The access configuration for the cluster.
* @public */ export interface AccessConfigResponse { /** *Specifies whether or not the cluster creator IAM principal was set as a cluster * admin access entry during cluster creation time.
* @public */ bootstrapClusterCreatorAdminPermissions?: boolean | undefined; /** *The current authentication mode of the cluster.
* @public */ authenticationMode?: AuthenticationMode | undefined; } /** *You don't have permissions to perform the requested operation. The IAM principal * making the request must have at least one IAM permissions policy attached that grants * the required permissions. For more information, see Access * management in the IAM User Guide.
* @public */ export declare class AccessDeniedException extends __BaseException { readonly name: "AccessDeniedException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionTypeAn access entry allows an IAM principal (user or role) to access your cluster.
* Access entries can replace the need to maintain the aws-auth
* ConfigMap for authentication. For more information about access entries,
* see Access
* entries in the Amazon EKS User Guide.
The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The ARN of the IAM principal for the access entry. If you ever delete the IAM
* principal with this ARN, the access entry isn't automatically deleted. We recommend
* that you delete the access entry with an ARN for an IAM principal that you delete.
* If you don't delete the access entry and ever recreate the IAM principal, even if it
* has the same ARN, the access entry won't work. This is because even though the ARN
* is the same for the recreated IAM principal, the roleID or
* userID (you can see this with the Security Token Service
* GetCallerIdentity API) is different for the recreated IAM principal
* than it was for the original IAM principal. Even though you don't see the IAM
* principal's roleID or userID for an access entry, Amazon EKS stores
* it with the access entry.
A name that you've specified in a Kubernetes RoleBinding or
* ClusterRoleBinding object so that Kubernetes authorizes the
* principalARN access to cluster objects.
The ARN of the access entry.
* @public */ accessEntryArn?: string | undefined; /** *The Unix epoch timestamp at object creation.
* @public */ createdAt?: Date | undefined; /** *The Unix epoch timestamp for the last modification to the object.
* @public */ modifiedAt?: Date | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe name of a user that can authenticate to your cluster.
The type of the access entry.
* @public */ type?: string | undefined; } /** *An access policy includes permissions that allow Amazon EKS to authorize an
* IAM principal to work with Kubernetes objects on your cluster. The policies are
* managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the
* policies using the API. The permissions for many of the policies are similar to the
* Kubernetes cluster-admin, admin, edit, and
* view cluster roles. For more information about these cluster roles, see
* User-facing roles in the Kubernetes documentation. To view the contents of the
* policies, see Access
* policy permissions in the Amazon EKS User Guide.
The name of the access policy.
* @public */ name?: string | undefined; /** *The ARN of the access policy.
* @public */ arn?: string | undefined; } /** * @public * @enum */ export declare const AccessScopeType: { readonly cluster: "cluster"; readonly namespace: "namespace"; }; /** * @public */ export type AccessScopeType = (typeof AccessScopeType)[keyof typeof AccessScopeType]; /** *The scope of an AccessPolicy that's associated to an
* AccessEntry.
The scope type of an access policy.
* @public */ type?: AccessScopeType | undefined; /** *A Kubernetes namespace that an access policy is scoped to. A value is required
* if you specified namespace for Type.
An issue related to an add-on.
* @public */ export interface AddonIssue { /** *A code that describes the type of issue.
* @public */ code?: AddonIssueCode | undefined; /** *A message that provides details about the issue and what might cause it.
* @public */ message?: string | undefined; /** *The resource IDs of the issue.
* @public */ resourceIds?: string[] | undefined; } /** *The health of the add-on.
* @public */ export interface AddonHealth { /** *An object representing the health issues for an add-on.
* @public */ issues?: AddonIssue[] | undefined; } /** *Information about an Amazon EKS add-on from the Amazon Web Services Marketplace.
* @public */ export interface MarketplaceInformation { /** *The product ID from the Amazon Web Services Marketplace.
* @public */ productId?: string | undefined; /** *The product URL from the Amazon Web Services Marketplace.
* @public */ productUrl?: string | undefined; } /** * @public * @enum */ export declare const AddonStatus: { readonly ACTIVE: "ACTIVE"; readonly CREATE_FAILED: "CREATE_FAILED"; readonly CREATING: "CREATING"; readonly DEGRADED: "DEGRADED"; readonly DELETE_FAILED: "DELETE_FAILED"; readonly DELETING: "DELETING"; readonly UPDATE_FAILED: "UPDATE_FAILED"; readonly UPDATING: "UPDATING"; }; /** * @public */ export type AddonStatus = (typeof AddonStatus)[keyof typeof AddonStatus]; /** *An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the * Amazon EKS User Guide.
* @public */ export interface Addon { /** *The name of the add-on.
* @public */ addonName?: string | undefined; /** *The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The status of the add-on.
* @public */ status?: AddonStatus | undefined; /** *The version of the add-on.
* @public */ addonVersion?: string | undefined; /** *An object that represents the health of the add-on.
* @public */ health?: AddonHealth | undefined; /** *The Amazon Resource Name (ARN) of the add-on.
* @public */ addonArn?: string | undefined; /** *The Unix epoch timestamp at object creation.
* @public */ createdAt?: Date | undefined; /** *The Unix epoch timestamp for the last modification to the object.
* @public */ modifiedAt?: Date | undefined; /** *The Amazon Resource Name (ARN) of the IAM role that's bound to the Kubernetes ServiceAccount
* object that the add-on uses.
Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe publisher of the add-on.
* @public */ publisher?: string | undefined; /** *The owner of the add-on.
* @public */ owner?: string | undefined; /** *Information about an Amazon EKS add-on from the Amazon Web Services Marketplace.
* @public */ marketplaceInformation?: MarketplaceInformation | undefined; /** *The configuration values that you provided.
* @public */ configurationValues?: string | undefined; /** *An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity * association maps a role to a service account in a namespace in the cluster.
*For more information, see Attach an IAM Role to an Amazon EKS add-on * using Pod Identity in the Amazon EKS User Guide.
* @public */ podIdentityAssociations?: string[] | undefined; } /** *The summary information about the Amazon EKS add-on compatibility for the next Kubernetes
* version for an insight check in the UPGRADE_READINESS category.
The name of the Amazon EKS add-on.
* @public */ name?: string | undefined; /** *The list of compatible Amazon EKS add-on versions for the next Kubernetes version.
* @public */ compatibleVersions?: string[] | undefined; } /** *Compatibility information.
* @public */ export interface Compatibility { /** *The supported Kubernetes version of the cluster.
* @public */ clusterVersion?: string | undefined; /** *The supported compute platform.
* @public */ platformVersions?: string[] | undefined; /** *The supported default version.
* @public */ defaultVersion?: boolean | undefined; } /** *Information about an add-on version.
* @public */ export interface AddonVersionInfo { /** *The version of the add-on.
* @public */ addonVersion?: string | undefined; /** *The architectures that the version supports.
* @public */ architecture?: string[] | undefined; /** *Indicates the compute type of the addon version.
* @public */ computeTypes?: string[] | undefined; /** *An object representing the compatibilities of a version.
* @public */ compatibilities?: Compatibility[] | undefined; /** *Whether the add-on requires configuration.
* @public */ requiresConfiguration?: boolean | undefined; /** *Indicates if the Addon requires IAM Permissions to operate, such as networking * permissions.
* @public */ requiresIamPermissions?: boolean | undefined; } /** *Information about an add-on.
* @public */ export interface AddonInfo { /** *The name of the add-on.
* @public */ addonName?: string | undefined; /** *The type of the add-on.
* @public */ type?: string | undefined; /** *An object representing information about available add-on versions and compatible * Kubernetes versions.
* @public */ addonVersions?: AddonVersionInfo[] | undefined; /** *The publisher of the add-on.
* @public */ publisher?: string | undefined; /** *The owner of the add-on.
* @public */ owner?: string | undefined; /** *Information about the add-on from the Amazon Web Services Marketplace.
* @public */ marketplaceInformation?: MarketplaceInformation | undefined; } /** *A type of Pod Identity Association owned by an Amazon EKS Add-on.
*Each EKS Pod Identity Association maps a role to a service account in a namespace in * the cluster.
*For more information, see Attach an IAM Role to an Amazon EKS add-on * using Pod Identity in the Amazon EKS User Guide.
* @public */ export interface AddonPodIdentityAssociations { /** *The name of a Kubernetes Service Account.
* @public */ serviceAccount: string | undefined; /** *The ARN of an IAM Role.
* @public */ roleArn: string | undefined; } /** *Information about how to configure IAM for an Addon.
* @public */ export interface AddonPodIdentityConfiguration { /** *The Kubernetes Service Account name used by the addon.
* @public */ serviceAccount?: string | undefined; /** *A suggested IAM Policy for the addon.
* @public */ recommendedManagedPolicies?: string[] | undefined; } /** * @public * @enum */ export declare const AMITypes: { readonly AL2023_ARM_64_STANDARD: "AL2023_ARM_64_STANDARD"; readonly AL2023_x86_64_NEURON: "AL2023_x86_64_NEURON"; readonly AL2023_x86_64_NVIDIA: "AL2023_x86_64_NVIDIA"; readonly AL2023_x86_64_STANDARD: "AL2023_x86_64_STANDARD"; readonly AL2_ARM_64: "AL2_ARM_64"; readonly AL2_x86_64: "AL2_x86_64"; readonly AL2_x86_64_GPU: "AL2_x86_64_GPU"; readonly BOTTLEROCKET_ARM_64: "BOTTLEROCKET_ARM_64"; readonly BOTTLEROCKET_ARM_64_NVIDIA: "BOTTLEROCKET_ARM_64_NVIDIA"; readonly BOTTLEROCKET_x86_64: "BOTTLEROCKET_x86_64"; readonly BOTTLEROCKET_x86_64_NVIDIA: "BOTTLEROCKET_x86_64_NVIDIA"; readonly CUSTOM: "CUSTOM"; readonly WINDOWS_CORE_2019_x86_64: "WINDOWS_CORE_2019_x86_64"; readonly WINDOWS_CORE_2022_x86_64: "WINDOWS_CORE_2022_x86_64"; readonly WINDOWS_FULL_2019_x86_64: "WINDOWS_FULL_2019_x86_64"; readonly WINDOWS_FULL_2022_x86_64: "WINDOWS_FULL_2022_x86_64"; }; /** * @public */ export type AMITypes = (typeof AMITypes)[keyof typeof AMITypes]; /** * @public */ export interface AssociateAccessPolicyRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The Amazon Resource Name (ARN) of the IAM user or role for the AccessEntry that you're
* associating the access policy to.
The ARN of the AccessPolicy that you're associating. For a list of
* ARNs, use ListAccessPolicies.
The scope for the AccessPolicy. You can scope access policies to an
* entire cluster or to specific Kubernetes namespaces.
An access policy association.
* @public */ export interface AssociatedAccessPolicy { /** *The ARN of the AccessPolicy.
The scope of the access policy.
* @public */ accessScope?: AccessScope | undefined; /** *The date and time the AccessPolicy was associated with an
* AccessEntry.
The Unix epoch timestamp for the last modification to the object.
* @public */ modifiedAt?: Date | undefined; } /** * @public */ export interface AssociateAccessPolicyResponse { /** *The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
The AccessPolicy and scope associated to the
* AccessEntry.
The specified parameter is invalid. Review the available parameters for the API * request.
* @public */ export declare class InvalidParameterException extends __BaseException { readonly name: "InvalidParameterException"; readonly $fault: "client"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The Fargate profile associated with the exception.
* @public */ fargateProfileName?: string | undefined; /** *The specified parameter for the add-on name is invalid. Review the available * parameters for the API request
* @public */ addonName?: string | undefined; /** *The Amazon EKS subscription ID with the exception.
* @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe request is invalid given the state of the cluster. Check the state of the cluster * and the associated operations.
* @public */ export declare class InvalidRequestException extends __BaseException { readonly name: "InvalidRequestException"; readonly $fault: "client"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The request is invalid given the state of the add-on name. Check the state of the * cluster and the associated operations.
* @public */ addonName?: string | undefined; /** *The Amazon EKS subscription ID with the exception.
* @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe specified resource could not be found. You can view your available clusters with
* ListClusters. You can view your available managed node groups with
* ListNodegroups. Amazon EKS clusters and node groups are Amazon Web Services Region
* specific.
The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The Fargate profile associated with the exception.
* @public */ fargateProfileName?: string | undefined; /** *The Amazon EKS add-on name associated with the exception.
* @public */ addonName?: string | undefined; /** *The Amazon EKS subscription ID with the exception.
* @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeThese errors are usually caused by a server-side issue.
* @public */ export declare class ServerException extends __BaseException { readonly name: "ServerException"; readonly $fault: "server"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The Amazon EKS add-on name associated with the exception.
* @public */ addonName?: string | undefined; /** *The Amazon EKS subscription ID with the exception.
* @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeIdentifies the Key Management Service (KMS) key used to encrypt the secrets.
* @public */ export interface Provider { /** *Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric and created in * the same Amazon Web Services Region as the cluster. If the KMS key was created in a different * account, the IAM principal must have access to the KMS key. For more information, * see Allowing * users in other accounts to use a KMS key in the Key Management Service * Developer Guide.
* @public */ keyArn?: string | undefined; } /** *The encryption configuration for the cluster.
* @public */ export interface EncryptionConfig { /** *Specifies the resources to be encrypted. The only supported value is
* secrets.
Key Management Service (KMS) key. Either the ARN or the alias can be used.
* @public */ provider?: Provider | undefined; } /** * @public */ export interface AssociateEncryptionConfigRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The configuration you are using for encryption.
* @public */ encryptionConfig: EncryptionConfig[] | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public * @enum */ export declare const ErrorCode: { readonly ACCESS_DENIED: "AccessDenied"; readonly ADMISSION_REQUEST_DENIED: "AdmissionRequestDenied"; readonly CLUSTER_UNREACHABLE: "ClusterUnreachable"; readonly CONFIGURATION_CONFLICT: "ConfigurationConflict"; readonly ENI_LIMIT_REACHED: "EniLimitReached"; readonly INSUFFICIENT_FREE_ADDRESSES: "InsufficientFreeAddresses"; readonly INSUFFICIENT_NUMBER_OF_REPLICAS: "InsufficientNumberOfReplicas"; readonly IP_NOT_AVAILABLE: "IpNotAvailable"; readonly K8S_RESOURCE_NOT_FOUND: "K8sResourceNotFound"; readonly NODE_CREATION_FAILURE: "NodeCreationFailure"; readonly OPERATION_NOT_PERMITTED: "OperationNotPermitted"; readonly POD_EVICTION_FAILURE: "PodEvictionFailure"; readonly SECURITY_GROUP_NOT_FOUND: "SecurityGroupNotFound"; readonly SUBNET_NOT_FOUND: "SubnetNotFound"; readonly UNKNOWN: "Unknown"; readonly UNSUPPORTED_ADDON_MODIFICATION: "UnsupportedAddonModification"; readonly VPC_ID_NOT_FOUND: "VpcIdNotFound"; }; /** * @public */ export type ErrorCode = (typeof ErrorCode)[keyof typeof ErrorCode]; /** *An object representing an error when an asynchronous operation fails.
* @public */ export interface ErrorDetail { /** *A brief description of the error.
** SubnetNotFound: We couldn't find one of the * subnets associated with the cluster.
** SecurityGroupNotFound: We couldn't find one * of the security groups associated with the cluster.
** EniLimitReached: You have reached the elastic * network interface limit for your account.
** IpNotAvailable: A subnet associated with the * cluster doesn't have any available IP addresses.
** AccessDenied: You don't have permissions to * perform the specified operation.
** OperationNotPermitted: The service role * associated with the cluster doesn't have the required access permissions for * Amazon EKS.
** VpcIdNotFound: We couldn't find the VPC * associated with the cluster.
*A more complete description of the error.
