Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
import * as pulumi from "@pulumi/pulumi";
import { config } from "./config";
const projectName = pulumi.getProject();
export const adminsIamRoleArn = config.adminsIamRoleArn
export const devsIamRoleArn = config.devsIamRoleArn
export const stdNodegroupIamRoleArn = config.stdNodegroupIamRoleArn
export const perfNodegroupIamRoleArn = config.perfNodegroupIamRoleArn
const adminsIamRoleName = adminsIamRoleArn.apply(s => s.split("/")).apply(s => s[1])
const devsIamRoleName = devsIamRoleArn.apply(s => s.split("/")).apply(s => s[1])
const stdNodegroupIamRoleName = stdNodegroupIamRoleArn.apply(s => s.split("/")).apply(s => s[1])
const perfNodegroupIamRoleName = perfNodegroupIamRoleArn.apply(s => s.split("/")).apply(s => s[1])
// Create an EKS cluster.
const cluster = new eks.Cluster(`${projectName}`, {
instanceRoles: [
aws.iam.Role.get("adminsIamRole", stdNodegroupIamRoleName),
aws.iam.Role.get("devsIamRole", perfNodegroupIamRoleName),
],
roleMappings: [
{
roleArn: config.adminsIamRoleArn,
groups: ["system:masters"],
username: "pulumi:admins",
},
{
roleArn: config.devsIamRoleArn,
groups: ["pulumi:devs"],
username: "pulumi:alice",
},
],
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as iam from "./iam";
// IAM roles for the node groups.
const role1 = iam.createRole("example-role1");
const role2 = iam.createRole("example-role2");
// Create an EKS cluster.
const cluster = new eks.Cluster("example-managed-nodegroups", {
skipDefaultNodeGroup: true,
deployDashboard: false,
instanceRoles: [role1, role2],
});
// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;
// Create a simple AWS managed node group using a cluster as input.
const managedNodeGroup1 = eks.createManagedNodeGroup("example-managed-ng1", {
cluster: cluster,
nodeGroupName: "aws-managed-ng1",
nodeRoleArn: role1.arn,
}, cluster);
// Create an explicit AWS managed node group using a cluster as input.
"project": "foobar",
"org": "barfoo",
},
clusterSecurityGroupTags: { "myClusterSecurityGroupTag1": "true" },
nodeSecurityGroupTags: { "myNodeSecurityGroupTag1": "true" },
clusterTags: { "myClusterTag1": "true" },
deployDashboard: false,
});
// Export the cluster's kubeconfig.
export const kubeconfig1 = cluster1.kubeconfig;
// Create an EKS cluster with no default node group.
const role0 = iam.createRole("example-tags-role0");
const instanceProfile0 = new aws.iam.InstanceProfile("example-tags-instanceProfile0", {role: role0});
const cluster2 = new eks.Cluster("example-tags-cluster2", {
skipDefaultNodeGroup: true,
deployDashboard: false,
instanceRole: role0,
tags: {
"project": "foo",
"org": "bar",
},
clusterSecurityGroupTags: { "myClusterSecurityGroupTag2": "true" },
nodeSecurityGroupTags: { "myNodeSecurityGroupTag2": "true" },
clusterTags: { "myClusterTag1": "true" },
});
// There are two approaches that can be used to add additional NodeGroups.
// 1. A `createNodeGroup` API on `eks.Cluster`
// 2. A `NodeGroup` resource which accepts an `eks.Cluster` as input
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as iam from "./iam";
// Create an EKS cluster with cluster and resource tags.
const cluster1 = new eks.Cluster("example-tags-cluster1", {
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 2,
tags: {
"project": "foobar",
"org": "barfoo",
},
clusterSecurityGroupTags: { "myClusterSecurityGroupTag1": "true" },
nodeSecurityGroupTags: { "myNodeSecurityGroupTag1": "true" },
clusterTags: { "myClusterTag1": "true" },
deployDashboard: false,
});
// Export the cluster's kubeconfig.
export const kubeconfig1 = cluster1.kubeconfig;
import * as eks from "@pulumi/eks"
// Create an EKS cluster with the default VPC, and default node group with
// two t2.medium node instances.
const cluster = new eks.Cluster("eks", {
deployDashboard: false,
});
export const kubeconfig = cluster.kubeconfig;
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
const name = "example-private-subnets-cluster";
// Create a VPC that uses private subnets.
