aws.eks.Addon
Explore with Pulumi AI
Manages an EKS add-on.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.eks.Addon("example", {
clusterName: exampleAwsEksCluster.name,
addonName: "vpc-cni",
});
import pulumi
import pulumi_aws as aws
example = aws.eks.Addon("example",
cluster_name=example_aws_eks_cluster["name"],
addon_name="vpc-cni")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := eks.NewAddon(ctx, "example", &eks.AddonArgs{
ClusterName: pulumi.Any(exampleAwsEksCluster.Name),
AddonName: pulumi.String("vpc-cni"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Eks.Addon("example", new()
{
ClusterName = exampleAwsEksCluster.Name,
AddonName = "vpc-cni",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Addon;
import com.pulumi.aws.eks.AddonArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Addon("example", AddonArgs.builder()
.clusterName(exampleAwsEksCluster.name())
.addonName("vpc-cni")
.build());
}
}
resources:
example:
type: aws:eks:Addon
properties:
clusterName: ${exampleAwsEksCluster.name}
addonName: vpc-cni
Example Update add-on usage with resolve_conflicts_on_update and PRESERVE
resolve_conflicts_on_update
with PRESERVE
can be used to retain the config changes applied to the add-on with kubectl while upgrading to a newer version of the add-on.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.eks.Addon("example", {
clusterName: exampleAwsEksCluster.name,
addonName: "coredns",
addonVersion: "v1.10.1-eksbuild.1",
resolveConflictsOnUpdate: "PRESERVE",
});
import pulumi
import pulumi_aws as aws
example = aws.eks.Addon("example",
cluster_name=example_aws_eks_cluster["name"],
addon_name="coredns",
addon_version="v1.10.1-eksbuild.1",
resolve_conflicts_on_update="PRESERVE")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := eks.NewAddon(ctx, "example", &eks.AddonArgs{
ClusterName: pulumi.Any(exampleAwsEksCluster.Name),
AddonName: pulumi.String("coredns"),
AddonVersion: pulumi.String("v1.10.1-eksbuild.1"),
ResolveConflictsOnUpdate: pulumi.String("PRESERVE"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Eks.Addon("example", new()
{
ClusterName = exampleAwsEksCluster.Name,
AddonName = "coredns",
AddonVersion = "v1.10.1-eksbuild.1",
ResolveConflictsOnUpdate = "PRESERVE",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Addon;
import com.pulumi.aws.eks.AddonArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Addon("example", AddonArgs.builder()
.clusterName(exampleAwsEksCluster.name())
.addonName("coredns")
.addonVersion("v1.10.1-eksbuild.1")
.resolveConflictsOnUpdate("PRESERVE")
.build());
}
}
resources:
example:
type: aws:eks:Addon
properties:
clusterName: ${exampleAwsEksCluster.name}
addonName: coredns
addonVersion: v1.10.1-eksbuild.1
resolveConflictsOnUpdate: PRESERVE
Example add-on usage with custom configuration_values
Custom add-on configuration can be passed using configuration_values
as a single JSON string while creating or updating the add-on.
Note:
configuration_values
is a single JSON string should match the valid JSON schema for each add-on with specific version.
To find the correct JSON schema for each add-on can be extracted using describe-addon-configuration call.
This below is an example for extracting the configuration_values
schema for coredns
.
