Unified EKS Schema¶
This is the unified EKS schema which is only supported through the GITOPS flow for now.
Cluster YAML¶
| apiVersion: infra.k8smgmt.io/v3 | string | |
| kind: Cluster | string | |
| metadata: | contains general cluster information | |
| name: | of the cluster | string |
| region: | the AWS region hosting this cluster | string |
| version: 1.29 | Valid variants are: "1.23", "1.24", "1.25", "1.26", "1.27", "1.28", "1.29" (default), "1.30", "1.31". |
string |
| tags: {} | used to tag AWS resources created by the vendor | object |
| annotations: {} | arbitrary metadata ignored by the vendor | object |
| spec: | Specification associated with the cluster | |
| type: eks | Cluster Type | string |
| blueprint: myblueprint | Blueprint associated with the cluster | string |
| blueprintversion: bpversion | Blueprint version associated with the cluster | string |
| cloudprovider: myprovider | Cloud credentials provider used to create and manage the cluster | string |
| cniprovider: Calico-v3.19.1 | Cni provider used to specify different cni options for the cluster | string |
| proxyconfig: {} | Configure Proxy if your infrastructure uses an Outbound Proxy | object |
| config: | a simple config, to be replaced with Cluster API | |
| metadata: | contains general cluster information | |
| name: | of the cluster | string |
| region: | the AWS region hosting this cluster | string |
| version: 1.29 | Valid variants are: "1.23", "1.24", "1.25", "1.26", "1.27", "1.28", "1.29" (default), "1.30", "1.31". |
string |
| tags: {} | used to tag AWS resources created by the vendor | object |
| annotations: {} | arbitrary metadata ignored by the vendor | object |
| kubernetesNetworkConfig: | contains cluster networking options | |
| ipFamily: IPv4 | Valid variants are: "IPv4" defines an IP family of v4 to be used when creating a new VPC and cluster., "IPv6" defines an IP family of v6 to be used when creating a new VPC and cluster.. |
string |
| serviceIPv4CIDR: | CIDR range from where ClusterIPs are assigned |
string |
| iam: | holds all IAM attributes of a cluster | |
| serviceRoleARN: | service role ARN of the cluster | string |
| serviceRolePermissionsBoundary: | permissions boundary for all identity-based entities created by the vendor. | string |
| fargatePodExecutionRoleARN: | role used by pods to access AWS APIs. This role is added to the Kubernetes RBAC for authorization. | string |
| fargatePodExecutionRolePermissionsBoundary: | permissions boundary for the fargate pod execution role. | string |
| withOIDC: | enables the IAM OIDC provider as well as IRSA for the Amazon CNI plugin | boolean |
| serviceAccounts: | service accounts to create in the cluster. | undefined[] |
| - metadata: | holds information we can use to create ObjectMeta for service accounts | |
| name: | service account name. | string |
| namespace: | service account namespace. | string |
| labels: {} | service account labels. | object |
| annotations: {} | service account annotations. | object |
| attachPolicyARNs: | list of ARNs of the IAM policies to attach | string[] |
| wellKnownPolicies: | for attaching common IAM policies | |
| imageBuilder: false | allows for full ECR (Elastic Container Registry) access. | boolean |
| autoScaler: false | service account annotations. | boolean |
| awsLoadBalancerController: false | adds policies for using the aws-load-balancer-controller. | boolean |
| externalDNS: false | adds external-dns policies for Amazon Route 53. | boolean |
| certManager: false | adds cert-manager policies. | boolean |
| ebsCSIController: false | adds policies for using the ebs-csi-controller. | boolean |
| efsCSIController: false | adds policies for using the efs-csi-controller. | boolean |
| attachPolicy: | holds a policy document to attach to this service account | object |
| attachRoleARN: | ARN of the role to attach to the service account | string |
| permissionsBoundary: | ARN of the permissions boundary to associate with the service account | string |
| status: | holds status of the IAM service account | |
