Merge pull request #105 from lbrlabs/network_config

feat(ClusterArgs): add ability to configure Amazon EKS API server endpoints

.github/workflows/main.yml

@@ -91,7 +91,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   prerequisites:
@@ -155,7 +155,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   publish:
@@ -198,7 +198,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   publish_sdk:
@@ -273,7 +273,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   test:
@@ -355,7 +355,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
 name: main

.github/workflows/prerelease.yml

@@ -91,7 +91,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   prerequisites:
@@ -156,7 +156,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   publish:
@@ -199,7 +199,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   publish_sdk:
@@ -274,7 +274,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   test:
@@ -356,7 +356,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
 name: prerelease

.github/workflows/release.yml

@@ -91,7 +91,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   prerequisites:
@@ -155,7 +155,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   publish:
@@ -198,7 +198,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   publish_sdk:
@@ -273,7 +273,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   test:
@@ -355,7 +355,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
 name: release

.github/workflows/run-acceptance-tests.yml

@@ -95,7 +95,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   comment-notification:
@@ -181,7 +181,7 @@ jobs:
         goversion:
         - 1.21.x
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
   test:
@@ -267,7 +267,7 @@ jobs:
         - dotnet
         - go
         nodeversion:
-        - 14.x
+        - 20.x
         pythonversion:
         - "3.7"
 name: run-acceptance-tests

provider/pkg/provider/cluster.go

@@ -26,29 +26,31 @@ import (
 
 // The set of arguments for creating a Cluster component resource.
 type ClusterArgs struct {
-	ClusterSubnetIds            pulumi.StringArrayInput  `pulumi:"clusterSubnetIds"`
-	SystemNodeSubnetIds         pulumi.StringArrayInput  `pulumi:"systemNodeSubnetIds"`
-	SystemNodeInstanceTypes     *pulumi.StringArrayInput `pulumi:"systemNodeInstanceTypes"`
-	SystemNodeMaxCount          *pulumi.IntInput         `pulumi:"systemNodeMaxCount"`
-	SystemNodeMinCount          *pulumi.IntInput         `pulumi:"systemNodeMinCount"`
-	SystemNodeDesiredCount      *pulumi.IntInput         `pulumi:"systemNodeDesiredCount"`
-	ClusterVersion              pulumi.StringPtrInput    `pulumi:"clusterVersion"`
-	EnableOtel                  bool                     `pulumi:"enableOtel"`
-	EnableCloudWatchAgent       bool                     `pulumi:"enableCloudWatchAgent"`
-	EnableExternalDNS           bool                     `pulumi:"enableExternalDns"`
-	EnableCertManager           bool                     `pulumi:"enableCertManager"`
-	EnableKarpenter             bool                     `pulumi:"enableKarpenter"`
-	LetsEncryptEmail            string                   `pulumi:"letsEncryptEmail"`
-	EnableInternalIngress       bool                     `pulumi:"enableInternalIngress"`
-	EnableExternalIngress       bool                     `pulumi:"enableExternalIngress"`
-	LbType                      pulumi.StringInput       `pulumi:"lbType"`
-	CertificateArn              *pulumi.StringInput      `pulumi:"certificateArn"`
-	Tags                        *pulumi.StringMapInput   `pulumi:"tags"`
-	NginxIngressVersion         pulumi.StringInput       `pulumi:"nginxIngressVersion"`
-	EksIamAuthControllerVersion pulumi.StringInput       `pulumi:"eksIamAuthControllerVersion"`
-	ExternalDNSVersion          pulumi.StringInput       `pulumi:"externalDNSVersion"`
-	CertManagerVersion          pulumi.StringInput       `pulumi:"certManagerVersion"`
-	EnabledClusterLogTypes      *pulumi.StringArrayInput `pulumi:"enabledClusterLogTypes"`
+	ClusterSubnetIds             pulumi.StringArrayInput  `pulumi:"clusterSubnetIds"`
+	ClusterEndpointPublicAccess  pulumi.BoolInput         `pulumi:"clusterEndpointPublicAccess"`
+	ClusterEndpointPrivateAccess pulumi.BoolInput         `pulumi:"clusterEndpointPrivateAccess"`
+	SystemNodeSubnetIds          pulumi.StringArrayInput  `pulumi:"systemNodeSubnetIds"`
+	SystemNodeInstanceTypes      *pulumi.StringArrayInput `pulumi:"systemNodeInstanceTypes"`
+	SystemNodeMaxCount           *pulumi.IntInput         `pulumi:"systemNodeMaxCount"`
+	SystemNodeMinCount           *pulumi.IntInput         `pulumi:"systemNodeMinCount"`
+	SystemNodeDesiredCount       *pulumi.IntInput         `pulumi:"systemNodeDesiredCount"`
+	ClusterVersion               pulumi.StringPtrInput    `pulumi:"clusterVersion"`
+	EnableOtel                   bool                     `pulumi:"enableOtel"`
+	EnableCloudWatchAgent        bool                     `pulumi:"enableCloudWatchAgent"`
+	EnableExternalDNS            bool                     `pulumi:"enableExternalDns"`
+	EnableCertManager            bool                     `pulumi:"enableCertManager"`
+	EnableKarpenter              bool                     `pulumi:"enableKarpenter"`
+	LetsEncryptEmail             string                   `pulumi:"letsEncryptEmail"`
+	EnableInternalIngress        bool                     `pulumi:"enableInternalIngress"`
+	EnableExternalIngress        bool                     `pulumi:"enableExternalIngress"`
+	LbType                       pulumi.StringInput       `pulumi:"lbType"`
+	CertificateArn               *pulumi.StringInput      `pulumi:"certificateArn"`
+	Tags                         *pulumi.StringMapInput   `pulumi:"tags"`
+	NginxIngressVersion          pulumi.StringInput       `pulumi:"nginxIngressVersion"`
+	EksIamAuthControllerVersion  pulumi.StringInput       `pulumi:"eksIamAuthControllerVersion"`
+	ExternalDNSVersion           pulumi.StringInput       `pulumi:"externalDNSVersion"`
+	CertManagerVersion           pulumi.StringInput       `pulumi:"certManagerVersion"`
+	EnabledClusterLogTypes       *pulumi.StringArrayInput `pulumi:"enabledClusterLogTypes"`
 }
 
