sparse-intern-71089
08/04/2022, 7:04 PMpolite-napkin-90098
08/04/2022, 7:19 PM"Allow pods to communicate with the cluster API Server"
which when removed will break the cluster.polite-napkin-90098
08/04/2022, 7:22 PMpolite-napkin-90098
08/04/2022, 7:23 PMlittle-cartoon-10569
08/04/2022, 8:31 PMpolite-napkin-90098
08/08/2022, 4:27 PMpolite-napkin-90098
08/08/2022, 4:31 PMclusterSecurityGroup:
in the new eks.cluster
call. Whereapon the EKS cluster module adds a rule to that sg which lets the nodes talk to the cluster.polite-napkin-90098
08/08/2022, 4:32 PMlittle-cartoon-10569
08/08/2022, 8:47 PMlittle-cartoon-10569
08/08/2022, 8:52 PMclusterSecurityGroup
? I can't see it at https://www.pulumi.com/registry/packages/eks/api-docs/cluster/little-cartoon-10569
08/08/2022, 9:01 PMpolite-napkin-90098
08/10/2022, 7:23 PM// add a rule allowing the AdminVM in to kubectl the cluster
const adminClusterRule = new aws.ec2.SecurityGroupRule("adminClusterRule", {
type: "ingress",
fromPort: 443,
toPort: 443,
protocol: "tcp",
securityGroupId: clusterSecurityGroupId,
sourceSecurityGroupId: adminsg.ids[0],
description: `Allow AdminVM to communicate with the ${nam}-eksCluster API Server`,
});
If you try to create the sg first with a rule like that and then pass that to the new eks.cluster
function as clusterSecurityGroup then you get into the state I describe.polite-napkin-90098
08/10/2022, 7:24 PMlittle-cartoon-10569
08/10/2022, 9:03 PM