| roleARN: | role ARN associated with the service account. | string |
| stackName: | string | |
| tags: {} | object | |
| capabilities: | string[] | |
| roleName: | Specific role name instead of the Cloudformation-generated role name | string |
| roleOnly: | Specify if only the IAM Service Account role should be created without creating/annotating the service account | boolean |
| tags: {} | AWS tags for the service account | object |
| podIdentityAssociations: | pod identity associations to create in the cluster. See Pod Identity Associations | undefined[] |
| - namespace: | string | |
| serviceAccountName: | string | |
| roleARN: | string | |
| createServiceAccount: false | boolean | |
| roleName: | string | |
| permissionsBoundaryARN: | string | |
| permissionPolicyARNs: | string[] | |
| permissionPolicy: | holds any arbitrary JSON/YAML documents, such as extra config parameters or IAM policies | object |
| wellKnownPolicies: | for attaching common IAM policies | |
| imageBuilder: false | allows for full ECR (Elastic Container Registry) access. | boolean |
| autoScaler: false | service account annotations. | boolean |
| awsLoadBalancerController: false | adds policies for using the aws-load-balancer-controller. | boolean |
| externalDNS: false | adds external-dns policies for Amazon Route 53. | boolean |
| certManager: false | adds cert-manager policies. | boolean |
| ebsCSIController: false | adds policies for using the ebs-csi-controller. | boolean |
| efsCSIController: false | adds policies for using the efs-csi-controller. | boolean |
| tags: {} | object | |
| vpcResourceControllerPolicy: true | attaches the IAM policy necessary to run the VPC controller in the control plane | boolean |
| identityProviders: | holds an identity provider configuration. | undefined[] |
| - type: oidc | Valid variants are: "oidc": OIDC identity provider |
string |
| accessConfig: | specifies the access config for a cluster. | |
| authenticationMode: | specifies the authentication mode for a cluster. | string |
| bootstrapClusterCreatorAdminPermissions: | specifies whether the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time. | boolean |
| accessEntries: | specifies a list of access entries for the cluster. | undefined[] |
| - principalARN: | existing IAM principal ARN to associate with an access entry | |
| type: | EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX or STANDARD |
string |
| kubernetesGroups: | set of Kubernetes groups to map to the principal ARN | string[] |
| kubernetesUsername: | username to map to the principal ARN | string |
| accessPolicies: | set of policies to associate with an access entry | undefined[] |
| - policyARN: | ||
| accessScope: | defines the scope of an access policy. | |
| type: | namespace or cluster |
string |
| namespaces: | Scope access to namespace(s) | string[] |
| tags: {} | AWS tags to attach to the access entry | object |
| vpc: | holds global subnet and all child subnets | |
| id: | AWS VPC ID. | string |
| cidr: | an IP address in CIDR notation | string |
| ipv6Cidr: | string | |
| ipv6Pool: | string | |
| securityGroup: | (aka the ControlPlaneSecurityGroup) for communication between control plane and nodes | string |
| subnets: | keyed by AZ for convenience. | |
| private: | holds subnet to AZ mappings. If the key is an AZ, that also becomes the name of the subnet otherwise use the key to refer to this subnet. | object |
| public: | holds subnet to AZ mappings. If the key is an AZ, that also becomes the name of the subnet otherwise use the key to refer to this subnet. | object |
| hostnameType: | type of hostname to use for EC2 instances. | string |
| extraCIDRs: | for additional CIDR associations, e.g. a CIDR for private subnets or any ad-hoc subnets | string[] |
| extraIPv6CIDRs: | for additional IPv6 CIDR associations, e.g. a CIDR for private subnets or any ad-hoc subnets | string[] |
| sharedNodeSecurityGroup: | for pre-defined shared node SG | string |
