanceRole: {
518
- principalArn: defaultInstanceRole.arn,
519
- type: exports.AccessEntryType.EC2_LINUX,
520
- },
521
- }, { parent, provider, dependsOn: [eksCluster] });
522
- }
523
- accessEntries = (accessEntries || []).concat((0, authenticationMode_1.createAccessEntries)(name, eksCluster.name, args.accessEntries || {}, {
524
- parent,
525
- provider,
526
- dependsOn: [eksCluster],
527
- }));
528
- }
529
- const authDependencies = [
530
- ...(accessEntries ? accessEntries : []),
531
- ...(eksNodeAccess ? [eksNodeAccess] : []),
532
- ];
533
- // Add any requested StorageClasses.
534
- const storageClasses = args.storageClasses || {};
535
- const userStorageClasses = {};
536
- if (typeof storageClasses === "string") {
537
- const storageClass = { type: storageClasses, default: true };
538
- userStorageClasses[storageClasses] = pulumi.output((0, storageclass_1.createStorageClass)(`${name.toLowerCase()}-${storageClasses}`, storageClass, {
539
- parent,
540
- provider: k8sProvider,
541
- dependsOn: authDependencies,
542
- }));
543
- }
544
- else {
545
- for (const key of Object.keys(storageClasses)) {
546
- userStorageClasses[key] = pulumi.output((0, storageclass_1.createStorageClass)(`${name.toLowerCase()}-${key}`, storageClasses[key], {
547
- parent,
548
- provider: k8sProvider,
549
- dependsOn: authDependencies,
550
- }));
551
- }
552
- }
553
- // Create the VPC CNI management resource.
554
- let vpcCni;
555
- if (!args.useDefaultVpcCni) {
556
- vpcCni = new cni_1.VpcCni(`${name}-vpc-cni`, kubeconfig.apply(JSON.stringify), args.vpcCniOptions, { parent, dependsOn: authDependencies });
557
- }
558
- const fargateProfile = pulumi
559
- .output(args.fargate)
560
- .apply((argsFargate) => {
561
- let result;
562
- if (argsFargate) {
563
- const fargate = argsFargate !== true ? argsFargate : {};
564
- const podExecutionRoleArn = fargate.podExecutionRoleArn ||
565
- new servicerole_1.ServiceRole(`${name}-podExecutionRole`, {
566
- service: "eks-fargate-pods.amazonaws.com",
567
- managedPolicyArns: [
568
- {
569
- id: "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
570
- arn: pulumi.interpolate `arn:${partition}:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy`,
571
- },
572
- ],
573
- tags: args.tags,
574
- }, { parent, provider }).role.apply((r) => r.arn);
575
- const selectors = fargate.selectors || [
576
- // For `fargate: true`, default to including the `default` namespaces and
577
- // `kube-system` namespaces so that all pods by default run in Fargate.
578
- { namespace: "default" },
579
- { namespace: "kube-system" },
580
- ];
581
- const reservedAwsPrefix = "eks";
582
- let fargateProfileName = name;
583
- const profileNameRegex = new RegExp("^" + reservedAwsPrefix + "-", "i"); // starts with (^) 'eks-', (i)gnore casing
584
- if (fargateProfileName === reservedAwsPrefix || profileNameRegex.test(name)) {
585
- fargateProfileName = fargateProfileName.replace("-", "_");
586
- fargateProfileName = `${fargateProfileName}fargateProfile`;
587
- }
588
- else {
589
- // default, and to maintain backwards compat for existing cluster fargate profiles.
590
- fargateProfileName = `${fargateProfileName}-fargateProfile`;
591
- }
592
- result = new aws.eks.FargateProfile(fargateProfileName, {
593
- clusterName: eksCluster.name,
594
- podExecutionRoleArn: podExecutionRoleArn,
595
- selectors: selectors,
596
- subnetIds: pulumi.output(clusterSubnetIds).apply((subnets) => {
597
- var _a;
598
- if (((_a = fargate.subnetIds) === null || _a === void 0 ? void 0 : _a.length) && fargate.subnetIds.length > 0) {
599
- return (0, nodegroup_1.computeWorkerSubnets)(parent, fargate.subnetIds);
600
- }
601
- else {
602
- return (0, nodegroup_1.computeWorkerSubnets)(parent, subnets);
603
- }
604
- }),
605
- }, { parent, dependsOn: eksNodeAccess ? [eksNodeAccess] : undefined, provider });
606
- // Once the FargateProfile has been created, try to patch/remove the CoreDNS computeType annotation. See
607
- // https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns.