aws eks describe-addon-configuration \
--addon-name coredns \
--addon-version v1.10.1-eksbuild.1
Example to create a coredns
managed addon with custom configuration_values
.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.eks.Addon("example", {
clusterName: "mycluster",
addonName: "coredns",
addonVersion: "v1.10.1-eksbuild.1",
resolveConflictsOnCreate: "OVERWRITE",
configurationValues: JSON.stringify({
replicaCount: 4,
resources: {
limits: {
cpu: "100m",
memory: "150Mi",
},
requests: {
cpu: "100m",
memory: "150Mi",
},
},
}),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.eks.Addon("example",
cluster_name="mycluster",
addon_name="coredns",
addon_version="v1.10.1-eksbuild.1",
resolve_conflicts_on_create="OVERWRITE",
configuration_values=json.dumps({
"replicaCount": 4,
"resources": {
"limits": {
"cpu": "100m",
"memory": "150Mi",
},
"requests": {
"cpu": "100m",
"memory": "150Mi",
},
},
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"replicaCount": 4,
"resources": map[string]interface{}{
"limits": map[string]interface{}{
"cpu": "100m",
"memory": "150Mi",
},
"requests": map[string]interface{}{
"cpu": "100m",
"memory": "150Mi",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = eks.NewAddon(ctx, "example", &eks.AddonArgs{
ClusterName: pulumi.String("mycluster"),
AddonName: pulumi.String("coredns"),
AddonVersion: pulumi.String("v1.10.1-eksbuild.1"),
ResolveConflictsOnCreate: pulumi.String("OVERWRITE"),
ConfigurationValues: pulumi.String(json0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Eks.Addon("example", new()
{
ClusterName = "mycluster",
AddonName = "coredns",
AddonVersion = "v1.10.1-eksbuild.1",
ResolveConflictsOnCreate = "OVERWRITE",
ConfigurationValues = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["replicaCount"] = 4,
["resources"] = new Dictionary<string, object?>
{
["limits"] = new Dictionary<string, object?>
{
["cpu"] = "100m",
["memory"] = "150Mi",
},
["requests"] = new Dictionary<string, object?>
{
["cpu"] = "100m",
["memory"] = "150Mi",
},
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Addon;
import com.pulumi.aws.eks.AddonArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Addon("example", AddonArgs.builder()
.clusterName("mycluster")
.addonName("coredns")
.addonVersion("v1.10.1-eksbuild.1")
.resolveConflictsOnCreate("OVERWRITE")
.configurationValues(serializeJson(
jsonObject(
jsonProperty("replicaCount", 4),
jsonProperty("resources", jsonObject(
jsonProperty("limits", jsonObject(
jsonProperty("cpu", "100m"),
jsonProperty("memory", "150Mi")
)),
jsonProperty("requests", jsonObject(
jsonProperty("cpu", "100m"),
jsonProperty("memory", "150Mi")
))
))
)))
.build());
}
}
resources:
example:
type: aws:eks:Addon
properties:
clusterName: mycluster
addonName: coredns
addonVersion: v1.10.1-eksbuild.1
resolveConflictsOnCreate: OVERWRITE
configurationValues:
fn::toJSON:
replicaCount: 4
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 150Mi
Example IAM Role for EKS Addon “vpc-cni” with AWS managed policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
import * as tls from "@pulumi/tls";
const exampleCluster = new aws.eks.Cluster("example", {});
const example = exampleCluster.identities.apply(identities => tls.getCertificateOutput({
url: identities[0].oidcs?.[0]?.issuer,
}));
const exampleOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider("example", {
clientIdLists: ["sts.amazonaws.com"],
thumbprintLists: [example.apply(example => example.certificates?.[0]?.sha1Fingerprint)],
url: exampleCluster.identities.apply(identities => identities[0].oidcs?.[0]?.issuer),
});
const exampleAssumeRolePolicy = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: ["sts:AssumeRoleWithWebIdentity"],
effect: "Allow",
conditions: [{
test: "StringEquals",
variable: std.replaceOutput({
text: exampleOpenIdConnectProvider.url,
search: "https://",
replace: "",
}).apply(invoke => `${invoke.result}:sub`),
values: ["system:serviceaccount:kube-system:aws-node"],
}],
principals: [{
identifiers: [exampleOpenIdConnectProvider.arn],
type: "Federated",
}],
}],
});
const exampleRole = new aws.iam.Role("example", {
assumeRolePolicy: exampleAssumeRolePolicy.apply(exampleAssumeRolePolicy => exampleAssumeRolePolicy.json),
name: "example-vpc-cni-role",
});
const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("example", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
role: exampleRole.name,
});
import pulumi
import pulumi_aws as aws
import pulumi_std as std
import pulumi_tls as tls
example_cluster = aws.eks.Cluster("example")
example = example_cluster.identities.apply(lambda identities: tls.get_certificate_output(url=identities[0].oidcs[0].issuer))
example_open_id_connect_provider = aws.iam.OpenIdConnectProvider("example",
client_id_lists=["sts.amazonaws.com"],
thumbprint_lists=[example.certificates[0].sha1_fingerprint],
url=example_cluster.identities[0].oidcs[0].issuer)
example_assume_role_policy = aws.iam.get_policy_document_output(statements=[{
"actions": ["sts:AssumeRoleWithWebIdentity"],
"effect": "Allow",
"conditions": [{
"test": "StringEquals",
"variable": std.replace_output(text=example_open_id_connect_provider.url,
