Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Not able to add existing security groups to EKS worker nodes
See original GitHub issueWhat am I trying to do: Create a node group with worker nodes assigned some existing security groups .
code:
"use strict"
const pulumi = require("@pulumi/pulumi")
const aws = require("@pulumi/aws")
const eks = require("@pulumi/eks")
const cluster1 = new eks.Cluster(clustvalues.clustername, {
name: clustvalues.clustername,
vpcId: "vpc-abc",
subnetIds: ["abc-subnet"],
nodeAssociatePublicIpAddress: false,
createOidcProvider: true,
deployDashboard: false,
version: "1.18",
endpointPrivateAccess: true,
endpointPublicAccess: false,
skipDefaultNodeGroup: true,
instanceRoles: [myrole],
})
const sg1 = `{ arn:
'arn:aws:ec2:eu-west-1:243434:security-group/sg-1c3e59d3',
description: 'sg description',
id: 'sg-075324551c3e59d3',
name: 'sg1',
tags:
{ Name: 'abcdefrejg',
project: 'wfdsgfbfb' },
vpcId: 'vpc-id' }`
cluster1.createNodeGroup("abc-nodegroup", {
instanceType: "t3.medium",
autoScalingGroupTags: {
["k8s.io/cluster-autoscaler/enabled"]: "true",
[asgtag]: "owned",
},
spotPrice: "0.6",
nodeAssociatePublicIpAddress: false,
nodeSubnetIds: ["abd-subnet"],
desiredCapacity: 1,
minSize: 1,
extraNodeSecurityGroups: [sg1],
maxSize: 4,
instanceProfile: instanceProfile1,
})
Expected: The new node group has worker nodes that have been assigned security groups given in pulumi code.
What is happening: New worker nodes are created but supplied security groups are not assigned to them. Further the launch configuration of corresponding ASG doesn’t show the supplied security groups .
What else have I tried : Tried to add these extra security groups to an existing node group. In this case pulumi gives a golang panic error.
panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:dev::eks18::eks:index:Cluster$eks:index:NodeGroup$aws:ec2/launchConfiguration:LaunchConfiguration::apps-spot4-nodeLaunchConfiguration
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Just checking if there is any interest in this.
As a Workaround I have created a function which adds extra security groups to worker nodes externally. I call this function separately to pulumi.
@bit-cloner Any progress on this item? I’m working in python and trying to add the
extra_node_security_groupsargument.Exception: args.extraNodeSecurityGroups.map is not a functionNo example docs on how to use argument. I thought I was not sending the correct argument type, but there are no docs anywhere. In Python, a list is a Sequence. Pass a list of
pulumi_aws.ec2.SecurityGroup. I get the above error. I could be doing something wrong and would like to get advice.Also, I would love to see your function external to Pulumi, if possible. This does not seem right, is Pulumi not responsive to code not working?
@pgavlin Any thoughts?