Addon
data class AddonArgs(val addonName: Output<String>? = null, val addonVersion: Output<String>? = null, val clusterName: Output<String>? = null, val configurationValues: Output<String>? = null, val preserve: Output<Boolean>? = null, val resolveConflicts: Output<String>? = null, val resolveConflictsOnCreate: Output<String>? = null, val resolveConflictsOnUpdate: Output<String>? = null, val serviceAccountRoleArn: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<AddonArgs>
Manages an EKS add-on.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.eks.Addon("example", {
clusterName: exampleAwsEksCluster.name,
addonName: "vpc-cni",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.eks.Addon("example",
cluster_name=example_aws_eks_cluster["name"],
addon_name="vpc-cni")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Eks.Addon("example", new()
{
ClusterName = exampleAwsEksCluster.Name,
AddonName = "vpc-cni",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := eks.NewAddon(ctx, "example", &eks.AddonArgs{
ClusterName: pulumi.Any(exampleAwsEksCluster.Name),
AddonName: pulumi.String("vpc-cni"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Addon;
import com.pulumi.aws.eks.AddonArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Addon("example", AddonArgs.builder()
.clusterName(exampleAwsEksCluster.name())
.addonName("vpc-cni")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:eks:Addon
properties:
clusterName: ${exampleAwsEksCluster.name}
addonName: vpc-cniContent copied to clipboard
Example Update add-on usage with resolve_conflicts_on_update and PRESERVE
resolve_conflicts_on_update with PRESERVE can be used to retain the config changes applied to the add-on with kubectl while upgrading to a newer version of the add-on.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.eks.Addon("example", {
clusterName: exampleAwsEksCluster.name,
addonName: "coredns",
addonVersion: "v1.10.1-eksbuild.1",
resolveConflictsOnUpdate: "PRESERVE",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.eks.Addon("example",
cluster_name=example_aws_eks_cluster["name"],
addon_name="coredns",
addon_version="v1.10.1-eksbuild.1",
resolve_conflicts_on_update="PRESERVE")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Eks.Addon("example", new()
{
ClusterName = exampleAwsEksCluster.Name,
AddonName = "coredns",
AddonVersion = "v1.10.1-eksbuild.1",
ResolveConflictsOnUpdate = "PRESERVE",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := eks.NewAddon(ctx, "example", &eks.AddonArgs{
ClusterName: pulumi.Any(exampleAwsEksCluster.Name),
AddonName: pulumi.String("coredns"),
AddonVersion: pulumi.String("v1.10.1-eksbuild.1"),
ResolveConflictsOnUpdate: pulumi.String("PRESERVE"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Addon;
import com.pulumi.aws.eks.AddonArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Addon("example", AddonArgs.builder()
.clusterName(exampleAwsEksCluster.name())
.addonName("coredns")
.addonVersion("v1.10.1-eksbuild.1")
.resolveConflictsOnUpdate("PRESERVE")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:eks:Addon
properties:
clusterName: ${exampleAwsEksCluster.name}
addonName: coredns
addonVersion: v1.10.1-eksbuild.1
resolveConflictsOnUpdate: PRESERVEContent copied to clipboard
Example add-on usage with custom configuration_values
Custom add-on configuration can be passed using configuration_values as a single JSON string while creating or updating the add-on.
Note:
configuration_valuesis a single JSON string should match the valid JSON schema for each add-on with specific version. To find the correct JSON schema for each add-on can be extracted using describe-addon-configuration call. This below is an example for extracting theconfiguration_valuesschema forcoredns.