* @public */ errorMessage?: string | undefined; /** *An optional field that contains the resource IDs associated with the error.
* @public */ resourceIds?: string[] | undefined; } /** * @public * @enum */ export declare const UpdateParamType: { readonly ADDON_VERSION: "AddonVersion"; readonly AUTHENTICATION_MODE: "AuthenticationMode"; readonly CLUSTER_LOGGING: "ClusterLogging"; readonly COMPUTE_CONFIG: "ComputeConfig"; readonly CONFIGURATION_VALUES: "ConfigurationValues"; readonly DESIRED_SIZE: "DesiredSize"; readonly ENCRYPTION_CONFIG: "EncryptionConfig"; readonly ENDPOINT_PRIVATE_ACCESS: "EndpointPrivateAccess"; readonly ENDPOINT_PUBLIC_ACCESS: "EndpointPublicAccess"; readonly IDENTITY_PROVIDER_CONFIG: "IdentityProviderConfig"; readonly KUBERNETES_NETWORK_CONFIG: "KubernetesNetworkConfig"; readonly LABELS_TO_ADD: "LabelsToAdd"; readonly LABELS_TO_REMOVE: "LabelsToRemove"; readonly LAUNCH_TEMPLATE_NAME: "LaunchTemplateName"; readonly LAUNCH_TEMPLATE_VERSION: "LaunchTemplateVersion"; readonly MAX_SIZE: "MaxSize"; readonly MAX_UNAVAILABLE: "MaxUnavailable"; readonly MAX_UNAVAILABLE_PERCENTAGE: "MaxUnavailablePercentage"; readonly MIN_SIZE: "MinSize"; readonly NODE_REPAIR_ENABLED: "NodeRepairEnabled"; readonly PLATFORM_VERSION: "PlatformVersion"; readonly POD_IDENTITY_ASSOCIATIONS: "PodIdentityAssociations"; readonly PUBLIC_ACCESS_CIDRS: "PublicAccessCidrs"; readonly RELEASE_VERSION: "ReleaseVersion"; readonly RESOLVE_CONFLICTS: "ResolveConflicts"; readonly SECURITY_GROUPS: "SecurityGroups"; readonly SERVICE_ACCOUNT_ROLE_ARN: "ServiceAccountRoleArn"; readonly STORAGE_CONFIG: "StorageConfig"; readonly SUBNETS: "Subnets"; readonly TAINTS_TO_ADD: "TaintsToAdd"; readonly TAINTS_TO_REMOVE: "TaintsToRemove"; readonly UPDATE_STRATEGY: "UpdateStrategy"; readonly UPGRADE_POLICY: "UpgradePolicy"; readonly VERSION: "Version"; readonly ZONAL_SHIFT_CONFIG: "ZonalShiftConfig"; }; /** * @public */ export type UpdateParamType = (typeof UpdateParamType)[keyof typeof UpdateParamType]; /** *An object representing the details of an update request.
* @public */ export interface UpdateParam { /** *The keys associated with an update request.
* @public */ type?: UpdateParamType | undefined; /** *The value of the keys submitted as part of an update request.
* @public */ value?: string | undefined; } /** * @public * @enum */ export declare const UpdateStatus: { readonly CANCELLED: "Cancelled"; readonly FAILED: "Failed"; readonly IN_PROGRESS: "InProgress"; readonly SUCCESSFUL: "Successful"; }; /** * @public */ export type UpdateStatus = (typeof UpdateStatus)[keyof typeof UpdateStatus]; /** * @public * @enum */ export declare const UpdateType: { readonly ACCESS_CONFIG_UPDATE: "AccessConfigUpdate"; readonly ADDON_UPDATE: "AddonUpdate"; readonly ASSOCIATE_ENCRYPTION_CONFIG: "AssociateEncryptionConfig"; readonly ASSOCIATE_IDENTITY_PROVIDER_CONFIG: "AssociateIdentityProviderConfig"; readonly AUTO_MODE_UPDATE: "AutoModeUpdate"; readonly CONFIG_UPDATE: "ConfigUpdate"; readonly DISASSOCIATE_IDENTITY_PROVIDER_CONFIG: "DisassociateIdentityProviderConfig"; readonly ENDPOINT_ACCESS_UPDATE: "EndpointAccessUpdate"; readonly LOGGING_UPDATE: "LoggingUpdate"; readonly UPGRADE_POLICY_UPDATE: "UpgradePolicyUpdate"; readonly VERSION_UPDATE: "VersionUpdate"; readonly VPC_CONFIG_UPDATE: "VpcConfigUpdate"; readonly ZONAL_SHIFT_CONFIG_UPDATE: "ZonalShiftConfigUpdate"; }; /** * @public */ export type UpdateType = (typeof UpdateType)[keyof typeof UpdateType]; /** *An object representing an asynchronous update.
* @public */ export interface Update { /** *A UUID that is used to track the update.
* @public */ id?: string | undefined; /** *The current status of the update.
* @public */ status?: UpdateStatus | undefined; /** *The type of the update.
* @public */ type?: UpdateType | undefined; /** *A key-value map that contains the parameters associated with the update.
* @public */ params?: UpdateParam[] | undefined; /** *The Unix epoch timestamp at object creation.
* @public */ createdAt?: Date | undefined; /** *Any errors associated with a Failed update.
An object representing an asynchronous update.
* @public */ update?: Update | undefined; } /** *These errors are usually caused by a client action. Actions can include using an * action or resource on behalf of an IAM principal that doesn't have permissions to use * the action or resource or specifying an identifier that is not valid.
* @public */ export declare class ClientException extends __BaseException { readonly name: "ClientException"; readonly $fault: "client"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The Amazon EKS add-on name associated with the exception.
* @public */ addonName?: string | undefined; /** *The Amazon EKS subscription ID with the exception.
* @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe specified resource is in use.
* @public */ export declare class ResourceInUseException extends __BaseException { readonly name: "ResourceInUseException"; readonly $fault: "client"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The specified add-on name is in use.
* @public */ addonName?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeAn object representing an OpenID Connect (OIDC) configuration. Before associating an * OIDC identity provider to your cluster, review the considerations in Authenticating * users for your cluster from an OIDC identity provider in the * Amazon EKS User Guide.
* @public */ export interface OidcIdentityProviderConfigRequest { /** *The name of the OIDC provider configuration.
* @public */ identityProviderConfigName: string | undefined; /** *The URL of the OIDC identity provider that allows the API server to discover public
* signing keys for verifying tokens. The URL must begin with https:// and
* should correspond to the iss claim in the provider's OIDC ID tokens.
* Based on the OIDC standard, path components are allowed but query parameters are not.
* Typically the URL consists of only a hostname, like
* https://server.example.org or https://example.com. This
* URL should point to the level below .well-known/openid-configuration and
* must be publicly accessible over the internet.
This is also known as audience. The ID for the client application * that makes authentication requests to the OIDC identity provider.
* @public */ clientId: string | undefined; /** *The JSON Web Token (JWT) claim to use as the username. The default is
* sub, which is expected to be a unique identifier of the end user. You can
* choose other claims, such as email or name, depending on the
* OIDC identity provider. Claims other than email are prefixed with the
* issuer URL to prevent naming clashes with other plug-ins.
The prefix that is prepended to username claims to prevent clashes with existing
* names. If you do not provide this field, and username is a value other than
* email, the prefix defaults to issuerurl#. You can use the
* value - to disable all prefixing.
The JWT claim that the provider uses to return your groups.
* @public */ groupsClaim?: string | undefined; /** *The prefix that is prepended to group claims to prevent clashes with existing names
* (such as system: groups). For example, the value oidc: will
* create group names like oidc:engineering and
* oidc:infra.
The key value pairs that describe required claims in the identity token. If set, each * claim is verified to be present in the token with a matching value. For the maximum * number of claims that you can require, see Amazon EKS service quotas in the * Amazon EKS User Guide.
* @public */ requiredClaims?: RecordThe name of your cluster.
* @public */ clusterName: string | undefined; /** *An object representing an OpenID Connect (OIDC) identity provider configuration.
* @public */ oidc: OidcIdentityProviderConfigRequest | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordA unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface AssociateIdentityProviderConfigResponse { /** *An object representing an asynchronous update.
* @public */ update?: Update | undefined; /** *The tags for the resource.
* @public */ tags?: RecordAn Auto Scaling group that is associated with an Amazon EKS managed node group.
* @public */ export interface AutoScalingGroup { /** *The name of the Auto Scaling group associated with an Amazon EKS managed node group.
* @public */ name?: string | undefined; } /** * @public */ export interface CreateAccessEntryRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of the IAM principal for the AccessEntry. You can specify one ARN for each access entry. You can't specify the
* same ARN in more than one access entry. This value can't be changed after access entry
* creation.
The valid principals differ depending on the type of the access entry in the
* type field. For STANDARD access entries, you can use every
* IAM principal type. For nodes (EC2 (for EKS Auto Mode),
* EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX, and
* HYBRID_LINUX), the only valid ARN is IAM roles.
*
* You can't use the STS session principal type with access entries because this is a
* temporary principal for each session and not a permanent identity that can be assigned
* permissions.
* IAM best * practices recommend using IAM roles with temporary credentials, rather * than IAM users with long-term credentials.
* @public */ principalArn: string | undefined; /** *The value for name that you've specified for kind: Group as
* a subject in a Kubernetes RoleBinding or
* ClusterRoleBinding object. Amazon EKS doesn't confirm that the value for
* name exists in any bindings on your cluster. You can specify one or
* more names.
Kubernetes authorizes the principalArn of the access entry to access any
* cluster objects that you've specified in a Kubernetes Role or
* ClusterRole object that is also specified in a binding's
* roleRef. For more information about creating Kubernetes
* RoleBinding, ClusterRoleBinding, Role, or
* ClusterRole objects, see Using RBAC
* Authorization in the Kubernetes documentation.
If you want Amazon EKS to authorize the principalArn (instead of, or in
* addition to Kubernetes authorizing the principalArn), you can associate one or
* more access policies to the access entry using AssociateAccessPolicy. If
* you associate any access policies, the principalARN has all permissions
* assigned in the associated access policies and all permissions in any Kubernetes
* Role or ClusterRole objects that the group names are bound
* to.
Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordA unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *The username to authenticate to Kubernetes with. We recommend not specifying a username and * letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies * for you, or constraints before specifying your own username, see Creating * access entries in the Amazon EKS User Guide.
* @public */ username?: string | undefined; /** *The type of the new access entry. Valid values are STANDARD,
* FARGATE_LINUX, EC2_LINUX, EC2_WINDOWS,
* EC2 (for EKS Auto Mode), HYBRID_LINUX, and
* HYPERPOD_LINUX.
If the principalArn is for an IAM role that's used for self-managed
* Amazon EC2 nodes, specify EC2_LINUX or EC2_WINDOWS. Amazon EKS grants
* the necessary permissions to the node for you. If the principalArn is for
* any other purpose, specify STANDARD. If you don't specify a value, Amazon EKS
* sets the value to STANDARD. If you have the access mode of the cluster set
* to API_AND_CONFIG_MAP, it's unnecessary to create access entries for IAM
* roles used with Fargate profiles or managed Amazon EC2 nodes, because Amazon EKS creates entries
* in the aws-auth
* ConfigMap for the roles. You can't change this value once you've created
* the access entry.
If you set the value to EC2_LINUX or EC2_WINDOWS, you can't
* specify values for kubernetesGroups, or associate an
* AccessPolicy to the access entry.
An access entry allows an IAM principal (user or role) to access your cluster.
* Access entries can replace the need to maintain the aws-auth
* ConfigMap for authentication. For more information about access entries,
* see Access
* entries in the Amazon EKS User Guide.
You have encountered a service limit on the specified resource.
* @public */ export declare class ResourceLimitExceededException extends __BaseException { readonly name: "ResourceLimitExceededException"; readonly $fault: "client"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The Amazon EKS subscription ID with the exception.
* @public */ subscriptionId?: string | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the add-on. The name must match one of the names returned by
* DescribeAddonVersions.
The version of the add-on. The version must match one of the versions returned by
* DescribeAddonVersions
* .
The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the * permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
*To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for * your cluster. For more information, see Enabling * IAM roles for service accounts on your cluster in the * Amazon EKS User Guide.
*How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based * on the value you choose:
** None – If the self-managed version of * the add-on is installed on your cluster, Amazon EKS doesn't change the value. * Creation of the add-on might fail.
** Overwrite – If the self-managed * version of the add-on is installed on your cluster and the Amazon EKS default value * is different than the existing value, Amazon EKS changes the value to the Amazon EKS * default value.
*
* Preserve – This is similar to the NONE
* option. If the self-managed version of the add-on is installed on your cluster
* Amazon EKS doesn't change the add-on resource properties. Creation of the add-on
* might fail if conflicts are detected. This option works differently during the
* update operation. For more information, see
* UpdateAddon
* .
If you don't currently have the self-managed version of the add-on installed on your * cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, * regardless of the option that you specify.
* @public */ resolveConflicts?: ResolveConflicts | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe set of configuration values for the add-on that's created. The values that you
* provide are validated against the schema returned by
* DescribeAddonConfiguration.
An array of Pod Identity Assocations to be created. Each EKS Pod Identity association * maps a Kubernetes service account to an IAM Role.
*For more information, see Attach an IAM Role to an Amazon EKS add-on * using Pod Identity in the Amazon EKS User Guide.
* @public */ podIdentityAssociations?: AddonPodIdentityAssociations[] | undefined; } /** * @public */ export interface CreateAddonResponse { /** *An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the * Amazon EKS User Guide.
* @public */ addon?: Addon | undefined; } /** *The access configuration information for the cluster.
* @public */ export interface CreateAccessConfigRequest { /** *Specifies whether or not the cluster creator IAM principal was set as a cluster
* admin access entry during cluster creation time. The default value is
* true.
The desired authentication mode for the cluster. If you create a cluster by using the
* EKS API, Amazon Web Services SDKs, or CloudFormation, the default is CONFIG_MAP. If you create
* the cluster by using the Amazon Web Services Management Console, the default value is
* API_AND_CONFIG_MAP.
Request to update the configuration of the compute capability of your EKS Auto Mode * cluster. For example, enable the capability. For more information, see EKS Auto Mode * compute capability in the Amazon EKS User Guide.
* @public */ export interface ComputeConfigRequest { /** *Request to enable or disable the compute capability on your EKS Auto Mode cluster. If * the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed * Instances in your Amazon Web Services account.
* @public */ enabled?: boolean | undefined; /** *Configuration for node pools that defines the compute resources for your EKS Auto Mode * cluster. For more information, see EKS Auto Mode Node Pools in the * Amazon EKS User Guide.
* @public */ nodePools?: string[] | undefined; /** *The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto * Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode * is enabled. For more information, see the IAM Reference in the * Amazon EKS User Guide.
* @public */ nodeRoleArn?: string | undefined; } /** *Indicates the current configuration of the load balancing capability on your EKS Auto * Mode cluster. For example, if the capability is enabled or disabled. For more * information, see EKS Auto Mode load balancing capability in the Amazon EKS User Guide.
* @public */ export interface ElasticLoadBalancing { /** *Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. * If the load balancing capability is enabled, EKS Auto Mode will create and delete load * balancers in your Amazon Web Services account.
* @public */ enabled?: boolean | undefined; } /** * @public * @enum */ export declare const IpFamily: { readonly IPV4: "ipv4"; readonly IPV6: "ipv6"; }; /** * @public */ export type IpFamily = (typeof IpFamily)[keyof typeof IpFamily]; /** *The Kubernetes network configuration for the cluster.