const network = new awsx.Network(name, {
numberOfAvailabilityZones: 2,
usePrivateSubnets: true,
});
// Create a cluster with the desired specs, that does not auto assign a public
// IP to its workers.
const cluster = new eks.Cluster(name, {
deployDashboard: false,
desiredCapacity: 1,
maxSize: 1,
vpcId: network.vpcId,
subnetIds: network.subnetIds,
nodeAssociatePublicIpAddress: false,
});
export const kubeconfig = cluster.kubeconfig;
// Export the cluster's kubeconfig.
export const kubeconfig1 = cluster1.kubeconfig;
/**
* Per NodeGroup IAM: each NodeGroup will bring its own, specific instance
* role and profile.
*/
const role1 = iam.createRole("example-role1");
const role2 = iam.createRole("example-role2");
const instanceProfile1 = new aws.iam.InstanceProfile("example-instanceProfile1", {role: role1});
const instanceProfile2 = new aws.iam.InstanceProfile("example-instanceProfile2", {role: role2});
// Create an EKS cluster with many IAM roles to register with the cluster auth.
const cluster2 = new eks.Cluster("example-nodegroup-iam-advanced", {
skipDefaultNodeGroup: true,
deployDashboard: false,
instanceRoles: [role1, role2],
});
// Create node groups using a different `instanceProfile` tied to one of the many
// instance roles registered with the cluster auth through `instanceRoles`.
cluster2.createNodeGroup("example-ng-advanced-ondemand", {
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 2,
labels: {"ondemand": "true"},
instanceProfile: instanceProfile1,
});
import * as eks from "@pulumi/eks"
// Create an EKS cluster with the default VPC, and default node group with
// two t2.medium node instances.
const cluster = new eks.Cluster("eks", {
deployDashboard: false,
});
// Allocate a new VPC with custom settings, and a public & private subnet per AZ.
const vpc = new awsx.ec2.Vpc(`${projectName}`, {
cidrBlock: "172.16.0.0/16",
subnets: [{ type: "public" }, { type: "private" }],
});
// Export VPC ID and Subnets.
export const vpcId = vpc.id;
export const allVpcSubnets = vpc.privateSubnetIds.concat(vpc.publicSubnetIds);
// Create 3 IAM Roles and matching InstanceProfiles to use with the nodegroups.
const roles = iam.createRoles(projectName, 3);
const instanceProfiles = iam.createInstanceProfiles(projectName, roles);
// Create an EKS cluster.
const myCluster = new eks.Cluster(`${projectName}`, {
version: "1.13",
vpcId: vpcId,
subnetIds: allVpcSubnets,
nodeAssociatePublicIpAddress: false,
skipDefaultNodeGroup: true,
deployDashboard: false,
instanceRoles: roles,
enabledClusterLogTypes: ["api", "audit", "authenticator",
"controllerManager", "scheduler"],
});
export const kubeconfig = myCluster.kubeconfig;
export const clusterName = myCluster.core.cluster.name;
// Create a Standard node group of t2.medium workers.
const ngStandard = utils.createNodeGroup(`${projectName}-ng-standard`, {
ami: "ami-03a55127c613349a7", // k8s v1.13.7 in us-west-2
* Identical IAM for all NodeGroups: all NodeGroups share the same `instanceRole`.
*/
// Create example IAM roles and profiles to show to use them with NodeGroups.
// Note, all roles for the instance profiles are requried to at least have
// the following EKS Managed Policies attached to successfully auth and join the
// cluster:
// - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
// - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
// - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
const role0 = iam.createRole("example-role0");
const instanceProfile0 = new aws.iam.InstanceProfile("example-instanceProfile0", {role: role0});
// Create an EKS cluster with a shared IAM instance role to register with the
// cluster auth.
const cluster1 = new eks.Cluster("example-nodegroup-iam-simple", {
skipDefaultNodeGroup: true,
deployDashboard: false,
instanceRole: role0,
});
// There are two approaches that can be used to add additional NodeGroups.
// 1. A `createNodeGroup` API on `eks.Cluster`
// 2. A `NodeGroup` resource which accepts an `eks.Cluster` as input
// Create the node group using an `instanceProfile` tied to the shared, cluster
// instance role registered with the cluster auth through `instanceRole`.
cluster1.createNodeGroup("example-ng-simple-ondemand", {
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 2,