Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
p
polite-napkin-90098
01/26/2022, 9:13 PMI'm sure I'm missing something obvious, but I'm struggling with circular dependencies.
I'm using the EKS package to make a kluster
The cluster needs a security group.
The security group needs to allow access from the node pool security group
The node pool security is created by the cluster and is an output from it.
So essentially I have
sg, err := ec2.NewSecurityGroup(ctx, "EKS", &ec2.SecurityGroupArgs{
Description: pulumi.String("Group for the EKS cluster"),
VpcId: pulumi.String(vpcid),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("https in from the nodes"),
FromPort: <http://pulumi.Int|pulumi.Int>(443),
ToPort: <http://pulumi.Int|pulumi.Int>(443),
Protocol: pulumi.String("tcp"),
SecurityGroups: pulumi.StringArray{
pulumi.String(cluster.NodeSecurityGroup),
},
},
},
Egress: ec2.SecurityGroupEgressArray{
// allow https out to anywhere
&ec2.SecurityGroupEgressArgs{
FromPort: <http://pulumi.Int|pulumi.Int>(443),
ToPort: <http://pulumi.Int|pulumi.Int>(443),
Protocol: pulumi.String("tcp"),
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("::/0"),
},
},
},
}, nil)
if err != nil {
return err
}
// Create an EKS cluster
cluster, err := eks.NewCluster(ctx, "Test", &eks.ClusterArgs{
VpcId: pulumi.String(vpcid),
PrivateSubnetIds: pulumi.StringArray{
pulumi.String(private[0]),
pulumi.String(private[1]),
pulumi.String(private[2]),
},
PublicSubnetIds: pulumi.StringArray{
pulumi.String(public[0]),
pulumi.String(public[1]),
pulumi.String(public[2]),
},
ClusterSecurityGroup: sg,
EndpointPrivateAccess: pulumi.Bool(true),
EndpointPublicAccess: pulumi.Bool(false),
})
if err != nil {
return err
}./main.go:150:21: undefined: clusterundefined: sgb
billions-processor-3086
01/26/2022, 9:19 PMdoes the security group need to allow access from the node pool security group to get created or can you add an inbound rule for the node pool SG after the cluster builds and you get that output?
p
polite-napkin-90098
01/26/2022, 9:29 PMooh, that's a good thought.
I think you might be right that could work. I'll try it.
:woohoo: 1
So just to confirm this does indeed seem to work. Or at least adding the rule after the cluster has been created allows me to use the cluster variable.
Now I just need to figure out how to get the sg id from
cluster.NodeSecurityGroup🙌 2