https://pulumi.com logo
Join Slack
Powered by
I'm sure I'm missing something obvious, but I'm st...
# general
p
I'm sure I'm missing something obvious, but I'm struggling with circular dependencies. I'm using the EKS package to make a kluster The cluster needs a security group. The security group needs to allow access from the node pool security group The node pool security is created by the cluster and is an output from it. So essentially I have
Copy code
sg, err := ec2.NewSecurityGroup(ctx, "EKS", &ec2.SecurityGroupArgs{
                        Description: pulumi.String("Group for the EKS cluster"),
                        VpcId: pulumi.String(vpcid),
                        Ingress: ec2.SecurityGroupIngressArray{
                                &ec2.SecurityGroupIngressArgs{
                                      Description: pulumi.String("https in from the nodes"),
                                      FromPort: <http://pulumi.Int|pulumi.Int>(443),
                                      ToPort: <http://pulumi.Int|pulumi.Int>(443),
                                      Protocol: pulumi.String("tcp"),
                                      SecurityGroups: pulumi.StringArray{
                                              pulumi.String(cluster.NodeSecurityGroup),
                                      },
                                },
                        },
                        Egress:  ec2.SecurityGroupEgressArray{
                                // allow https out to anywhere
                                &ec2.SecurityGroupEgressArgs{
                                        FromPort: <http://pulumi.Int|pulumi.Int>(443),
                                        ToPort:   <http://pulumi.Int|pulumi.Int>(443),
                                        Protocol: pulumi.String("tcp"),
                                        CidrBlocks: pulumi.StringArray{
                                                pulumi.String("0.0.0.0/0"),
                                        },
                                        Ipv6CidrBlocks: pulumi.StringArray{
                                                pulumi.String("::/0"),
                                        },
                                },
                        },
                }, nil)
                if err != nil {
                        return err
                }
                // Create an EKS cluster
                cluster, err := eks.NewCluster(ctx, "Test", &eks.ClusterArgs{
                        VpcId: pulumi.String(vpcid),
                        PrivateSubnetIds: pulumi.StringArray{
                                pulumi.String(private[0]),
                                pulumi.String(private[1]),
                                pulumi.String(private[2]),
                        },
                        PublicSubnetIds: pulumi.StringArray{
                                pulumi.String(public[0]),
                                pulumi.String(public[1]),
                                pulumi.String(public[2]),
                        },
                        ClusterSecurityGroup: sg,
                        EndpointPrivateAccess: pulumi.Bool(true),
                        EndpointPublicAccess: pulumi.Bool(false),
                })
                if err != nil {
                        return err
                }
and if I put it that way round I get 
./main.go:150:21: undefined: cluster
and if I put the cluster before the sg I get 
undefined: sg
b
does the security group need to allow access from the node pool security group to get created or can you add an inbound rule for the node pool SG after the cluster builds and you get that output?
p
ooh, that's a good thought.
I think you might be right that could work. I'll try it.
woohoo 1
So just to confirm this does indeed seem to work. Or at least adding the rule after the cluster has been created allows me to use the cluster variable. Now I just need to figure out how to get the sg id from 
cluster.NodeSecurityGroup
which seems to have no method id Id or ID
🙌 2
5 Views
Open in Slack
PreviousNext
Powered by