search="https://",
replace="").apply(lambda invoke: f"{invoke.result}:sub"),
"values": ["system:serviceaccount:kube-system:aws-node"],
}],
"principals": [{
"identifiers": [example_open_id_connect_provider.arn],
"type": "Federated",
}],
}])
example_role = aws.iam.Role("example",
assume_role_policy=example_assume_role_policy.json,
name="example-vpc-cni-role")
example_role_policy_attachment = aws.iam.RolePolicyAttachment("example",
policy_arn="arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
role=example_role.name)
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleCluster, err := eks.NewCluster(ctx, "example", nil)
if err != nil {
return err
}
example := exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (tls.GetCertificateResult, error) {
return tls.GetCertificateResult(interface{}(tls.GetCertificateOutput(ctx, tls.GetCertificateOutputArgs{
Url: identities[0].Oidcs[0].Issuer,
}, nil))), nil
}).(tls.GetCertificateResultOutput)
exampleOpenIdConnectProvider, err := iam.NewOpenIdConnectProvider(ctx, "example", &iam.OpenIdConnectProviderArgs{
ClientIdLists: pulumi.StringArray{
pulumi.String("sts.amazonaws.com"),
},
ThumbprintLists: pulumi.StringArray{
pulumi.String(example.ApplyT(func(example tls.GetCertificateResult) (*string, error) {
return &example.Certificates[0].Sha1Fingerprint, nil
}).(pulumi.StringPtrOutput)),
},
Url: pulumi.String(exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (*string, error) {
return &identities[0].Oidcs[0].Issuer, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
exampleAssumeRolePolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("sts:AssumeRoleWithWebIdentity"),
},
Effect: pulumi.String("Allow"),
Conditions: iam.GetPolicyDocumentStatementConditionArray{
&iam.GetPolicyDocumentStatementConditionArgs{
Test: pulumi.String("StringEquals"),
Variable: std.ReplaceOutput(ctx, std.ReplaceOutputArgs{
Text: exampleOpenIdConnectProvider.Url,
Search: pulumi.String("https://"),
Replace: pulumi.String(""),
}, nil).ApplyT(func(invoke std.ReplaceResult) (string, error) {
return fmt.Sprintf("%v:sub", invoke.Result), nil
}).(pulumi.StringOutput),
Values: pulumi.StringArray{
pulumi.String("system:serviceaccount:kube-system:aws-node"),
},
},
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Identifiers: pulumi.StringArray{
exampleOpenIdConnectProvider.Arn,
},
Type: pulumi.String("Federated"),
},
},
},
},
}, nil)
exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(exampleAssumeRolePolicy.ApplyT(func(exampleAssumeRolePolicy iam.GetPolicyDocumentResult) (*string, error) {
return &exampleAssumeRolePolicy.Json, nil
}).(pulumi.StringPtrOutput)),
Name: pulumi.String("example-vpc-cni-role"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "example", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"),
Role: exampleRole.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var exampleCluster = new Aws.Eks.Cluster("example");
var example = Tls.GetCertificate.Invoke(new()
{
Url = exampleCluster.Identities[0].Oidcs[0]?.Issuer,
});
var exampleOpenIdConnectProvider = new Aws.Iam.OpenIdConnectProvider("example", new()
{
ClientIdLists = new[]
{
"sts.amazonaws.com",
},
ThumbprintLists = new[]
{
example.Apply(getCertificateResult => getCertificateResult.Certificates[0]?.Sha1Fingerprint),
},
Url = exampleCluster.Identities.Apply(identities => identities[0].Oidcs[0]?.Issuer),
});
var exampleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRoleWithWebIdentity",
},
Effect = "Allow",
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = $"{Std.Replace.Invoke(new()
{
Text = exampleOpenIdConnectProvider.Url,
Search = "https://",
Replace = "",
}).Result}:sub",
Values = new[]
{
"system:serviceaccount:kube-system:aws-node",
},
},
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
exampleOpenIdConnectProvider.Arn,
},
Type = "Federated",
},
},
},
},
});
var exampleRole = new Aws.Iam.Role("example", new()
{
AssumeRolePolicy = exampleAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Name = "example-vpc-cni-role",
});
var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("example", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
Role = exampleRole.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.eks.Cluster;
import com.pulumi.tls.TlsFunctions;
import com.pulumi.tls.inputs.GetCertificateArgs;
import com.pulumi.aws.iam.OpenIdConnectProvider;
import com.pulumi.aws.iam.OpenIdConnectProviderArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleCluster = new Cluster("exampleCluster");
final var example = TlsFunctions.getCertificate(GetCertificateArgs.builder()
.url(exampleCluster.identities().applyValue(identities -> identities[0].oidcs()[0].issuer()))
.build());
var exampleOpenIdConnectProvider = new OpenIdConnectProvider("exampleOpenIdConnectProvider", OpenIdConnectProviderArgs.builder()
.clientIdLists("sts.amazonaws.com")
.thumbprintLists(example.applyValue(getCertificateResult -> getCertificateResult).applyValue(example -> example.applyValue(getCertificateResult -> getCertificateResult.certificates()[0].sha1Fingerprint())))
.url(exampleCluster.identities().applyValue(identities -> identities[0].oidcs()[0].issuer()))