aws eks describe-addon-configuration \
--addon-name coredns \
--addon-version v1.10.1-eksbuild.1Content copied to clipboard
Example to create a coredns managed addon with custom configuration_values.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.eks.Addon("example", {
clusterName: "mycluster",
addonName: "coredns",
addonVersion: "v1.10.1-eksbuild.1",
resolveConflictsOnCreate: "OVERWRITE",
configurationValues: JSON.stringify({
replicaCount: 4,
resources: {
limits: {
cpu: "100m",
memory: "150Mi",
},
requests: {
cpu: "100m",
memory: "150Mi",
},
},
}),
});Content copied to clipboard
import pulumi
import json
import pulumi_aws as aws
example = aws.eks.Addon("example",
cluster_name="mycluster",
addon_name="coredns",
addon_version="v1.10.1-eksbuild.1",
resolve_conflicts_on_create="OVERWRITE",
configuration_values=json.dumps({
"replicaCount": 4,
"resources": {
"limits": {
"cpu": "100m",
"memory": "150Mi",
},
"requests": {
"cpu": "100m",
"memory": "150Mi",
},
},
}))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Eks.Addon("example", new()
{
ClusterName = "mycluster",
AddonName = "coredns",
AddonVersion = "v1.10.1-eksbuild.1",
ResolveConflictsOnCreate = "OVERWRITE",
ConfigurationValues = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["replicaCount"] = 4,
["resources"] = new Dictionary<string, object?>
{
["limits"] = new Dictionary<string, object?>
{
["cpu"] = "100m",
["memory"] = "150Mi",
},
["requests"] = new Dictionary<string, object?>
{
["cpu"] = "100m",
["memory"] = "150Mi",
},
},
}),
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"replicaCount": 4,
"resources": map[string]interface{}{
"limits": map[string]interface{}{
"cpu": "100m",
"memory": "150Mi",
},
"requests": map[string]interface{}{
"cpu": "100m",
"memory": "150Mi",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = eks.NewAddon(ctx, "example", &eks.AddonArgs{
ClusterName: pulumi.String("mycluster"),
AddonName: pulumi.String("coredns"),
AddonVersion: pulumi.String("v1.10.1-eksbuild.1"),
ResolveConflictsOnCreate: pulumi.String("OVERWRITE"),
ConfigurationValues: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Addon;
import com.pulumi.aws.eks.AddonArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Addon("example", AddonArgs.builder()
.clusterName("mycluster")
.addonName("coredns")
.addonVersion("v1.10.1-eksbuild.1")
.resolveConflictsOnCreate("OVERWRITE")
.configurationValues(serializeJson(
jsonObject(
jsonProperty("replicaCount", 4),
jsonProperty("resources", jsonObject(
jsonProperty("limits", jsonObject(
jsonProperty("cpu", "100m"),
jsonProperty("memory", "150Mi")
)),
jsonProperty("requests", jsonObject(
jsonProperty("cpu", "100m"),
jsonProperty("memory", "150Mi")
))
))
)))
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:eks:Addon
properties:
clusterName: mycluster
addonName: coredns
addonVersion: v1.10.1-eksbuild.1
resolveConflictsOnCreate: OVERWRITE
configurationValues:
fn::toJSON:
replicaCount: 4
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 150MiContent copied to clipboard
Example IAM Role for EKS Addon "vpc-cni" with AWS managed policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
import * as tls from "@pulumi/tls";
const exampleCluster = new aws.eks.Cluster("example", {});
const example = exampleCluster.identities.apply(identities => tls.getCertificateOutput({
url: identities[0].oidcs?.[0]?.issuer,
}));
const exampleOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider("example", {
clientIdLists: ["sts.amazonaws.com"],
thumbprintLists: [example.apply(example => example.certificates?.[0]?.sha1Fingerprint)],
url: exampleCluster.identities.apply(identities => identities[0].oidcs?.[0]?.issuer),
});
const exampleAssumeRolePolicy = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: ["sts:AssumeRoleWithWebIdentity"],
effect: "Allow",
conditions: [{
test: "StringEquals",
variable: std.replaceOutput({
text: exampleOpenIdConnectProvider.url,
search: "https://",
replace: "",
}).apply(invoke => `${invoke.result}:sub`),
values: ["system:serviceaccount:kube-system:aws-node"],
}],
principals: [{
identifiers: [exampleOpenIdConnectProvider.arn],
type: "Federated",
}],
}],
});
const exampleRole = new aws.iam.Role("example", {
assumeRolePolicy: exampleAssumeRolePolicy.apply(exampleAssumeRolePolicy => exampleAssumeRolePolicy.json),
name: "example-vpc-cni-role",
});
const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("example", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
role: exampleRole.name,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
import pulumi_std as std
import pulumi_tls as tls
example_cluster = aws.eks.Cluster("example")
example = example_cluster.identities.apply(lambda identities: tls.get_certificate_output(url=identities[0].oidcs[0].issuer))
