https://pulumi.com logo
Title
c

creamy-beach-53040

04/26/2023, 1:38 PM
Hello, I'm attempting to create a new EKS cluster, and I would like that the worker nodes have an extra security group that already exists as part of the old infrastructure. I've tried setting it in the field extra_node_security_groups, which is part of the node_group_options parameter, as shown in the snippet below. The cluster is instantiated, but the nodes aren't assigned the extra security group.
cluster = peks.Cluster(
  f"cluster-{project_name}-{stack_name}",
  vpc_id=vpc.vpc_id,
  subnet_ids=kube_subnets,
  node_associate_public_ip_address=False,
  enabled_cluster_log_types=[
    "api",
    "audit",
    "authenticator",
  ],
  tags=tags,
  node_group_options=peks.ClusterNodeGroupOptionsArgs(
    extra_node_security_groups=[db_security_group.id],
    min_size=config.get("min_size"),
    max_size=config.get("max_size"),
    desired_capacity=config.get("desired_capacity"),
    instance_type=config.get("instance_type")
  ),
  instance_role=cluster_node_role,
  provider_credential_opts=peks.KubeconfigOptionsArgs(profile_name="pulumi")
)
I also tried setting the security group as a parameter of the pulumi_eks.NodeGroupV2 constructor, but it didn't work either. In that case, I got an error message saying the security group didn't exist. Any ideas on what to try next?