Hello team, I'm trying to create a EKS cluster using Pulumi Automation API + Go lang. However, I'm getting below error: I'm using go package: "github.com/pulumi/pulumi-eks/sdk/go/eks" Tried using https://www.pulumi.com/registry/packages/eks/api-docs/nodegroup/ & https://www.pulumi.com/registry/packages/eks/api-docs/nodegroupv2/

aws:ec2:LaunchConfiguration (eks-cluster-nodeLaunchConfiguration):

error: 1 error occurred:

* creating Auto Scaling Launch Configuration (eks-cluster-nodeLaunchConfiguration-ddb90d9): operation error Auto Scaling: CreateLaunchConfiguration, https response error StatusCode: 400, RequestID: 7a5723e7-4458-47e1-abc6-c4d6bcd1c113, api error UnsupportedOperation: The Launch Configuration creation operation is not available in your account. Use launch templates to create configuration templates for your Auto Scaling groups.

Hey @powerful-waitress-36724, sorry you're running into this! We're addressing the deprecation of the Launch Configuration resource by AWS in the next major release (v3). We're aiming to release it towards the end of next week, but you can already check out the beta version if you'd like to: v3.0.0-beta.1. Otherwise you can work around this by not creating the default node group of the cluster and instead create one explicitly like mentioned in this comment: https://github.com/pulumi/pulumi-eks/issues/1419#issuecomment-2396230169

Oh I see. Thanks for the update @quick-house-41860. With the workaround example, there is no such a method createManagedNodeGroup on eks. Can you please tell me what version of eks dependency to use?

That is the nodejs SDK, it is currently hand written and has some extra functions compared to the other SDKs. What language are you using? You don't need to create a ManagedNodeGroup , you can also created a NodeGroupV2. The error you were getting was from the

Cluster

resource itself. If you set

skipDefaultNodeGroup

to true, it'll not create the offending

NodeGroup

(aka NodeGroupV1)

I see. Let me try setting up skipDefaultNodeGroup to true. I'm using Go Lang

Got it, yes that doesn't have that func!

then how can I create nodes? Can I use NodeGroupV2 or NodeGroup while using skipDefaultNodeGroup?

Use either

NodeGroupV2

or

ManagedNodeGroup

. NodeGroup will fail because it's using the deprecated AWS Launch Configuration under the hood

Understood. Let me give this a try and I will get back to you

NodeGroupV2

is a self-managed node group. That means the EC2 instances themselves are managed by an auto scaling group, but have no direct integration into the EKS service. They simple register with the cluster's control plane. (more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html) A

ManagedNodeGroup

on the other hand is tightly integrated into EKS, it's actually a resource of the EKS service itself. EKS creates an autoscaling group for it as well, but it tightly integrates it into the cluster lifecycle. For example, when updating your node group, EKS will safely cordon and drain the nodes without causing disruptions to your workloads. For more details: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html Whether you choose a self-managed node group or managed node group depends on how much control you need. With self-managed one's you can control everything , but they're more difficult to operate. I'd recommend to start with managed node groups and move to self-managed ones if you need to. You can also mix and match. e.g. a self-managed node group for certain workloads and managed ones for the rest

Got it. Thanks @quick-house-41860 that helps

Always happy to help!

Hey @quick-house-41860 by using ManagedNodeGroup, now the node group is created with below error:

* waiting for EKS Node Group (eks-cluster-eksCluster-3484126:eks-managed-ng2) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: i-052c8a1477470869b, i-096a1fbf26d248041: NodeCreationFailure: Instances failed to join the kubernetes cluster

How are you configuring the cluster and node group?

I'm using these policies: var managedPolicyArns = []string{ "arnawsiam:awspolicy/AmazonEKSWorkerNodePolicy", "arnawsiam:awspolicy/AmazonEKS_CNI_Policy", "arnawsiam:awspolicy/AmazonEC2ContainerRegistryReadOnly", }

What does the assume role policy look like? Is it for

Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"

?

Yes for "ec2.amazonaws.com". This the same example I'm using

Do the EC2 instances have internet access? How does your VPC look like?

Yes, I have created a VPC having two subnets (public and private) an internet gateway for the same VPC, then created a NAT gateway with EIP and public subnet. Now, via ManagedNodeGroup, it creates two ec2 instances one with Public IP and other one without Public IP

Are routing rules set up correctly? The role looks correct, so I'm currently thinking this is a networking issue

Yes, this is how routeTables are set up

Yes, if you do not associate the route table with the subnet, then it will not be able to route the traffic. You can use this component to set up a fully configured VPC: https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/

got it

Only for public subnets. But in general, the networking design depends on your security constraints and use case. NAT gateways come with extra cost, but add an extra layer of security

Hey @quick-house-41860 thanks a lot for your help. The nodes are created now after subnet-route table association

Sorry, I don't know what submariner is. In general you can deploy every containerized application to kubernetes

That's fine. The main question is: How can we deploy any containerized application to Kubernetes via Pulumi?

You can have a look at our pulumi-kubernetes provider: https://www.pulumi.com/registry/packages/kubernetes/ The

eks.Cluster

component exports a kubeconfig that you can use to configure your kubernetes provider

awesome, thanks a lot @quick-house-41860 for all the support. I will have a look at it