.build());
final var exampleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRoleWithWebIdentity")
.effect("Allow")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable(StdFunctions.replace().applyValue(invoke -> String.format("%s:sub", invoke.result())))
.values("system:serviceaccount:kube-system:aws-node")
.build())
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers(exampleOpenIdConnectProvider.arn())
.type("Federated")
.build())
.build())
.build());
var exampleRole = new Role("exampleRole", RoleArgs.builder()
.assumeRolePolicy(exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(exampleAssumeRolePolicy -> exampleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.name("example-vpc-cni-role")
.build());
var exampleRolePolicyAttachment = new RolePolicyAttachment("exampleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy")
.role(exampleRole.name())
.build());
}
}
resources:
exampleCluster:
type: aws:eks:Cluster
name: example
exampleOpenIdConnectProvider:
type: aws:iam:OpenIdConnectProvider
name: example
properties:
clientIdLists:
- sts.amazonaws.com
thumbprintLists:
- ${example.certificates[0].sha1Fingerprint}
url: ${exampleCluster.identities[0].oidcs[0].issuer}
exampleRole:
type: aws:iam:Role
name: example
properties:
assumeRolePolicy: ${exampleAssumeRolePolicy.json}
name: example-vpc-cni-role
exampleRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
name: example
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
role: ${exampleRole.name}
variables:
example:
fn::invoke:
Function: tls:getCertificate
Arguments:
url: ${exampleCluster.identities[0].oidcs[0].issuer}
exampleAssumeRolePolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRoleWithWebIdentity
effect: Allow
conditions:
- test: StringEquals
variable:
fn::join:
-
- - fn::invoke:
Function: std:replace
Arguments:
text: ${exampleOpenIdConnectProvider.url}
search: https://
replace:
Return: result
- :sub
values:
- system:serviceaccount:kube-system:aws-node
principals:
- identifiers:
- ${exampleOpenIdConnectProvider.arn}
type: Federated
Create Addon Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Addon(name: string, args: AddonArgs, opts?: CustomResourceOptions);
@overload
def Addon(resource_name: str,
args: AddonArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Addon(resource_name: str,
opts: Optional[ResourceOptions] = None,
addon_name: Optional[str] = None,
cluster_name: Optional[str] = None,
addon_version: Optional[str] = None,
configuration_values: Optional[str] = None,
pod_identity_associations: Optional[Sequence[AddonPodIdentityAssociationArgs]] = None,
preserve: Optional[bool] = None,
resolve_conflicts: Optional[str] = None,
resolve_conflicts_on_create: Optional[str] = None,
resolve_conflicts_on_update: Optional[str] = None,
service_account_role_arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewAddon(ctx *Context, name string, args AddonArgs, opts ...ResourceOption) (*Addon, error)
public Addon(string name, AddonArgs args, CustomResourceOptions? opts = null)
type: aws:eks:Addon
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AddonArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AddonArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AddonArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AddonArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AddonArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var addonResource = new Aws.Eks.Addon("addonResource", new()
{
AddonName = "string",
ClusterName = "string",
AddonVersion = "string",
ConfigurationValues = "string",
PodIdentityAssociations = new[]
{
new Aws.Eks.Inputs.AddonPodIdentityAssociationArgs
{
RoleArn = "string",
ServiceAccount = "string",
},
},
Preserve = false,
ResolveConflictsOnCreate = "string",
ResolveConflictsOnUpdate = "string",
ServiceAccountRoleArn = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := eks.NewAddon(ctx, "addonResource", &eks.AddonArgs{
AddonName: pulumi.String("string"),
ClusterName: pulumi.String("string"),
AddonVersion: pulumi.String("string"),
ConfigurationValues: pulumi.String("string"),
PodIdentityAssociations: eks.AddonPodIdentityAssociationArray{
&eks.AddonPodIdentityAssociationArgs{
RoleArn: pulumi.String("string"),
ServiceAccount: pulumi.String("string"),
},
},
Preserve: pulumi.Bool(false),
ResolveConflictsOnCreate: pulumi.String("string"),
ResolveConflictsOnUpdate: pulumi.String("string"),
ServiceAccountRoleArn: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var addonResource = new Addon("addonResource", AddonArgs.builder()
.addonName("string")
.clusterName("string")
.addonVersion("string")
.configurationValues("string")
.podIdentityAssociations(AddonPodIdentityAssociationArgs.builder()
.roleArn("string")
.serviceAccount("string")
.build())
.preserve(false)
.resolveConflictsOnCreate("string")
.resolveConflictsOnUpdate("string")
.serviceAccountRoleArn("string")
.tags(Map.of("string", "string"))
.build());
addon_resource = aws.eks.Addon("addonResource",
addon_name="string",
cluster_name="string",
addon_version="string",
configuration_values="string",
pod_identity_associations=[{
"role_arn": "string",
"service_account": "string",
}],
