https://pulumi.com logo
Powered by
d

damp-book-35965

03/28/2019, 4:49 PM
The reason I ask is yesterday it showed a new AMI was used which is different from one of our other clusters and now the cluster is in a bad state
f

fierce-dinner-20116

03/28/2019, 4:50 PM
Maybe you’re also affected by this: https://github.com/pulumi/pulumi-eks/issues/84 ?
d

damp-book-35965

03/28/2019, 4:52 PM
Holy shit..yes
Im running windows worker nodes
f

fierce-dinner-20116

03/28/2019, 4:52 PM
It’s also not immediately clear to me whether or not the ami is intended to be stable between pulumi updates
d

damp-book-35965

03/28/2019, 4:53 PM
There are 2 issues..you don't want to update till you actually want to update and you cannot default to windows
How did that happen
f

fierce-dinner-20116

03/28/2019, 4:54 PM
d

damp-book-35965

03/28/2019, 4:54 PM
Also I was running linux before that..so this is a crazy scenario
f

fierce-dinner-20116

03/28/2019, 4:54 PM
It seems that windows support was only added recently
But I assume it’s just because whatever API call they made before didn’t have a strict enough filter
d

damp-book-35965

03/28/2019, 4:55 PM
Yes and whatever comes on the top wins
f

fierce-dinner-20116

03/28/2019, 4:55 PM
(And it was fine before since Linux was the only platform that was being used)
d

damp-book-35965

03/28/2019, 4:56 PM
True..
f

fierce-dinner-20116

03/28/2019, 4:58 PM
there is a fix in the works it seems
I guess people that use pulumi for CD though got bitten by this
d

damp-book-35965

03/28/2019, 4:59 PM
Luckily I didn't run this in production..
b

breezy-hamburger-69619

03/28/2019, 4:59 PM
We have a fix in flight
d

damp-book-35965

03/28/2019, 4:59 PM
Yes @breezy-hamburger-69619 following the PR 🙂
w

white-balloon-205

03/28/2019, 5:13 PM
Definitely working to get a fix out here. Note that as a workaround - and in general to ensure you are always using a specific AMI that you specify - you can pass 
nodeAmiId
explicitly. For production installations, you most likely will want to do this so that you are in full control of the timing of new AMI rollouts to nodes.
👍 2
d

damp-book-35965

03/28/2019, 5:17 PM
Absolutely..I think it should be made a requirement and not an optional to make sure best practices are followed
f

fierce-dinner-20116

03/28/2019, 5:44 PM
I don’t know if changing this behavior would break with how terraform does things, but I agree with @damp-book-35965. It seems like making the 
nodeAmiId
a mandatory field and moving the existing logic to an optional helper function would help prevent people from accidentally shooting themselves in the foot
Or maybe there could be a 
awsx.eks
package that has this behavior (since the theme of that package is “better defaults”)
w

white-balloon-205

03/28/2019, 6:04 PM
Yes - that's something I do think we should consider. Feel free to open an issue to track.
b

breezy-hamburger-69619

03/28/2019, 6:46 PM
Update: https://github.com/pulumi/pulumi-eks/pull/85 has merged, and we’ll be cutting a new release soon to include it.
f

fierce-dinner-20116

03/28/2019, 6:59 PM
b

breezy-hamburger-69619

03/28/2019, 7:00 PM
Thank you @fierce-dinner-20116 for filing the very informative issue. It’s greatly appreciated!
b

busy-pizza-73563

03/28/2019, 7:14 PM
@damp-book-35965 Meanwhile you can just pin the AMI to 
ami-032ed5525d4df2de3
.
👍 1
d

damp-book-35965

03/28/2019, 7:14 PM
Yes doing exactly that..actually exposed a best practice for us..
So will be doing it for all clusters going forward
Powered by