* @public */ export interface KubernetesNetworkConfigRequest { /** *Don't specify a value if you select ipv6 for ipFamily. The CIDR block to assign Kubernetes service IP addresses from. If
* you don't specify a block, Kubernetes assigns addresses from either the
* 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend
* that you specify a block that does not overlap with resources in other networks that are
* peered or connected to your VPC. The block must meet the following requirements:
Within one of the following private IP address blocks:
* 10.0.0.0/8, 172.16.0.0/12, or
* 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for * VPC.
*Between /24 and /12.
You can only specify a custom CIDR block when you create a cluster. You can't * change this value after the cluster is created.
*Specify which IP family is used to assign Kubernetes pod and service IP addresses. If you
* don't specify a value, ipv4 is used by default. You can only specify an IP
* family when you create a cluster and can't change this value once the cluster is
* created. If you specify ipv6, the VPC and subnets that you specify for
* cluster creation must have both IPv4 and IPv6 CIDR blocks
* assigned to them. You can't specify ipv6 for clusters in China
* Regions.
You can only specify ipv6 for 1.21 and later clusters that
* use version 1.10.1 or later of the Amazon VPC CNI add-on. If you specify
* ipv6, then ensure that your VPC meets the requirements listed in the
* considerations listed in Assigning IPv6 addresses to pods and
* services in the Amazon EKS User Guide. Kubernetes assigns services IPv6
* addresses from the unique local address range (fc00::/7). You can't specify
* a custom IPv6 CIDR block. Pod addresses are assigned from the subnet's
* IPv6 CIDR.
Request to enable or disable the load balancing capability on your EKS Auto Mode * cluster. For more information, see EKS Auto Mode load balancing capability in the * Amazon EKS User Guide.
* @public */ elasticLoadBalancing?: ElasticLoadBalancing | undefined; } /** * @public * @enum */ export declare const LogType: { readonly API: "api"; readonly AUDIT: "audit"; readonly AUTHENTICATOR: "authenticator"; readonly CONTROLLER_MANAGER: "controllerManager"; readonly SCHEDULER: "scheduler"; }; /** * @public */ export type LogType = (typeof LogType)[keyof typeof LogType]; /** *An object representing the enabled or disabled Kubernetes control plane logs for your * cluster.
* @public */ export interface LogSetup { /** *The available cluster control plane log types.
* @public */ types?: LogType[] | undefined; /** *If a log type is enabled, that log type exports its control plane logs to CloudWatch Logs . If a * log type isn't enabled, that log type doesn't export its control plane logs. Each * individual log type can be enabled or disabled independently.
* @public */ enabled?: boolean | undefined; } /** *An object representing the logging configuration for resources in your cluster.
* @public */ export interface Logging { /** *The cluster control plane logging configuration for your cluster.
* @public */ clusterLogging?: LogSetup[] | undefined; } /** *The placement configuration for all the control plane instances of your local Amazon EKS * cluster on an Amazon Web Services Outpost. For more information, see Capacity * considerations in the Amazon EKS User Guide.
* @public */ export interface ControlPlanePlacementRequest { /** *The name of the placement group for the Kubernetes control plane instances. This setting * can't be changed after cluster creation.
* @public */ groupName?: string | undefined; } /** *The configuration of your local Amazon EKS cluster on an Amazon Web Services Outpost. Before creating a * cluster on an Outpost, review Creating a local * cluster on an Outpost in the Amazon EKS User Guide. This API isn't available for * Amazon EKS clusters on the Amazon Web Services cloud.
* @public */ export interface OutpostConfigRequest { /** *The ARN of the Outpost that you want to use for your local Amazon EKS cluster on * Outposts. Only a single Outpost ARN is supported.
* @public */ outpostArns: string[] | undefined; /** *The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. * Choose an instance type based on the number of nodes that your cluster will have. For * more information, see Capacity * considerations in the Amazon EKS User Guide.
*The instance type that you specify is used for all Kubernetes control plane instances. The * instance type can't be changed after cluster creation. The control plane is not * automatically scaled by Amazon EKS.
** @public */ controlPlaneInstanceType: string | undefined; /** *
An object representing the placement configuration for all the control plane instances * of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see Capacity considerations in the Amazon EKS User Guide.
* @public */ controlPlanePlacement?: ControlPlanePlacementRequest | undefined; } /** *A network CIDR that can contain hybrid nodes.
*These CIDR blocks define the expected IP address range of the hybrid nodes that join * the cluster. These blocks are typically determined by your network administrator.
*Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,
* 10.2.0.0/16).
It must satisfy the following requirements:
*Each block must be within an IPv4 RFC-1918 network range. Minimum
* allowed size is /24, maximum allowed size is /8. Publicly-routable addresses
* aren't supported.
Each block cannot overlap with the range of the VPC CIDR blocks for your EKS * resources, or the block of the Kubernetes service IP range.
*Each block must have a route to the VPC that uses the VPC CIDR blocks, not * public IPs or Elastic IPs. There are many options including Transit Gateway, * Site-to-Site VPN, or Direct Connect.
*Each host must allow outbound connection to the EKS cluster control plane on
* TCP ports 443 and 10250.
Each host must allow inbound connection from the EKS cluster control plane on * TCP port 10250 for logs, exec and port-forward operations.
* Each host must allow TCP and UDP network connectivity to and from other hosts
* that are running CoreDNS on UDP port 53 for service and pod DNS
* names.
A network CIDR that can contain hybrid nodes.
*These CIDR blocks define the expected IP address range of the hybrid nodes that join * the cluster. These blocks are typically determined by your network administrator.
*Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,
* 10.2.0.0/16).
It must satisfy the following requirements:
*Each block must be within an IPv4 RFC-1918 network range. Minimum
* allowed size is /24, maximum allowed size is /8. Publicly-routable addresses
* aren't supported.
Each block cannot overlap with the range of the VPC CIDR blocks for your EKS * resources, or the block of the Kubernetes service IP range.
*Each block must have a route to the VPC that uses the VPC CIDR blocks, not * public IPs or Elastic IPs. There are many options including Transit Gateway, * Site-to-Site VPN, or Direct Connect.
*Each host must allow outbound connection to the EKS cluster control plane on
* TCP ports 443 and 10250.
Each host must allow inbound connection from the EKS cluster control plane on * TCP port 10250 for logs, exec and port-forward operations.
* Each host must allow TCP and UDP network connectivity to and from other hosts
* that are running CoreDNS on UDP port 53 for service and pod DNS
* names.
A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.
*These CIDR blocks are determined by configuring your Container Network Interface (CNI) * plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't * available for on-premises and edge locations.
*Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,
* 10.2.0.0/16).
It must satisfy the following requirements:
*Each block must be within an IPv4 RFC-1918 network range. Minimum
* allowed size is /24, maximum allowed size is /8. Publicly-routable addresses
* aren't supported.
Each block cannot overlap with the range of the VPC CIDR blocks for your EKS * resources, or the block of the Kubernetes service IP range.
*A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.
*These CIDR blocks are determined by configuring your Container Network Interface (CNI) * plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't * available for on-premises and edge locations.
*Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,
* 10.2.0.0/16).
It must satisfy the following requirements:
*Each block must be within an IPv4 RFC-1918 network range. Minimum
* allowed size is /24, maximum allowed size is /8. Publicly-routable addresses
* aren't supported.
Each block cannot overlap with the range of the VPC CIDR blocks for your EKS * resources, or the block of the Kubernetes service IP range.
*The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this * configuration after the cluster is created.
* @public */ export interface RemoteNetworkConfigRequest { /** *The list of network CIDRs that can contain hybrid nodes.
*These CIDR blocks define the expected IP address range of the hybrid nodes that join * the cluster. These blocks are typically determined by your network administrator.
*Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,
* 10.2.0.0/16).
It must satisfy the following requirements:
*Each block must be within an IPv4 RFC-1918 network range. Minimum
* allowed size is /24, maximum allowed size is /8. Publicly-routable addresses
* aren't supported.
Each block cannot overlap with the range of the VPC CIDR blocks for your EKS * resources, or the block of the Kubernetes service IP range.
*Each block must have a route to the VPC that uses the VPC CIDR blocks, not * public IPs or Elastic IPs. There are many options including Transit Gateway, * Site-to-Site VPN, or Direct Connect.
*Each host must allow outbound connection to the EKS cluster control plane on
* TCP ports 443 and 10250.
Each host must allow inbound connection from the EKS cluster control plane on * TCP port 10250 for logs, exec and port-forward operations.
* Each host must allow TCP and UDP network connectivity to and from other hosts
* that are running CoreDNS on UDP port 53 for service and pod DNS
* names.
The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid * nodes.
*These CIDR blocks are determined by configuring your Container Network Interface (CNI) * plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't * available for on-premises and edge locations.
*Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,
* 10.2.0.0/16).
It must satisfy the following requirements:
*Each block must be within an IPv4 RFC-1918 network range. Minimum
* allowed size is /24, maximum allowed size is /8. Publicly-routable addresses
* aren't supported.
Each block cannot overlap with the range of the VPC CIDR blocks for your EKS * resources, or the block of the Kubernetes service IP range.
*An object representing the VPC configuration to use for an Amazon EKS cluster.
* @public */ export interface VpcConfigRequest { /** *Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network * interfaces in these subnets to allow communication between your nodes and the Kubernetes * control plane.
* @public */ subnetIds?: string[] | undefined; /** *Specify one or more security groups for the cross-account elastic network interfaces * that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes * control plane. If you don't specify any security groups, then familiarize yourself with * the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more * information, see Amazon EKS security group * considerations in the * Amazon EKS User Guide * .
* @public */ securityGroupIds?: string[] | undefined; /** *Set this value to false to disable public access to your cluster's Kubernetes
* API server endpoint. If you disable public access, your cluster's Kubernetes API server can
* only receive requests from within the cluster VPC. The default value for this parameter
* is true, which enables public access for your Kubernetes API server. For more
* information, see Amazon EKS cluster endpoint access control in the
*
* Amazon EKS User Guide
* .
Set this value to true to enable private access for your cluster's Kubernetes
* API server endpoint. If you enable private access, Kubernetes API requests from within your
* cluster's VPC use the private VPC endpoint. The default value for this parameter is
* false, which disables private access for your Kubernetes API server. If you
* disable private access and you have nodes or Fargate pods in the cluster, then
* ensure that publicAccessCidrs includes the necessary CIDR blocks for
* communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster
* endpoint access control in the
* Amazon EKS User Guide
* .
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server
* endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that
* you specify is denied. The default value is 0.0.0.0/0. If you've disabled
* private endpoint access, make sure that you specify the necessary CIDR blocks for every
* node and Fargate Pod in the cluster. For more information, see Amazon EKS cluster
* endpoint access control in the
* Amazon EKS User Guide
* .
Indicates the current configuration of the block storage capability on your EKS Auto * Mode cluster. For example, if the capability is enabled or disabled. If the block * storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your * Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the * Amazon EKS User Guide.
* @public */ export interface BlockStorage { /** *Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If * the block storage capability is enabled, EKS Auto Mode will create and delete EBS * volumes in your Amazon Web Services account.
* @public */ enabled?: boolean | undefined; } /** *Request to update the configuration of the storage capability of your EKS Auto Mode * cluster. For example, enable the capability. For more information, see EKS Auto Mode * block storage capability in the Amazon EKS User Guide.
* @public */ export interface StorageConfigRequest { /** *Request to configure EBS Block Storage settings for your EKS Auto Mode cluster.
* @public */ blockStorage?: BlockStorage | undefined; } /** * @public * @enum */ export declare const SupportType: { readonly EXTENDED: "EXTENDED"; readonly STANDARD: "STANDARD"; }; /** * @public */ export type SupportType = (typeof SupportType)[keyof typeof SupportType]; /** *The support policy to use for the cluster. Extended support allows you to remain on
* specific Kubernetes versions for longer. Clusters in extended support have higher costs. The
* default value is EXTENDED. Use STANDARD to disable extended
* support.
* Learn more about EKS Extended Support in the Amazon EKS User Guide. *
* @public */ export interface UpgradePolicyRequest { /** *If the cluster is set to EXTENDED, it will enter extended support at the
* end of standard support. If the cluster is set to STANDARD, it will be
* automatically upgraded at the end of standard support.
* Learn more about EKS Extended Support in the Amazon EKS User Guide. *
* @public */ supportType?: SupportType | undefined; } /** *The configuration for zonal shift for the cluster.
* @public */ export interface ZonalShiftConfigRequest { /** *If zonal shift is enabled, Amazon Web Services configures zonal autoshift for the cluster.
* @public */ enabled?: boolean | undefined; } /** * @public */ export interface CreateClusterRequest { /** *The unique name to give to your cluster. The name can contain only alphanumeric characters (case-sensitive), * hyphens, and underscores. It must start with an alphanumeric character and can't be longer than * 100 characters. The name must be unique within the Amazon Web Services Region and Amazon Web Services account that you're * creating the cluster in.
* @public */ name: string | undefined; /** *The desired Kubernetes version for your cluster. If you don't specify a value here, the * default version available in Amazon EKS is used.
*The default version might not be the latest version available.
*The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane * to make calls to Amazon Web Services API operations on your behalf. For more information, see Amazon EKS Service * IAM Role in the * Amazon EKS User Guide * .
* @public */ roleArn: string | undefined; /** *The VPC configuration that's used by the cluster control plane. Amazon EKS VPC resources * have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC * Considerations and Cluster Security Group Considerations in the * Amazon EKS User Guide. You must specify at least two subnets. You can specify up to five * security groups. However, we recommend that you use a dedicated security group for your * cluster control plane.
* @public */ resourcesVpcConfig: VpcConfigRequest | undefined; /** *The Kubernetes network configuration for the cluster.
* @public */ kubernetesNetworkConfig?: KubernetesNetworkConfigRequest | undefined; /** *Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs . * By default, cluster control plane logs aren't exported to CloudWatch Logs . For more information, * see Amazon EKS * Cluster control plane logs in the * * Amazon EKS User Guide * .
*CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported * control plane logs. For more information, see CloudWatch Pricing.
*A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe encryption configuration for the cluster.
* @public */ encryptionConfig?: EncryptionConfig[] | undefined; /** *An object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services * Outpost. Before creating a local cluster on an Outpost, review Local clusters * for Amazon EKS on Amazon Web Services Outposts in the Amazon EKS User Guide. This object isn't * available for creating Amazon EKS clusters on the Amazon Web Services cloud.
* @public */ outpostConfig?: OutpostConfigRequest | undefined; /** *The access configuration for the cluster.
* @public */ accessConfig?: CreateAccessConfigRequest | undefined; /** *If you set this value to False when creating a cluster, the default
* networking add-ons will not be installed.
The default networking addons include vpc-cni, coredns, and kube-proxy.
*Use this option when you plan to install third-party alternative add-ons or * self-manage the default networking add-ons.
* @public */ bootstrapSelfManagedAddons?: boolean | undefined; /** *New clusters, by default, have extended support enabled. You can disable extended
* support when creating a cluster by setting this value to STANDARD.
Enable or disable ARC zonal shift for the cluster. If zonal shift is enabled, Amazon Web Services * configures zonal autoshift for the cluster.
*Zonal shift is a feature of Amazon Application Recovery Controller (ARC). ARC zonal shift is designed to be a * temporary measure that allows you to move traffic for a resource away from an impaired * AZ until the zonal shift expires or you cancel it. You can extend the zonal shift if * necessary.
*You can start a zonal shift for an Amazon EKS cluster, or you can allow Amazon Web Services to do it for * you by enabling zonal autoshift. This shift updates the flow of * east-to-west network traffic in your cluster to only consider network endpoints for Pods * running on worker nodes in healthy AZs. Additionally, any ALB or NLB handling ingress * traffic for applications in your Amazon EKS cluster will automatically route traffic to * targets in the healthy AZs. For more information about zonal shift in EKS, see Learn about * Amazon Application Recovery Controller (ARC) Zonal Shift in Amazon EKS in the * * Amazon EKS User Guide * .
