No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Node groups don't have security groups. Each node in a group does. That's configured via the node group's EC2 launch template.

I’m trying to setup with spot instances that automatically pull from a list of possible instances, which I don’t think are available on the launch templates

I don't enough about EKS to help with that. The thing that creates the instances will be where you configure the security groups.

Thanks for trying :slightly_smiling_face:

What's the thing that creates the instances?

(but they accept launch templates…but launch templates dont have spot)

No, NodeGroups manage the created instances. EC2 scaling groups create the instances, afaik. Maybe there's another service that does it, too?

Maybe?? Its weird because I create the cluster, I set the sizes, spot etc in the managed nodegroup, and it sort of creates the scaling groups etc as well

It seems to apply a default sg…but i can’t seem to figure out how to change that either

Yep. If you want more control than EKS gives, you may have to roll your own using ASGs and other low-level constructs :disappointed:

That's the downside of convention-over-configuration :disappointed:

But im not sure it exposes the “bidding” stuff and multiple nodetypes elsewhere which is kinda odd

You need to use launch template. <@U06CQ52JWE9>

And set the following args to use spot instance in launch template:

 instanceMarketOptions: {
        marketType: "spot",
    },

<@U06FQHWG4DS> Actually im sorry I guess im using the eks provider!

The EKS provider is convention-over-configuration. If the conventions it adopts don't suit, then you need to use the AWS provider directly, in order to get the power of configuration.

Makes sense! I think I got it all sorted. It looks like you can use the eks manager, and override using a launch template

The next thing I gotta figure out is how to override the autoscaling group

I dont know if you can ovveride the autoscaler though