2022/09/07 - Amazon Elastic Kubernetes Service - 4 updated api methods
Changes Adds support for EKS Addons ResolveConflicts "preserve" flag. Also adds new update failed status for EKS Addons.
{'resolveConflicts': {'PRESERVE'}}
Response {'addon': {'status': {'UPDATE_FAILED'}}}
Creates an Amazon EKS add-on.
Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. Amazon EKS add-ons require clusters running version 1.18 or later because Amazon EKS add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide .
See also: AWS API Documentation
Request Syntax
client.create_addon(
clusterName='string',
addonName='string',
addonVersion='string',
serviceAccountRoleArn='string',
resolveConflicts='OVERWRITE'|'NONE'|'PRESERVE',
clientRequestToken='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the cluster to create the add-on for.
string
[REQUIRED]
The name of the add-on. The name must match one of the names returned by DescribeAddonVersions.
string
The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions.
string
The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide .
Note
To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide .
string
How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose:
None – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail.
Overwrite – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value.
Preserve – Not supported. You can set this value when updating an add-on though. For more information, see UpdateAddon.
If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
This field is autopopulated if not provided.
dict
The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.
(string) --
(string) --
dict
Response Syntax
{
'addon': {
'addonName': 'string',
'clusterName': 'string',
'status': 'CREATING'|'ACTIVE'|'CREATE_FAILED'|'UPDATING'|'DELETING'|'DELETE_FAILED'|'DEGRADED'|'UPDATE_FAILED',
'addonVersion': 'string',
'health': {
'issues': [
{
'code': 'AccessDenied'|'InternalFailure'|'ClusterUnreachable'|'InsufficientNumberOfReplicas'|'ConfigurationConflict'|'AdmissionRequestDenied'|'UnsupportedAddonModification'|'K8sResourceNotFound',
'message': 'string',
'resourceIds': [
'string',
]
},
]
},
'addonArn': 'string',
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'serviceAccountRoleArn': 'string',
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
addon (dict) --
An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide .
addonName (string) --
The name of the add-on.
clusterName (string) --
The name of the cluster.
status (string) --
The status of the add-on.
addonVersion (string) --
The version of the add-on.
health (dict) --
An object that represents the health of the add-on.
issues (list) --
An object that represents the add-on's health issues.
(dict) --
An issue related to an add-on.
code (string) --
A code that describes the type of issue.
message (string) --
A message that provides details about the issue and what might cause it.
resourceIds (list) --
The resource IDs of the issue.
(string) --
addonArn (string) --
The Amazon Resource Name (ARN) of the add-on.
createdAt (datetime) --
The date and time that the add-on was created.
modifiedAt (datetime) --
The date and time that the add-on was last modified.
serviceAccountRoleArn (string) --
The Amazon Resource Name (ARN) of the IAM role that is bound to the Kubernetes service account used by the add-on.
tags (dict) --
The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Add-on tags do not propagate to any other resources associated with the cluster.
(string) --
(string) --
{'addon': {'status': {'UPDATE_FAILED'}}}
Delete an Amazon EKS add-on.
When you remove the add-on, it will also be deleted from the cluster. You can always manually start an add-on on the cluster using the Kubernetes API.
See also: AWS API Documentation
Request Syntax
client.delete_addon(
clusterName='string',
addonName='string',
preserve=True|False
)
string
[REQUIRED]
The name of the cluster to delete the add-on from.
string
[REQUIRED]
The name of the add-on. The name must match one of the names returned by ListAddons.
boolean
Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. If an IAM account is associated with the add-on, it is not removed.
