Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow passing in `NodeRole` when creating managed node groups

See original GitHub issue

Describe the feature

Allow passing in a NodeRole or policies for the NodeRole for managed groups.

Use Case

I need to give the nodes some extra access, and to do that I need to add some permissions to the nodeRole.

However, when I try to pass in a nodeRole with the managedNodeGroups:

    const nodeRole = new aws_iam.Role(this, "NodeRole", {
      assumedBy: new aws_iam.ServicePrincipal("ec2.amazonaws.com"),
     ....
    });

    const clusterProvider = new blueprints.GenericClusterProvider({
      clusterName: clusterName,
      version: KubernetesVersion.V1_23,
      managedNodeGroups: {... nodeRole: nodeRole}
    });

I get an error:

<PARENT_STACK>/NodeRole should be defined in the scope of the <BLUEPRINTS_CLUSTER_STACK> stack to prevent circular dependencies

Proposed Solution

I think what needs to be done is add the ability to pass in permissions to the nodeRole, or give me access to the nodeRole afterwards so I can add permissions after its created.

Other Information

No response

Acknowledgements

I may be able to implement this feature request

CDK version used

2.50.0 (build 4c11af6)

EKS Blueprints Version

1.4.1

Node.js Version

v16.17.1

Environment details (OS name and version, etc.)

MacOS 12.6.1 (21G217)

Issue Analytics

State:
Created 10 months ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

shapirov103commented, Nov 18, 2022

You don’t have to make it a nested stack. Just create a separate stack where you either provision or look up the role you need. create a variable in the stack and then pass it over to the blueprints in Mng or generic cluster provider as nodeRole: myOtherStack.nodeRole. Similar to the example with S3 above.

However, I have a separate issue to make this configuration passing much easier. I expect it to be part of the solution soon.

1reaction

shapirov103commented, Nov 17, 2022

Similar to #435, please see comments there. The approach used can be similar to https://docs.aws.amazon.com/cdk/api/v1/docs/aws-s3-readme.html#sharing-buckets-between-stacks

Top Results From Across the Web

Amazon EKS node IAM role - AWS Documentation

Creating the Amazon EKS node IAM role · Run the following command to create the node-role-trust-relationship.json file. · Attach two required IAM managed...

EKS Managed Nodegroups - eksctl

An EKS managed node group is an autoscaling group and associated EC2 instances that are managed by AWS for an Amazon EKS cluster....

(eks): Why is creating managed node groups for imported ...

General Issue Creating managed nodegroups is somehow strange: Creating a managed nodegroup with the cluster in the same stack works like a ...

Creating a managed node group - Amazon EKS - 亚马逊云科技

This topic describes how you can launch Amazon EKS managed node groups of nodes that register with your Amazon EKS cluster.

Create EKS Self-Managed Node Group

Check the necessary boxes and click Create stack. Note. CloudFormation will. Create an IAM role that worker nodes will consume. Create an AutoScalingGroup...