608
- pulumi.all([result.id, selectors, kubeconfig]).apply(([_, sels, kconfig]) => {
609
- // Only patch CoreDNS if there is a selector in the FargateProfile which causes
610
- // `kube-system` pods to launch in Fargate.
611
- if (sels.findIndex((s) => s.namespace === "kube-system") !== -1) {
612
- // Only do the imperative patching during deployments, not previews.
613
- if (!pulumi.runtime.isDryRun()) {
614
- // Write the kubeconfig to a tmp file and use it to patch the `coredns`
615
- // deployment that AWS deployed already as part of cluster creation.
616
- const tmpKubeconfig = tmp.fileSync();
617
- fs.writeFileSync(tmpKubeconfig.fd, JSON.stringify(kconfig));
618
- // Determine if the CoreDNS deployment has a computeType annotation.
619
- const cmdGetAnnos = `kubectl get deployment coredns -n kube-system -o jsonpath='{.spec.template.metadata.annotations}'`;
620
- const getAnnosOutput = childProcess.execSync(cmdGetAnnos, {
621
- env: Object.assign(Object.assign({}, process.env), { KUBECONFIG: tmpKubeconfig.name }),
622
- });
623
- const getAnnosOutputStr = getAnnosOutput.toString();
624
- // See if getAnnosOutputStr contains the annotation we're looking for.
625
- if (!getAnnosOutputStr.includes("eks.amazonaws.com/compute-type")) {
626
- // No need to patch the deployment object since the annotation is not present. However, we need to re-create the CoreDNS pods since
627
- // the existing pods were created before the FargateProfile was created, and therefore will not have been scheduled by fargate-scheduler.
628
- // See: https://github.com/pulumi/pulumi-eks/issues/1030.
629
- const cmd = `kubectl rollout restart deployment coredns -n kube-system`;
630
- childProcess.execSync(cmd, {
631
- env: Object.assign(Object.assign({}, process.env), { KUBECONFIG: tmpKubeconfig.name }),
632
- });
633
- return;
634
- }
635
- const patch = [
636
- {
637
- op: "remove",
638
- path: "/spec/template/metadata/annotations/eks.amazonaws.com~1compute-type",
639
- },
640
- ];
641
- const cmd = `kubectl patch deployment coredns -n kube-system --type json -p='${JSON.stringify(patch)}'`;
642
- childProcess.execSync(cmd, {
643
- env: Object.assign(Object.assign({}, process.env), { KUBECONFIG: tmpKubeconfig.name }),
644
- });
645
- }
646
- }
647
- });
34
+ static isInstance(obj) {
35
+ if (obj === undefined || obj === null) {
36
+ return false;
648
37
  }
649
- return result;
650
- });
651
- // Setup OIDC provider to leverage IAM roles for k8s service accounts.
652
- let oidcProvider;
653
- if (args.createOidcProvider) {
654
- // Retrieve the OIDC provider URL's intermediate root CA fingerprint.
655
- const awsRegionName = pulumi.output(aws.getRegion({}, { parent, async: true })).name;
656
- const eksOidcProviderUrl = pulumi.interpolate `https://oidc.eks.${awsRegionName}.${dnsSuffix}`;
657
- const agent = createHttpAgent(args.proxy);
658
- const fingerprint = (0, cert_thumprint_1.getIssuerCAThumbprint)(eksOidcProviderUrl, agent);
659
- // Create the OIDC provider for the cluster.
