https://pulumi.com logo
#aws
Title
s

sticky-match-71841

08/31/2020, 10:03 AM
Hi all! It seems i am unable to set enabledClusterLogTypes on an EKS cluster after provisioning without some weirdness. Btw, this is my first attempt with pulumi, so there is a change I am doing things the wrong way. Would love if you could correct me. This is my code:
Copy code
const cluster = new aws.eks.Cluster(environment.name, {
        name: environment.name,
        vpcConfig: {
            subnetIds: subnets.map(s => s.id),
            endpointPublicAccess: false,
            endpointPrivateAccess: true,
            securityGroupIds: [clusterSecurityGroup.id]
        },
        //enabledClusterLogTypes: ["api","audit","authenticator","controllerManager","scheduler"], // Uncomment and cluster.vpcConfig.clusterSecurityGroupId becomes undefined
        roleArn: clusterRole.arn,
        version: environment.clusterKubernetesVersion ? environment.clusterKubernetesVersion : "1.17"
    })

    // Patch the cluster security group
    environment.extraClusterIngressSecurityGroupIds?.forEach((id, i) => {
        console.log(id, i, cluster.vpcConfig.clusterSecurityGroupId)
        new aws.ec2.SecurityGroupRule(`extra-cluster-ingress-rules-${i}`, {
            securityGroupId: cluster.vpcConfig.clusterSecurityGroupId,
            type: "ingress",
            fromPort: 0,
            toPort: 0,
            protocol: "-1",
            sourceSecurityGroupId: id,
        })
    })
I provisioned the cluster before I added
enabledClusterLogTypes
. I made a change that sets
enabledClusterLogTypes
, and now, when running
pulumi up
,
cluster.vpcConfig.clusterSecurityGroupId
is undefined. If I comment out the block that uses the undefined value, I can successfully add the cluster log types. This has the consequence of removing my security group rules. Afterwards, i can uncomment the block again and this work. Is what i am trying to do actually possible? I also tried using
dependsOn
as well as wrapping the for loop in
cluster.vpcConfig.apply()
to no avail.
The stack trace i am getting:
Copy code
error: Running program '/Users/cpr/Documents/code/iac-environments' failed with an unhandled exception:
    Error: Missing required property 'securityGroupId'
        at new SecurityGroupRule (/Users/cpr/Documents/code/iac-environments/node_modules/@pulumi/ec2/securityGroupRule.ts:170:23)
        at /Users/cpr/Documents/code/iac-environments/src/eks.ts:58:13
        at Array.forEach (<anonymous>)
        at /Users/cpr/Documents/code/iac-environments/src/eks.ts:57:58
        at /Users/cpr/Documents/code/iac-environments/node_modules/@pulumi/pulumi/output.js:249:35
        at Generator.next (<anonymous>)
        at /Users/cpr/Documents/code/iac-environments/node_modules/@pulumi/pulumi/output.js:21:71
        at new Promise (<anonymous>)
        at __awaiter (/Users/cpr/Documents/code/iac-environments/node_modules/@pulumi/pulumi/output.js:17:12)
        at applyHelperAsync (/Users/cpr/Documents/code/iac-environments/node_modules/@pulumi/pulumi/output.js:228:12)