Channels
#golang
Title
# golang
b
bored-table-20691
02/22/2022, 10:33 PM(also we shoudl thread responses, apologies)
👍 1
t
thousands-telephone-86052
02/22/2022, 10:42 PM Copy code
name: eks_go_aws
runtime: go
description: eks stack using aws sdk instead of ekscurious - what are u using Pulumi for (I mean which sdk / llibs) ?
b
bored-table-20691
02/22/2022, 10:44 PMSimilar, AWS, EKS, Postgres, etc
What version of Pulumi are you running?
Seems like latest, just double checking
t
thousands-telephone-86052
02/22/2022, 10:45 PMyes
Copy code
➜ eks_go_aws git:(feature/eks_go_aws) ✗ pulumi version
v3.24.1b
bored-table-20691
02/22/2022, 10:46 PMRegardless, the Pulumi resource/plugin model is a bit complicated, and there are some things that are the frontend of the plugin (resource definitions, etc) which are implemented per language, and then there’s the stuff that is the backend (the actual logic), which I believe is typicaly implemented in Go
t
thousands-telephone-86052
02/22/2022, 10:46 PMin this case (eks) it appears that the backend is in ts I guess.
Possibly because it was implemented in ts first
b
bored-table-20691
02/22/2022, 10:48 PMyeah, I’m not sure, since the EKS package I believe is just a component resource around core AWS packages
t
thousands-telephone-86052
02/22/2022, 10:48 PMalso what do your eks stacks look like? do u see granular resources within a cluster - such as security groups (e.g.) - I see those with the ts sdk but not with Go
b
bored-table-20691
02/22/2022, 10:48 PMSo I’m not sure it really has a backend in the same sense.
t
thousands-telephone-86052
02/22/2022, 10:48 PMI switched to using the low level aws sdk in Go.. and the stacks are very "thin"
b
bored-table-20691
02/22/2022, 10:49 PMYes, the Go SDK generates them as well
This is
pulumi-eksekst
thousands-telephone-86052
02/22/2022, 10:50 PM Copy code
✗ ls /home/vikas/.pulumi/plugins/resource-eks-v0.37.1
node_modules package.json package-lock.json PulumiPlugin.yaml pulumi-resource-eksthere is a Go binary in there.. but a buncha node modules also
what I mean by "thin" stack is:
Copy code
➜ eks_go_aws git:(feature/eks_go_aws) ✗ pulumi up
Previewing update (eks-test):
Type Name Plan
+ pulumi:pulumi:Stack eks_go_aws-eks-test create
+ ├─ pulumi:providers:aws janus_test_east1 create
+ ├─ aws:eks:Cluster test-east1 create
+ ├─ aws:eks:NodeGroup default create
+ └─ aws:eks:NodeGroup observability create
Resources:
+ 5 to create
Do you want to perform this update? [Use arrows to move, enter to select, type to filter]
yes
> no
detailsb
bored-table-20691
02/22/2022, 10:52 PMthat looks liek the core AWS package
t
thousands-telephone-86052
02/22/2022, 10:52 PMit is
b
bored-table-20691
02/22/2022, 10:53 PMwhich is not the same as
pulumi-ekst
thousands-telephone-86052
02/22/2022, 10:53 PMthe pulumi-eks package kept blowing up for me 🙂
b
bored-table-20691
02/22/2022, 10:53 PMThat’s a different problem, but I think that’s equivalent to what you were likely doing with TS.
t
thousands-telephone-86052
02/22/2022, 10:53 PM(in Go I mean, not in TS)
yea ure probably right that it's a different problem.
b
bored-table-20691
02/22/2022, 10:55 PMIn your repro code you have:
Copy code
cluster, err := eks.NewCluster(ctx, clusterName, &eks.ClusterArgs{What does the import of
eksI have a feeling that the way you’re calling
GetRoleThe public API to lookup an existing role is via
LookupRoleand if Ihad to guess, the Role you’re getting back is not fully initialized in a way that’s important to using it as an input
But it’s a wild guess.