* @public */ zonalShiftConfig?: ZonalShiftConfigRequest | undefined; /** *The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this * configuration after the cluster is created.
* @public */ remoteNetworkConfig?: RemoteNetworkConfigRequest | undefined; /** *Enable or disable the compute capability of EKS Auto Mode when creating your EKS Auto * Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete * EC2 Managed Instances in your Amazon Web Services account
* @public */ computeConfig?: ComputeConfigRequest | undefined; /** *Enable or disable the block storage capability of EKS Auto Mode when creating your EKS * Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create * and delete EBS volumes in your Amazon Web Services account.
* @public */ storageConfig?: StorageConfigRequest | undefined; } /** *An object representing the certificate-authority-data for your
* cluster.
The Base64-encoded certificate data required to communicate with your cluster. Add
* this to the certificate-authority-data section of the
* kubeconfig file for your cluster.
Indicates the status of the request to update the compute capability of your EKS Auto * Mode cluster.
* @public */ export interface ComputeConfigResponse { /** *Indicates if the compute capability is enabled on your EKS Auto Mode cluster. If the * compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed * Instances in your Amazon Web Services account.
* @public */ enabled?: boolean | undefined; /** *Indicates the current configuration of node pools in your EKS Auto Mode cluster. For * more information, see EKS Auto Mode Node Pools in the Amazon EKS User Guide.
* @public */ nodePools?: string[] | undefined; /** *The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto * Mode cluster.
* @public */ nodeRoleArn?: string | undefined; } /** *The full description of your connected cluster.
* @public */ export interface ConnectorConfigResponse { /** *A unique ID associated with the cluster for registration purposes.
* @public */ activationId?: string | undefined; /** *A unique code associated with the cluster for registration purposes.
* @public */ activationCode?: string | undefined; /** *The expiration time of the connected cluster. The cluster's YAML file must be applied * through the native provider.
* @public */ activationExpiry?: Date | undefined; /** *The cluster's cloud service provider.
* @public */ provider?: string | undefined; /** *The Amazon Resource Name (ARN) of the role to communicate with services from the connected Kubernetes * cluster.
* @public */ roleArn?: string | undefined; } /** * @public * @enum */ export declare const ClusterIssueCode: { readonly ACCESS_DENIED: "AccessDenied"; readonly CLUSTER_UNREACHABLE: "ClusterUnreachable"; readonly CONFIGURATION_CONFLICT: "ConfigurationConflict"; readonly EC2_SECURITY_GROUP_NOT_FOUND: "Ec2SecurityGroupNotFound"; readonly EC2_SERVICE_NOT_SUBSCRIBED: "Ec2ServiceNotSubscribed"; readonly EC2_SUBNET_NOT_FOUND: "Ec2SubnetNotFound"; readonly IAM_ROLE_NOT_FOUND: "IamRoleNotFound"; readonly INSUFFICIENT_FREE_ADDRESSES: "InsufficientFreeAddresses"; readonly INTERNAL_FAILURE: "InternalFailure"; readonly KMS_GRANT_REVOKED: "KmsGrantRevoked"; readonly KMS_KEY_DISABLED: "KmsKeyDisabled"; readonly KMS_KEY_MARKED_FOR_DELETION: "KmsKeyMarkedForDeletion"; readonly KMS_KEY_NOT_FOUND: "KmsKeyNotFound"; readonly OTHER: "Other"; readonly RESOURCE_LIMIT_EXCEEDED: "ResourceLimitExceeded"; readonly RESOURCE_NOT_FOUND: "ResourceNotFound"; readonly STS_REGIONAL_ENDPOINT_DISABLED: "StsRegionalEndpointDisabled"; readonly UNSUPPORTED_VERSION: "UnsupportedVersion"; readonly VPC_NOT_FOUND: "VpcNotFound"; }; /** * @public */ export type ClusterIssueCode = (typeof ClusterIssueCode)[keyof typeof ClusterIssueCode]; /** *An issue with your Amazon EKS cluster.
* @public */ export interface ClusterIssue { /** *The error code of the issue.
* @public */ code?: ClusterIssueCode | undefined; /** *A description of the issue.
* @public */ message?: string | undefined; /** *The resource IDs that the issue relates to.
* @public */ resourceIds?: string[] | undefined; } /** *An object representing the health of your Amazon EKS cluster.
* @public */ export interface ClusterHealth { /** *An object representing the health issues of your Amazon EKS cluster.
* @public */ issues?: ClusterIssue[] | undefined; } /** *An object representing the OpenID Connect * (OIDC) identity provider information for the cluster.
* @public */ export interface OIDC { /** *The issuer URL for the OIDC identity provider.
* @public */ issuer?: string | undefined; } /** *An object representing an identity provider.
* @public */ export interface Identity { /** *An object representing the OpenID Connect * identity provider information.
* @public */ oidc?: OIDC | undefined; } /** *The Kubernetes network configuration for the cluster. The response contains a value for * serviceIpv6Cidr or serviceIpv4Cidr, but not both.
* @public */ export interface KubernetesNetworkConfigResponse { /** *The CIDR block that Kubernetes Pod and Service object IP
* addresses are assigned from. Kubernetes assigns addresses from an IPv4 CIDR
* block assigned to a subnet that the node is in. If you didn't specify a CIDR block when
* you created the cluster, then Kubernetes assigns addresses from either the
* 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. If this was
* specified, then it was specified when the cluster was created and it can't be
* changed.
The CIDR block that Kubernetes pod and service IP addresses are assigned from if you
* created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and
* specified ipv6 for ipFamily when you
* created the cluster. Kubernetes assigns service addresses from the unique local address range
* (fc00::/7) because you can't specify a custom IPv6 CIDR block when you
* create the cluster.
The IP family used to assign Kubernetes Pod and Service objects
* IP addresses. The IP family is always ipv4, unless you have a
* 1.21 or later cluster running version 1.10.1 or later of
* the Amazon VPC CNI plugin for Kubernetes and specified ipv6 when you created the cluster.
*
Indicates the current configuration of the load balancing capability on your EKS Auto * Mode cluster. For example, if the capability is enabled or disabled.
* @public */ elasticLoadBalancing?: ElasticLoadBalancing | undefined; } /** *The placement configuration for all the control plane instances of your local Amazon EKS * cluster on an Amazon Web Services Outpost. For more information, see Capacity considerations in the Amazon EKS User Guide.
* @public */ export interface ControlPlanePlacementResponse { /** *The name of the placement group for the Kubernetes control plane instances.
* @public */ groupName?: string | undefined; } /** *An object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services * Outpost. This API isn't available for Amazon EKS clusters on the Amazon Web Services cloud.
* @public */ export interface OutpostConfigResponse { /** *The ARN of the Outpost that you specified for use with your local Amazon EKS cluster on * Outposts.
* @public */ outpostArns: string[] | undefined; /** *The Amazon EC2 instance type used for the control plane. The instance type is the same for * all control plane instances.
* @public */ controlPlaneInstanceType: string | undefined; /** *An object representing the placement configuration for all the control plane instances * of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see Capacity * considerations in the Amazon EKS User Guide.
* @public */ controlPlanePlacement?: ControlPlanePlacementResponse | undefined; } /** *The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this * configuration after the cluster is created.
* @public */ export interface RemoteNetworkConfigResponse { /** *The list of network CIDRs that can contain hybrid nodes.
* @public */ remoteNodeNetworks?: RemoteNodeNetwork[] | undefined; /** *The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid * nodes.
* @public */ remotePodNetworks?: RemotePodNetwork[] | undefined; } /** *An object representing an Amazon EKS cluster VPC configuration response.
* @public */ export interface VpcConfigResponse { /** *The subnets associated with your cluster.
* @public */ subnetIds?: string[] | undefined; /** *The security groups associated with the cross-account elastic network interfaces that * are used to allow communication between your nodes and the Kubernetes control plane.
* @public */ securityGroupIds?: string[] | undefined; /** *The cluster security group that was created by Amazon EKS for the cluster. Managed node * groups use this security group for control-plane-to-data-plane communication.
* @public */ clusterSecurityGroupId?: string | undefined; /** *The VPC associated with your cluster.
* @public */ vpcId?: string | undefined; /** *Whether the public API server endpoint is enabled.
* @public */ endpointPublicAccess?: boolean | undefined; /** *This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If
* the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from
* within your cluster's VPC use the private VPC endpoint instead of traversing the
* internet. If this value is disabled and you have nodes or Fargate pods in the
* cluster, then ensure that publicAccessCidrs includes the necessary CIDR
* blocks for communication with the nodes or Fargate pods. For more information, see
* Amazon EKS
* cluster endpoint access control in the
*
* Amazon EKS User Guide
* .
The CIDR blocks that are allowed access to your cluster's public Kubernetes API server * endpoint.
* @public */ publicAccessCidrs?: string[] | undefined; } /** * @public * @enum */ export declare const ClusterStatus: { readonly ACTIVE: "ACTIVE"; readonly CREATING: "CREATING"; readonly DELETING: "DELETING"; readonly FAILED: "FAILED"; readonly PENDING: "PENDING"; readonly UPDATING: "UPDATING"; }; /** * @public */ export type ClusterStatus = (typeof ClusterStatus)[keyof typeof ClusterStatus]; /** *Indicates the status of the request to update the block storage capability of your EKS * Auto Mode cluster.
* @public */ export interface StorageConfigResponse { /** *Indicates the current configuration of the block storage capability on your EKS Auto * Mode cluster. For example, if the capability is enabled or disabled.
* @public */ blockStorage?: BlockStorage | undefined; } /** *This value indicates if extended support is enabled or disabled for the * cluster.
** Learn more about EKS Extended Support in the Amazon EKS User Guide. *
* @public */ export interface UpgradePolicyResponse { /** *If the cluster is set to EXTENDED, it will enter extended support at the
* end of standard support. If the cluster is set to STANDARD, it will be
* automatically upgraded at the end of standard support.
* Learn more about EKS Extended Support in the Amazon EKS User Guide. *
* @public */ supportType?: SupportType | undefined; } /** *The status of zonal shift configuration for the cluster
* @public */ export interface ZonalShiftConfigResponse { /** *Whether the zonal shift is enabled.
* @public */ enabled?: boolean | undefined; } /** *An object representing an Amazon EKS cluster.
* @public */ export interface Cluster { /** *The name of your cluster.
* @public */ name?: string | undefined; /** *The Amazon Resource Name (ARN) of the cluster.
* @public */ arn?: string | undefined; /** *The Unix epoch timestamp at object creation.
* @public */ createdAt?: Date | undefined; /** *The Kubernetes server version for the cluster.
* @public */ version?: string | undefined; /** *The endpoint for your Kubernetes API server.
* @public */ endpoint?: string | undefined; /** *The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane * to make calls to Amazon Web Services API operations on your behalf.
* @public */ roleArn?: string | undefined; /** *The VPC configuration used by the cluster control plane. Amazon EKS VPC resources have * specific requirements to work properly with Kubernetes. For more information, see Cluster VPC * considerations and Cluster security group considerations in the * Amazon EKS User Guide.
* @public */ resourcesVpcConfig?: VpcConfigResponse | undefined; /** *The Kubernetes network configuration for the cluster.
* @public */ kubernetesNetworkConfig?: KubernetesNetworkConfigResponse | undefined; /** *The logging configuration for your cluster.
* @public */ logging?: Logging | undefined; /** *The identity provider information for the cluster.
* @public */ identity?: Identity | undefined; /** *The current status of the cluster.
* @public */ status?: ClusterStatus | undefined; /** *The certificate-authority-data for your cluster.
A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *The platform version of your Amazon EKS cluster. For more information about clusters * deployed on the Amazon Web Services Cloud, see Platform * versions in the * Amazon EKS User Guide * . For more information * about local clusters deployed on an Outpost, see Amazon EKS local cluster platform versions in the * * Amazon EKS User Guide * .
* @public */ platformVersion?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe encryption configuration for the cluster.
* @public */ encryptionConfig?: EncryptionConfig[] | undefined; /** *The configuration used to connect to a cluster for registration.
* @public */ connectorConfig?: ConnectorConfigResponse | undefined; /** *The ID of your local Amazon EKS cluster on an Amazon Web Services Outpost. This property isn't available * for an Amazon EKS cluster on the Amazon Web Services cloud.
* @public */ id?: string | undefined; /** *An object representing the health of your Amazon EKS cluster.
* @public */ health?: ClusterHealth | undefined; /** *An object representing the configuration of your local Amazon EKS cluster on an Amazon Web Services * Outpost. This object isn't available for clusters on the Amazon Web Services cloud.
* @public */ outpostConfig?: OutpostConfigResponse | undefined; /** *The access configuration for the cluster.
* @public */ accessConfig?: AccessConfigResponse | undefined; /** *This value indicates if extended support is enabled or disabled for the * cluster.
** Learn more about EKS Extended Support in the Amazon EKS User Guide. *
* @public */ upgradePolicy?: UpgradePolicyResponse | undefined; /** *The configuration for zonal shift for the cluster.
* @public */ zonalShiftConfig?: ZonalShiftConfigResponse | undefined; /** *The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this * configuration after the cluster is created.
* @public */ remoteNetworkConfig?: RemoteNetworkConfigResponse | undefined; /** *Indicates the current configuration of the compute capability on your EKS Auto Mode * cluster. For example, if the capability is enabled or disabled. If the compute * capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in * your Amazon Web Services account. For more information, see EKS Auto Mode compute capability in the * Amazon EKS User Guide.
* @public */ computeConfig?: ComputeConfigResponse | undefined; /** *Indicates the current configuration of the block storage capability on your EKS Auto * Mode cluster. For example, if the capability is enabled or disabled. If the block * storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your * Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the * Amazon EKS User Guide.
* @public */ storageConfig?: StorageConfigResponse | undefined; } /** * @public */ export interface CreateClusterResponse { /** *The full description of your new cluster.
* @public */ cluster?: Cluster | undefined; } /** *The service is unavailable. Back off and retry the operation.
* @public */ export declare class ServiceUnavailableException extends __BaseException { readonly name: "ServiceUnavailableException"; readonly $fault: "server"; /** * @internal */ constructor(opts: __ExceptionOptionTypeAt least one of your specified cluster subnets is in an Availability Zone that does not support * Amazon EKS. The exception output specifies the supported Availability Zones for your account, from which * you can choose subnets for your cluster.
* @public */ export declare class UnsupportedAvailabilityZoneException extends __BaseException { readonly name: "UnsupportedAvailabilityZoneException"; readonly $fault: "client"; /** *The Amazon EKS cluster associated with the exception.
* @public */ clusterName?: string | undefined; /** *The Amazon EKS managed node group associated with the exception.
* @public */ nodegroupName?: string | undefined; /** *The supported Availability Zones for your account. Choose subnets in these Availability Zones for your * cluster.
* @public */ validZones?: string[] | undefined; /** * @internal */ constructor(opts: __ExceptionOptionTypeAn object representing the term duration and term unit type of your subscription. This * determines the term length of your subscription. Valid values are MONTHS for term unit * and 12 or 36 for term duration, indicating a 12 month or 36 month subscription.
* @public */ export interface EksAnywhereSubscriptionTerm { /** *The duration of the subscription term. Valid values are 12 and 36, indicating a 12 * month or 36 month subscription.
* @public */ duration?: number | undefined; /** *The term unit of the subscription. Valid value is MONTHS.
The unique name for your subscription. It must be unique in your Amazon Web Services account in the * Amazon Web Services Region you're creating the subscription in. The name can contain only alphanumeric * characters (case-sensitive), hyphens, and underscores. It must start with an alphabetic * character and can't be longer than 100 characters.
* @public */ name: string | undefined; /** *An object representing the term duration and term unit type of your subscription. This * determines the term length of your subscription. Valid values are MONTHS for term unit * and 12 or 36 for term duration, indicating a 12 month or 36 month subscription. This * value cannot be changed after creating the subscription.