preserve=False,
resolve_conflicts_on_create="string",
resolve_conflicts_on_update="string",
service_account_role_arn="string",
tags={
"string": "string",
})
const addonResource = new aws.eks.Addon("addonResource", {
addonName: "string",
clusterName: "string",
addonVersion: "string",
configurationValues: "string",
podIdentityAssociations: [{
roleArn: "string",
serviceAccount: "string",
}],
preserve: false,
resolveConflictsOnCreate: "string",
resolveConflictsOnUpdate: "string",
serviceAccountRoleArn: "string",
tags: {
string: "string",
},
});
type: aws:eks:Addon
properties:
addonName: string
addonVersion: string
clusterName: string
configurationValues: string
podIdentityAssociations:
- roleArn: string
serviceAccount: string
preserve: false
resolveConflictsOnCreate: string
resolveConflictsOnUpdate: string
serviceAccountRoleArn: string
tags:
string: string
Addon Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Addon resource accepts the following input properties:
- Addon
Name string - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- Cluster
Name string Name of the EKS Cluster.
The following arguments are optional:
- Addon
Version string - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- Configuration
Values string - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- Pod
Identity List<AddonAssociations Pod Identity Association> - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - Preserve bool
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- Resolve
Conflicts string - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - Resolve
Conflicts stringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - Resolve
Conflicts stringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - Service
Account stringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- Addon
Name string - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- Cluster
Name string Name of the EKS Cluster.
The following arguments are optional:
- Addon
Version string - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- Configuration
Values string - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- Pod
Identity []AddonAssociations Pod Identity Association Args - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - Preserve bool
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- Resolve
Conflicts string - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - Resolve
Conflicts stringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - Resolve
Conflicts stringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - Service
Account stringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- addon
Name String - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- cluster
Name String Name of the EKS Cluster.
The following arguments are optional:
- addon
Version String - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- configuration
Values String - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- pod
Identity List<AddonAssociations Pod Identity Association> - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve Boolean
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve
Conflicts String - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve
Conflicts StringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve
Conflicts StringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service
Account StringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- addon
Name string - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- cluster
Name string Name of the EKS Cluster.
The following arguments are optional:
- addon
Version string - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- configuration
Values string - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- pod
Identity AddonAssociations Pod Identity Association[] - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve boolean
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve
Conflicts string - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve
Conflicts stringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve
Conflicts stringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service
Account stringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- addon_
name str - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- cluster_
name str Name of the EKS Cluster.
The following arguments are optional:
- addon_
version str - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- configuration_
values str - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- pod_
identity_ Sequence[Addonassociations Pod Identity Association Args] - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve bool
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve_
conflicts str - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve_
conflicts_ stron_ create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve_
conflicts_ stron_ update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service_
account_ strrole_ arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- addon
Name String - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- cluster
Name String Name of the EKS Cluster.