| manageSharedNodeSecurityGroupRules: true | Automatically add security group rules to and from the default cluster security group and the shared node security group. This allows unmanaged nodes to communicate with the control plane and managed nodes. This option cannot be disabled when using vendor created security groups. | boolean |
| autoAllocateIPv6: | AutoAllocateIPV6 requests an IPv6 CIDR block with /56 prefix for the VPC | boolean |
| nat: | NAT config | |
| gateway: Single | Valid variants are: "HighlyAvailable" configures a highly available NAT gateway, "Single" configures a single NAT gateway (default), "Disable" disables NAT. |
string |
| clusterEndpoints: | Manage access to the Kubernetes API server endpoints. | |
| privateAccess: | enable private access to the Kubernetes API server endpoints. | boolean |
| publicAccess: | enable public access to the Kubernetes API server endpoints. | boolean |
| publicAccessCIDRs: | which CIDR blocks to allow access to public k8s API endpoint | string[] |
| controlPlaneSubnetIDs: | configures the subnets for the control plane. | string[] |
| controlPlaneSecurityGroupIDs: | configures the security groups for the control plane. | string[] |
| addons: | holds the EKS addon configuration | undefined[] |
| - name: | EKS addon name | string |
| version: | EKS addon version | string |
| serviceAccountRoleARN: | service account role ARN | string |
| attachPolicyARNs: | list of ARNs of the IAM policies to attach | string[] |
| attachPolicy: | holds a policy document to attach | object |
| permissionsBoundary: | ARN of the permissions' boundary to associate | string |
| wellKnownPolicies: | for attaching common IAM policies | |
| imageBuilder: false | allows for full ECR (Elastic Container Registry) access. | boolean |
| autoScaler: false | service account annotations. | boolean |
| awsLoadBalancerController: false | adds policies for using the aws-load-balancer-controller. | boolean |
| externalDNS: false | adds external-dns policies for Amazon Route 53. | boolean |
| certManager: false | adds cert-manager policies. | boolean |
| ebsCSIController: false | adds policies for using the ebs-csi-controller. | boolean |
| efsCSIController: false | adds policies for using the efs-csi-controller. | boolean |
| tags: {} | The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. | object |
| resolveConflicts: | determines how to resolve field value conflicts for an EKS add-on if a value was changed from default | string |
| podIdentityAssociations: | holds a list of associations to be configured for the addon | undefined[] |
| - namespace: | string | |
| serviceAccountName: | string | |
| roleARN: | string | |
| createServiceAccount: false | boolean | |
| roleName: | string | |
| permissionsBoundaryARN: | string | |
| permissionPolicyARNs: | string[] | |
| permissionPolicy: | holds any arbitrary JSON/YAML documents, such as extra config parameters or IAM policies | object |
| wellKnownPolicies: | for attaching common IAM policies | |
| imageBuilder: false | allows for full ECR (Elastic Container Registry) access. | boolean |
| autoScaler: false | service account annotations. | boolean |
| awsLoadBalancerController: false | adds policies for using the aws-load-balancer-controller. | boolean |
| externalDNS: false | adds external-dns policies for Amazon Route 53. | boolean |
| certManager: false | adds cert-manager policies. | boolean |
| ebsCSIController: false | adds policies for using the ebs-csi-controller. | boolean |
| efsCSIController: false | adds policies for using the efs-csi-controller. | boolean |
| tags: {} | object | |
| useDefaultPodIdentityAssociations: false | uses the pod identity associations recommended by the EKS API. Defaults to false. | boolean |
| configurationValues: | defines the set of configuration properties for add-ons. For now, all properties will be specified as a JSON string and have to respect the schema from DescribeAddonConfiguration. | string |
| publishers: | string[] | |
| types: | string[] | |
| owners: | string[] | |
| addonsConfig: | specifies the configuration for addons. | |
