quiet-wolf-18467
04/21/2020, 12:06 PMwhite-balloon-205
04/21/2020, 12:16 PM@pukumi/eks
provider. If they are not getting added, I would expect there is something misconfigured in the networking setup being used. Can you share any more details on your setup?quiet-wolf-18467
04/21/2020, 12:30 PMpublicSubnetIds
and privateSubnetIds
and use subnetids
, I get the tag added<http://kubernetes.io/cluster|kubernetes.io/cluster>
tagwhite-balloon-205
04/21/2020, 12:52 PMquiet-wolf-18467
04/21/2020, 12:55 PMsubnetIds
, then I'll branch off and update to use privateSubnetIds
and publicSubnetIds
breezy-hamburger-69619
04/21/2020, 4:08 PMquiet-wolf-18467
04/21/2020, 4:27 PMbreezy-hamburger-69619
04/21/2020, 4:29 PMquiet-wolf-18467
04/21/2020, 4:31 PMbreezy-hamburger-69619
04/21/2020, 4:32 PMquiet-wolf-18467
04/21/2020, 4:33 PMbreezy-hamburger-69619
04/21/2020, 4:33 PMquiet-wolf-18467
04/21/2020, 4:33 PMcreateOidcProvider
helper?
const exampleAssumeRolePolicy = pulumi.all([exampleOpenIdConnectProvider.url, exampleOpenIdConnectProvider.arn]).apply(([url, arn]) => aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRoleWithWebIdentity"],
conditions: [{
test: "StringEquals",
values: ["system:serviceaccount:kube-system:aws-node"],
variable: `${url.replace("https://", "")}:sub`,
}],
effect: "Allow",
principals: [{
identifiers: [arn],
type: "Federated",
}],
}],
}));
breezy-hamburger-69619
04/21/2020, 4:34 PMquiet-wolf-18467
04/21/2020, 4:36 PMpulumi/examples
OpenIdConnectProvider
in Pulumi repos, which led me to where I am todaybreezy-hamburger-69619
04/21/2020, 4:37 PMpulumi/examples
to call out that EKS has other, extensive examples at the link posted above.quiet-wolf-18467
04/21/2020, 4:37 PMbreezy-hamburger-69619
04/21/2020, 4:38 PMpulumi/examples
historically covers many different scenarios across languages, providers, stacks etc. and the examples in pulumi/eks
are centered around EKS paritcular features, options, and usage scenarios that we actively test in our CI. The examples and tests subdir in it can shine a light on what type of coverage we have.quiet-wolf-18467
04/21/2020, 4:43 PMbreezy-hamburger-69619
04/21/2020, 4:43 PMquiet-wolf-18467
04/21/2020, 8:58 PM<http://kubernetes.io/role/elb|kubernetes.io/role/elb>
tag to the subnets, is that Pulumi or AWS?<http://kubernetes.io/cluster|kubernetes.io/cluster>
, but not role/elb
pulumi-eks
not doing this?white-balloon-205
04/21/2020, 9:08 PMWhat should be adding theNeither 🙂. You will need to add these. Pulumi doesn't necessarily manage the desired state of these subnets, and AWS doesn't take care of adding them, so you will want whatever code does manage the desired state of the subnets to add these (if that's Pulumi, then you can add it to the tags at the definition site of the Subnets).tag to the subnets, is that Pulumi or AWS?<http://kubernetes.io/role/elb|kubernetes.io/role/elb>
quiet-wolf-18467
04/21/2020, 9:11 PMawsx
for the VPC creation and do it the longer way, or can I add subnet tags with awsx
?breezy-hamburger-69619
04/21/2020, 9:13 PMawsx
and passing it’s subnets into the cluster, they will get auto-tagged by the EKS service in AWS. e.g.:
https://github.com/pulumi/pulumi-eks/blob/98f4a7b1ac71222af268f4357a9dbc9990262d88/nodejs/eks/examples/tests/migrate-nodegroups/index.ts#L14-L39quiet-wolf-18467
04/21/2020, 9:14 PMpublicSubnetIds
and then tag them with <http://kubernetes.io/role/elb|kubernetes.io/role/elb>
(I think)breezy-hamburger-69619
04/21/2020, 9:15 PMquiet-wolf-18467
04/21/2020, 9:16 PMconst cluster: eks.Cluster = new eks.Cluster(
infrastructure.generateResourceName("eks"),
{
vpcId: config.vpc.id,
publicSubnetIds: config.vpc.publicSubnetIds,
privateSubnetIds: config.vpc.privateSubnetIds,
});
config.vpc.getSubnets().then(subnet => {
if subnet.isPublic() {
}
})
breezy-hamburger-69619
04/21/2020, 9:26 PMquiet-wolf-18467
04/21/2020, 9:28 PM