dict
Response Syntax
{
'addon': {
'addonName': 'string',
'clusterName': 'string',
'status': 'CREATING'|'ACTIVE'|'CREATE_FAILED'|'UPDATING'|'DELETING'|'DELETE_FAILED'|'DEGRADED'|'UPDATE_FAILED',
'addonVersion': 'string',
'health': {
'issues': [
{
'code': 'AccessDenied'|'InternalFailure'|'ClusterUnreachable'|'InsufficientNumberOfReplicas'|'ConfigurationConflict'|'AdmissionRequestDenied'|'UnsupportedAddonModification'|'K8sResourceNotFound',
'message': 'string',
'resourceIds': [
'string',
]
},
]
},
'addonArn': 'string',
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'serviceAccountRoleArn': 'string',
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
addon (dict) --
An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide .
addonName (string) --
The name of the add-on.
clusterName (string) --
The name of the cluster.
status (string) --
The status of the add-on.
addonVersion (string) --
The version of the add-on.
health (dict) --
An object that represents the health of the add-on.
issues (list) --
An object that represents the add-on's health issues.
(dict) --
An issue related to an add-on.
code (string) --
A code that describes the type of issue.
message (string) --
A message that provides details about the issue and what might cause it.
resourceIds (list) --
The resource IDs of the issue.
(string) --
addonArn (string) --
The Amazon Resource Name (ARN) of the add-on.
createdAt (datetime) --
The date and time that the add-on was created.
modifiedAt (datetime) --
The date and time that the add-on was last modified.
serviceAccountRoleArn (string) --
The Amazon Resource Name (ARN) of the IAM role that is bound to the Kubernetes service account used by the add-on.
tags (dict) --
The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Add-on tags do not propagate to any other resources associated with the cluster.
(string) --
(string) --
{'addon': {'status': {'UPDATE_FAILED'}}}
Describes an Amazon EKS add-on.
See also: AWS API Documentation
Request Syntax
client.describe_addon(
clusterName='string',
addonName='string'
)
string
[REQUIRED]
The name of the cluster.
string
[REQUIRED]
The name of the add-on. The name must match one of the names returned by ListAddons.
dict
Response Syntax
{
'addon': {
'addonName': 'string',
'clusterName': 'string',
'status': 'CREATING'|'ACTIVE'|'CREATE_FAILED'|'UPDATING'|'DELETING'|'DELETE_FAILED'|'DEGRADED'|'UPDATE_FAILED',
'addonVersion': 'string',
'health': {
'issues': [
{
'code': 'AccessDenied'|'InternalFailure'|'ClusterUnreachable'|'InsufficientNumberOfReplicas'|'ConfigurationConflict'|'AdmissionRequestDenied'|'UnsupportedAddonModification'|'K8sResourceNotFound',
'message': 'string',
'resourceIds': [
'string',
]
},
]
},
'addonArn': 'string',
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'serviceAccountRoleArn': 'string',
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
addon (dict) --
An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide .
addonName (string) --
The name of the add-on.
clusterName (string) --
The name of the cluster.
status (string) --
The status of the add-on.
addonVersion (string) --
The version of the add-on.
health (dict) --
An object that represents the health of the add-on.
issues (list) --
An object that represents the add-on's health issues.
(dict) --
An issue related to an add-on.
code (string) --
A code that describes the type of issue.
message (string) --
A message that provides details about the issue and what might cause it.
resourceIds (list) --
The resource IDs of the issue.
(string) --
addonArn (string) --
The Amazon Resource Name (ARN) of the add-on.
createdAt (datetime) --
The date and time that the add-on was created.
modifiedAt (datetime) --
The date and time that the add-on was last modified.
serviceAccountRoleArn (string) --
The Amazon Resource Name (ARN) of the IAM role that is bound to the Kubernetes service account used by the add-on.
tags (dict) --
The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Add-on tags do not propagate to any other resources associated with the cluster.
(string) --
(string) --
{'resolveConflicts': {'PRESERVE'}}
Updates an Amazon EKS add-on.
See also: AWS API Documentation
Request Syntax
client.update_addon(
clusterName='string',
addonName='string',
addonVersion='string',
serviceAccountRoleArn='string',
resolveConflicts='OVERWRITE'|'NONE'|'PRESERVE',
clientRequestToken='string'
)
string
[REQUIRED]
The name of the cluster.
string
[REQUIRED]
The name of the add-on. The name must match one of the names returned by ListAddons.
string
The version of the add-on. The version must match one of the versions returned by DescribeAddonVersions.
string
The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see Amazon EKS node IAM role in the Amazon EKS User Guide .