example_open_id_connect_provider = aws.iam.OpenIdConnectProvider("example",
client_id_lists=["sts.amazonaws.com"],
thumbprint_lists=[example.certificates[0].sha1_fingerprint],
url=example_cluster.identities[0].oidcs[0].issuer)
example_assume_role_policy = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=["sts:AssumeRoleWithWebIdentity"],
effect="Allow",
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable=std.replace_output(text=example_open_id_connect_provider.url,
search="https://",
replace="").apply(lambda invoke: f"{invoke.result}:sub"),
values=["system:serviceaccount:kube-system:aws-node"],
)],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
identifiers=[example_open_id_connect_provider.arn],
type="Federated",
)],
)])
example_role = aws.iam.Role("example",
assume_role_policy=example_assume_role_policy.json,
name="example-vpc-cni-role")
example_role_policy_attachment = aws.iam.RolePolicyAttachment("example",
policy_arn="arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
role=example_role.name)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var exampleCluster = new Aws.Eks.Cluster("example");
var example = Tls.GetCertificate.Invoke(new()
{
Url = exampleCluster.Identities[0].Oidcs[0]?.Issuer,
});
var exampleOpenIdConnectProvider = new Aws.Iam.OpenIdConnectProvider("example", new()
{
ClientIdLists = new[]
{
"sts.amazonaws.com",
},
ThumbprintLists = new[]
{
example.Apply(getCertificateResult => getCertificateResult.Certificates[0]?.Sha1Fingerprint),
},
Url = exampleCluster.Identities.Apply(identities => identities[0].Oidcs[0]?.Issuer),
});
var exampleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRoleWithWebIdentity",
},
Effect = "Allow",
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = $"{Std.Replace.Invoke(new()
{
Text = exampleOpenIdConnectProvider.Url,
Search = "https://",
Replace = "",
}).Result}:sub",
Values = new[]
{
"system:serviceaccount:kube-system:aws-node",
},
},
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
exampleOpenIdConnectProvider.Arn,
},
Type = "Federated",
},
},
},
},
});
var exampleRole = new Aws.Iam.Role("example", new()
{
AssumeRolePolicy = exampleAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Name = "example-vpc-cni-role",
});
var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("example", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
Role = exampleRole.Name,
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleCluster, err := eks.NewCluster(ctx, "example", nil)
if err != nil {
return err
}
example := exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (tls.GetCertificateResult, error) {
return tls.GetCertificateOutput(ctx, tls.GetCertificateOutputArgs{
Url: identities[0].Oidcs[0].Issuer,
}, nil), nil
}).(tls.GetCertificateResultOutput)
exampleOpenIdConnectProvider, err := iam.NewOpenIdConnectProvider(ctx, "example", &iam.OpenIdConnectProviderArgs{
ClientIdLists: pulumi.StringArray{
pulumi.String("sts.amazonaws.com"),
},
ThumbprintLists: pulumi.StringArray{
example.ApplyT(func(example tls.GetCertificateResult) (*string, error) {
return &example.Certificates[0].Sha1Fingerprint, nil
}).(pulumi.StringPtrOutput),
},
Url: exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (*string, error) {
return &identities[0].Oidcs[0].Issuer, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
exampleAssumeRolePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("sts:AssumeRoleWithWebIdentity"),
},
Effect: pulumi.String("Allow"),
Conditions: iam.GetPolicyDocumentStatementConditionArray{
&iam.GetPolicyDocumentStatementConditionArgs{
Test: pulumi.String("StringEquals"),
Variable: std.ReplaceOutput(ctx, std.ReplaceOutputArgs{
Text: exampleOpenIdConnectProvider.Url,
Search: pulumi.String("https://"),
Replace: pulumi.String(""),
}, nil).ApplyT(func(invoke std.ReplaceResult) (string, error) {
return fmt.Sprintf("%v:sub", invoke.Result), nil
}).(pulumi.StringOutput),
Values: pulumi.StringArray{
pulumi.String("system:serviceaccount:kube-system:aws-node"),
},
},
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Identifiers: pulumi.StringArray{
exampleOpenIdConnectProvider.Arn,
},
Type: pulumi.String("Federated"),
},
},
},
},
}, nil)
exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
AssumeRolePolicy: exampleAssumeRolePolicy.ApplyT(func(exampleAssumeRolePolicy iam.GetPolicyDocumentResult) (*string, error) {
return &exampleAssumeRolePolicy.Json, nil
}).(pulumi.StringPtrOutput),
Name: pulumi.String("example-vpc-cni-role"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "example", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"),
Role: exampleRole.Name,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Cluster;
import com.pulumi.tls.TlsFunctions;
import com.pulumi.tls.inputs.GetCertificateArgs;
