I didn't see it in examples anywhere, but there is...
# awsc
calm-bear-55094
12/09/2024, 5:54 PMI didn't see it in examples anywhere, but there is a preferred way of creating an EKS cluster with a managed nodegroup and then associating the autoscaling group that creates with an autoscaling.Attachment for a targetgroup?
q
quick-house-41860
12/09/2024, 6:15 PMI guess you're trying to expose services running on your cluster via a Load Balancer?
In that case I'd recommend using the AWS Load Balancer Controller. The benefit here is that you do not need to add your nodes into the target group, instead the controller will add the pods directly.
Additionally it will insert pod readiness gates to ensure downtimeless deployments
c
calm-bear-55094
12/09/2024, 6:42 PMI am unable to use ALB load balancer controller in our environment. The ALB has to be created outside and attached to the cluster ASG.
q
quick-house-41860
12/09/2024, 6:43 PMYou can do that with the load balancer controller. You can create the ALB in pulumi for example and instruct the load balancer controller to use it
quick-house-41860
12/09/2024, 6:45 PMThis is how you can instruct the Load Balancer Controller to bind to your existing target group: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/guide/targetgroupbinding/targetgroupbinding/
quick-house-41860
12/09/2024, 6:48 PMIn case this approach does not work for you, you can use this function to look up the node group: https://www.pulumi.com/registry/packages/aws/api-docs/eks/getnodegroup/#aws-eks-getnodegroup
The return value will include a reference to the auto scaling group
c
calm-bear-55094
12/09/2024, 6:55 PMIs there a way to reference the Name of the cluster and Nodegroup as strings without having to wrap the lookup and attachment inside an ApplyT?
q
quick-house-41860
12/09/2024, 6:58 PMYou're using Go I guess? The output form accepts Input-wrapped arguments. I.e.
LookupNodeGroupOutputc
calm-bear-55094
12/09/2024, 7:28 PMThanks for the help.
calm-bear-55094
12/09/2024, 8:50 PMActually having an issue with this, so I have an *eks.ManagedNodeGroup, and need to create an autoscaling.Attachment and iam.RolePolicyAttachment on it, the outputs from the ManagedNodeGroup do not appear to include an Autoscalinggroup from which I can get an autoscaling group name. The eks.ManagedNodeGroup.Resources() Array has an "AutoscalingGroups()" but it is nil.
q
quick-house-41860
12/10/2024, 9:15 AMCould it be an eventual consistency issue? IIRC, the AWS EKS service creates the ASG asynchronously.
Are the other properties in the
LookupNodeGroupOutputc
calm-bear-55094
12/12/2024, 3:24 PMThe managed node group NodeGroup.Resources().Index(pulumi.Int(0)).AutoscalingGroups().Index(pulumi.Int(0)).Name().Elem() was empty, but it actually started working correctly for no reason I could tell. Using this I was able to do an attachment. I had another issue that I didn't find a "good" solution for - the autoscaling group is directly targeted on node port by a loadbalancer so I had to join them both to a security group but the EKS created security group for the managed node group was not retrievable with pulumi and I instead had to resort to lookup by tags.
calm-bear-55094
12/12/2024, 3:24 PMNot retrievable from any of the objects as far as I could tell, lookup worked.
q
quick-house-41860
12/12/2024, 3:33 PMThe security group you're referring to is the Cluster Security Group the EKS service creates themselves. This is included in the cluster's output:
cluster.eksCluster.vpcConfig.clusterSecurityGroupIdc
calm-bear-55094
12/12/2024, 3:38 PMDidn't catch that cluster.clusterSecurityGroupId was different from that, it was the wrong group which threw me off.
2 Views