straight-planet-8925
03/19/2025, 5:47 AMstocky-restaurant-98004
03/19/2025, 2:07 PMstocky-restaurant-98004
03/19/2025, 2:08 PMstraight-planet-8925
03/20/2025, 2:45 AMstraight-planet-8925
03/20/2025, 2:46 AMimport pulumi
import pulumi_awsx as awsx
import pulumi_eks as eks
import pulumi_kubernetes as kubernetes
# Create a VPC for our cluster.
vpc = awsx.ec2.Vpc("vpc")
# Create an EKS cluster inside of the VPC.
cluster = eks.Cluster("cluster",
vpc_id=vpc.vpc_id,
public_subnet_ids=vpc.public_subnet_ids,
private_subnet_ids=vpc.private_subnet_ids,
instance_type="t2.micro",
max_size=6,
min_size=2,
desired_capacity=3,
node_associate_public_ip_address=False)
eks_provider = kubernetes.Provider("eks-provider", kubeconfig=cluster.kubeconfig_json)
# Deploy a small canary service (NGINX), to test that the cluster is working.
my_deployment = kubernetes.apps.v1.Deployment("my-deployment",
metadata=kubernetes.meta.v1.ObjectMetaArgs(
labels={
"appClass": "my-deployment",
},
),
spec=kubernetes.apps.v1.DeploymentSpecArgs(
replicas=2,
selector=kubernetes.meta.v1.LabelSelectorArgs(
match_labels={
"appClass": "my-deployment",
},
),
template=kubernetes.core.v1.PodTemplateSpecArgs(
metadata=kubernetes.meta.v1.ObjectMetaArgs(
labels={
"appClass": "my-deployment",
},
),
spec=kubernetes.core.v1.PodSpecArgs(
containers=[kubernetes.core.v1.ContainerArgs(
name="my-deployment",
image="nginx",
ports=[kubernetes.core.v1.ContainerPortArgs(
name="http",
container_port=80,
)],
)],
),
),
),
opts=pulumi.ResourceOptions(provider=eks_provider))
straight-planet-8925
03/20/2025, 2:46 AMstocky-restaurant-98004
03/20/2025, 1:53 PMkubeconfig
instead of the JSON.
Also, you need to make sure your worker nodes (? - I think it's the worker nodes that fetch the image) have 443 egress enabled because otherwise they won't be able to get the container image from the container registry. That may be enabled by default, but it's worth checking via the console if necessary.stocky-restaurant-98004
03/20/2025, 1:53 PMstraight-planet-8925
03/21/2025, 2:37 AMquick-house-41860
03/21/2025, 11:18 AMnode_associate_public_ip_address
to false, and populated both public and private subnets (IIRC the cluster will launch the nodegroup into the public subnet in this case). EC2 instances in a public subnet need a public IP address in order to access the internet.
Can you try setting node_associate_public_ip_address
to true instead? Alternatively, launch the nodes into a private subnetstraight-planet-8925
03/24/2025, 6:24 AMstraight-planet-8925
03/24/2025, 6:25 AMstraight-planet-8925
03/24/2025, 6:25 AMquick-house-41860
03/24/2025, 7:21 AM