660
- oidcProvider = new aws.iam.OpenIdConnectProvider(`${name}-oidcProvider`, {
661
- clientIdLists: ["sts.amazonaws.com"],
662
- url: eksCluster.identities[0].oidcs[0].issuer,
663
- thumbprintLists: [fingerprint],
664
- }, { parent, provider });
38
+ return obj['__pulumiType'] === Cluster.__pulumiType;
665
39
  }
666
- return {
667
- vpcId: pulumi.output(vpcId),
668
- subnetIds: args.subnetIds ? pulumi.output(args.subnetIds) : pulumi.output(clusterSubnetIds),
669
- publicSubnetIds: args.publicSubnetIds ? pulumi.output(args.publicSubnetIds) : undefined,
670
- privateSubnetIds: args.privateSubnetIds ? pulumi.output(args.privateSubnetIds) : undefined,
671
- clusterSecurityGroup: eksClusterSecurityGroup,
672
- cluster: eksCluster,
673
- endpoint: endpoint,
674
- nodeGroupOptions: nodeGroupOptions,
675
- kubeconfig: kubeconfigWithoutProfile,
676
- provider: k8sProvider,
677
- awsProvider: provider,
678
- vpcCni: vpcCni,
679
- instanceRoles: instanceRoles,
680
- eksNodeAccess: eksNodeAccess,
681
- tags: args.tags,
682
- nodeSecurityGroupTags: args.nodeSecurityGroupTags,
683
- storageClasses: userStorageClasses,
684
- fargateProfile: fargateProfile,
685
- oidcProvider: oidcProvider,
686
- encryptionConfig: encryptionConfig,
687
- clusterIamRole: eksRole,
688
- accessEntries: accessEntries ? pulumi.output(accessEntries) : undefined,
689
- };
690
- }
691
- exports.createCore = createCore;
692
- /**
693
- * Create an HTTP Agent for use with HTTP(S) requests.
694
- * Using a proxy is supported.
695
- */
696
- function createHttpAgent(proxy) {
697
- if (!proxy) {
698
- // Attempt to default to the proxy env vars.
699
- //
700
- // Note: Envars used are a convention that were based on:
701
- // - curl: https://curl.haxx.se/docs/manual.html
702
- // - wget: https://www.gnu.org/software/wget/manual/html_node/Proxies.html
703
- proxy =
704
- process.env.HTTPS_PROXY ||
705
- process.env.https_proxy ||
706
- process.env.HTTP_PROXY ||
707
- process.env.http_proxy;
708
- }
709
- if (proxy) {
710
- /**
711
- * Create an HTTP(s) proxy agent with the given options.
712
- *
713
- * The agent connects to the proxy and issues a HTTP CONNECT
714
- * method to the proxy, which connects to the dest.
715
- *
716
- * Note: CONNECT is not cacheable.
717
- *
718
- * See for more details:
719
- * - https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT
720
- * - https://www.npmjs.com/package/https-proxy-agent
721
- */
722
- return HttpsProxyAgent(Object.assign(Object.assign({}, url.parse(proxy)), { rejectUnauthorized: false }));
723
- }
724
- return new https.Agent({
725
- // Cached sessions can result in the certificate not being
726
- // available since its already been "accepted." Disable caching.
727
- maxCachedSessions: 0,
728
- });
729
- }
730
- /* tslint:disable-next-line */ // Generating the enum object for AuthenticationMode like codegen does
731
- exports.AuthenticationMode = {
732
- /**
733
- * Only Access Entries will be used for authenticating to the Kubernetes API.
734
- */
735
- API: "API",
736
- /**
737
- * Only aws-auth ConfigMap will be used for authenticating to the Kubernetes API.
738
- *
739
- * @deprecated The aws-auth ConfigMap is deprecated. The recommended method to manage access to Kubernetes APIs is Access Entries with the AuthenticationMode API.
740
- * For more information and instructions how to upgrade, see https://docs.aws.amazon.com/eks/latest/userguide/migrating-access-entries.html.
741
- */
742
- CONFIG_MAP: "CONFIG_MAP",
743
- /**
744
- * Both aws-auth ConfigMap and Access Entries can be used for authenticating to the Kubernetes API.
