This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

04/12/2023, 2:55 PM

This message was deleted.

billowy-army-68599

04/12/2023, 2:58 PM

Copy code

nodeAssociatePublicIpAddress: false,

This is for the default node group, and you’re create another managed node group

billowy-army-68599

04/12/2023, 2:58 PM

what is actually happening?

stocky-petabyte-29883

04/12/2023, 2:59 PM

Ah okay, well the nodes in the managed node groups are getting ips in private and public subnets at random

stocky-petabyte-29883

04/12/2023, 3:00 PM

Is there a similar setting for the managed node group?

billowy-army-68599

04/12/2023, 3:00 PM

first suggestion would be to disable the default node group

billowy-army-68599

04/12/2023, 3:01 PM

skipDefaultNodeGroup: true

stocky-petabyte-29883

04/12/2023, 3:01 PM

I already have that property set to true

billowy-army-68599

04/12/2023, 3:07 PM

ah yes

billowy-army-68599

04/12/2023, 3:08 PM

how did you build your private subnet?

stocky-petabyte-29883

04/12/2023, 3:08 PM

Copy code

export const vpc = new awsx.ec2.Vpc(`${stack}-eks-vpc`, {
    numberOfAvailabilityZones: eksConfig.vpc.length,
    cidrBlock: eksConfig.cidrRange,
    numberOfNatGateways: eksConfig.vpc.length,
    subnets: eksConfig.vpc.map((instance, index) => {
        return <awsx.ec2.VpcSubnetArgs[]>[{
            type: "private",
            name: `${stack}-private-eks-subnet-${index}`,
            location: {
                availabilityZone: instance.zoneName,
                cidrBlock: instance.privateCidr,
            },
            tags: {
                Environment: stack,
                "<http://kubernetes.io/role/internal-elb|kubernetes.io/role/internal-elb>": "1"
            }
        },
        {
            type: "public",
            name: `${stack}-public-eks-subnet-${index}`,
            location: {
                availabilityZone: instance.zoneName,
                cidrBlock: instance.publicCidr,
            },
            tags: {
                Environment: stack,
                "<http://kubernetes.io/role/elb|kubernetes.io/role/elb>": "1"
            }
        }]
    }).flatMap(s => s),
});

billowy-army-68599

04/12/2023, 3:10 PM

okay what does a node look like that isn’t behaving as expected?

stocky-petabyte-29883

04/12/2023, 3:16 PM

well the node is getting assigned IPs from the public subnet. I was under the assumption that the nodeAssociatePublicIpAddress along with privateSubnetIds and publicSubnetIds when creating the cluster forces all nodes to be on private IPs

billowy-army-68599

04/12/2023, 3:22 PM

it should, there must be a configuration issue somewhere

stocky-petabyte-29883

04/12/2023, 3:23 PM

Okay

stocky-petabyte-29883

04/12/2023, 3:30 PM

Any pointers will be really helpful 😄

billowy-army-68599

04/12/2023, 3:31 PM

• check the autoscaling group your nodes are deployed into • verify the subnets the asg is targetting • check the subnet definition to ensure “auto assign public ip addresses” isn’t set • make sure all nodes in the group are in the same ASG

stocky-petabyte-29883

04/12/2023, 3:57 PM

• I haven't created an autoscaling group, just the managed node group with a scaling config, only the desired size of the scaling config is created during pulumi up(and these nodes are the ones with random private/public ips)

stocky-petabyte-29883

04/12/2023, 4:09 PM

The code I sent here is pretty much all the bits and pieces used for the creation of the vpc, EKS and its managed node groups. I can't seem to find anything there that suggests its a misconfig

billowy-army-68599

04/12/2023, 4:51 PM

short of a screen share or running the code myself, it’s difficult to say what the issue is. Unfortunately i don’t have cycles to dive deeper right now

stocky-petabyte-29883

04/12/2023, 4:52 PM

All good, if at some point you have the time for a quick screen share please lemme know

stocky-petabyte-29883

04/12/2023, 7:27 PM

@billowy-army-68599 one other thing, when I am making a change to the property nodeAssociatePublicIpAddress and doing a pulumi up, this change is not even getting picked up.

billowy-army-68599

04/12/2023, 7:44 PM

that’s because you disabled the default node group, so there’s nothing to make changes to 🙂

stocky-petabyte-29883

04/12/2023, 8:08 PM

so this property won't impact the managed node group right? Is there an equivalent property on the managed node group?

stocky-petabyte-29883

04/12/2023, 8:14 PM

On the managednodegroup I found the value.

Copy code

/**
     * Make subnetIds optional, since the cluster is required and it contains it.
     *
     * Default subnetIds is chosen from the following list, in order, if
     * subnetIds arg is not set:
     *   - core.subnetIds
     *   - core.privateIds
     *   - core.publicSublicSubnetIds
     *
     * This default logic is based on the existing subnet IDs logic of this
     * package: <https://git.io/JeM11>
     */
    subnetIds?: pulumi.Input<pulumi.Input<string>[]>;

I haven't set core.subnetIds explicitly, I guess since subnetIds have all the values, it uses all subnets for the managed node group

billowy-army-68599

04/12/2023, 8:16 PM

oh man, totally missed that in your code. yes, set the private Subnet IDs on the nodegroup

stocky-petabyte-29883

04/12/2023, 8:17 PM

Yeah, I ll do that, but QQ if the core.subnetIds will have all the subnets anyway, won't the default subnetId always go to all the subnets in VPC regardless

2 Views

Open in Slack

Previous Next