https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
w
Can you share the exact diff you are seeing? Is this with 
@pulumi/eks
?
w
Sure The diff looks like it's replacing the rules with the default rules:
Copy code
~ aws:ec2/securityGroup:SecurityGroup: (update)
            [id=sg-01290dc7456d80e3a]
            [urn=urn:pulumi:prod::insights-base::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-nodeSecurityGroup]
            description        : "Managed by Pulumi"
            egress             : [
                [0]: {
                    cidrBlocks : [
                        [0]: "0.0.0.0/0"
                    ]
                    description: "Allow internet access."
                    fromPort   : 0
                    protocol   : "-1"
                    self       : false
                    toPort     : 0
                }
            ]
            ingress            : [
                [0]: {
                    description: "Allow nodes to communicate with each other"
                    fromPort   : 0
                    protocol   : "-1"
                    self       : true
                    toPort     : 0
                }
                [1]: {
                    description   : "Allow worker Kubelets and pods to receive communication from the cluster control plane"
                    fromPort      : 1025
                    protocol      : "tcp"
                    securityGroups: [
                        [0]: "sg-02442ca8c9d39cd06"
                    ]
                    self          : false
                    toPort        : 65535
                }
                [2]: {
                    description   : "Allow pods running extension API servers on port 443 to receive communication from cluster control plane"
                    fromPort      : 443
                    protocol      : "tcp"
                    securityGroups: [
                        [0]: "sg-02442ca8c9d39cd06"
                    ]
                    self          : false
                    toPort        : 443
                }
            ]
            name               : "cluster-nodeSecurityGroup-bb73210"
            revokeRulesOnDelete: false
            tags               : {
                <http://kubernetes.io/cluster/cluster-eksCluster-50e3f63|kubernetes.io/cluster/cluster-eksCluster-50e3f63>: "owned"
            }
            vpcId              : "vpc-8194a0e8"
Yep - cluster created with pulumi/eks
w
What version of 
@pulumi/EKS
are you using? Versions since 
0.18.3
have managed these rules independently from the security group. Also see https://github.com/pulumi/pulumi-eks/blob/master/CHANGELOG.md#0185-released-may-09-2019.
w
Even after a successful "pulumi up", running immediately again still says it want to update the group in the plan:
Copy code
├─ eks:index:Cluster                         cluster                                               
 ~   │  └─ aws:ec2:SecurityGroup                  cluster-nodeSecurityGroup                  update
w
Two things: 1. What version of Pulumi-eks? 2. Are you doing refresh at all?
w
Thanks - looks like outdated pulumi-eks might be it - currently 0.17.4 - will try the upgrade steps you linked and see how it goes.
I had tried a refresh too, but results seemed the same. Anyway - will update versions 🙂
Open in Slack
PreviousNext
Powered by