 // The Cluster component resource.
@@ -215,7 +217,9 @@ func NewCluster(ctx *pulumi.Context,
 		RoleArn: role.Arn,
 		Version: args.ClusterVersion,
 		VpcConfig: &eks.ClusterVpcConfigArgs{
-			SubnetIds: args.ClusterSubnetIds,
+			SubnetIds:             args.ClusterSubnetIds,
+			EndpointPublicAccess:  args.ClusterEndpointPublicAccess,
+			EndpointPrivateAccess: args.ClusterEndpointPrivateAccess,
 		},
 		EncryptionConfig: &eks.ClusterEncryptionConfigArgs{
 			Resources: pulumi.StringArray{

schema.yaml

@@ -52,6 +52,14 @@ resources:
       clusterVersion:
         type: string
         description: The version of the EKS cluster to create.
+      clusterEndpointPrivateAccess:
+        type: boolean
+        description: Indicates whether or not the Amazon EKS private API server endpoint is enabled.
+        default: false
+      clusterEndpointPublicAccess:
+        type: boolean
+        description: Indicates whether or not the Amazon EKS public API server endpoint is enabled.
+        default: true
       letsEncryptEmail:
         type: string
         description: The email address to use to issue certificates from Lets Encrypt.

sdk/dotnet/Eks/Cluster.cs

@@ -90,6 +90,18 @@ public sealed class ClusterArgs : global::Pulumi.ResourceArgs
         [Input("certificateArn")]
         public Input<string>? CertificateArn { get; set; }
 
+        /// <summary>
+        /// Indicates whether or not the Amazon EKS private API server endpoint is enabled.
+        /// </summary>
+        [Input("clusterEndpointPrivateAccess")]
+        public Input<bool>? ClusterEndpointPrivateAccess { get; set; }
+
+        /// <summary>
+        /// Indicates whether or not the Amazon EKS public API server endpoint is enabled.
+        /// </summary>
+        [Input("clusterEndpointPublicAccess")]
+        public Input<bool>? ClusterEndpointPublicAccess { get; set; }
+
         [Input("clusterSubnetIds", required: true)]
         private InputList<string>? _clusterSubnetIds;
         public InputList<string> ClusterSubnetIds
@@ -232,6 +244,8 @@ public InputMap<string> Tags
 
         public ClusterArgs()
         {
+            ClusterEndpointPrivateAccess = false;
+            ClusterEndpointPublicAccess = true;
             EnableCertManager = true;
             EnableCloudWatchAgent = false;
             EnableExternalDns = true;

sdk/nodejs/cluster.ts

@@ -65,6 +65,8 @@ export class Cluster extends pulumi.ComponentResource {
             }
             resourceInputs["certManagerVersion"] = args ? args.certManagerVersion : undefined;
             resourceInputs["certificateArn"] = args ? args.certificateArn : undefined;
+            resourceInputs["clusterEndpointPrivateAccess"] = (args ? args.clusterEndpointPrivateAccess : undefined) ?? false;
+            resourceInputs["clusterEndpointPublicAccess"] = (args ? args.clusterEndpointPublicAccess : undefined) ?? true;
             resourceInputs["clusterSubnetIds"] = args ? args.clusterSubnetIds : undefined;
             resourceInputs["clusterVersion"] = args ? args.clusterVersion : undefined;
             resourceInputs["eksIamAuthControllerVersion"] = args ? args.eksIamAuthControllerVersion : undefined;
@@ -117,6 +119,14 @@ export interface ClusterArgs {
      * The ARN of the certificate to use for the ingress controller.
      */
     certificateArn?: pulumi.Input<string>;
+    /**
+     * Indicates whether or not the Amazon EKS private API server endpoint is enabled.
+     */
+    clusterEndpointPrivateAccess?: pulumi.Input<boolean>;
+    /**
+     * Indicates whether or not the Amazon EKS public API server endpoint is enabled.
+     */
+    clusterEndpointPublicAccess?: pulumi.Input<boolean>;
     clusterSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The version of the EKS cluster to create.