import com.pulumi.aws.iam.OpenIdConnectProvider;
import com.pulumi.aws.iam.OpenIdConnectProviderArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleCluster = new Cluster("exampleCluster");
final var example = TlsFunctions.getCertificate(GetCertificateArgs.builder()
.url(exampleCluster.identities().applyValue(identities -> identities[0].oidcs()[0].issuer()))
.build());
var exampleOpenIdConnectProvider = new OpenIdConnectProvider("exampleOpenIdConnectProvider", OpenIdConnectProviderArgs.builder()
.clientIdLists("sts.amazonaws.com")
.thumbprintLists(example.applyValue(getCertificateResult -> getCertificateResult).applyValue(example -> example.applyValue(getCertificateResult -> getCertificateResult.certificates()[0].sha1Fingerprint())))
.url(exampleCluster.identities().applyValue(identities -> identities[0].oidcs()[0].issuer()))
.build());
final var exampleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRoleWithWebIdentity")
.effect("Allow")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable(StdFunctions.replace().applyValue(invoke -> String.format("%s:sub", invoke.result())))
.values("system:serviceaccount:kube-system:aws-node")
.build())
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers(exampleOpenIdConnectProvider.arn())
.type("Federated")
.build())
.build())
.build());
var exampleRole = new Role("exampleRole", RoleArgs.builder()
.assumeRolePolicy(exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(exampleAssumeRolePolicy -> exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.name("example-vpc-cni-role")
.build());
var exampleRolePolicyAttachment = new RolePolicyAttachment("exampleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy")
.role(exampleRole.name())
.build());
}
}Content copied to clipboard
resources:
exampleCluster:
type: aws:eks:Cluster
name: example
exampleOpenIdConnectProvider:
type: aws:iam:OpenIdConnectProvider
name: example
properties:
clientIdLists:
- sts.amazonaws.com
thumbprintLists:
- ${example.certificates[0].sha1Fingerprint}
url: ${exampleCluster.identities[0].oidcs[0].issuer}
exampleRole:
type: aws:iam:Role
name: example
properties:
assumeRolePolicy: ${exampleAssumeRolePolicy.json}
name: example-vpc-cni-role
exampleRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
name: example
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
role: ${exampleRole.name}
variables:
example:
fn::invoke:
Function: tls:getCertificate
Arguments:
url: ${exampleCluster.identities[0].oidcs[0].issuer}
exampleAssumeRolePolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRoleWithWebIdentity
effect: Allow
conditions:
- test: StringEquals
variable:
fn::join:
-
- - fn::invoke:
Function: std:replace
Arguments:
text: ${exampleOpenIdConnectProvider.url}
search: https://
replace:
Return: result
- :sub
values:
- system:serviceaccount:kube-system:aws-node
principals:
- identifiers:
- ${exampleOpenIdConnectProvider.arn}
type: FederatedContent copied to clipboard
Import
Using pulumi import, import EKS add-on using the cluster_name and addon_name separated by a colon (:). For example:
$ pulumi import aws:eks/addon:Addon my_eks_addon my_cluster_name:my_addon_nameContent copied to clipboard
Constructors
Link copied to clipboard
constructor(addonName: Output<String>? = null, addonVersion: Output<String>? = null, clusterName: Output<String>? = null, configurationValues: Output<String>? = null, preserve: Output<Boolean>? = null, resolveConflicts: Output<String>? = null, resolveConflictsOnCreate: Output<String>? = null, resolveConflictsOnUpdate: Output<String>? = null, serviceAccountRoleArn: Output<String>? = null, tags: Output<Map<String, String>>? = null)
Properties
Link copied to clipboard
Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
Link copied to clipboard
The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
Link copied to clipboard
Name of the EKS Cluster. The following arguments are optional:
Link copied to clipboard
custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
Link copied to clipboard
Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are NONE, OVERWRITE and PRESERVE. Note that PRESERVE is only valid on addon update, not for initial addon creation. If you need to set this to PRESERVE, use the resolve_conflicts_on_create and resolve_conflicts_on_update attributes instead. For more details check UpdateAddon API Docs.
Link copied to clipboard
How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are NONE and OVERWRITE. For more details see the CreateAddon API Docs.
Link copied to clipboard
How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are NONE, OVERWRITE, and PRESERVE. For more details see the UpdateAddon API Docs.
Link copied to clipboard
The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.