The following arguments are optional:
- addon
Version String - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- configuration
Values String - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- pod
Identity List<Property Map>Associations - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve Boolean
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve
Conflicts String - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve
Conflicts StringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve
Conflicts StringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service
Account StringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the Addon resource produces the following output properties:
- Arn string
- Amazon Resource Name (ARN) of the EKS add-on.
- Created
At string - Date and time in RFC3339 format that the EKS add-on was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Modified
At string - Date and time in RFC3339 format that the EKS add-on was updated.
- Dictionary<string, string>
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- Arn string
- Amazon Resource Name (ARN) of the EKS add-on.
- Created
At string - Date and time in RFC3339 format that the EKS add-on was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Modified
At string - Date and time in RFC3339 format that the EKS add-on was updated.
- map[string]string
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- arn String
- Amazon Resource Name (ARN) of the EKS add-on.
- created
At String - Date and time in RFC3339 format that the EKS add-on was created.
- id String
- The provider-assigned unique ID for this managed resource.
- modified
At String - Date and time in RFC3339 format that the EKS add-on was updated.
- Map<String,String>
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- arn string
- Amazon Resource Name (ARN) of the EKS add-on.
- created
At string - Date and time in RFC3339 format that the EKS add-on was created.
- id string
- The provider-assigned unique ID for this managed resource.
- modified
At string - Date and time in RFC3339 format that the EKS add-on was updated.
- {[key: string]: string}
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- arn str
- Amazon Resource Name (ARN) of the EKS add-on.
- created_
at str - Date and time in RFC3339 format that the EKS add-on was created.
- id str
- The provider-assigned unique ID for this managed resource.
- modified_
at str - Date and time in RFC3339 format that the EKS add-on was updated.
- Mapping[str, str]
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- arn String
- Amazon Resource Name (ARN) of the EKS add-on.
- created
At String - Date and time in RFC3339 format that the EKS add-on was created.
- id String
- The provider-assigned unique ID for this managed resource.
- modified
At String - Date and time in RFC3339 format that the EKS add-on was updated.
- Map<String>
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
Look up Existing Addon Resource
Get an existing Addon resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AddonState, opts?: CustomResourceOptions): Addon
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addon_name: Optional[str] = None,
addon_version: Optional[str] = None,
arn: Optional[str] = None,
cluster_name: Optional[str] = None,
configuration_values: Optional[str] = None,
created_at: Optional[str] = None,
modified_at: Optional[str] = None,
pod_identity_associations: Optional[Sequence[AddonPodIdentityAssociationArgs]] = None,
preserve: Optional[bool] = None,
resolve_conflicts: Optional[str] = None,
resolve_conflicts_on_create: Optional[str] = None,
resolve_conflicts_on_update: Optional[str] = None,
service_account_role_arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> Addon
func GetAddon(ctx *Context, name string, id IDInput, state *AddonState, opts ...ResourceOption) (*Addon, error)
public static Addon Get(string name, Input<string> id, AddonState? state, CustomResourceOptions? opts = null)
public static Addon get(String name, Output<String> id, AddonState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addon
Name string - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- Addon
Version string - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- Arn string
- Amazon Resource Name (ARN) of the EKS add-on.
- Cluster
Name string Name of the EKS Cluster.
The following arguments are optional:
- Configuration
Values string - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- Created
At string - Date and time in RFC3339 format that the EKS add-on was created.
- Modified
At string - Date and time in RFC3339 format that the EKS add-on was updated.
- Pod
Identity List<AddonAssociations Pod Identity Association> - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - Preserve bool
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- Resolve
Conflicts string - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - Resolve
Conflicts stringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - Resolve
Conflicts stringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - Service
Account stringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- Addon
Name string - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- Addon
Version string - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- Arn string
- Amazon Resource Name (ARN) of the EKS add-on.
- Cluster
Name string Name of the EKS Cluster.
The following arguments are optional:
- Configuration
Values string - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- Created
At string - Date and time in RFC3339 format that the EKS add-on was created.
- Modified
At string - Date and time in RFC3339 format that the EKS add-on was updated.