| autoApplyPodIdentityAssociations: false | specifies whether to automatically apply pod identity associations for supported addons that require IAM permissions. | boolean |
| privateCluster: | allows configuring a fully-private cluster in which no node has outbound internet access, and private access to AWS services is enabled via VPC endpoints | |
| enabled: false | enables creation of a fully-private cluster. | boolean |
| skipEndpointCreation: false | skips the creation process for endpoints completely. This is only used in case of an already provided VPC and if the user decided to set it to true. | boolean |
| additionalEndpointServices: | specifies additional endpoint services that must be enabled for private access. Valid entries are "cloudformation", "autoscaling" and "logs". | string[] |
| nodeGroups: | holds all nodegroup attributes of a cluster. | undefined[] |
| - name: | of the nodegroup | string |
| amiFamily: AmazonLinux2 | Valid variants are: "AmazonLinux2" (default), "AmazonLinux2023", "UbuntuPro2204", "Ubuntu2204", "Ubuntu2004", "Ubuntu1804", "Bottlerocket", "WindowsServer2019CoreContainer", "WindowsServer2019FullContainer", "WindowsServer2022CoreContainer", "WindowsServer2022FullContainer". |
string |
| instanceType: | of instances in the nodegroup | string |
| availabilityZones: | Limit nodes to specific AZs | string[] |
| subnets: | Limit nodes to specific subnets | string[] |
| instancePrefix: | for instances in the nodegroup | string |
| instanceName: | for instances in the nodegroup | string |
| desiredCapacity: | of instances in the nodegroup | integer |
| minSize: | of instances in the nodegroup | integer |
| maxSize: | of instances in the nodegroup | integer |
| volumeSize: 80 | in gigabytes | integer |
| ssh: | configures ssh access for this nodegroup | |
| allow: | If Allow is true the SSH configuration provided is used, otherwise it is ignored. Only one of PublicKeyPath, PublicKey and PublicKeyName can be configured | boolean |
| publicKey: | Public key to be added to the nodes SSH keychain. If Allow is false this value is ignored. | string |
| publicKeyName: | Public key name in EC2 to be added to the nodes SSH keychain. If Allow is false this value is ignored. | string |
| sourceSecurityGroupIds: | source securitgy group IDs | string[] |
| enableSsm: | Enables the ability to SSH onto nodes using SSM | boolean |
| labels: {} | on nodes in the nodegroup | object |
| privateNetworking: false | Enable private networking for nodegroup | boolean |
| tags: {} | Applied to the Autoscaling Group and to the EC2 instances (unmanaged), Applied to the EKS Nodegroup resource and to the EC2 instances (managed) | object |
| iam: | holds all IAM attributes of a NodeGroup | |
| attachPolicy: | holds a policy document to attach | object |
| attachPolicyARNs: | attach policy ARN | string[] |
| instanceProfileARN: | instance profile ARN | string |
| instanceRoleARN: | instance role ARN | string |
| instanceRoleName: | instance role name | string |
| instanceRolePermissionsBoundary: | instance role permissions boundary | string |
| withAddonPolicies: | holds all IAM addon policies | |
| imageBuilder: | allows for full ECR (Elastic Container Registry) access. This is useful for building, for example, a CI server that needs to push images to ECR | boolean |
| autoScaler: | enables IAM policy for cluster-autoscaler | boolean |
| externalDNS: | adds the external-dns project policies for Amazon Route 53 | boolean |
| certManager: | enables the ability to add records to Route 53 in order to solve the DNS01 challenge. | boolean |
| appMesh: | enables full access to AppMesh | boolean |
| appMeshPreview: | enables full access to AppMesh Preview | boolean |
| ebs: | enables the new EBS CSI (Elastic Block Store Container Storage Interface) driver | boolean |
| fsx: | enables full access to FSx | boolean |
| efs: | enables full access to EFS | boolean |
| awsLoadBalancerController: | boolean | |
| albIngress: | enables access to ALB Ingress controller | boolean |
| xRay: | enables access to XRay | boolean |
| cloudWatch: | enables access to CloudWatch | boolean |
| ami: | Specify custom AMIs, auto-ssm, auto, or static |
