No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Morning :wave: we're using the pulumi EKS library to wrap our own library around and hitting an issue with the ALB ingress controller, whereby more than one security group is tagged with `<http://kubernetes.io/cluster/${clusterName}|kubernetes.io/cluster/${clusterName}>: owned` , this prevents the reconciler from automatically provisioning requested ingress, due to the target group bindings not being able to assign a default SG. I've had a browse through:
• <https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1181>
• <https://github.com/aws-ia/terraform-aws-eks-blueprints/pull/799/files>
• <https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1897>
and also tried managing the security groups myself to control the tags applied, and can never seem to get below 3 SG's with the tags present.

Obviously we can supply SGs to the ALB ingress controller via annotations but I'd quite like this to work automagically.

Any help/advice would be appreciated. Cheers

This has been solved now. We were creating a nodegroupv2 resource, instead of just using the default node group. Now just adding something to programatically remove the eks created SG then we're good to go!