- Pod
Identity []AddonAssociations Pod Identity Association Args - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - Preserve bool
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- Resolve
Conflicts string - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - Resolve
Conflicts stringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - Resolve
Conflicts stringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - Service
Account stringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- addon
Name String - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- addon
Version String - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- arn String
- Amazon Resource Name (ARN) of the EKS add-on.
- cluster
Name String Name of the EKS Cluster.
The following arguments are optional:
- configuration
Values String - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- created
At String - Date and time in RFC3339 format that the EKS add-on was created.
- modified
At String - Date and time in RFC3339 format that the EKS add-on was updated.
- pod
Identity List<AddonAssociations Pod Identity Association> - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve Boolean
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve
Conflicts String - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve
Conflicts StringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve
Conflicts StringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service
Account StringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- addon
Name string - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- addon
Version string - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- arn string
- Amazon Resource Name (ARN) of the EKS add-on.
- cluster
Name string Name of the EKS Cluster.
The following arguments are optional:
- configuration
Values string - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- created
At string - Date and time in RFC3339 format that the EKS add-on was created.
- modified
At string - Date and time in RFC3339 format that the EKS add-on was updated.
- pod
Identity AddonAssociations Pod Identity Association[] - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve boolean
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve
Conflicts string - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve
Conflicts stringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve
Conflicts stringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service
Account stringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- addon_
name str - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- addon_
version str - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- arn str
- Amazon Resource Name (ARN) of the EKS add-on.
- cluster_
name str Name of the EKS Cluster.
The following arguments are optional:
- configuration_
values str - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- created_
at str - Date and time in RFC3339 format that the EKS add-on was created.
- modified_
at str - Date and time in RFC3339 format that the EKS add-on was updated.
- pod_
identity_ Sequence[Addonassociations Pod Identity Association Args] - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve bool
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve_
conflicts str - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve_
conflicts_ stron_ create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve_
conflicts_ stron_ update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service_
account_ strrole_ arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
- addon
Name String - Name of the EKS add-on. The name must match one of the names returned by describe-addon-versions.
- addon
Version String - The version of the EKS add-on. The version must match one of the versions returned by describe-addon-versions.
- arn String
- Amazon Resource Name (ARN) of the EKS add-on.
- cluster
Name String Name of the EKS Cluster.
The following arguments are optional:
- configuration
Values String - custom configuration values for addons with single JSON string. This JSON string value must match the JSON schema derived from describe-addon-configuration.
- created
At String - Date and time in RFC3339 format that the EKS add-on was created.
- modified
At String - Date and time in RFC3339 format that the EKS add-on was updated.
- pod
Identity List<Property Map>Associations - Configuration block with EKS Pod Identity association settings. See
pod_identity_association
below for details. - preserve Boolean
- Indicates if you want to preserve the created resources when deleting the EKS add-on.
- resolve
Conflicts String - Define how to resolve parameter value conflicts when migrating an existing add-on to an Amazon EKS add-on or when applying version updates to the add-on. Valid values are
NONE
,OVERWRITE
andPRESERVE
. Note thatPRESERVE
is only valid on addon update, not for initial addon creation. If you need to set this toPRESERVE
, use theresolve_conflicts_on_create
andresolve_conflicts_on_update
attributes instead. For more details check UpdateAddon API Docs. - resolve
Conflicts StringOn Create - How to resolve field value conflicts when migrating a self-managed add-on to an Amazon EKS add-on. Valid values are
NONE
andOVERWRITE
. For more details see the CreateAddon API Docs. - resolve
Conflicts StringOn Update - How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Valid values are
NONE
,OVERWRITE
, andPRESERVE
. For more details see the UpdateAddon API Docs. - service
Account StringRole Arn The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
Note: To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- (Optional) Key-value map of resource tags, including those inherited from the provider
default_tags
configuration block.
Supporting Types
AddonPodIdentityAssociation, AddonPodIdentityAssociationArgs
- Role
Arn string - The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
- Service
Account string - The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
- Role
Arn string - The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
- Service
Account string - The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
- role
Arn String - The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
- service
Account String - The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
- role
Arn string - The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
- service
Account string - The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
- role_
arn str - The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
- service_
account str - The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
- role
Arn String - The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
- service
Account String - The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
Import
Using pulumi import
, import EKS add-on using the cluster_name
and addon_name
separated by a colon (:
). For example:
$ pulumi import aws:eks/addon:Addon my_eks_addon my_cluster_name:my_addon_name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.