Note
To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see Enabling IAM roles for service accounts on your cluster in the Amazon EKS User Guide .
string
How to resolve field value conflicts for an Amazon EKS add-on if you've changed a value from the Amazon EKS default value. Conflicts are handled based on the option you choose:
None – Amazon EKS doesn't change the value. The update might fail.
Overwrite – Amazon EKS overwrites the changed value back to the Amazon EKS default value.
Preserve – Amazon EKS preserves the value. If you choose this option, we recommend that you test any field and value changes on a non-production cluster before updating the add-on on your production cluster.
string
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'update': {
'id': 'string',
'status': 'InProgress'|'Failed'|'Cancelled'|'Successful',
'type': 'VersionUpdate'|'EndpointAccessUpdate'|'LoggingUpdate'|'ConfigUpdate'|'AssociateIdentityProviderConfig'|'DisassociateIdentityProviderConfig'|'AssociateEncryptionConfig'|'AddonUpdate',
'params': [
{
'type': 'Version'|'PlatformVersion'|'EndpointPrivateAccess'|'EndpointPublicAccess'|'ClusterLogging'|'DesiredSize'|'LabelsToAdd'|'LabelsToRemove'|'TaintsToAdd'|'TaintsToRemove'|'MaxSize'|'MinSize'|'ReleaseVersion'|'PublicAccessCidrs'|'LaunchTemplateName'|'LaunchTemplateVersion'|'IdentityProviderConfig'|'EncryptionConfig'|'AddonVersion'|'ServiceAccountRoleArn'|'ResolveConflicts'|'MaxUnavailable'|'MaxUnavailablePercentage',
'value': 'string'
},
],
'createdAt': datetime(2015, 1, 1),
'errors': [
{
'errorCode': 'SubnetNotFound'|'SecurityGroupNotFound'|'EniLimitReached'|'IpNotAvailable'|'AccessDenied'|'OperationNotPermitted'|'VpcIdNotFound'|'Unknown'|'NodeCreationFailure'|'PodEvictionFailure'|'InsufficientFreeAddresses'|'ClusterUnreachable'|'InsufficientNumberOfReplicas'|'ConfigurationConflict'|'AdmissionRequestDenied'|'UnsupportedAddonModification'|'K8sResourceNotFound',
'errorMessage': 'string',
'resourceIds': [
'string',
]
},
]
}
}
Response Structure
(dict) --
update (dict) --
An object representing an asynchronous update.
id (string) --
A UUID that is used to track the update.
status (string) --
The current status of the update.
type (string) --
The type of the update.
params (list) --
A key-value map that contains the parameters associated with the update.
(dict) --
An object representing the details of an update request.
type (string) --
The keys associated with an update request.
value (string) --
The value of the keys submitted as part of an update request.
createdAt (datetime) --
The Unix epoch timestamp in seconds for when the update was created.
errors (list) --
Any errors associated with a Failed update.
(dict) --
An object representing an error when an asynchronous operation fails.
errorCode (string) --
A brief description of the error.
SubnetNotFound : We couldn't find one of the subnets associated with the cluster.
SecurityGroupNotFound : We couldn't find one of the security groups associated with the cluster.
EniLimitReached : You have reached the elastic network interface limit for your account.
IpNotAvailable : A subnet associated with the cluster doesn't have any free IP addresses.
AccessDenied : You don't have permissions to perform the specified operation.
OperationNotPermitted : The service role associated with the cluster doesn't have the required access permissions for Amazon EKS.
VpcIdNotFound : We couldn't find the VPC associated with the cluster.
errorMessage (string) --
A more complete description of the error.
resourceIds (list) --
An optional field that contains the resource IDs associated with the error.
(string) --