string |
| securityGroups: | controls security groups for this nodegroup | |
| attachIDs: | attaches additional security groups to the nodegroup | string[] |
| withShared: true | attach the security group shared among all nodegroups in the cluster Not supported for managed nodegroups | boolean |
| withLocal: true | attach a security group local to this nodegroup Not supported for managed nodegroups | boolean |
| maxPodsPerNode: | Maximum pods per node | integer |
| asgSuspendProcesses: | See relevant AWS docs | string[] |
| ebsOptimized: | enables EBS optimization | boolean |
| volumeType: gp3 | Valid variants are: "gp2" is General Purpose SSD, "gp3" is General Purpose SSD which can be optimised for high throughput (default), "io1" is Provisioned IOPS SSD, "sc1" is Cold HDD, "st1" is Throughput Optimized HDD. |
string |
| volumeName: | of volumes attached to instances in the nodegroup | string |
| volumeEncrypted: | of volumes attached to instances in the nodegroup | boolean |
| volumeKmsKeyID: | of volumes attached to instances in the nodegroup | string |
| volumeIOPS: | of volumes attached to instances in the nodegroup | integer |
| volumeThroughput: | of volumes attached to instances in the nodegroup | integer |
| additionalVolumes: | Additional Volume Configurations | undefined[] |
| - volumeSize: 80 | gigabytes | integer |
| volumeType: gp3 | Valid variants are: "gp2" is General Purpose SSD, "gp3" is General Purpose SSD which can be optimised for high throughput (default), "io1" is Provisioned IOPS SSD, "sc1" is Cold HDD, "st1" is Throughput Optimized HDD. |
string |
| volumeName: | string | |
| volumeEncrypted: | boolean | |
| volumeKmsKeyID: | string | |
| volumeIOPS: | integer | |
| volumeThroughput: | integer | |
| snapshotID: | string | |
| preBootstrapCommands: | executed before bootstrapping instances to the cluster | string[] |
| overrideBootstrapCommand: | Override the vendor's bootstrapping script | string |
| propagateASGTags: | Propagate all taints and labels to the ASG automatically. | boolean |
| disableIMDSv1: true | requires requests to the metadata service to use IMDSv2 tokens | boolean |
| disablePodIMDS: false | blocks all IMDS requests from non-host networking pods | boolean |
| placement: | specifies the placement group in which nodes should be spawned | |
| groupName: | Placement group name | string |
| efaEnabled: | creates the maximum allowed number of EFA-enabled network cards on nodes in this group. | boolean |
| instanceSelector: | specifies options for EC2 instance selector | |
| vCPUs: | specifies the number of vCPUs | integer |
| memory: | specifies the memory The unit defaults to GiB | string |
| gpus: | specifies the number of GPUs. It can be set to 0 to select non-GPU instance types. | integer |
| cpuArchitecture: x86_64 | CPU Architecture of the EC2 instance type. Valid variants are: "x86_64" "amd64" "arm64" |
string |
| bottlerocket: | specifies settings for Bottlerocket nodes | |
| enableAdminContainer: | Enable admin container | boolean |
| settings: | contains any bottlerocket settings | object |
| enableDetailedMonitoring: | Enable EC2 detailed monitoring | boolean |
| capacityReservation: | defines reservation policy for a nodegroup | |
| capacityReservationPreference: | defines a nodegroup's Capacity Reservation preferences (either 'open' or 'none') | string |
| capacityReservationTarget: | defines a nodegroup's target Capacity Reservation or Capacity Reservation group (not both at the same time). | |
| capacityReservationID: | string | |
| capacityReservationResourceGroupARN: | string | |
| outpostARN: | specifies the Outpost ARN in which the nodegroup should be created. | string |
| instancesDistribution: | holds the configuration for spot instances | |
| instanceTypes: | specifies a list of instance types | string[] |
| maxPrice: on demand price | Maximum bid price in USD | number |
| onDemandBaseCapacity: 0 | base number of on-demand instances (non-negative) | integer |
| onDemandPercentageAboveBaseCapacity: 100 | Range [0-100] | integer |
