bitter-eve-53295
04/19/2022, 8:01 PMpolite-napkin-90098
04/19/2022, 8:31 PMbitter-eve-53295
04/19/2022, 8:34 PMpolite-napkin-90098
04/19/2022, 8:34 PM// Need to be able to access the EFS (NFS) ports from the node sg and cluster sg
const nodeEFS = new aws.ec2.SecurityGroupRule("nodeEFS", {
type: "ingress",
fromPort: 2049,
toPort: 2049,
protocol: "tcp",
securityGroupId: endp.ids[0],
sourceSecurityGroupId: sg.id,
description: `Allow the ${nam} k8s cluster access to the EFS drive in the endpoints sg`,
});
clusterSecurityGroup
in the new eks.Clusterendp.ids[0]
is the result of Looking up security groups tagged with 'endpoints' in the current vpcconst clusterEFS = new aws.ec2.SecurityGroupRule("clusterEFS", {
type: "ingress",
fromPort: 2049,
toPort: 2049,
protocol: "tcp",
securityGroupId: endp.ids[0],
sourceSecurityGroupId: cluster.nodeSecurityGroup.id,
description: `Allow the ${nam} k8s cluster access to the EFS drive in the endpoints sg`,
});
This is pretty much the same thing, but here cluster.nodeSecurityGroup.id is the id of the node security group created by the new eks.Cluster
bitter-eve-53295
04/19/2022, 8:42 PMpolite-napkin-90098
04/19/2022, 8:42 PMconst endp = pulumi.output(aws.ec2.getSecurityGroups({
tags: {
Job: "Endpoints",
},
filters: [
{
name: "vpc-id",
values: [vpcid],
},
],
}));
brave-ambulance-98491
04/20/2022, 11:44 PMdesiredCapacity
overriding what's set by the cluster autoscaler.bitter-eve-53295
04/21/2022, 12:00 AMeks.NodeGroup
?brave-ambulance-98491
04/21/2022, 12:09 AMconst clusterOutput = new eks.Cluster(...);
clusterOutput.apply((cluster) => {
new eks.NodeGroup(
"group-name",
{
cluster,
...
});
});
pulumi.Output<eks.Cluster>
via the apply
method.bitter-eve-53295
04/21/2022, 12:23 AM