Hi folks first time using pulumi eks running into an issue i Pulumi Community #general

Hi folks, first time using pulumi/eks, running int...

brave-angle-33257

10/14/2019, 8:31 PM

Hi folks, first time using pulumi/eks, running into an issue, i assume this is something known and easy if anyone can help point me in right direction

brave-angle-33257

10/14/2019, 8:31 PM

trying to follow this guide: https://aws.amazon.com/premiumsupport/knowledge-center/terminate-https-traffic-eks-acm/

brave-angle-33257

10/14/2019, 8:32 PM

I’ve created a super simple cluster, using:

Copy code

let vpc = new awsx.ec2.Vpc("k8s-vpc", {
    numberOfAvailabilityZones: 2,
    numberOfNatGateways: 0,
});

let cluster = new eks.Cluster("grcp", {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    minSize: 1,
    maxSize: 2,
    deployDashboard: false
});

brave-angle-33257

10/14/2019, 8:32 PM

when I run the command shown for the deployment and service using regular

kubectl

commands as per the doc, the service never comes up, I dont get any load balancer, it just says “pending” under external-ip forever

brave-angle-33257

10/14/2019, 8:33 PM

Copy code

$ kubectl get services
NAME           TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
echo-service   LoadBalancer   172.20.73.124   <pending>     80:31583/TCP,443:31403/TCP   7m41s
kubernetes     ClusterIP      172.20.0.1      <none>        443/TCP                      62m

brave-angle-33257

10/14/2019, 8:33 PM

seems to be lots of problems with launching LBs and eks, i’m finding lots of issues, some say it’s tagging on subnets/vpcs

brave-angle-33257

10/14/2019, 8:33 PM

any suggestions?

brave-angle-33257

10/14/2019, 10:47 PM

seems it does have something to do with refreshes removing tags

brave-angle-33257

10/14/2019, 10:48 PM

Copy code

├─ awsx:x:ec2:Vpc           k8s-vpc
 ~   │  ├─ aws:ec2:Vpc           k8s-vpc            updated                 [diff: -tags]
     │  ├─ awsx:x:ec2:Subnet     k8s-vpc-public-1
 ~   │  │  └─ aws:ec2:Subnet     k8s-vpc-public-1   updated                 [diff: ~tags]
     │  ├─ awsx:x:ec2:Subnet     k8s-vpc-public-0
 ~   │  │  └─ aws:ec2:Subnet     k8s-vpc-public-0   updated                 [diff: ~tags]
     │  ├─ awsx:x:ec2:Subnet     k8s-vpc-private-0
 ~   │  │  └─ aws:ec2:Subnet     k8s-vpc-private-0  updated                 [diff: ~tags]
     │  └─ awsx:x:ec2:Subnet     k8s-vpc-private-1
 ~   │     └─ aws:ec2:Subnet     k8s-vpc-private-1  updated                 [diff: ~tags]

brave-angle-33257

10/14/2019, 10:48 PM

when these tags get updated, LBs can no longer deploy

brave-angle-33257

10/14/2019, 10:48 PM

updated=removed

white-balloon-205

10/15/2019, 4:15 AM

Yes - you will need the desired state of your Pulumi program to include specifying any tags you want on your subnets, or else they will be removed by refresh. See the last section of https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html for the tags you need. You can provide the tags yourself, and/or also ignoreChanges on tags on subnets to allow your desired state to remain different than the actuals - using code like: https://github.com/pulumi/pulumi-awsx/blob/523ec1091271573911634ad222d5683de7b6f7dc/nodejs/examples/vpcIgnoreSubnetChanges/index.ts#L22

brave-angle-33257

10/15/2019, 2:48 PM

thanks Luke yes I found some of this code on my own last night digging, ended up with:

Copy code

let vpc = new awsx.ec2.Vpc(`k8s-vpc-${env}`, {
    subnets: [{
        type: 'public',
        ignoreChanges: [
            'tags'
        ]
    }, {
        type: 'private',
        ignoreChanges: [
            'tags'
        ]
    }]
}, {
    ignoreChanges: [
        'tags'
    ]
});

👍 1

2 Views

Open in Slack

Previous Next