* @public */ term: EksAnywhereSubscriptionTerm | undefined; /** *The number of licenses to purchase with the subscription. Valid values are between 1 * and 100. This value can't be changed after creating the subscription.
* @public */ licenseQuantity?: number | undefined; /** *The license type for all licenses in the subscription. Valid value is CLUSTER. With * the CLUSTER license type, each license covers support for a single EKS Anywhere * cluster.
* @public */ licenseType?: EksAnywhereSubscriptionLicenseType | undefined; /** *A boolean indicating whether the subscription auto renews at the end of the * term.
* @public */ autoRenew?: boolean | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *The metadata for a subscription to assist with categorization and organization. Each * tag consists of a key and an optional value. Subscription tags don't propagate to any * other resources associated with the subscription.
* @public */ tags?: RecordAn EKS Anywhere license associated with a subscription.
* @public */ export interface License { /** *An id associated with an EKS Anywhere subscription license.
* @public */ id?: string | undefined; /** *An optional license token that can be used for extended support verification.
* @public */ token?: string | undefined; } /** *An EKS Anywhere subscription authorizing the customer to support for licensed clusters * and access to EKS Anywhere Curated Packages.
* @public */ export interface EksAnywhereSubscription { /** *UUID identifying a subscription.
* @public */ id?: string | undefined; /** *The Amazon Resource Name (ARN) for the subscription.
* @public */ arn?: string | undefined; /** *The Unix timestamp in seconds for when the subscription was created.
* @public */ createdAt?: Date | undefined; /** *The Unix timestamp in seconds for when the subscription is effective.
* @public */ effectiveDate?: Date | undefined; /** *The Unix timestamp in seconds for when the subscription will expire or auto renew, * depending on the auto renew configuration of the subscription object.
* @public */ expirationDate?: Date | undefined; /** *The number of licenses included in a subscription. Valid values are between 1 and * 100.
* @public */ licenseQuantity?: number | undefined; /** *The type of licenses included in the subscription. Valid value is CLUSTER. With the * CLUSTER license type, each license covers support for a single EKS Anywhere * cluster.
* @public */ licenseType?: EksAnywhereSubscriptionLicenseType | undefined; /** *An EksAnywhereSubscriptionTerm object.
* @public */ term?: EksAnywhereSubscriptionTerm | undefined; /** *The status of a subscription.
* @public */ status?: string | undefined; /** *A boolean indicating whether or not a subscription will auto renew when it * expires.
* @public */ autoRenew?: boolean | undefined; /** *Amazon Web Services License Manager ARN associated with the subscription.
* @public */ licenseArns?: string[] | undefined; /** *Includes all of the claims in the license token necessary to validate the license for * extended support.
* @public */ licenses?: License[] | undefined; /** *The metadata for a subscription to assist with categorization and organization. Each * tag consists of a key and an optional value. Subscription tags do not propagate to any * other resources associated with the subscription.
* @public */ tags?: RecordThe full description of the subscription.
* @public */ subscription?: EksAnywhereSubscription | undefined; } /** *An object representing an Fargate profile selector.
* @public */ export interface FargateProfileSelector { /** *The Kubernetes namespace that the selector should match.
The Kubernetes labels that the selector should match. A pod must contain all of the labels * that are specified in the selector for it to be considered a match.
* @public */ labels?: RecordThe name of the Fargate profile.
* @public */ fargateProfileName: string | undefined; /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The Amazon Resource Name (ARN) of the Pod execution role to use for a Pod
* that matches the selectors in the Fargate profile. The Pod execution role
* allows Fargate infrastructure to register with your cluster as a node, and it provides
* read access to Amazon ECR image repositories. For more information, see
* Pod execution role in the Amazon EKS User Guide.
The IDs of subnets to launch a Pod into. A Pod running on
* Fargate isn't assigned a public IP address, so only private subnets (with no direct
* route to an Internet Gateway) are accepted for this parameter.
The selectors to match for a Pod to use this Fargate profile. Each
* selector must have an associated Kubernetes namespace. Optionally, you can also
* specify labels for a namespace. You may specify up to five
* selectors in a Fargate profile.
A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordAn issue that is associated with the Fargate profile.
* @public */ export interface FargateProfileIssue { /** *A brief description of the error.
* @public */ code?: FargateProfileIssueCode | undefined; /** *The error message associated with the issue.
* @public */ message?: string | undefined; /** *The Amazon Web Services resources that are affected by this issue.
* @public */ resourceIds?: string[] | undefined; } /** *The health status of the Fargate profile. If there are issues with your Fargate * profile's health, they are listed here.
* @public */ export interface FargateProfileHealth { /** *Any issues that are associated with the Fargate profile.
* @public */ issues?: FargateProfileIssue[] | undefined; } /** * @public * @enum */ export declare const FargateProfileStatus: { readonly ACTIVE: "ACTIVE"; readonly CREATE_FAILED: "CREATE_FAILED"; readonly CREATING: "CREATING"; readonly DELETE_FAILED: "DELETE_FAILED"; readonly DELETING: "DELETING"; }; /** * @public */ export type FargateProfileStatus = (typeof FargateProfileStatus)[keyof typeof FargateProfileStatus]; /** *An object representing an Fargate profile.
* @public */ export interface FargateProfile { /** *The name of the Fargate profile.
* @public */ fargateProfileName?: string | undefined; /** *The full Amazon Resource Name (ARN) of the Fargate profile.
* @public */ fargateProfileArn?: string | undefined; /** *The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The Unix epoch timestamp at object creation.
* @public */ createdAt?: Date | undefined; /** *The Amazon Resource Name (ARN) of the Pod execution role to use for any Pod
* that matches the selectors in the Fargate profile. For more information, see
* Pod execution role in the Amazon EKS User Guide.
The IDs of subnets to launch a Pod into.
The selectors to match for a Pod to use this Fargate profile.
The current status of the Fargate profile.
* @public */ status?: FargateProfileStatus | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe health status of the Fargate profile. If there are issues with your Fargate * profile's health, they are listed here.
* @public */ health?: FargateProfileHealth | undefined; } /** * @public */ export interface CreateFargateProfileResponse { /** *The full description of your new Fargate profile.
* @public */ fargateProfile?: FargateProfile | undefined; } /** * @public * @enum */ export declare const CapacityTypes: { readonly CAPACITY_BLOCK: "CAPACITY_BLOCK"; readonly ON_DEMAND: "ON_DEMAND"; readonly SPOT: "SPOT"; }; /** * @public */ export type CapacityTypes = (typeof CapacityTypes)[keyof typeof CapacityTypes]; /** *An object representing a node group launch template specification. The launch template
* can't include
* SubnetId
* ,
* IamInstanceProfile
* ,
* RequestSpotInstances
* ,
* HibernationOptions
* , or
* TerminateInstances
* , or the node group deployment or
* update will fail. For more information about launch templates, see
* CreateLaunchTemplate
* in the Amazon EC2 API Reference.
* For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
You must specify either the launch template ID or the launch template name in the * request, but not both.
* @public */ export interface LaunchTemplateSpecification { /** *The name of the launch template.
*You must specify either the launch template name or the launch template ID in the * request, but not both. After node group creation, you cannot use a different * name.
* @public */ name?: string | undefined; /** *The version number of the launch template to use. If no version is specified, then the * template's default version is used. You can use a different version for node group * updates.
* @public */ version?: string | undefined; /** *The ID of the launch template.
*You must specify either the launch template ID or the launch template name in the * request, but not both. After node group creation, you cannot use a different ID.
* @public */ id?: string | undefined; } /** *The node auto repair configuration for the node group.
* @public */ export interface NodeRepairConfig { /** *Specifies whether to enable node auto repair for the node group. Node auto repair is * disabled by default.
* @public */ enabled?: boolean | undefined; } /** *An object representing the remote access configuration for the managed node * group.
* @public */ export interface RemoteAccessConfig { /** *The Amazon EC2 SSH key name that provides access for SSH communication with the nodes in * the managed node group. For more information, see Amazon EC2 key * pairs and Linux instances in the Amazon Elastic Compute Cloud User Guide for Linux Instances. For Windows, an Amazon EC2 SSH * key is used to obtain the RDP password. For more information, see Amazon EC2 key * pairs and Windows instances in the Amazon Elastic Compute Cloud User Guide for Windows Instances.
* @public */ ec2SshKey?: string | undefined; /** *The security group IDs that are allowed SSH access (port 22) to the nodes. For
* Windows, the port is 3389. If you specify an Amazon EC2 SSH key but don't specify a source
* security group when you create a managed node group, then the port on the nodes is
* opened to the internet (0.0.0.0/0). For more information, see Security
* Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
An object representing the scaling configuration details for the Auto Scaling group that is * associated with your node group. When creating a node group, you must specify all or * none of the properties. When updating a node group, you can specify any or none of the * properties.
* @public */ export interface NodegroupScalingConfig { /** *The minimum number of nodes that the managed node group can scale in to.
* @public */ minSize?: number | undefined; /** *The maximum number of nodes that the managed node group can scale out to. For * information about the maximum number that you can specify, see Amazon EKS service * quotas in the Amazon EKS User Guide.
* @public */ maxSize?: number | undefined; /** *The current number of nodes that the managed node group should maintain.
*If you use the Kubernetes Cluster
* Autoscaler, you shouldn't change the desiredSize value
* directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale
* down.
Whenever this parameter changes, the number of worker nodes in the node group is * updated to the specified size. If this parameter is given a value that is smaller than * the current number of running worker nodes, the necessary number of worker nodes are * terminated to match the given value. * * When using CloudFormation, no action occurs if you remove this parameter from your CFN * template.
*This parameter can be different from minSize in some cases, such as when
* starting with extra hosts for testing. This parameter can also be different when you
* want to start with an estimated number of needed hosts, but let the Cluster Autoscaler
* reduce the number if there are too many. When the Cluster Autoscaler is used, the
* desiredSize parameter is altered by the Cluster Autoscaler (but can be
* out-of-date for short periods of time). the Cluster Autoscaler doesn't scale a managed
* node group lower than minSize or higher than maxSize.
A property that allows a node to repel a Pod. For more information, see
* Node taints on
* managed node groups in the Amazon EKS User Guide.
The key of the taint.
* @public */ key?: string | undefined; /** *The value of the taint.
* @public */ value?: string | undefined; /** *The effect of the taint.
* @public */ effect?: TaintEffect | undefined; } /** * @public * @enum */ export declare const NodegroupUpdateStrategies: { readonly DEFAULT: "DEFAULT"; readonly MINIMAL: "MINIMAL"; }; /** * @public */ export type NodegroupUpdateStrategies = (typeof NodegroupUpdateStrategies)[keyof typeof NodegroupUpdateStrategies]; /** *The node group update configuration. An Amazon EKS managed node group updates by replacing * nodes with new nodes of newer AMI versions in parallel. You choose the maximum * unavailable and the update strategy.
* @public */ export interface NodegroupUpdateConfig { /** *The maximum number of nodes unavailable at once during a version update. Nodes are
* updated in parallel. This value or maxUnavailablePercentage is required to
* have a value.The maximum number is 100.
The maximum percentage of nodes unavailable during a version update. This percentage
* of nodes are updated in parallel, up to 100 nodes at once. This value or
* maxUnavailable is required to have a value.
The configuration for the behavior to follow during a node group version update of
* this managed node group. You choose between two possible strategies for replacing nodes
* during an
* UpdateNodegroupVersion
* action.
An Amazon EKS managed node group updates by replacing nodes with new nodes of newer AMI * versions in parallel. The update strategy changes the managed node * update behavior of the managed node group for each quantity. The * default strategy has guardrails to protect you from * misconfiguration and launches the new instances first, before terminating the old * instances. The minimal strategy removes the guardrails and * terminates the old instances before launching the new instances. This minimal strategy * is useful in scenarios where you are constrained to resources or costs (for example, * with hardware accelerators such as GPUs).
* @public */ updateStrategy?: NodegroupUpdateStrategies | undefined; } /** * @public */ export interface CreateNodegroupRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The unique name to give your node group.
* @public */ nodegroupName: string | undefined; /** *The scaling configuration details for the Auto Scaling group that is created for your * node group.
* @public */ scalingConfig?: NodegroupScalingConfig | undefined; /** *The root device disk size (in GiB) for your node group instances. The default disk
* size is 20 GiB for Linux and Bottlerocket. The default disk size is 50 GiB for Windows.
* If you specify launchTemplate, then don't specify diskSize, or the node group
* deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The subnets to use for the Auto Scaling group that is created for your node group.
* If you specify launchTemplate, then don't specify
* SubnetId
* in your launch template, or the node group deployment
* will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
Specify the instance types for a node group. If you specify a GPU instance type, make
* sure to also specify an applicable GPU AMI type with the amiType parameter.
* If you specify launchTemplate, then you can specify zero or one instance
* type in your launch template or you can specify 0-20 instance types
* for instanceTypes. If however, you specify an instance type in your launch
* template and specify any instanceTypes, the node group
* deployment will fail. If you don't specify an instance type in a launch template or for
* instanceTypes, then t3.medium is used, by default. If you
* specify Spot for capacityType, then we recommend specifying
* multiple values for instanceTypes. For more information, see Managed node group capacity types and Customizing managed nodes with
* launch templates in the Amazon EKS User Guide.
The AMI type for your node group. If you specify launchTemplate, and your launch template uses a custom AMI,
* then don't specify amiType, or the node group deployment
* will fail. If your launch template uses a Windows custom AMI, then add
* eks:kube-proxy-windows to your Windows nodes rolearn in
* the aws-auth
* ConfigMap. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The remote access configuration to use with your node group. For Linux, the protocol
* is SSH. For Windows, the protocol is RDP. If you specify launchTemplate, then don't specify
* remoteAccess, or the node group deployment will fail.
* For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker
* node kubelet daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive
* permissions for these API calls through an IAM instance profile and associated
* policies. Before you can launch nodes and register them into a cluster, you must create
* an IAM role for those nodes to use when they are launched. For more information, see
* Amazon EKS
* node IAM role in the
* Amazon EKS User Guide
* .
* If you specify launchTemplate, then don't specify
* IamInstanceProfile
* in your launch template, or the node group
* deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The Kubernetes labels to apply to the nodes in the node group when they are
* created.
The Kubernetes taints to be applied to the nodes in the node group. For more information, * see Node taints on * managed node groups.
* @public */ taints?: Taint[] | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordA unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *An object representing a node group's launch template specification. When using this
* object, don't directly specify instanceTypes, diskSize, or
* remoteAccess. You cannot later specify a different launch template ID
* or name than what was used to create the node group.
Make sure that the launch template meets the requirements in
* launchTemplateSpecification. Also refer to Customizing managed nodes with
* launch templates in the Amazon EKS User Guide.
The node group update configuration.
* @public */ updateConfig?: NodegroupUpdateConfig | undefined; /** *The node auto repair configuration for the node group.
* @public */ nodeRepairConfig?: NodeRepairConfig | undefined; /** *The capacity type for your node group.
* @public */ capacityType?: CapacityTypes | undefined; /** *The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the
* cluster is used, and this is the only accepted specified value. If you specify launchTemplate,
* and your launch template uses a custom AMI, then don't specify version, or the node group
* deployment will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The AMI version of the Amazon EKS optimized AMI to use with your node group. By default, * the latest available AMI version for the node group's current Kubernetes version is used. For * information about Linux versions, see Amazon EKS * optimized Amazon Linux AMI versions in the Amazon EKS User Guide. Amazon EKS managed node * groups support the November 2022 and later releases of the Windows AMIs. For information * about Windows versions, see Amazon EKS * optimized Windows AMI versions in the Amazon EKS User Guide.
*If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify
* releaseVersion, or the node group deployment will fail.
* For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
An object representing an issue with an Amazon EKS resource.
* @public */ export interface Issue { /** *A brief description of the error.
