Skip to content

Create Capability

eks_create_capability R Documentation

Creates a managed capability resource for an Amazon EKS cluster

Description

Creates a managed capability resource for an Amazon EKS cluster.

Capabilities provide fully managed capabilities to build and scale with Kubernetes. When you create a capability, Amazon EKSprovisions and manages the infrastructure required to run the capability outside of your cluster. This approach reduces operational overhead and preserves cluster resources.

You can only create one Capability of each type on a given Amazon EKS cluster. Valid types are Argo CD for declarative GitOps deployment, Amazon Web Services Controllers for Kubernetes (ACK) for resource management, and Kube Resource Orchestrator (KRO) for Kubernetes custom resource orchestration.

For more information, see EKS Capabilities in the Amazon EKS User Guide.

Usage

eks_create_capability(capabilityName, clusterName, clientRequestToken,
  type, roleArn, configuration, tags, deletePropagationPolicy)

Arguments

capabilityName

[required] A unique name for the capability. The name must be unique within your cluster and can contain alphanumeric characters, hyphens, and underscores.
clusterName

[required] The name of the Amazon EKS cluster where you want to create the capability.
clientRequestToken

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This token is valid for 24 hours after creation. If you retry a request with the same client request token and the same parameters after the original request has completed successfully, the result of the original request is returned.
type

[required] The type of capability to create. Valid values are:

  • ACK – Amazon Web Services Controllers for Kubernetes (ACK), which lets you manage resources directly from Kubernetes.

  • ARGOCD – Argo CD for GitOps-based continuous delivery.

  • KRO – Kube Resource Orchestrator (KRO) for composing and managing custom Kubernetes resources.
roleArn

[required] The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with Amazon Web Services services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.

For ACK capabilities, the role needs permissions to manage the resources you want to control through Kubernetes. For Argo CD capabilities, the role needs permissions to access Git repositories and Secrets Manager. For KRO capabilities, the role needs permissions based on the resources you'll be orchestrating.
configuration

The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity CenterIAM; Identity Center integration, RBAC role mappings, and network access settings.
tags

The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them.

The following basic restrictions apply to tags:

  • Maximum number of tags per resource – 50

  • For each resource, each tag key must be unique, and each tag key can have only one value.

  • Maximum key length – 128 Unicode characters in UTF-8

  • Maximum value length – 256 Unicode characters in UTF-8

  • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.

  • Tag keys and values are case-sensitive.

  • Do not use ⁠aws:⁠, ⁠AWS:⁠, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
deletePropagationPolicy

[required] Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.

Because resources are retained, all Kubernetes resources created by the capability should be deleted from the cluster before deleting the capability itself. After the capability is deleted, these resources become difficult to manage because the controller is no longer available.

Value

A list with the following syntax:

list(
  capability = list(
    capabilityName = "string",
    arn = "string",
    clusterName = "string",
    type = "ACK"|"KRO"|"ARGOCD",
    roleArn = "string",
    status = "CREATING"|"CREATE_FAILED"|"UPDATING"|"DELETING"|"DELETE_FAILED"|"ACTIVE"|"DEGRADED",
    version = "string",
    configuration = list(
      argoCd = list(
        namespace = "string",
        awsIdc = list(
          idcInstanceArn = "string",
          idcRegion = "string",
          idcManagedApplicationArn = "string"
        ),
        rbacRoleMappings = list(
          list(
            role = "ADMIN"|"EDITOR"|"VIEWER",
            identities = list(
              list(
                id = "string",
                type = "SSO_USER"|"SSO_GROUP"
              )
            )
          )
        ),
        networkAccess = list(
          vpceIds = list(
            "string"
          )
        ),
        serverUrl = "string"
      )
    ),
    tags = list(
      "string"
    ),
    health = list(
      issues = list(
        list(
          code = "AccessDenied"|"ClusterUnreachable",
          message = "string"
        )
      )
    ),
    createdAt = as.POSIXct(
      "2015-01-01"
    ),
    modifiedAt = as.POSIXct(
      "2015-01-01"
    ),
    deletePropagationPolicy = "RETAIN"
  )
)

Request syntax

svc$create_capability(
  capabilityName = "string",
  clusterName = "string",
  clientRequestToken = "string",
  type = "ACK"|"KRO"|"ARGOCD",
  roleArn = "string",
  configuration = list(
    argoCd = list(
      namespace = "string",
      awsIdc = list(
        idcInstanceArn = "string",
        idcRegion = "string"
      ),
      rbacRoleMappings = list(
        list(
          role = "ADMIN"|"EDITOR"|"VIEWER",
          identities = list(
            list(
              id = "string",
              type = "SSO_USER"|"SSO_GROUP"
            )
          )
        )
      ),
      networkAccess = list(
        vpceIds = list(
          "string"
        )
      )
    )
  ),
  tags = list(
    "string"
  ),
  deletePropagationPolicy = "RETAIN"
)