745
- *
746
- * @deprecated The aws-auth ConfigMap is deprecated. The recommended method to manage access to Kubernetes APIs is Access Entries with the AuthenticationMode API.
747
- * For more information and instructions how to upgrade, see https://docs.aws.amazon.com/eks/latest/userguide/migrating-access-entries.html.
748
- */
749
- API_AND_CONFIG_MAP: "API_AND_CONFIG_MAP",
750
- };
751
- /* tslint:disable-next-line */ // Generating the enum object for AccessEntryType like codegen does
752
- exports.AccessEntryType = {
753
- /**
754
- * Standard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
755
- */
756
- STANDARD: "STANDARD",
757
- /**
758
- * For IAM roles used with AWS Fargate profiles.
759
- */
760
- FARGATE_LINUX: "FARGATE_LINUX",
761
- /**
762
- * For IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
763
- */
764
- EC2_LINUX: "EC2_LINUX",
765
- /**
766
- * For IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
767
- */
768
- EC2_WINDOWS: "EC2_WINDOWS",
769
- };
770
- /**
771
- * Cluster is a component that wraps the AWS and Kubernetes resources necessary to run an EKS cluster, its worker
772
- * nodes, its optional StorageClasses, and an optional deployment of the Kubernetes Dashboard.
773
- */
774
- class Cluster extends pulumi.ComponentResource {
775
40
  /**
776
- * Create a new EKS cluster with worker nodes, optional storage classes, and deploy the Kubernetes Dashboard if
777
- * requested.
41
+ * Create a Cluster resource with the given unique name, arguments, and options.
778
42
  *
779
- * @param name The _unique_ name of this component.
780
- * @param args The arguments for this cluster.
781
- * @param opts A bag of options that control this component's behavior.
43
+ * @param name The _unique_ name of the resource.
44
+ * @param args The arguments to use to populate this resource's properties.
45
+ * @param opts A bag of options that control this resource's behavior.
782
46
  */
783
47
  constructor(name, args, opts) {
784
- const type = "eks:index:Cluster";
785
- if (opts === null || opts === void 0 ? void 0 : opts.urn) {
786
- const props = {
787
- kubeconfig: undefined,
788
- eksCluster: undefined,
789
- };
790
- super(type, name, props, opts);
791
- return;
48
+ let resourceInputs = {};
49
+ opts = opts || {};
50
+ if (!opts.id) {
51
+ resourceInputs["accessEntries"] = args ? args.accessEntries : undefined;
52
+ resourceInputs["authenticationMode"] = args ? args.authenticationMode : undefined;
53
+ resourceInputs["clusterSecurityGroup"] = args ? args.clusterSecurityGroup : undefined;
54
+ resourceInputs["clusterSecurityGroupTags"] = args ? args.clusterSecurityGroupTags : undefined;
55
+ resourceInputs["clusterTags"] = args ? args.clusterTags : undefined;
56
+ resourceInputs["corednsAddonOptions"] = args ? (args.corednsAddonOptions ? inputs.coreDnsAddonOptionsArgsProvideDefaults(args.corednsAddonOptions) : undefined) : undefined;
57
+ resourceInputs["createOidcProvider"] = args ? args.createOidcProvider : undefined;
58
+ resourceInputs["creationRoleProvider"] = args ? args.creationRoleProvider : undefined;
59
+ resourceInputs["defaultAddonsToRemove"] = args ? args.defaultAddonsToRemove : undefined;
60
+ resourceInputs["desiredCapacity"] = args ? args.desiredCapacity : undefined;
61
+ resourceInputs["enableConfigMapMutable"] = args ? args.enableConfigMapMutable : undefined;
62