** AccessDenied: Amazon EKS or one or more of your * managed nodes is failing to authenticate or authorize with your Kubernetes cluster * API server.
** AsgInstanceLaunchFailures: Your Auto Scaling group is * experiencing failures while attempting to launch instances.
** AutoScalingGroupNotFound: We couldn't find * the Auto Scaling group associated with the managed node group. You may be able to * recreate an Auto Scaling group with the same settings to recover.
** ClusterUnreachable: Amazon EKS or one or more of * your managed nodes is unable to to communicate with your Kubernetes cluster API * server. This can happen if there are network disruptions or if API servers are * timing out processing requests.
** Ec2InstanceTypeDoesNotExist: One or more of * the supplied Amazon EC2 instance types do not exist. Amazon EKS checked for the * instance types that you provided in this Amazon Web Services Region, and one or more aren't * available.
** Ec2LaunchTemplateNotFound: We couldn't find * the Amazon EC2 launch template for your managed node group. You may be able to * recreate a launch template with the same settings to recover.
** Ec2LaunchTemplateVersionMismatch: The Amazon EC2 * launch template version for your managed node group does not match the version * that Amazon EKS created. You may be able to revert to the version that Amazon EKS created * to recover.
** Ec2SecurityGroupDeletionFailure: We could not * delete the remote access security group for your managed node group. Remove any * dependencies from the security group.
** Ec2SecurityGroupNotFound: We couldn't find * the cluster security group for the cluster. You must recreate your * cluster.
*
* Ec2SubnetInvalidConfiguration: One or more
* Amazon EC2 subnets specified for a node group do not automatically assign public IP
* addresses to instances launched into it. If you want your instances to be
* assigned a public IP address, then you need to enable the auto-assign
* public IP address setting for the subnet. See Modifying
* the public IPv4 addressing attribute for your subnet in
* the Amazon VPC User Guide.
* IamInstanceProfileNotFound: We couldn't find * the IAM instance profile for your managed node group. You may be able to * recreate an instance profile with the same settings to recover.
** IamNodeRoleNotFound: We couldn't find the * IAM role for your managed node group. You may be able to recreate an IAM * role with the same settings to recover.
** InstanceLimitExceeded: Your Amazon Web Services account is * unable to launch any more instances of the specified instance type. You may be * able to request an Amazon EC2 instance limit increase to recover.
** InsufficientFreeAddresses: One or more of the * subnets associated with your managed node group does not have enough available * IP addresses for new nodes.
** InternalFailure: These errors are usually * caused by an Amazon EKS server-side issue.
** NodeCreationFailure: Your launched instances * are unable to register with your Amazon EKS cluster. Common causes of this failure * are insufficient node IAM role * permissions or lack of outbound internet access for the nodes.
*The error message associated with the issue.
* @public */ message?: string | undefined; /** *The Amazon Web Services resources that are afflicted by this issue.
* @public */ resourceIds?: string[] | undefined; } /** *An object representing the health status of the node group.
* @public */ export interface NodegroupHealth { /** *Any issues that are associated with the node group.
* @public */ issues?: Issue[] | undefined; } /** *An object representing the resources associated with the node group, such as Auto * Scaling groups and security groups for remote access.
* @public */ export interface NodegroupResources { /** *The Auto Scaling groups associated with the node group.
* @public */ autoScalingGroups?: AutoScalingGroup[] | undefined; /** *The remote access security group associated with the node group. This security group * controls SSH access to the nodes.
* @public */ remoteAccessSecurityGroup?: string | undefined; } /** * @public * @enum */ export declare const NodegroupStatus: { readonly ACTIVE: "ACTIVE"; readonly CREATE_FAILED: "CREATE_FAILED"; readonly CREATING: "CREATING"; readonly DEGRADED: "DEGRADED"; readonly DELETE_FAILED: "DELETE_FAILED"; readonly DELETING: "DELETING"; readonly UPDATING: "UPDATING"; }; /** * @public */ export type NodegroupStatus = (typeof NodegroupStatus)[keyof typeof NodegroupStatus]; /** *An object representing an Amazon EKS managed node group.
* @public */ export interface Nodegroup { /** *The name associated with an Amazon EKS managed node group.
* @public */ nodegroupName?: string | undefined; /** *The Amazon Resource Name (ARN) associated with the managed node group.
* @public */ nodegroupArn?: string | undefined; /** *The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The Kubernetes version of the managed node group.
* @public */ version?: string | undefined; /** *If the node group was deployed using a launch template with a custom AMI, then this is * the AMI ID that was specified in the launch template. For node groups that weren't * deployed using a launch template, this is the version of the Amazon EKS optimized AMI that * the node group was deployed with.
* @public */ releaseVersion?: string | undefined; /** *The Unix epoch timestamp at object creation.
* @public */ createdAt?: Date | undefined; /** *The Unix epoch timestamp for the last modification to the object.
* @public */ modifiedAt?: Date | undefined; /** *The current status of the managed node group.
* @public */ status?: NodegroupStatus | undefined; /** *The capacity type of your managed node group.
* @public */ capacityType?: CapacityTypes | undefined; /** *The scaling configuration details for the Auto Scaling group that is associated with * your node group.
* @public */ scalingConfig?: NodegroupScalingConfig | undefined; /** *If the node group wasn't deployed with a launch template, then this is the instance
* type that is associated with the node group. If the node group was deployed with a
* launch template, then this is null.
The subnets that were specified for the Auto Scaling group that is associated with * your node group.
* @public */ subnets?: string[] | undefined; /** *If the node group wasn't deployed with a launch template, then this is the remote
* access configuration that is associated with the node group. If the node group was
* deployed with a launch template, then this is null.
If the node group was deployed using a launch template with a custom AMI, then this is
* CUSTOM. For node groups that weren't deployed using a launch template,
* this is the AMI type that was specified in the node group configuration.
The IAM role associated with your node group. The Amazon EKS node kubelet
* daemon makes calls to Amazon Web Services APIs on your behalf. Nodes receive permissions for these API
* calls through an IAM instance profile and associated policies.
The Kubernetes labels applied to the nodes in the node group.
Only labels that are applied with the Amazon EKS API are shown here. There
* may be other Kubernetes labels applied to the nodes in this group.
The Kubernetes taints to be applied to the nodes in the node group when they are created.
* Effect is one of No_Schedule, Prefer_No_Schedule, or
* No_Execute. Kubernetes taints can be used together with tolerations to
* control how workloads are scheduled to your nodes. For more information, see Node taints on managed node groups.
The resources associated with the node group, such as Auto Scaling groups and security * groups for remote access.
* @public */ resources?: NodegroupResources | undefined; /** *If the node group wasn't deployed with a launch template, then this is the disk size
* in the node group configuration. If the node group was deployed with a launch template,
* then this is null.
The health status of the node group. If there are issues with your node group's * health, they are listed here.
* @public */ health?: NodegroupHealth | undefined; /** *The node group update configuration.
* @public */ updateConfig?: NodegroupUpdateConfig | undefined; /** *The node auto repair configuration for the node group.
* @public */ nodeRepairConfig?: NodeRepairConfig | undefined; /** *If a launch template was used to create the node group, then this is the launch * template that was used.
* @public */ launchTemplate?: LaunchTemplateSpecification | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe full description of your new node group.
* @public */ nodegroup?: Nodegroup | undefined; } /** * @public */ export interface CreatePodIdentityAssociationRequest { /** *The name of the cluster to create the association in.
* @public */ clusterName: string | undefined; /** *The name of the Kubernetes namespace inside the cluster to create the association in. The * service account and the pods that use the service account must be in this * namespace.
* @public */ namespace: string | undefined; /** *The name of the Kubernetes service account inside the cluster to associate the IAM * credentials with.
* @public */ serviceAccount: string | undefined; /** *The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity * agent manages credentials to assume this role for applications in the containers in the * pods that use this service account.
* @public */ roleArn: string | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
*The following basic restrictions apply to tags:
*Maximum number of tags per resource – 50
*For each resource, each tag key must be unique, and each tag key can have only * one value.
*Maximum key length – 128 Unicode characters in UTF-8
*Maximum value length – 256 Unicode characters in UTF-8
*If your tagging schema is used across multiple services and resources, * remember that other services may have restrictions on allowed characters. * Generally allowed characters are: letters, numbers, and spaces representable in * UTF-8, and the following characters: + - = . _ : / @.
*Tag keys and values are case-sensitive.
*Do not use aws:, AWS:, or any upper or lowercase
* combination of such as a prefix for either keys or values as it is reserved for
* Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with
* this prefix do not count against your tags per resource limit.
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
* @public */ export interface PodIdentityAssociation { /** *The name of the cluster that the association is in.
* @public */ clusterName?: string | undefined; /** *The name of the Kubernetes namespace inside the cluster to create the association in. The * service account and the pods that use the service account must be in this * namespace.
* @public */ namespace?: string | undefined; /** *The name of the Kubernetes service account inside the cluster to associate the IAM * credentials with.
* @public */ serviceAccount?: string | undefined; /** *The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity * agent manages credentials to assume this role for applications in the containers in the * pods that use this service account.
* @public */ roleArn?: string | undefined; /** *The Amazon Resource Name (ARN) of the association.
* @public */ associationArn?: string | undefined; /** *The ID of the association.
* @public */ associationId?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
*The following basic restrictions apply to tags:
*Maximum number of tags per resource – 50
*For each resource, each tag key must be unique, and each tag key can have only * one value.
*Maximum key length – 128 Unicode characters in UTF-8
*Maximum value length – 256 Unicode characters in UTF-8
*If your tagging schema is used across multiple services and resources, * remember that other services may have restrictions on allowed characters. * Generally allowed characters are: letters, numbers, and spaces representable in * UTF-8, and the following characters: + - = . _ : / @.
*Tag keys and values are case-sensitive.
*Do not use aws:, AWS:, or any upper or lowercase
* combination of such as a prefix for either keys or values as it is reserved for
* Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with
* this prefix do not count against your tags per resource limit.
The timestamp that the association was created at.
* @public */ createdAt?: Date | undefined; /** *The most recent timestamp that the association was modified at
* @public */ modifiedAt?: Date | undefined; /** *If defined, the Pod Identity Association is owned by an Amazon EKS Addon.
* @public */ ownerArn?: string | undefined; } /** * @public */ export interface CreatePodIdentityAssociationResponse { /** *The full description of your new association.
*The description includes an ID for the association. Use the ID of the association in further * actions to manage the association.
* @public */ association?: PodIdentityAssociation | undefined; } /** * @public */ export interface DeleteAccessEntryRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the add-on. The name must match one of the names returned by
* ListAddons
* .
Specifying this option preserves the add-on software on your cluster but Amazon EKS stops * managing any settings for the add-on. If an IAM account is associated with the add-on, * it isn't removed.
* @public */ preserve?: boolean | undefined; } /** * @public */ export interface DeleteAddonResponse { /** *An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the * Amazon EKS User Guide.
* @public */ addon?: Addon | undefined; } /** * @public */ export interface DeleteClusterRequest { /** *The name of the cluster to delete.
* @public */ name: string | undefined; } /** * @public */ export interface DeleteClusterResponse { /** *The full description of the cluster to delete.
* @public */ cluster?: Cluster | undefined; } /** * @public */ export interface DeleteEksAnywhereSubscriptionRequest { /** *The ID of the subscription.
* @public */ id: string | undefined; } /** * @public */ export interface DeleteEksAnywhereSubscriptionResponse { /** *The full description of the subscription to be deleted.
* @public */ subscription?: EksAnywhereSubscription | undefined; } /** * @public */ export interface DeleteFargateProfileRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the Fargate profile to delete.
* @public */ fargateProfileName: string | undefined; } /** * @public */ export interface DeleteFargateProfileResponse { /** *The deleted Fargate profile.
* @public */ fargateProfile?: FargateProfile | undefined; } /** * @public */ export interface DeleteNodegroupRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the node group to delete.
* @public */ nodegroupName: string | undefined; } /** * @public */ export interface DeleteNodegroupResponse { /** *The full description of your deleted node group.
* @public */ nodegroup?: Nodegroup | undefined; } /** * @public */ export interface DeletePodIdentityAssociationRequest { /** *The cluster name that
* @public */ clusterName: string | undefined; /** *The ID of the association to be deleted.
* @public */ associationId: string | undefined; } /** * @public */ export interface DeletePodIdentityAssociationResponse { /** *The full description of the EKS Pod Identity association that was deleted.
* @public */ association?: PodIdentityAssociation | undefined; } /** * @public */ export interface DeregisterClusterRequest { /** *The name of the connected cluster to deregister.
* @public */ name: string | undefined; } /** * @public */ export interface DeregisterClusterResponse { /** *An object representing an Amazon EKS cluster.
* @public */ cluster?: Cluster | undefined; } /** * @public */ export interface DescribeAccessEntryRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
Information about the access entry.
* @public */ accessEntry?: AccessEntry | undefined; } /** * @public */ export interface DescribeAddonRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the add-on. The name must match one of the names returned by
* ListAddons
* .
An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the * Amazon EKS User Guide.
* @public */ addon?: Addon | undefined; } /** * @public */ export interface DescribeAddonConfigurationRequest { /** *The name of the add-on. The name must match one of the names returned by
* DescribeAddonVersions.
The version of the add-on. The version must match one of the versions returned by
* DescribeAddonVersions
* .
The name of the add-on.
* @public */ addonName?: string | undefined; /** *The version of the add-on. The version must match one of the versions returned by
* DescribeAddonVersions
* .
A JSON schema that's used to validate the configuration values you provide when an * add-on is created or updated.
* @public */ configurationSchema?: string | undefined; /** *The Kubernetes service account name used by the addon, and any suggested IAM policies. * Use this information to create an IAM Role for the Addon.
* @public */ podIdentityConfiguration?: AddonPodIdentityConfiguration[] | undefined; } /** * @public */ export interface DescribeAddonVersionsRequest { /** *The Kubernetes versions that you can use the add-on with.
* @public */ kubernetesVersion?: string | undefined; /** *The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of the add-on. The name must match one of the names returned by
* ListAddons
* .
The type of the add-on. For valid types, don't specify a value for this
* property.
The publisher of the add-on. For valid publishers, don't specify a value
* for this property.
The owner of the add-on. For valid owners, don't specify a value for this
* property.
The list of available versions with Kubernetes version compatibility and other * properties.
* @public */ addons?: AddonInfo[] | undefined; /** *The nextToken value to include in a future
* DescribeAddonVersions request. When the results of a
* DescribeAddonVersions request exceed maxResults, you can
* use this value to retrieve the next page of results. This value is null
* when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of your cluster.
* @public */ name: string | undefined; } /** * @public */ export interface DescribeClusterResponse { /** *The full description of your specified cluster.
* @public */ cluster?: Cluster | undefined; } /** * @public * @enum */ export declare const ClusterVersionStatus: { readonly extended_support: "extended-support"; readonly standard_support: "standard-support"; readonly unsupported: "unsupported"; }; /** * @public */ export type ClusterVersionStatus = (typeof ClusterVersionStatus)[keyof typeof ClusterVersionStatus]; /** * @public * @enum */ export declare const VersionStatus: { readonly EXTENDED_SUPPORT: "EXTENDED_SUPPORT"; readonly STANDARD_SUPPORT: "STANDARD_SUPPORT"; readonly UNSUPPORTED: "UNSUPPORTED"; }; /** * @public */ export type VersionStatus = (typeof VersionStatus)[keyof typeof VersionStatus]; /** * @public */ export interface DescribeClusterVersionsRequest { /** *The type of cluster to filter versions by.
* @public */ clusterType?: string | undefined; /** *Maximum number of results to return.
* @public */ maxResults?: number | undefined; /** *Pagination token for the next set of results.
* @public */ nextToken?: string | undefined; /** *Filter to show only default versions.