| spotInstancePools: 2 | Range [1-20] | integer |
| spotAllocationStrategy: | allocation strategy for spot instances. Valid values are capacity-optimized and lowest-price |
string |
| capacityRebalance: false | Enable capacity rebalancing for spot instances | boolean |
| asgMetricsCollection: | used by the scaling config, see cloudformation docs | undefined[] |
| - granularity: | of metrics collection | string |
| metrics: | specifies a list of metrics | string[] |
| cpuCredits: | configures T3 Unlimited, valid only for T-type instances | string |
| classicLoadBalancerNames: | Associate load balancers with auto scaling group | string[] |
| targetGroupARNs: | Associate target group with auto scaling group | string[] |
| taints: | taints to apply to the nodegroup | array |
| updateConfig: | configures how to update NodeGroups. | |
| maxUnavailable: | sets the max number of nodes that can become unavailable when updating a nodegroup (specified as number) | integer |
| maxUnavailablePercentage: | sets the max number of nodes that can become unavailable when updating a nodegroup (specified as percentage) | integer |
| clusterDNS: | Custom address used for DNS lookups | string |
| kubeletExtraConfig: | Customize kubelet config | object |
| containerRuntime: | defines the runtime (CRI) to use for containers on the node | string |
| maxInstanceLifetime: | defines the maximum amount of time in seconds an instance stays alive. | integer |
| localZones: | specifies a list of local zones where the nodegroup should be launched. The cluster should have been created with all of the local zones specified in this field. | string[] |
| version: | Kuberenetes version for the nodegroup | string |
| subnetCidr: | Create new subnet from the CIDR block and limit nodes to this subnet (Applicable only for the WavelenghZone nodes) | string |
| managedNodeGroups: | holds all managed nodegroup attributes of a cluster | undefined[] |
| - name: | of the nodegroup | string |
| amiFamily: AmazonLinux2 | Valid variants are: "AmazonLinux2". |
string |
| instanceType: | of instances in the nodegroup | string |
| availabilityZones: | Limit nodes to specific AZs | string[] |
| subnets: | Limit nodes to specific subnets | string[] |
| instancePrefix: | for instances in the nodegroup | string |
| instanceName: | for instances in the nodegroup | string |
| desiredCapacity: | of instances in the nodegroup | integer |
| minSize: | of instances in the nodegroup | integer |
| maxSize: | of instances in the nodegroup | integer |
| volumeSize: 80 | in gigabytes | integer |
| ssh: | configures ssh access for this nodegroup | |
| allow: | If Allow is true the SSH configuration provided is used, otherwise it is ignored. Only one of PublicKeyPath, PublicKey and PublicKeyName can be configured | boolean |
| publicKey: | Public key to be added to the nodes SSH keychain. If Allow is false this value is ignored. | string |
| publicKeyName: | Public key name in EC2 to be added to the nodes SSH keychain. If Allow is false this value is ignored. | string |
| sourceSecurityGroupIds: | source securitgy group IDs | string[] |
| enableSsm: | Enables the ability to SSH onto nodes using SSM | boolean |
| labels: {} | on nodes in the nodegroup | object |
| privateNetworking: false | Enable private networking for nodegroup | boolean |
| tags: {} | Applied to the Autoscaling Group and to the EC2 instances (unmanaged), Applied to the EKS Nodegroup resource and to the EC2 instances (managed) | object |
| iam: | holds all IAM attributes of a NodeGroup | |
| attachPolicy: | holds a policy document to attach | object |
| attachPolicyARNs: | attach policy ARN | string[] |
| instanceProfileARN: | instance profile ARN | string |
| instanceRoleARN: | instance role ARN | string |
| instanceRoleName: | instance role name | string |
| instanceRolePermissionsBoundary: | instance role permissions boundary | string |
| withAddonPolicies: | holds all IAM addon policies | |
| imageBuilder: | allows for full ECR (Elastic Container Registry) access. This is useful for building, for example, a CI server that needs to push images to ECR | boolean |
