No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@U02AP7FRS67> what CNI are you using? the default?

yea i was using the default, it looks like it was a problem with the security groups? eks.Cluster created a security group, and eks.NodeGroup created another, once i let them talk to each other it seems to have worked. whats the best way of setting this up?

```    const cluster = new eks.Cluster("cluster", {
        name: "formations",
        subnetIds: vpcs.dev.publicSubnetIds,
        vpcId: vpcs.dev.id,
        desiredCapacity: 2,
        maxSize: 4,
        minSize: 1,
        storageClasses: "gp2",
        providerCredentialOpts: {
            roleArn: formations_config.require("eksRole")
        },
        version: "1.21"
    });

    const nodeGroup = new eks.NodeGroup("eks-nodegroup", {
        cluster: cluster,
        minSize: 2,
        maxSize: 6,
        version: "1.21"
    })```

how did you create your VPC? does it have working routing in the public subnet (ie, can you ping one node from another?)

the vpc is created with all default parameters
```    dev: new awsx.ec2.Vpc("dev", {}),```

i think it can ping 1 node from another….but i also havnt tried. our previous application was a single elasticbeanstalk instance so i dont think anyone tested that

There's a lot that could be wrong here, Kubernetes is very complex...