* @public */ defaultOnly?: boolean | undefined; /** *Include all available versions in the response.
* @public */ includeAll?: boolean | undefined; /** *List of specific cluster versions to describe.
* @public */ clusterVersions?: string[] | undefined; /** *This field is deprecated. Use versionStatus instead, as that field
* matches for input and output of this action.
Filter versions by their current status.
* * @deprecated * @public */ status?: ClusterVersionStatus | undefined; /** *Filter versions by their current status.
* @public */ versionStatus?: VersionStatus | undefined; } /** *Contains details about a specific EKS cluster version.
* @public */ export interface ClusterVersionInformation { /** *The Kubernetes version for the cluster.
* @public */ clusterVersion?: string | undefined; /** *The type of cluster this version is for.
* @public */ clusterType?: string | undefined; /** *Default platform version for this Kubernetes version.
* @public */ defaultPlatformVersion?: string | undefined; /** *Indicates if this is a default version.
* @public */ defaultVersion?: boolean | undefined; /** *The release date of this cluster version.
* @public */ releaseDate?: Date | undefined; /** *Date when standard support ends for this version.
* @public */ endOfStandardSupportDate?: Date | undefined; /** *Date when extended support ends for this version.
* @public */ endOfExtendedSupportDate?: Date | undefined; /** *This field is deprecated. Use versionStatus instead, as that field
* matches for input and output of this action.
Current status of this cluster version.
* @public */ status?: ClusterVersionStatus | undefined; /** *Current status of this cluster version.
* @public */ versionStatus?: VersionStatus | undefined; /** *The patch version of Kubernetes for this cluster version.
* @public */ kubernetesPatchVersion?: string | undefined; } /** * @public */ export interface DescribeClusterVersionsResponse { /** *Pagination token for the next set of results.
* @public */ nextToken?: string | undefined; /** *List of cluster version information objects.
* @public */ clusterVersions?: ClusterVersionInformation[] | undefined; } /** * @public */ export interface DescribeEksAnywhereSubscriptionRequest { /** *The ID of the subscription.
* @public */ id: string | undefined; } /** * @public */ export interface DescribeEksAnywhereSubscriptionResponse { /** *The full description of the subscription.
* @public */ subscription?: EksAnywhereSubscription | undefined; } /** * @public */ export interface DescribeFargateProfileRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the Fargate profile to describe.
* @public */ fargateProfileName: string | undefined; } /** * @public */ export interface DescribeFargateProfileResponse { /** *The full description of your Fargate profile.
* @public */ fargateProfile?: FargateProfile | undefined; } /** *An object representing an identity provider configuration.
* @public */ export interface IdentityProviderConfig { /** *The type of the identity provider configuration. The only type available is
* oidc.
The name of the identity provider configuration.
* @public */ name: string | undefined; } /** * @public */ export interface DescribeIdentityProviderConfigRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *An object representing an identity provider configuration.
* @public */ identityProviderConfig: IdentityProviderConfig | undefined; } /** * @public * @enum */ export declare const ConfigStatus: { readonly ACTIVE: "ACTIVE"; readonly CREATING: "CREATING"; readonly DELETING: "DELETING"; }; /** * @public */ export type ConfigStatus = (typeof ConfigStatus)[keyof typeof ConfigStatus]; /** *An object representing the configuration for an OpenID Connect (OIDC) identity provider. *
* @public */ export interface OidcIdentityProviderConfig { /** *The name of the configuration.
* @public */ identityProviderConfigName?: string | undefined; /** *The ARN of the configuration.
* @public */ identityProviderConfigArn?: string | undefined; /** *The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The URL of the OIDC identity provider that allows the API server to discover public * signing keys for verifying tokens.
* @public */ issuerUrl?: string | undefined; /** *This is also known as audience. The ID of the client application * that makes authentication requests to the OIDC identity provider.
* @public */ clientId?: string | undefined; /** *The JSON Web token (JWT) claim that is used as the username.
* @public */ usernameClaim?: string | undefined; /** *The prefix that is prepended to username claims to prevent clashes with existing
* names. The prefix can't contain system:
*
The JSON web token (JWT) claim that the provider uses to return your groups.
* @public */ groupsClaim?: string | undefined; /** *The prefix that is prepended to group claims to prevent clashes with existing names
* (such as system: groups). For example, the value oidc: creates
* group names like oidc:engineering and oidc:infra. The prefix
* can't contain system:
*
The key-value pairs that describe required claims in the identity token. If set, each * claim is verified to be present in the token with a matching value.
* @public */ requiredClaims?: RecordMetadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordThe status of the OIDC identity provider.
* @public */ status?: ConfigStatus | undefined; } /** *The full description of your identity configuration.
* @public */ export interface IdentityProviderConfigResponse { /** *An object representing an OpenID Connect (OIDC) identity provider configuration.
* @public */ oidc?: OidcIdentityProviderConfig | undefined; } /** * @public */ export interface DescribeIdentityProviderConfigResponse { /** *The object that represents an OpenID Connect (OIDC) identity provider * configuration.
* @public */ identityProviderConfig?: IdentityProviderConfigResponse | undefined; } /** * @public */ export interface DescribeInsightRequest { /** *The name of the cluster to describe the insight for.
* @public */ clusterName: string | undefined; /** *The identity of the insight to describe.
* @public */ id: string | undefined; } /** * @public * @enum */ export declare const Category: { readonly UPGRADE_READINESS: "UPGRADE_READINESS"; }; /** * @public */ export type Category = (typeof Category)[keyof typeof Category]; /** *Details about clients using the deprecated resources.
* @public */ export interface ClientStat { /** *The user agent of the Kubernetes client using the deprecated resource.
* @public */ userAgent?: string | undefined; /** *The number of requests from the Kubernetes client seen over the last 30 days.
* @public */ numberOfRequestsLast30Days?: number | undefined; /** *The timestamp of the last request seen from the Kubernetes client.
* @public */ lastRequestTime?: Date | undefined; } /** *The summary information about deprecated resource usage for an insight check in the
* UPGRADE_READINESS category.
The deprecated version of the resource.
* @public */ usage?: string | undefined; /** *The newer version of the resource to migrate to if applicable.
* @public */ replacedWith?: string | undefined; /** *The version of the software where the deprecated resource version will stop being * served.
* @public */ stopServingVersion?: string | undefined; /** *The version of the software where the newer resource version became available to * migrate to if applicable.
* @public */ startServingReplacementVersion?: string | undefined; /** *Details about Kubernetes clients using the deprecated resources.
* @public */ clientStats?: ClientStat[] | undefined; } /** *Summary information that relates to the category of the insight. Currently only
* returned with certain insights having category UPGRADE_READINESS.
The summary information about deprecated resource usage for an insight check in the
* UPGRADE_READINESS category.
A list of AddonCompatibilityDetail objects for Amazon EKS add-ons.
The status of the insight.
* @public */ export interface InsightStatus { /** *The status of the resource.
* @public */ status?: InsightStatusValue | undefined; /** *Explanation on the reasoning for the status of the resource.
* @public */ reason?: string | undefined; } /** *Returns information about the resource being evaluated.
* @public */ export interface InsightResourceDetail { /** *An object containing more detail on the status of the insight resource.
* @public */ insightStatus?: InsightStatus | undefined; /** *The Kubernetes resource URI if applicable.
* @public */ kubernetesResourceUri?: string | undefined; /** *The Amazon Resource Name (ARN) if applicable.
* @public */ arn?: string | undefined; } /** *A check that provides recommendations to remedy potential upgrade-impacting * issues.
* @public */ export interface Insight { /** *The ID of the insight.
* @public */ id?: string | undefined; /** *The name of the insight.
* @public */ name?: string | undefined; /** *The category of the insight.
* @public */ category?: Category | undefined; /** *The Kubernetes minor version associated with an insight if applicable.
* @public */ kubernetesVersion?: string | undefined; /** *The time Amazon EKS last successfully completed a refresh of this insight check on the * cluster.
* @public */ lastRefreshTime?: Date | undefined; /** *The time the status of the insight last changed.
* @public */ lastTransitionTime?: Date | undefined; /** *The description of the insight which includes alert criteria, remediation * recommendation, and additional resources (contains Markdown).
* @public */ description?: string | undefined; /** *An object containing more detail on the status of the insight resource.
* @public */ insightStatus?: InsightStatus | undefined; /** *A summary of how to remediate the finding of this insight if applicable.
* @public */ recommendation?: string | undefined; /** *Links to sources that provide additional context on the insight.
* @public */ additionalInfo?: RecordThe details about each resource listed in the insight check result.
* @public */ resources?: InsightResourceDetail[] | undefined; /** *Summary information that relates to the category of the insight. Currently only
* returned with certain insights having category UPGRADE_READINESS.
The full description of the insight.
* @public */ insight?: Insight | undefined; } /** * @public */ export interface DescribeNodegroupRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the node group to describe.
* @public */ nodegroupName: string | undefined; } /** * @public */ export interface DescribeNodegroupResponse { /** *The full description of your node group.
* @public */ nodegroup?: Nodegroup | undefined; } /** * @public */ export interface DescribePodIdentityAssociationRequest { /** *The name of the cluster that the association is in.
* @public */ clusterName: string | undefined; /** *The ID of the association that you want the description of.
* @public */ associationId: string | undefined; } /** * @public */ export interface DescribePodIdentityAssociationResponse { /** *The full description of the EKS Pod Identity association.
* @public */ association?: PodIdentityAssociation | undefined; } /** *Describes an update request.
* @public */ export interface DescribeUpdateRequest { /** *The name of the Amazon EKS cluster associated with the update.
* @public */ name: string | undefined; /** *The ID of the update to describe.
* @public */ updateId: string | undefined; /** *The name of the Amazon EKS node group associated with the update. This parameter is * required if the update is a node group update.
* @public */ nodegroupName?: string | undefined; /** *The name of the add-on. The name must match one of the names returned by
* ListAddons
* . This parameter is required if the update is an add-on update.
The full description of the specified update.
* @public */ update?: Update | undefined; } /** * @public */ export interface DisassociateAccessPolicyRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
The ARN of the policy to disassociate from the access entry. For a list of
* associated policies ARNs, use ListAssociatedAccessPolicies.
The name of your cluster.
* @public */ clusterName: string | undefined; /** *An object representing an identity provider configuration.
* @public */ identityProviderConfig: IdentityProviderConfig | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface DisassociateIdentityProviderConfigResponse { /** *An object representing an asynchronous update.
* @public */ update?: Update | undefined; } /** * @public */ export interface ListAccessEntriesRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of an AccessPolicy. When you specify an access policy ARN,
* only the access entries associated to that access policy are returned. For a list of
* available policy ARNs, use ListAccessPolicies.
The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The list of access entries that exist for the cluster.
* @public */ accessEntries?: string[] | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The list of available access policies. You can't view the contents of an access policy * using the API. To view the contents, see Access * policy permissions in the Amazon EKS User Guide.
* @public */ accessPolicies?: AccessPolicy[] | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of your cluster.
* @public */ clusterName: string | undefined; /** *The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*A list of installed add-ons.
* @public */ addons?: string[] | undefined; /** *The nextToken value to include in a future ListAddons
* request. When the results of a ListAddons request exceed
* maxResults, you can use this value to retrieve the next page of
* results. This value is null when there are no more results to
* return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of your cluster.
* @public */ clusterName?: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The list of access policies associated with the access entry.
* @public */ associatedAccessPolicies?: AssociatedAccessPolicy[] | undefined; } /** * @public */ export interface ListClustersRequest { /** *The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*Indicates whether external clusters are included in the returned list. Use
* 'all' to return https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.htmlconnected clusters, or blank to
* return only Amazon EKS clusters. 'all' must be in lowercase otherwise an error
* occurs.
A list of all of the clusters for your account in the specified Amazon Web Services Region .
* @public */ clusters?: string[] | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The maximum number of cluster results returned by ListEksAnywhereSubscriptions in * paginated output. When you use this parameter, ListEksAnywhereSubscriptions returns only * maxResults results in a single page along with a nextToken response element. You can see * the remaining results of the initial request by sending another * ListEksAnywhereSubscriptions request with the returned nextToken value. This value can * be between 1 and 100. If you don't use this parameter, ListEksAnywhereSubscriptions * returns up to 10 results and a nextToken value if applicable.
* @public */ maxResults?: number | undefined; /** *The nextToken value returned from a previous paginated
* ListEksAnywhereSubscriptions request where maxResults was
* used and the results exceeded the value of that parameter. Pagination continues from the
* end of the previous results that returned the nextToken value.
An array of subscription statuses to filter on.
* @public */ includeStatus?: EksAnywhereSubscriptionStatus[] | undefined; } /** * @public */ export interface ListEksAnywhereSubscriptionsResponse { /** *A list of all subscription objects in the region, filtered by includeStatus and * paginated by nextToken and maxResults.
* @public */ subscriptions?: EksAnywhereSubscription[] | undefined; /** *The nextToken value to include in a future ListEksAnywhereSubscriptions request. When * the results of a ListEksAnywhereSubscriptions request exceed maxResults, you can use * this value to retrieve the next page of results. This value is null when there are no * more results to return.
* @public */ nextToken?: string | undefined; } /** * @public */ export interface ListFargateProfilesRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*A list of all of the Fargate profiles associated with the specified cluster.
* @public */ fargateProfileNames?: string[] | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of your cluster.
* @public */ clusterName: string | undefined; /** *The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The identity provider configurations for the cluster.
* @public */ identityProviderConfigs?: IdentityProviderConfig[] | undefined; /** *The nextToken value to include in a future
* ListIdentityProviderConfigsResponse request. When the results of a
* ListIdentityProviderConfigsResponse request exceed
* maxResults, you can use this value to retrieve the next page of
* results. This value is null when there are no more results to
* return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The criteria to use for the insights.
* @public */ export interface InsightsFilter { /** *The categories to use to filter insights.
* @public */ categories?: Category[] | undefined; /** *The Kubernetes versions to use to filter the insights.
* @public */ kubernetesVersions?: string[] | undefined; /** *The statuses to use to filter the insights.
* @public */ statuses?: InsightStatusValue[] | undefined; } /** * @public */ export interface ListInsightsRequest { /** *The name of the Amazon EKS cluster associated with the insights.
* @public */ clusterName: string | undefined; /** *The criteria to filter your list of insights for your cluster. You can filter which * insights are returned by category, associated Kubernetes version, and status.
* @public */ filter?: InsightsFilter | undefined; /** *The maximum number of identity provider configurations returned by
* ListInsights in paginated output. When you use this parameter,
* ListInsights returns only maxResults results in a single
* page along with a nextToken response element. You can see the remaining
* results of the initial request by sending another ListInsights request with
* the returned nextToken value. This value can be between 1
* and 100. If you don't use this parameter, ListInsights
* returns up to 100 results and a nextToken value, if
* applicable.
The nextToken value returned from a previous paginated
* ListInsights request. When the results of a ListInsights
* request exceed maxResults, you can use this value to retrieve the next page
* of results. This value is null when there are no more results to
* return.
The summarized description of the insight.
* @public */ export interface InsightSummary { /** *The ID of the insight.
* @public */ id?: string | undefined; /** *The name of the insight.
* @public */ name?: string | undefined; /** *The category of the insight.
* @public */ category?: Category | undefined; /** *The Kubernetes minor version associated with an insight if applicable.
* @public */ kubernetesVersion?: string | undefined; /** *The time Amazon EKS last successfully completed a refresh of this insight check on the * cluster.
* @public */ lastRefreshTime?: Date | undefined; /** *The time the status of the insight last changed.
* @public */ lastTransitionTime?: Date | undefined; /** *The description of the insight which includes alert criteria, remediation * recommendation, and additional resources (contains Markdown).
* @public */ description?: string | undefined; /** *An object containing more detail on the status of the insight.
* @public */ insightStatus?: InsightStatus | undefined; } /** * @public */ export interface ListInsightsResponse { /** *The returned list of insights.
