tall-lion-84030
09/18/2023, 3:48 PMprivate createCustomVpc(): awsx.ec2.Vpc {
return new awsx.ec2.Vpc(`${this.orgName}-eks-vpc`, {
enableDnsSupport: true,
enableDnsHostnames: true,
cidrBlock: this.vpcNetworkCidr,
});
}
private createEKSCluster(): eks.Cluster {
return new eks.Cluster(this.clusterName, {
name: this.clusterName,
version: '1.27',
tags: {
Project: 'k8s-eks-cluster',
Org: `${this.orgName}`,
},
createOidcProvider: true,
clusterSecurityGroupTags: { ClusterSecurityGroupTag: 'true' },
nodeSecurityGroupTags: { NodeSecurityGroupTag: 'true' },
skipDefaultNodeGroup: true,
vpcId: this.eksVpc.vpcId,
enabledClusterLogTypes: ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'],
instanceRoles: [this.eksNodeRole],
roleMappings: [],
publicSubnetIds: this.eksVpc.publicSubnetIds,
privateSubnetIds: this.eksVpc.privateSubnetIds,
nodeAssociatePublicIpAddress: false,
});
}
const nodeGroup = new eks.NodeGroup(
`public-api-nodegroup-${params.envName}`,
{
version: '1.27',
cluster: params.cluster,
instanceType: 't2.medium',
nodeAssociatePublicIpAddress: false,
desiredCapacity: 1,
minSize: 1,
maxSize: 10,
labels: {
name: 'public-api-nodegroup-alpha',
application: `public-api-${params.envName}`,
env: params.envName,
},
instanceProfile: params.eksNodeInstanceProfile,
},
{
providers: { kubernetes: params.cluster.provider },
},
);
billowy-army-68599
tall-lion-84030
09/18/2023, 5:08 PMbillowy-army-68599
NodeSubnetIds
to specify the subnet ids https://www.pulumi.com/registry/packages/eks/api-docs/nodegroup/#nodesubnetids_gotall-lion-84030
09/18/2023, 5:30 PMbillowy-army-68599
tall-lion-84030
09/18/2023, 5:48 PMprivateSubnetIds
from the vpc it’s inm still can’t resolve dns in the pod. Didn’t changed anything than the code presented and that i followed at https://www.pulumi.com/docs/clouds/kubernetes/guides/playbooks/billowy-army-68599
tall-lion-84030
09/18/2023, 6:05 PMCould not connect to the endpoint URL: "<https://secretsmanager.eu-west-3.amazonaws.com/>"
The 2 default replicaSet of the coredns deployment are running and logging issue such as [INFO] 10.1.78.23:57886 - 33767 "A IN <http://secretsmanager.eu-west-3.amazonaws.com|secretsmanager.eu-west-3.amazonaws.com>.public-api-alpha-da393fe3.svc.cluster.local. udp 100 false 512" NXDOMAIN qr,aa,rd 193 0.000230575s
I have set up and double-checked the ressource for the aws IRSA logic. Everything is created and linked correctly. I don’t know how to solve this issue i’ve been on since 2 days.billowy-army-68599
<http://secretsmanager.eu-west-3.amazonaws.com|secretsmanager.eu-west-3.amazonaws.com>.public-api-alpha-da393fe3.svc.cluster.local
This isn’t a valid DNS address though right? Does it every query in the tree for just the standard amazonaws.com ?tall-lion-84030
09/18/2023, 6:35 PM/etc/resolv.conf
?
see -> search public-api-alpha-da393fe3.svc.cluster.local svc.cluster.local cluster.local eu-west-3.compute.internal
as the 1st line of resolv.conf