# yaml-language-server: $schema=https://raw.githubusercontent.com/pulumi/pulumi/master/pkg/codegen/schema/pulumi.json --- name: lbrlabs-eks displayName: LBr Labs EKS publisher: lbrlabs pluginDownloadURL: "github://api.github.com/lbrlabs" description: "A batteries included EKS cluster following best practices." logoUrl: "https://raw.githubusercontent.com/lbrlabs/pulumi-lbrlabs-eks/main/assets/amazon-eks.png" #nolint:golint,lll keywords: - eks - kubernetes - aws - lbrlabs - kind/component - category/cloud repository: "https://github.com/lbrlabs/pulumi-lbrlabs-eks" types: lbrlabs-eks:index:BudgetConfig: description: Configuration for Autoscaled Node budgets. type: object properties: nodes: type: string description: The maximum number of nodes that can be scaled down at any time. schedule: type: string description: A cron schedule for when disruption can happen. duration: type: string description: The duration during which disruptuon can happen. lbrlabs-eks:index:DisruptionConfig: description: Configuration for Autoscaled nodes disruption. type: object properties: consolidationPolicy: type: string enum: - Name: "Empty" Description: "Consolidate Nodes when they are empty." Value: "WhenEmpty" - Name: "Underutilized" Description: "Consolidate Nodes when they are underutilized." Value: "WhenEmptyOrUnderutilized" default: "WhenEmpty" description: Describes which types of Nodes Karpenter should consider for consolidation. consolidateAfter: type: string description: The amount of time Karpenter should wait after discovering a consolidation decision. This value can currently only be set when the consolidationPolicy is 'WhenEmpty'. You can choose to disable consolidation entirely by setting the string value 'Never' here. default: "10m" expireAfter: type: string description: The amount of time a Node can live on the cluster before being removed. budgets: type: array items: "$ref": "#/types/lbrlabs-eks:index:BudgetConfig" description: "Budgets control the speed Karpenter can scale down nodes." lbrlabs-eks:index:IngressConfig: description: Configuration for the ingress controller (deprecated, use nginxIngressConfig). type: object properties: enableMetrics: type: boolean default: false description: Enable metrics for the ingress controller. enableServiceMonitor: type: boolean default: false description: Enable the service monitor for kube-prometheus-stack. serviceMonitorNamespace: type: string description: The namespace to deploy the service monitor to. controllerReplicas: type: integer default: 1 description: The number of replicas of the ingress controller. allowSnippetAnnotations: type: boolean default: false description: Whether to allow snippet annotations in the ingress controller. nlbTargetType: type: string description: NLB target type for NLB loadbalancers. default: "ip" additionalConfig: type: object additionalProperties: type: string description: Additional configuration for the ingress controller. extraServiceAnnotations: type: object additionalProperties: type: string description: Extra annotations to apply to the ingress controller service. enableExternal: type: boolean default: true description: Whether to create the external-facing ingress controller. enableInternal: type: boolean default: true description: Whether to create the internal-facing ingress controller. lbrlabs-eks:index:NginxIngressConfig: description: Configuration for the nginx ingress controllers. type: object properties: enableMetrics: type: boolean default: false description: Enable metrics for the ingress controller. enableServiceMonitor: type: boolean default: false description: Enable the service monitor for kube-prometheus-stack. serviceMonitorNamespace: type: string description: The namespace to deploy the service monitor to. controllerReplicas: type: integer default: 1 description: The number of replicas of the ingress controller. allowSnippetAnnotations: type: boolean default: false description: Whether to allow snippet annotations in the ingress controller. nlbTargetType: type: string description: NLB target type for NLB loadbalancers. default: "ip" additionalConfig: type: object additionalProperties: type: string description: Additional configuration for the ingress controller. extraServiceAnnotations: type: object additionalProperties: type: string description: Extra annotations to apply to the ingress controller service. enableExternal: type: boolean default: true description: Whether to create the external-facing ingress controller. enableInternal: type: boolean default: true description: Whether to create the internal-facing ingress controller. lbrlabs-eks:index:VpcCniNodeAgentConfig: description: Configuration for the Amazon VPC CNI node agent. type: object properties: enablePolicyEventLogs: type: boolean description: Whether to enable Amazon VPC CNI network policy event logs from the node agent. enableCloudWatchLogs: type: boolean description: Whether to enable CloudWatch logging for the Amazon VPC CNI node agent. metricsBindAddr: type: integer description: Port used by the Amazon VPC CNI node agent metrics endpoint. healthProbeBindAddr: type: integer description: Port used by the Amazon VPC CNI node agent health probe endpoint. lbrlabs-eks:index:VpcCniConfig: description: Configuration for the Amazon VPC CNI add-on. type: object properties: enableNetworkPolicy: type: boolean description: Whether to enable Amazon EKS network policy support in the Amazon VPC CNI add-on. nodeAgent: "$ref": "#/types/lbrlabs-eks:index:VpcCniNodeAgentConfig" description: Configuration for the Amazon VPC CNI node agent used by network policy support. lbrlabs-eks:index:Requirement: description: Represents a single requirement with key, operator, and values. type: object properties: key: type: string description: "The key of the requirement." operator: type: string description: "The operator for the requirement (e.g., In, Gt)." values: type: array items: type: string description: "The list of values for the requirement." lbrlabs-eks:index:Taint: description: Represents a taint for a karpenter node. type: object properties: key: type: string description: "The key of the taint." value: type: string description: "The value of the taint." effect: type: array items: type: string description: "The effect of the taint." resources: lbrlabs-eks:index:Cluster: isComponent: true inputProperties: ingressConfig: "$ref": "#/types/lbrlabs-eks:index:IngressConfig" description: Configuration for the ingress controller. (deprecated, use nginxIngressConfig) nginxIngressConfig: "$ref": "#/types/lbrlabs-eks:index:NginxIngressConfig" description: Configuration for the nginx ingress controllers. vpcCniConfig: "$ref": "#/types/lbrlabs-eks:index:VpcCniConfig" description: Configuration for the Amazon VPC CNI add-on, including optional network policy support. clusterVersion: type: string description: The version of the EKS cluster to create. karpenterVersion: type: string description: The version of karpenter to deploy. default: "0.36.2" clusterEndpointPrivateAccess: type: boolean description: Indicates whether or not the Amazon EKS private API server endpoint is enabled. default: false clusterEndpointPublicAccess: type: boolean description: Indicates whether or not the Amazon EKS public API server endpoint is enabled. default: true letsEncryptEmail: type: string description: The email address to use to issue certificates from Lets Encrypt. plain: true clusterSubnetIds: type: array items: type: string nginxIngressVersion: type: string description: The version of the nginx ingress controller helm chart to deploy. nginxIngressRegistry: type: string description: The container registry to pull images from. default: "registry.k8s.io" nginxIngressTag: type: string description: The tag to use for the nginx ingress controller images. default: "v1.12.0" eksIamAuthControllerVersion: type: string description: The version of the eks-iam-auth-controller helm chart to deploy. externalDNSVersion: type: string description: The version of the external-dns helm chart to deploy. certManagerVersion: type: string description: The version of the cert-manager helm chart to deploy. systemNodeSubnetIds: type: array items: type: string systemNodeInstanceTypes: type: array items: type: string enabledClusterLogTypes: type: array items: type: string systemNodeMaxCount: type: number description: The maximum number of nodes in the system autoscaling group. systemNodeMinCount: type: number description: The minimum number of nodes in the system autoscaling group. systemNodeDesiredCount: type: number description: The initial number of nodes in the system autoscaling group. enableOtel: type: boolean description: Whether to enable the OTEL Distro for EKS. default: false plain: true enableCloudWatchAgent: type: boolean description: Whether to enable cloudwatch container insights for EKS. default: false plain: true enableExternalDns: type: boolean description: Whether to enable external dns with route 53 integration. default: true plain: true enableInternalIngress: type: boolean description: Whether to create an ingress controller for internal traffic. (deprecated, use nginxIngressConfig.enableInternal) default: true plain: true enableExternalIngress: type: boolean description: Whether to create an ingress controller for external traffic. (deprecated, use nginxIngressConfig.enableExternal) default: true plain: true enableCertManager: type: boolean description: Whether to enable cert-manager with route 53 integration. default: true plain: true enableKarpenter: type: boolean description: Whether to enable karpenter. default: true plain: true lbType: type: "string" description: The type of loadbalancer to provision. default: "nlb" certificateArn: type: string description: The ARN of the certificate to use for the ingress controller. adminAccessPrincipal: type: string description: The ARN of the AWS principal that should get admin access. tags: type: object additionalProperties: type: string description: Key-value map of tags to apply to the cluster. requiredInputs: - clusterSubnetIds - systemNodeSubnetIds properties: clusterName: "type": string "description": The cluster name kubeconfig: "type": string "description": The kubeconfig for this cluster. karpenterQueueName: # 👈 NEW "type": string "description": Name of the SQS queue that Karpenter uses for interruption events. controlPlane: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:eks%2Fcluster:Cluster" "description": The Cluster control plane oidcProvider: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:iam%2FopenIdConnectProvider:OpenIdConnectProvider" "description": The OIDC provider for this cluster. systemNodes: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:eks%2FnodeGroup:NodeGroup" "description": The system node group. karpenterRole: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:iam%2Frole:Role" "description": The role created for the karpenter controller. karpenterNodeRole: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:iam%2Frole:Role" "description": The role created for karpenter nodes. # clusterIssuer: # "$ref": "/kubernetes/v3.29.1/schema.json#/resources/kubernetes:apiextensions.k8s.io:CustomResource" required: - clusterName - controlPlane - oidcProvider - kubeconfig - systemNodes