+ resourceInputs["enabledClusterLogTypes"] = args ? args.enabledClusterLogTypes : undefined;
63
+ resourceInputs["encryptionConfigKeyArn"] = args ? args.encryptionConfigKeyArn : undefined;
64
+ resourceInputs["endpointPrivateAccess"] = args ? args.endpointPrivateAccess : undefined;
65
+ resourceInputs["endpointPublicAccess"] = args ? args.endpointPublicAccess : undefined;
66
+ resourceInputs["fargate"] = args ? args.fargate : undefined;
67
+ resourceInputs["gpu"] = args ? args.gpu : undefined;
68
+ resourceInputs["instanceProfileName"] = args ? args.instanceProfileName : undefined;
69
+ resourceInputs["instanceRole"] = args ? args.instanceRole : undefined;
70
+ resourceInputs["instanceRoles"] = args ? args.instanceRoles : undefined;
71
+ resourceInputs["instanceType"] = args ? args.instanceType : undefined;
72
+ resourceInputs["ipFamily"] = args ? args.ipFamily : undefined;
73
+ resourceInputs["kubeProxyAddonOptions"] = args ? (args.kubeProxyAddonOptions ? inputs.kubeProxyAddonOptionsArgsProvideDefaults(args.kubeProxyAddonOptions) : undefined) : undefined;
74
+ resourceInputs["kubernetesServiceIpAddressRange"] = args ? args.kubernetesServiceIpAddressRange : undefined;
75
+ resourceInputs["maxSize"] = args ? args.maxSize : undefined;
76
+ resourceInputs["minSize"] = args ? args.minSize : undefined;
77
+ resourceInputs["name"] = args ? args.name : undefined;
78
+ resourceInputs["nodeAmiId"] = args ? args.nodeAmiId : undefined;
79
+ resourceInputs["nodeAssociatePublicIpAddress"] = args ? args.nodeAssociatePublicIpAddress : undefined;
80
+ resourceInputs["nodeGroupOptions"] = args ? args.nodeGroupOptions : undefined;
81
+ resourceInputs["nodePublicKey"] = args ? args.nodePublicKey : undefined;
82
+ resourceInputs["nodeRootVolumeEncrypted"] = args ? args.nodeRootVolumeEncrypted : undefined;
83
+ resourceInputs["nodeRootVolumeSize"] = args ? args.nodeRootVolumeSize : undefined;
84
+ resourceInputs["nodeSecurityGroupTags"] = args ? args.nodeSecurityGroupTags : undefined;
85
+ resourceInputs["nodeSubnetIds"] = args ? args.nodeSubnetIds : undefined;
86
+ resourceInputs["nodeUserData"] = args ? args.nodeUserData : undefined;
87
+ resourceInputs["privateSubnetIds"] = args ? args.privateSubnetIds : undefined;
88
+ resourceInputs["providerCredentialOpts"] = args ? args.providerCredentialOpts : undefined;
89
+ resourceInputs["proxy"] = args ? args.proxy : undefined;
90
+ resourceInputs["publicAccessCidrs"] = args ? args.publicAccessCidrs : undefined;
91
+ resourceInputs["publicSubnetIds"] = args ? args.publicSubnetIds : undefined;
92
+ resourceInputs["roleMappings"] = args ? args.roleMappings : undefined;
93
+ resourceInputs["serviceRole"] = args ? args.serviceRole : undefined;
94
+ resourceInputs["skipDefaultNodeGroup"] = args ? args.skipDefaultNodeGroup : undefined;
95
+ resourceInputs["storageClasses"] = args ? args.storageClasses : undefined;
96
+ resourceInputs["subnetIds"] = args ? args.subnetIds : undefined;
97
+ resourceInputs["tags"] = args ? args.tags : undefined;
98
+ resourceInputs["useDefaultVpcCni"] = args ? args.useDefaultVpcCni : undefined;
99
+ resourceInputs["userMappings"] = args ? args.userMappings : undefined;
100
+ resourceInputs["version"] = args ? args.version : undefined;
101
+ resourceInputs["vpcCniOptions"] = args ? (args.vpcCniOptions ? inputs.vpcCniOptionsArgsProvideDefaults(args.vpcCniOptions) : undefined) : undefined;
102