| autoScaler: | enables IAM policy for cluster-autoscaler | boolean |
| externalDNS: | adds the external-dns project policies for Amazon Route 53 | boolean |
| certManager: | enables the ability to add records to Route 53 in order to solve the DNS01 challenge. | boolean |
| appMesh: | enables full access to AppMesh | boolean |
| appMeshPreview: | enables full access to AppMesh Preview | boolean |
| ebs: | enables the new EBS CSI (Elastic Block Store Container Storage Interface) driver | boolean |
| fsx: | enables full access to FSx | boolean |
| efs: | enables full access to EFS | boolean |
| awsLoadBalancerController: | boolean | |
| albIngress: | enables access to ALB Ingress controller | boolean |
| xRay: | enables access to XRay | boolean |
| cloudWatch: | enables access to CloudWatch | boolean |
| ami: | Specify custom AMIs, auto-ssm, auto, or static |
string |
| securityGroups: | controls security groups for this nodegroup | |
| attachIDs: | attaches additional security groups to the nodegroup | string[] |
| withShared: true | attach the security group shared among all nodegroups in the cluster Not supported for managed nodegroups | boolean |
| withLocal: true | attach a security group local to this nodegroup Not supported for managed nodegroups | boolean |
| maxPodsPerNode: | Maximum pods per node | integer |
| asgSuspendProcesses: | See relevant AWS docs | string[] |
| ebsOptimized: | enables EBS optimization | boolean |
| volumeType: gp3 | Valid variants are: "gp2" is General Purpose SSD, "gp3" is General Purpose SSD which can be optimised for high throughput (default), "io1" is Provisioned IOPS SSD, "sc1" is Cold HDD, "st1" is Throughput Optimized HDD. |
string |
| volumeName: | of volumes attached to instances in the nodegroup | string |
| volumeEncrypted: | of volumes attached to instances in the nodegroup | boolean |
| volumeKmsKeyID: | of volumes attached to instances in the nodegroup | string |
| volumeIOPS: | of volumes attached to instances in the nodegroup | integer |
| volumeThroughput: | of volumes attached to instances in the nodegroup | integer |
| additionalVolumes: | Additional Volume Configurations | undefined[] |
| - volumeSize: 80 | gigabytes | integer |
| volumeType: gp3 | Valid variants are: "gp2" is General Purpose SSD, "gp3" is General Purpose SSD which can be optimised for high throughput (default), "io1" is Provisioned IOPS SSD, "sc1" is Cold HDD, "st1" is Throughput Optimized HDD. |
string |
| volumeName: | string | |
| volumeEncrypted: | boolean | |
| volumeKmsKeyID: | string | |
| volumeIOPS: | integer | |
| volumeThroughput: | integer | |
| snapshotID: | string | |
| preBootstrapCommands: | executed before bootstrapping instances to the cluster | string[] |
| overrideBootstrapCommand: | Override the vendor's bootstrapping script | string |
| propagateASGTags: | Propagate all taints and labels to the ASG automatically. | boolean |
| disableIMDSv1: true | requires requests to the metadata service to use IMDSv2 tokens | boolean |
| disablePodIMDS: false | blocks all IMDS requests from non-host networking pods | boolean |
| placement: | specifies the placement group in which nodes should be spawned | |
| groupName: | Placement group name | string |
| efaEnabled: | creates the maximum allowed number of EFA-enabled network cards on nodes in this group. | boolean |
| instanceSelector: | specifies options for EC2 instance selector | |
| vCPUs: | specifies the number of vCPUs | integer |
| memory: | specifies the memory The unit defaults to GiB | string |
| gpus: | specifies the number of GPUs. It can be set to 0 to select non-GPU instance types. | integer |
| cpuArchitecture: x86_64 | CPU Architecture of the EC2 instance type. Valid variants are: "x86_64" "amd64" "arm64" |
string |
| bottlerocket: | specifies settings for Bottlerocket nodes | |
| enableAdminContainer: | Enable admin container | boolean |
| settings: | contains any bottlerocket settings | object |
| enableDetailedMonitoring: | Enable EC2 detailed monitoring | boolean |
