https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
e
That doesn't yet support userdata to run at worker node start-up, so I'm going the route of a separate cluster and Cloudformation template
w
We can definitely add that support in the very near term if it is blocking. Probably easier to add that one small knob than to recreate the whole library yourself. You could also fork that library and make changes to it if thats helpful to unblock and get going right away?
You can look at how the 
eks.Cluster
library handles all of this at https://github.com/pulumi/eks/blob/master/nodejs/eks/cluster.ts. In particular the `vcpConfig`: https://github.com/pulumi/eks/blob/master/nodejs/eks/cluster.ts#L190
e
Thanks. I have a meeting now but will explore further on it
I've got a couple extra requirements - let me know how possible those are currently: - Install a set of packages (e.g. 
yum install
) on all worker nodes in the autoscale group - Add some ingress rules, e.g. SSH for allowing worker-node access. I see the optional public-key option, but I don't see the accompanying ingress rule for port 22 - Run custom actions on all worker nodes, e.g. 
curl
to install some specific drivers/volumes
If those aren't supported right now out of the box with the eks code, what could I expect for an ETA? All 3 of those are blockers for my use cases.
w
Let me check with @microscopic-florist-22719 and we'll get back to you on an ETA. All should in principle be small additions to the library.
e
thanks!
m
Working on the custom userdata now.
@early-musician-41645 this PR should address the userdata piece of this: https://github.com/pulumi/eks/pull/15
re: allowing ingress on port 22, you can do this today by creating a 
SecurityGroupRule
after declaring the cluster
e.g.
Copy code
const cluster = new eks.Cluster("cluster", {
    nodePublicKey: fs.readFileSync("~/.ssh/id_rsa.pub").toString(),
});

// Allow SSH ingress.
new aws.ec2.SecurityGroupRule("ssh", {
    type: "ingress",
    fromPort: 22,
    toPort: 22,
    protocol: "tcp",
    securityGroupId: cluster.nodeSecurityGroup.id,
    cidrBlocks: [ "0.0.0.0/0" ],
});
I originally opted not to add this rule by default because it's quite permissive w.r.t. the allowed source IPs
But we can always add this and throw it under a flag.
e
@microscopic-florist-22719 Thanks! I just saw the merge for the fix of issue #14, looks great. Can you post a sample of how to use the 
new eks.Cluster
with the 
nodeUserData
in the docs somewhere, or in an example?
Also, I just tried an 
npm install
of the eks module but it's not getting the change for 
nodeUserData
, e.g.
Copy code
Object literal may only specify known properties, and 'nodeUserData' does not exist in type 'ClusterOptions'.
m
You'll need to be on the 
dev
label. So your package.json should include a line like 
"@pulumi/eks": "dev"
@white-balloon-205 what do you think about cutting a new release of 
@pulumi/eks
?
@early-musician-41645 here's an example of using `nodeUserData`:
Copy code
// Create an EKS cluster with the default configuration.
const cluster = new eks.Cluster("cluster", {
    nodeUserData: `#!/bin/python

from __future__ import print_function

print("hello, world!")
`
});
If you just need to run shell commands, you can change the interpreter directive to 
#!/bin/bash
and add whatever invocations you need
e
okay, I'll try the dev label
Maybe I didn't do it right?
Copy code
$ cat package.json
{
  "name": "eks-cluster",
  "devDependencies": {
    "@types/node": "latest"
  },
  "dependencies": {
    "@pulumi/aws": "latest",
    "@pulumi/eks": "dev",
    "@pulumi/pulumi": "latest"
  }
}
followed by 
npm install
Same error - did I miss a step?
m
No, that should be correct. I’m at lunch at the moment—I’ll look into this as soon as I’m back at a workstation.
@early-musician-41645 we've just published a new version of 
@pulumi/eks
with the 
nodeUserData
change. Updating to 
v0.16.1
should work.
6 Views
Open in Slack
PreviousNext
Powered by