+ resourceInputs["vpcId"] = args ? args.vpcId : undefined;
103
+ resourceInputs["awsProvider"] = undefined /*out*/;
104
+ resourceInputs["core"] = undefined /*out*/;
105
+ resourceInputs["defaultNodeGroup"] = undefined /*out*/;
106
+ resourceInputs["eksCluster"] = undefined /*out*/;
107
+ resourceInputs["eksClusterIngressRule"] = undefined /*out*/;
108
+ resourceInputs["kubeconfig"] = undefined /*out*/;
109
+ resourceInputs["kubeconfigJson"] = undefined /*out*/;
110
+ resourceInputs["nodeSecurityGroup"] = undefined /*out*/;
792
111
  }
793
- super(type, name, args, opts);
794
- const cluster = createCluster(name, this, args, opts);
795
- this.kubeconfig = cluster.kubeconfig;
796
- this.kubeconfigJson = cluster.kubeconfigJson;
797
- this.provider = cluster.provider;
798
- this.clusterSecurityGroup = cluster.clusterSecurityGroup;
799
- this.instanceRoles = cluster.instanceRoles;
800
- this.nodeSecurityGroup = cluster.nodeSecurityGroup;
801
- this.eksClusterIngressRule = cluster.eksClusterIngressRule;
802
- this.defaultNodeGroup = cluster.defaultNodeGroup;
803
- this.eksCluster = cluster.eksCluster;
804
- this.core = cluster.core;
805
- this.registerOutputs({
806
- kubeconfig: this.kubeconfig,
807
- eksCluster: this.eksCluster,
808
- });
809
- }
810
- /**
811
- * Create a self-managed node group using CloudFormation and an ASG.
812
- *
813
- * See for more details:
814
- * https://docs.aws.amazon.com/eks/latest/userguide/worker.html
815
- */
816
- createNodeGroup(name, args) {
817
- const awsProvider = this.core.awsProvider ? { aws: this.core.awsProvider } : undefined;
818
- return new nodegroup_1.NodeGroup(name, Object.assign(Object.assign({}, args), { cluster: this.core, nodeSecurityGroup: this.core.nodeGroupOptions.nodeSecurityGroup, clusterIngressRule: this.core.nodeGroupOptions.clusterIngressRule }), {
819
- parent: this,
820
- providers: Object.assign(Object.assign({}, awsProvider), { kubernetes: this.provider }),
821
- });
112
+ else {
113
+ resourceInputs["awsProvider"] = undefined /*out*/;
114
+ resourceInputs["clusterSecurityGroup"] = undefined /*out*/;
115
+ resourceInputs["core"] = undefined /*out*/;
116
+ resourceInputs["defaultNodeGroup"] = undefined /*out*/;
117
+ resourceInputs["eksCluster"] = undefined /*out*/;
118
+ resourceInputs["eksClusterIngressRule"] = undefined /*out*/;
119
+ resourceInputs["instanceRoles"] = undefined /*out*/;
120
+ resourceInputs["kubeconfig"] = undefined /*out*/;
121
+ resourceInputs["kubeconfigJson"] = undefined /*out*/;
122
+ resourceInputs["nodeSecurityGroup"] = undefined /*out*/;
123
+ }
124
+ opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
125
+ super(Cluster.__pulumiType, name, resourceInputs, opts, true /*remote*/);
822
126
  }
823
127
  /**
824
- * Generate a kubeconfig for cluster authentication that does not use the
825
- * default AWS credential provider chain, and instead is scoped to
826
- * the supported options in `KubeconfigOptions`.
128
+ * Generate a kubeconfig for cluster authentication that does not use the default AWS credential provider chain, and instead is scoped to the supported options in `KubeconfigOptions`.
827
129
  *
828
- * The kubeconfig generated is automatically stringified for ease of use
829
- * with the pulumi/kubernetes provider.
130
+ * The kubeconfig generated is automatically stringified for ease of use with the pulumi/kubernetes provider.