lbrlabs-eks:index:AttachedNodeGroup: isComponent: true inputProperties: clusterName: type: string description: The cluster name to attach the nodegroup tp. subnetIds: type: array items: type: string instanceTypes: type: array items: type: string diskSize: type: integer description: The size of the disk to attach to the nodes. Defaults to 40 when omitted. capacityType: type: string description: The capacity type of the nodegroup. default: "ON_DEMAND" releaseVersion: type: string description: The release version for the nodegroup. amiType: type: string description: The AMI Type for the nodegroup. tags: type: object additionalProperties: type: string description: Key-value map of tags to apply to the nodegroup. scalingConfig: "$ref": "/aws/v6.38.1/schema.json#/types/aws:eks%2FNodeGroupScalingConfig:NodeGroupScalingConfig" taints: type: "array" items: "$ref": "/aws/v6.38.1/schema.json#/types/aws:eks%2FNodeGroupTaint:NodeGroupTaint" labels: type: object additionalProperties: type: string description: "Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed." requiredInputs: - clusterName - subnetIds properties: nodeGroup: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:eks%2FnodeGroup:NodeGroup" nodeRole: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:iam%2Frole:Role" required: - nodeGroup - nodeRole lbrlabs-eks:index:IamServiceAccountRole: isComponent: true inputProperties: oidcProviderArn: type: string description: The arn of the OIDC provider attached to your EKS cluster. oidcProviderUrl: type: string description: The URL of the OIDC provider attached to your EKS cluster. namespaceName: type: string description: The namespace to create the service account in. serviceAccountName: type: string description: The name of the service account to bind to the role tags: type: object additionalProperties: type: string description: Key-value map of tags to apply to the service account. requiredInputs: - oidcProviderArn - oidcProviderUrl - namespaceName - serviceAccountName properties: role: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:iam%2Frole:Role" required: - role lbrlabs-eks:index:IamRoleMapping: isComponent: true inputProperties: roleArn: type: string description: The arn of the role to map to a Kubernetes group. username: type: string description: The username to assign to the rolemapping. groups: type: array items: type: string description: An array of groups to map the IAM role to. requiredInputs: - roleArn - username - groups properties: required: lbrlabs-eks:index:AttachedFargateProfile: isComponent: true inputProperties: clusterName: type: string description: The name of the cluster to assign the fargate profile to. subnetIds: type: array items: type: string description: The subnet IDs to use for the fargate profile. tags: type: object additionalProperties: type: string description: Key-value map for tags to apply to Fargate Profile. selectors: type: array items: "$ref": "/aws/v6.38.1/schema.json#/types/aws:eks%2FFargateProfileSelector:FargateProfileSelector" requiredInputs: - clusterName - subnetIds - selectors properties: role: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:iam%2Frole:Role" profile: "$ref": "/aws/v6.38.1/schema.json#/resources/aws:eks%2FfargateProfile:FargateProfile" required: - role - profile lbrlabs-eks:index:AutoscaledNodeGroup: isComponent: true inputProperties: annotations: type: object additionalProperties: type: string description: "Annotations to apply to the node group." amiFamily: type: string description: "AMI family for the node group." amiId: type: string description: "AMI ID for the node group." nodeRole: type: string description: "Node role for the node group." nodePoolApiVersion: type: string description: "Karpenter NodePool API version." default: "karpenter.sh/v1" nodeClassApiVersion: type: string description: "Karpenter NodePool API version." default: "karpenter.k8s.aws/v1" diskSize: type: string description: "Disk size for the node group." default: "20Gi" subnetIds: type: array items: type: string description: "List of subnet selector terms for the node group." securityGroupIds: type: array items: type: string description: "List of security group selector terms for the node group." requirements: type: array items: "$ref": "#/types/lbrlabs-eks:index:Requirement" description: "List of requirements for the node group." taints: type: array items: "$ref": "/kubernetes/v4.13.1/schema.json#/types/kubernetes:core%2Fv1:Taint" description: "Optional node taints." labels: type: object additionalProperties: type: string description: "Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed." disruption: "$ref": "#/types/lbrlabs-eks:index:DisruptionConfig" requiredInputs: - nodeRole - diskSize - subnetIds - securityGroupIds - requirements language: csharp: packageReferences: Pulumi: 3.* Pulumi.Aws: "7.*" Pulumi.Kubernetes: 4.* rootNamespace: Lbrlabs.PulumiPackage respectSchemaVersion: true liftSingleValueMethodReturns: true namespaces: lbrlabs-eks: "Eks" go: importBasePath: github.com/lbrlabs/pulumi-lbrlabs-eks/sdk/go/eks liftSingleValueMethodReturns: true respectSchemaVersion: true generateResourceContainerTypes: true nodejs: respectSchemaVersion: true dependencies: "@pulumi/aws": "^7.0.0" "@pulumi/kubernetes": "^4.0.0" "mime": "^2.0.0" "minimatch": "^5.1.2" devDependencies: "@types/mime": "^2.0.0" "@types/node": "^18" "typescript": "^4.6.2" packageName: "@lbrlabs/pulumi-eks" python: liftSingleValueMethodReturns: true packageName: "lbrlabs_pulumi_eks" respectSchemaVersion: true usesIOClasses: true requires: pulumi: ">=3.0.0,<4.0.0" pulumi-aws: ">=7.0.0,<8.0.0" pulumi-kubernetes: ">=4.0.0,<5.0.0"