* @public */ insights?: InsightSummary[] | undefined; /** *The nextToken value to include in a future ListInsights
* request. When the results of a ListInsights request exceed
* maxResults, you can use this value to retrieve the next page of
* results. This value is null when there are no more results to
* return.
The name of your cluster.
* @public */ clusterName: string | undefined; /** *The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*A list of all of the node groups associated with the specified cluster.
* @public */ nodegroups?: string[] | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The name of the cluster that the associations are in.
* @public */ clusterName: string | undefined; /** *The name of the Kubernetes namespace inside the cluster that the associations are in.
* @public */ namespace?: string | undefined; /** *The name of the Kubernetes service account that the associations use.
* @public */ serviceAccount?: string | undefined; /** *The maximum number of EKS Pod Identity association results returned by
* ListPodIdentityAssociations in paginated output. When you use this
* parameter, ListPodIdentityAssociations returns only maxResults
* results in a single page along with a nextToken response element. You can
* see the remaining results of the initial request by sending another
* ListPodIdentityAssociations request with the returned
* nextToken value. This value can be between 1 and
* 100. If you don't use this parameter,
* ListPodIdentityAssociations returns up to 100 results
* and a nextToken value if applicable.
The nextToken value returned from a previous paginated
* ListUpdates request where maxResults was used and the
* results exceeded the value of that parameter. Pagination continues from the end of the
* previous results that returned the nextToken value.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The summarized description of the association.
*Each summary is simplified by removing these fields compared to the full
* PodIdentityAssociation
* :
The IAM role: roleArn
*
The timestamp that the association was created at: createdAt
*
The most recent timestamp that the association was modified at:. modifiedAt
*
The tags on the association: tags
*
The name of the cluster that the association is in.
* @public */ clusterName?: string | undefined; /** *The name of the Kubernetes namespace inside the cluster to create the association in. The * service account and the pods that use the service account must be in this * namespace.
* @public */ namespace?: string | undefined; /** *The name of the Kubernetes service account inside the cluster to associate the IAM * credentials with.
* @public */ serviceAccount?: string | undefined; /** *The Amazon Resource Name (ARN) of the association.
* @public */ associationArn?: string | undefined; /** *The ID of the association.
* @public */ associationId?: string | undefined; /** *If defined, the Pod Identity Association is owned by an Amazon EKS Addon.
* @public */ ownerArn?: string | undefined; } /** * @public */ export interface ListPodIdentityAssociationsResponse { /** *The list of summarized descriptions of the associations that are in the cluster and match * any filters that you provided.
*Each summary is simplified by removing these fields compared to the full
* PodIdentityAssociation
* :
The IAM role: roleArn
*
The timestamp that the association was created at: createdAt
*
The most recent timestamp that the association was modified at:. modifiedAt
*
The tags on the association: tags
*
The nextToken value to include in a future
* ListPodIdentityAssociations request. When the results of a
* ListPodIdentityAssociations request exceed maxResults, you
* can use this value to retrieve the next page of results. This value is null
* when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*This exception is thrown if the request contains a semantic error. The precise meaning * will depend on the API, and will be documented in the error message.
* @public */ export declare class BadRequestException extends __BaseException { readonly name: "BadRequestException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe Amazon Resource Name (ARN) that identifies the resource to list tags for.
* @public */ resourceArn: string | undefined; } /** * @public */ export interface ListTagsForResourceResponse { /** *The tags for the resource.
* @public */ tags?: RecordA service resource associated with the request could not be found. Clients should not * retry such requests.
* @public */ export declare class NotFoundException extends __BaseException { readonly name: "NotFoundException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe name of the Amazon EKS cluster to list updates for.
* @public */ name: string | undefined; /** *The name of the Amazon EKS managed node group to list updates for.
* @public */ nodegroupName?: string | undefined; /** *The names of the installed add-ons that have available updates.
* @public */ addonName?: string | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The maximum number of results, returned in paginated output. You receive
* maxResults in a single page, along with a nextToken
* response element. You can see the remaining results of the initial request by sending
* another request with the returned nextToken value. This value can be
* between 1 and 100. If you don't use this parameter,
* 100 results and a nextToken value, if applicable, are
* returned.
A list of all the updates for the specified cluster and Region.
* @public */ updateIds?: string[] | undefined; /** *The nextToken value returned from a previous paginated request, where maxResults was used and
* the results exceeded the value of that parameter. Pagination continues from the end of
* the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is used only to * retrieve the next items in a list and not for other programmatic purposes.
*The configuration sent to a cluster for configuration.
* @public */ export interface ConnectorConfigRequest { /** *The Amazon Resource Name (ARN) of the role that is authorized to request the connector * configuration.
* @public */ roleArn: string | undefined; /** *The cloud provider for the target cluster to connect.
* @public */ provider: ConnectorConfigProvider | undefined; } /** * @public */ export interface RegisterClusterRequest { /** *A unique name for this cluster in your Amazon Web Services Region.
* @public */ name: string | undefined; /** *The configuration settings required to connect the Kubernetes cluster to the Amazon EKS control * plane.
* @public */ connectorConfig: ConnectorConfigRequest | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags?: RecordAn object representing an Amazon EKS cluster.
* @public */ cluster?: Cluster | undefined; } /** *Required resources (such as service-linked roles) were created and are still * propagating. Retry later.
* @public */ export declare class ResourcePropagationDelayException extends __BaseException { readonly name: "ResourcePropagationDelayException"; readonly $fault: "client"; /** * @internal */ constructor(opts: __ExceptionOptionTypeThe Amazon Resource Name (ARN) of the resource to add tags to.
* @public */ resourceArn: string | undefined; /** *Metadata that assists with categorization and organization. * Each tag consists of a key and an optional value. You define both. Tags don't * propagate to any other cluster or Amazon Web Services resources.
* @public */ tags: RecordThe Amazon Resource Name (ARN) of the resource to delete tags from.
* @public */ resourceArn: string | undefined; /** *The keys of the tags to remove.
* @public */ tagKeys: string[] | undefined; } /** * @public */ export interface UntagResourceResponse { } /** * @public */ export interface UpdateAccessEntryRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The ARN of the IAM principal for the AccessEntry.
The value for name that you've specified for kind: Group as
* a subject in a Kubernetes RoleBinding or
* ClusterRoleBinding object. Amazon EKS doesn't confirm that the value for
* name exists in any bindings on your cluster. You can specify one or
* more names.
Kubernetes authorizes the principalArn of the access entry to access any
* cluster objects that you've specified in a Kubernetes Role or
* ClusterRole object that is also specified in a binding's
* roleRef. For more information about creating Kubernetes
* RoleBinding, ClusterRoleBinding, Role, or
* ClusterRole objects, see Using RBAC
* Authorization in the Kubernetes documentation.
If you want Amazon EKS to authorize the principalArn (instead of, or in
* addition to Kubernetes authorizing the principalArn), you can associate one or
* more access policies to the access entry using AssociateAccessPolicy. If
* you associate any access policies, the principalARN has all permissions
* assigned in the associated access policies and all permissions in any Kubernetes
* Role or ClusterRole objects that the group names are bound
* to.
A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *The username to authenticate to Kubernetes with. We recommend not specifying a username and * letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies * for you, or constraints before specifying your own username, see Creating * access entries in the Amazon EKS User Guide.
* @public */ username?: string | undefined; } /** * @public */ export interface UpdateAccessEntryResponse { /** *The ARN of the IAM principal for the AccessEntry.
The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the add-on. The name must match one of the names returned by
* ListAddons
* .
The version of the add-on. The version must match one of the versions returned by
* DescribeAddonVersions
* .
The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the * permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide.
*To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for * your cluster. For more information, see Enabling * IAM roles for service accounts on your cluster in the * Amazon EKS User Guide.
*How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value * from the Amazon EKS default value. Conflicts are handled based on the option you * choose:
** None – Amazon EKS doesn't change the value. * The update might fail.
** Overwrite – Amazon EKS overwrites the * changed value back to the Amazon EKS default value.
** Preserve – Amazon EKS preserves the value. * If you choose this option, we recommend that you test any field and value * changes on a non-production cluster before updating the add-on on your * production cluster.
*A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *The set of configuration values for the add-on that's created. The values that you
* provide are validated against the schema returned by
* DescribeAddonConfiguration.
An array of Pod Identity Assocations to be updated. Each EKS Pod Identity association * maps a Kubernetes service account to an IAM Role. If this value is left blank, no change. * If an empty array is provided, existing Pod Identity Assocations owned by the Addon are * deleted.
*For more information, see Attach an IAM Role to an Amazon EKS add-on * using Pod Identity in the Amazon EKS User Guide.
* @public */ podIdentityAssociations?: AddonPodIdentityAssociations[] | undefined; } /** * @public */ export interface UpdateAddonResponse { /** *An object representing an asynchronous update.
* @public */ update?: Update | undefined; } /** *The access configuration information for the cluster.
* @public */ export interface UpdateAccessConfigRequest { /** *The desired authentication mode for the cluster.
* @public */ authenticationMode?: AuthenticationMode | undefined; } /** * @public */ export interface UpdateClusterConfigRequest { /** *The name of the Amazon EKS cluster to update.
* @public */ name: string | undefined; /** *An object representing the VPC configuration to use for an Amazon EKS cluster.
* @public */ resourcesVpcConfig?: VpcConfigRequest | undefined; /** *Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs . * By default, cluster control plane logs aren't exported to CloudWatch Logs . For more information, * see Amazon EKS * cluster control plane logs in the * * Amazon EKS User Guide * .
*CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported * control plane logs. For more information, see CloudWatch Pricing.
*A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; /** *The access configuration for the cluster.
* @public */ accessConfig?: UpdateAccessConfigRequest | undefined; /** *You can enable or disable extended support for clusters currently on standard support. * You cannot disable extended support once it starts. You must enable extended support * before your cluster exits standard support.
* @public */ upgradePolicy?: UpgradePolicyRequest | undefined; /** *Enable or disable ARC zonal shift for the cluster. If zonal shift is enabled, Amazon Web Services * configures zonal autoshift for the cluster.
*Zonal shift is a feature of Amazon Application Recovery Controller (ARC). ARC zonal shift is designed to be a * temporary measure that allows you to move traffic for a resource away from an impaired * AZ until the zonal shift expires or you cancel it. You can extend the zonal shift if * necessary.
*You can start a zonal shift for an EKS cluster, or you can allow Amazon Web Services to do it for * you by enabling zonal autoshift. This shift updates the flow of * east-to-west network traffic in your cluster to only consider network endpoints for Pods * running on worker nodes in healthy AZs. Additionally, any ALB or NLB handling ingress * traffic for applications in your EKS cluster will automatically route traffic to targets * in the healthy AZs. For more information about zonal shift in EKS, see Learn about * Amazon Application Recovery Controller (ARC) Zonal Shift in Amazon EKS in the * * Amazon EKS User Guide * .
* @public */ zonalShiftConfig?: ZonalShiftConfigRequest | undefined; /** *Update the configuration of the compute capability of your EKS Auto Mode cluster. For * example, enable the capability.
* @public */ computeConfig?: ComputeConfigRequest | undefined; /** *The Kubernetes network configuration for the cluster.
* @public */ kubernetesNetworkConfig?: KubernetesNetworkConfigRequest | undefined; /** *Update the configuration of the block storage capability of your EKS Auto Mode * cluster. For example, enable the capability.
* @public */ storageConfig?: StorageConfigRequest | undefined; } /** * @public */ export interface UpdateClusterConfigResponse { /** *An object representing an asynchronous update.
* @public */ update?: Update | undefined; } /** * @public */ export interface UpdateClusterVersionRequest { /** *The name of the Amazon EKS cluster to update.
* @public */ name: string | undefined; /** *The desired Kubernetes version following a successful update.
* @public */ version: string | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface UpdateClusterVersionResponse { /** *The full description of the specified update
* @public */ update?: Update | undefined; } /** * @public */ export interface UpdateEksAnywhereSubscriptionRequest { /** *The ID of the subscription.
* @public */ id: string | undefined; /** *A boolean indicating whether or not to automatically renew the subscription.
* @public */ autoRenew: boolean | undefined; /** *Unique, case-sensitive identifier to ensure the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface UpdateEksAnywhereSubscriptionResponse { /** *The full description of the updated subscription.
* @public */ subscription?: EksAnywhereSubscription | undefined; } /** *An object representing a Kubernetes label change for a managed node
* group.
The Kubernetes labels to add or update.
The Kubernetes labels to remove.
An object representing the details of an update to a taints payload. For more * information, see Node taints on * managed node groups in the Amazon EKS User Guide.
* @public */ export interface UpdateTaintsPayload { /** *Kubernetes taints to be added or updated.
* @public */ addOrUpdateTaints?: Taint[] | undefined; /** *Kubernetes taints to remove.
* @public */ removeTaints?: Taint[] | undefined; } /** * @public */ export interface UpdateNodegroupConfigRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the managed node group to update.
* @public */ nodegroupName: string | undefined; /** *The Kubernetes labels to apply to the nodes in the node group after the
* update.
The Kubernetes taints to be applied to the nodes in the node group after the update. For * more information, see Node taints on * managed node groups.
* @public */ taints?: UpdateTaintsPayload | undefined; /** *The scaling configuration details for the Auto Scaling group after the update.
* @public */ scalingConfig?: NodegroupScalingConfig | undefined; /** *The node group update configuration.
* @public */ updateConfig?: NodegroupUpdateConfig | undefined; /** *The node auto repair configuration for the node group.
* @public */ nodeRepairConfig?: NodeRepairConfig | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface UpdateNodegroupConfigResponse { /** *An object representing an asynchronous update.
* @public */ update?: Update | undefined; } /** * @public */ export interface UpdateNodegroupVersionRequest { /** *The name of your cluster.
* @public */ clusterName: string | undefined; /** *The name of the managed node group to update.
* @public */ nodegroupName: string | undefined; /** *The Kubernetes version to update to. If no version is specified, then the Kubernetes version of
* the node group does not change. You can specify the Kubernetes version of the cluster to
* update the node group to the latest AMI version of the cluster's Kubernetes version.
* If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version,
* or the node group update will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The AMI version of the Amazon EKS optimized AMI to use for the update. By default, the * latest available AMI version for the node group's Kubernetes version is used. For information * about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the * Amazon EKS User Guide. Amazon EKS managed node groups support the November 2022 and later releases * of the Windows AMIs. For information about Windows versions, see Amazon EKS * optimized Windows AMI versions in the Amazon EKS User Guide.
*If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify
* releaseVersion, or the node group update will fail.
* For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
An object representing a node group's launch template specification. You can only * update a node group using a launch template if the node group was originally deployed * with a launch template. When updating, you must specify the same launch template ID or * name that was used to create the node group.
* @public */ launchTemplate?: LaunchTemplateSpecification | undefined; /** *Force the update if any Pod on the existing node group can't be drained
* due to a Pod disruption budget issue. If an update fails because all Pods
* can't be drained, you can force the update after it fails to terminate the old node
* whether or not any Pod is running on the node.
A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface UpdateNodegroupVersionResponse { /** *An object representing an asynchronous update.
* @public */ update?: Update | undefined; } /** * @public */ export interface UpdatePodIdentityAssociationRequest { /** *The name of the cluster that you want to update the association in.
* @public */ clusterName: string | undefined; /** *The ID of the association to be updated.
* @public */ associationId: string | undefined; /** *The new IAM role to change the
* @public */ roleArn?: string | undefined; /** *A unique, case-sensitive identifier that you provide to ensure * the idempotency of the request.
* @public */ clientRequestToken?: string | undefined; } /** * @public */ export interface UpdatePodIdentityAssociationResponse { /** *The full description of the EKS Pod Identity association that was updated.
* @public */ association?: PodIdentityAssociation | undefined; }