830
131
  *
831
132
  * See for more details:
832
133
  * - https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
@@ -834,143 +135,15 @@ class Cluster extends pulumi.ComponentResource {
834
135
  * - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
835
136
  */
836
137
  getKubeconfig(args) {
837
- var _a;
838
- const kc = generateKubeconfig(this.eksCluster.name, this.eksCluster.endpoint, true, (_a = this.eksCluster.certificateAuthority) === null || _a === void 0 ? void 0 : _a.data, args);
839
- return pulumi.output(kc).apply(JSON.stringify);
138
+ args = args || {};
139
+ return pulumi.runtime.call("eks:index:Cluster/getKubeconfig", {
140
+ "__self__": this,
141
+ "profileName": args.profileName,
142
+ "roleArn": args.roleArn,
143
+ }, this);
840
144
  }
841
145
  }
842
146
  exports.Cluster = Cluster;
843
147
  /** @internal */
844
- function createCluster(name, self, args, opts) {
845
- args = args || {};
846
- // Check that AWS provider credential options are set for the kubeconfig
847
- // to use with the given auth method.
848
- if ((opts === null || opts === void 0 ? void 0 : opts.provider) && !args.providerCredentialOpts) {
849
- throw new Error("It looks like you're using an explicit AWS provider. Please specify this provider in providerCredentialOpts.");
850
- }
851
- if (process.env.AWS_PROFILE && !args.providerCredentialOpts) {
852
- args.providerCredentialOpts = {
853
- profileName: process.env.AWS_PROFILE,
854
- };
855
- }
856
- const awsConfig = new pulumi.Config("aws");
857
- const awsProfile = awsConfig.get("profile");
858
- if (awsProfile && !args.providerCredentialOpts) {
859
- args.providerCredentialOpts = {
860
- profileName: awsProfile,
861
- };
862
- }
863
- // Create the core resources required by the cluster.
864
- const core = createCore(name, args, self, opts === null || opts === void 0 ? void 0 : opts.provider);
865
- // Create default node group security group and cluster ingress rule.
866
- const [nodeSecurityGroup, eksClusterIngressRule] = (0, securitygroup_1.createNodeGroupSecurityGroup)(name, {
867
- vpcId: core.vpcId,
868
- clusterSecurityGroup: core.clusterSecurityGroup,
869
- eksCluster: core.cluster,
870
- tags: pulumi.all([args.tags, args.nodeSecurityGroupTags]).apply(([tags, nodeSecurityGroupTags]) => (Object.assign(Object.assign({}, nodeSecurityGroupTags), tags))),
871
- }, self);
872
- core.nodeGroupOptions.nodeSecurityGroup = nodeSecurityGroup;
873
- core.nodeGroupOptions.clusterIngressRule = eksClusterIngressRule;
874
- const skipDefaultNodeGroup = args.skipDefaultNodeGroup || args.fargate;
875
- // Create the default worker node group and grant the workers access to the API server.
876
- const configDeps = [core.kubeconfig];
877
- let defaultNodeGroup = undefined;
878
- if (!skipDefaultNodeGroup) {
879
- defaultNodeGroup = (0, nodegroup_1.createNodeGroup)(name, Object.assign({ cluster: core }, core.nodeGroupOptions), self);
880
- if (defaultNodeGroup.cfnStack) {
881
- configDeps.push(defaultNodeGroup.cfnStack.id);
882
- }
883
- }
884
- // Export the cluster's kubeconfig with a dependency upon the cluster's autoscaling group. This will help
885
- // ensure that the cluster's consumers do not attempt to use the cluster until its workers are attached.
886
- const kubeconfig = pulumi.all(configDeps).apply(([kc]) => kc);
887
- const kubeconfigJson = kubeconfig.apply(JSON.stringify);
888
- // Export a k8s provider with the above kubeconfig. Note that we do not export the provider we created earlier
889
- // in order to help ensure that worker nodes are available before the provider can be used.
890
- const provider = new k8s.Provider(`${name}-provider`, {
891
- kubeconfig: kubeconfigJson,
892
- }, { parent: self });
893
- // If we need to deploy the Kubernetes dashboard, do so now.