But the
awsekspulumi-ekst
thousands-telephone-86052
02/22/2022, 11:22 PMyou are again probably right on.. I fought with that call (GetRole vs LookupRole) quite a while - it does not seem to map 1-1 with the TS version.
b
bored-table-20691
02/22/2022, 11:23 PMYeah, I think TS
getRoleLookupRolet
thousands-telephone-86052
02/22/2022, 11:37 PMyea but they return different / incompatible data structures .. eks cluster args needs a Role object not a
LookupRoleResultunlike getRole in ts - which does return a
Roleb
bored-table-20691
02/23/2022, 10:15 AMYes, though my guess is that somewhere there is where your issue is with the Go side. The TS typesystem allows for a lot more flexibility in this regard, so it likely is OK
t
thousands-telephone-86052
02/24/2022, 5:27 PMI don't think this is about TS flexibility.. in TS the getRole function (which per the doc is implemented as LookupRole in Golang) returns a Role object. TS is strongly typed, so u cannot mix/match specific types unless you explicitly make the (upcasted) type a generic type like Object. e.g. you cannot assign an Int to a String etc (just like Golang). Here is what happens if I use the LookupRole function in Go and pass the result to eks.NewEksCluster (which expects a *iam.Role, not a *iam.LookupRoleResult:
Copy code
eksCluster.go|63 col 26 error| InvalidIfaceAssign: cannot use instanceRole (variable of type *iam.LookupRoleResult) as iam.RoleInput value in struct literal: missing method ElementTypeb
bored-table-20691
02/24/2022, 5:36 PMUnderstood - my point on TS is that
NewEksClusterpulumiIamRolet
thousands-telephone-86052
02/24/2022, 5:42 PMNot really. These are the args expected in TS:
Copy code
instanceRole?: pulumi.Input<aws.iam.Role>;
/**
serviceRole?: pulumi.Input<aws.iam.Role>; Copy code
InstanceRole iam.RoleInput
ServiceRole iam.RoleInputb
bored-table-20691
02/24/2022, 5:44 PMI may have been delirious when I looked at it 🙂
t
thousands-telephone-86052
02/24/2022, 5:44 PMTo me this just seems like an oversight on the Go sdk side, and I am about to abandon my Go efforts 😕 seems like too much of a battle and not enough reward to make it worthwhile..
thanks for engaging, and for your insights.
b
bored-table-20691
02/24/2022, 5:46 PMAh yes - here is why I thought this: https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#instancerole_nodejs
Not sure why the doc gen is wrong here on what the type should be.
t
thousands-telephone-86052
02/24/2022, 5:46 PM🤷
b
bored-table-20691
02/24/2022, 5:47 PMFWIW, we do have quite a bit of code (all in Go) with Pulumi, including for EKS and things work fine. We don’t have your particular use case of passing in a pre-existing role though - we create the role as part of our Pulumi program
Copy code
cluster, err := eks.NewCluster(ctx, "...", &eks.ClusterArgs{
VpcId: networkConfig.VPC.ID(),
PrivateSubnetIds: pulumi.ToStringArrayOutput(networkConfig.Subnets.PrivateSubnetIDs),
EnabledClusterLogTypes: pulumi.StringArray{
pulumi.String("api"),
pulumi.String("audit"),
pulumi.String("authenticator"),
},
SkipDefaultNodeGroup: pulumi.BoolPtr(true),
InstanceRoles: iam.RoleArray{
eksClusterInstanceRole,
},
NodeAssociatePublicIpAddress: pulumi.Bool(true),
Version: pulumi.String("1.20"),
UseDefaultVpcCni: pulumi.Bool(true),
CreateOidcProvider: pulumi.Bool(true),
ProviderCredentialOpts: eks.KubeconfigOptionsArgs{
RoleArn: pulumi.String(okeraCfg.Require("assume-role-arn")),
},
}, pulumi.Provider(awsProvider))
if err != nil {
return nil, err
} Copy code
eksClusterInstanceRole, err := createEKSClusterRole(ctx, awsProvider, "...")t
thousands-telephone-86052
02/24/2022, 5:50 PMyea I was considering that as well. That was not an option for us until recently due to internal governance restrictions, but it may be now. In any case, this experience, coupled with the fact that ts code seems to be used anyway, (plus my admitted bias against Go syntax 😬) is making me seriously reconsider continuing this effort.
Thanks for sharing your code and experience.
b
bored-table-20691
02/24/2022, 5:55 PMOf course. Happy to help.
I do think Go’s type system gets somewhat in the way at times, which can be very frustrating. There’s also the question of what
iam.GetRolet
thousands-telephone-86052
02/25/2022, 1:00 AMThanks for all your input / advice @bored-table-20691 👍 After going back / forth a bit, I found that the ts eks lib is a bit behind in api support for managed nodegroups. I am now trialing a Go version of our IaC with stack-created iam roles, and so far it's working well!
4 Views