| capacityReservation: | defines reservation policy for a nodegroup | |
| capacityReservationPreference: | defines a nodegroup's Capacity Reservation preferences (either 'open' or 'none') | string |
| capacityReservationTarget: | defines a nodegroup's target Capacity Reservation or Capacity Reservation group (not both at the same time). | |
| capacityReservationID: | string | |
| capacityReservationResourceGroupARN: | string | |
| outpostARN: | specifies the Outpost ARN in which the nodegroup should be created. | string |
| instanceTypes: | specifies a list of instance types | string[] |
| spot: false | creates a spot nodegroup | boolean |
| taints: | taints to apply to the nodegroup | undefined[] |
| - key: | of a taint | string |
| value: | of a taint | string |
| effect: | of a taint | string |
| updateConfig: | configures how to update NodeGroups. | |
| maxUnavailable: | sets the max number of nodes that can become unavailable when updating a nodegroup (specified as number) | integer |
| maxUnavailablePercentage: | sets the max number of nodes that can become unavailable when updating a nodegroup (specified as percentage) | integer |
| launchTemplate: | specifies an existing launch template to use for the nodegroup | |
| id: | Launch template ID | string |
| version: | Launch template version Defaults to the default launch template version TODO support $Default, $Latest | string |
| releaseVersion: | the AMI version of the EKS optimized AMI to use | string |
| version: | Kuberenetes version for the nodegroup | string |
| fargateProfiles: | defines the settings used to schedule workload onto Fargate. | undefined[] |
| - name: | of the Fargate profile. | string |
| podExecutionRoleARN: | IAM role's ARN to use to run pods onto Fargate. | string |
| selectors: | define the rules to select workload to schedule onto Fargate. | undefined[] |
| - namespace: | Kubernetes namespace from which to select workload. | string |
| labels: {} | Kubernetes label selectors to use to select workload. | object |
| subnets: | which Fargate should use to do network placement of the selected workload. If none provided, all subnets for the cluster will be used. | string[] |
| tags: {} | Used to tag the AWS resources | object |
| status: | The current status of the Fargate profile. | string |
| availabilityZones: | availability zones of a cluster | string[] |
| localZones: | specifies a list of local zones where the subnets should be created. Only self-managed nodegroups can be launched in local zones. These subnets are not passed to EKS. | string[] |
| cloudWatch: | holds all CloudWatch attributes of a cluster | |
| clusterLogging: | container config parameters related to cluster logging | |
| enableTypes: | Types of logging to enable. Valid entries are: "api", "audit", "authenticator", "controllerManager", "scheduler", "all", "*". |
string[] |
| logRetentionInDays: | sets the number of days to retain the logs for (see CloudWatch docs) . Valid values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | integer |
| secretsEncryption: | defines the configuration for KMS encryption provider | |
| keyARN: | KMS key ARN | string |
| encryptExistingSecrets: | boolean | |
| karpenter: | specific configuration options. | |
| version: | defines the Karpenter version to install | string |
| createServiceAccount: | create a service account or not. | boolean |
| defaultInstanceProfile: | override the default IAM instance profile | string |
| withSpotInterruptionQueue: | if true, adds all required policies and rules for supporting Spot Interruption Queue on Karpenter deployments | boolean |
| outpost: | specifies the Outpost configuration. | |
| controlPlaneOutpostARN: | specifies the Outpost ARN in which the control plane should be created. | string |
| controlPlaneInstanceType: | specifies the instance type to use for creating the control plane instances. | string |
| controlPlanePlacement: | specifies the placement configuration for control plane instances on Outposts. | |
| groupName: | Placement group name | string |