894
- if (args.deployDashboard) {
895
- pulumi.log.warn("Option `deployDashboard` has been deprecated. Please consider using the Helm chart, or writing the dashboard directly in Pulumi.", core.cluster);
896
- (0, dashboard_1.createDashboard)(name, {}, self, provider);
897
- }
898
- return {
899
- core,
900
- clusterSecurityGroup: core.clusterSecurityGroup,
901
- eksCluster: core.cluster,
902
- instanceRoles: core.instanceRoles,
903
- awsProvider: core.awsProvider,
904
- nodeSecurityGroup,
905
- eksClusterIngressRule,
906
- defaultNodeGroup,
907
- kubeconfig,
908
- kubeconfigJson,
909
- provider,
910
- };
911
- }
912
- exports.createCluster = createCluster;
913
- /**
914
- * This is a variant of `Cluster` that is used for the MLC `Cluster`. We don't just use `Cluster`,
915
- * because not all of its output properties are typed as `Output<T>`, which prevents it from being
916
- * able to be correctly "rehydrated" from a resource reference. So we use this copy instead rather
917
- * than modifying the public surface area of the existing `Cluster` class, which is still being
918
- * used directly by users using the Node.js SDK. Once we move Node.js over to the generated MLC SDK,
919
- * we can clean all this up. Internally, this leverages the same `createCluster` helper method that
920
- * `Cluster` uses.
921
- *
922
- * @internal
923
- */
924
- class ClusterInternal extends pulumi.ComponentResource {
925
- constructor(name, args, opts) {
926
- var _a;
927
- const type = "eks:index:Cluster";
928
- if (opts === null || opts === void 0 ? void 0 : opts.urn) {
929
- const props = {
930
- clusterSecurityGroup: undefined,
931
- core: undefined,
932
- defaultNodeGroup: undefined,
933
- eksCluster: undefined,
934
- eksClusterIngressRule: undefined,
935
- instanceRoles: undefined,
936
- kubeconfig: undefined,
937
- kubeconfigJson: undefined,
938
- nodeSecurityGroup: undefined,
939
- };
940
- super(type, name, props, opts);
941
- return;
942
- }
943
- super(type, name, args, opts);
944
- if ((_a = args === null || args === void 0 ? void 0 : args.creationRoleProvider) === null || _a === void 0 ? void 0 : _a.provider) {
945
- throw new Error("The `creationRoleProvider.provider` option is not supported in non-nodejs Pulumi programs. Please use the `providerCredentialOpts` option instead.");
946
- }
947
- const cluster = createCluster(name, this, args, opts);
948
- this.kubeconfig = cluster.kubeconfig;
949
- this.kubeconfigJson = cluster.kubeconfigJson;
950
- this.clusterSecurityGroup = pulumi.output(cluster.clusterSecurityGroup);
951
- this.instanceRoles = cluster.instanceRoles;
952
- this.nodeSecurityGroup = pulumi.output(cluster.nodeSecurityGroup);
953
- this.eksClusterIngressRule = pulumi.output(cluster.eksClusterIngressRule);
954
- this.defaultNodeGroup = pulumi.output(cluster.defaultNodeGroup);
955
- this.eksCluster = pulumi.output(cluster.eksCluster);
956
- this.core = pulumi.output(cluster.core);
957
- this.registerOutputs({
958
- clusterSecurityGroup: this.clusterSecurityGroup,
959
- core: this.core,
960
- defaultNodeGroup: this.defaultNodeGroup,
961
- eksCluster: this.eksCluster,
962
- eksClusterIngressRule: this.eksClusterIngressRule,
963
- instanceRoles: this.instanceRoles,
964
- kubeconfig: this.kubeconfig,
965
- kubeconfigJson: this.kubeconfigJson,
966
- nodeSecurityGroup: this.nodeSecurityGroup,
967
- });
968
- }
969
- getKubeconfig(args) {
970
- var _a;
971
- const kc = generateKubeconfig(this.eksCluster.name, this.eksCluster.endpoint, true, (_a = this.eksCluster.certificateAuthority) === null || _a === void 0 ? void 0 : _a.data, args);
972
- return pulumi.output(kc).apply(JSON.stringify);
973
- }
974
- }
975
- exports.ClusterInternal = ClusterInternal;
148
+ Cluster.__pulumiType = 'eks:index:Cluster';
976
149
  //# sourceMappingURL=cluster.js.map