https://pulumi.com logo
Title
r

rhythmic-whale-48997

03/29/2022, 1:46 PM
Is there a way to prevent NodeGroup to create EC2 instances with public ip? I'm creating a new NodeGroup, and my EC2 instances have public ip and public dns. If I create ManagedNodeGroup, then EC2 are private
b

billowy-army-68599

03/29/2022, 1:50 PM
you'd need to create the nodes in a private subnet, what code do you have?
r

rhythmic-whale-48997

03/29/2022, 1:53 PM
So, this is the code for creating the NodeGroup
const example-ng = new eks.NodeGroup("example-ng", {
    cluster: cluster,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 3,
    instanceProfile: instanceProfile,
    keyName: deployer.keyName,
    nodeUserData: cloudConfig.then((c) => c.rendered)
});
And my cluster has
privateSubnetIds
set to
vpc.privateSubnetIds
pulumi-eks source code should default set subnet ids from the
cluster.privateSubnetIds
b

billowy-army-68599

03/29/2022, 2:04 PM
You need to set the subnet ids: https://www.pulumi.com/registry/packages/eks/api-docs/nodegroup/#nodesubnetids_nodejs
pulumi-eks source code should default set subnet ids from the cluster.privateSubnetIds
Are you saying you expected the nodes to just automatically be in the right subnet?
r

rhythmic-whale-48997

03/29/2022, 2:12 PM
Are you saying you expected the nodes to just automatically be in the right subnet?
No, I'm saying that from pulumi-eks source code, NodeGroup should inherit subnet ids from the cluster https://github.com/pulumi/pulumi-eks/blob/d599a1b1f3650dba4c3dc4f560080e95ce6fb5b1/nodejs/eks/nodegroup.ts#L562 Also, if I set subnet ids, like this, I would expect that my EC2 instances have only private IPv4 address, but they get public IPv4 address also
const example-ng = new eks.NodeGroup("example-ng", {
    cluster: cluster,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 3,
    instanceProfile: instanceProfile,
    keyName: deployer.keyName,
    nodeUserData: cloudConfig.then((c) => c.rendered),
    nodeSubnetIds: vpc.privateSubnetIds
});
EC2 from NodeGroup with public address.
If I create ManagedNodeGroup, EC2 instances don't have public address
And just for the record, this is EC2 created with ManagedNodeGroup Here is sample code for that
const mng = eks.createManagedNodeGroup("example-managed-ng", {
    cluster: cluster,
    nodeGroupName: "aws-managed-ng",
    nodeRoleArn: role.arn,
    remoteAccess: {
        ec2SshKey: deployer.keyName
    },
    scalingConfig: {
        desiredSize: 1,
        minSize: 1,
        maxSize: 3,
    },
    subnetIds: vpc.privateSubnetIds,
    diskSize: 50,
    instanceTypes: ["c4.4xlarge"],
    labels: {"ondemand": "true"},
}, cluster);
b

billowy-army-68599

03/29/2022, 2:32 PM
oh sorry, I see now. I'll double check
👍 1
r

rhythmic-whale-48997

03/30/2022, 12:58 PM
@billowy-army-68599 did you get the change to check this? 🙂
b

billowy-army-68599

03/30/2022, 3:22 PM
I didn't I'm afraid, will try again today
🙌 1
r

rhythmic-whale-48997

04/12/2022, 1:13 PM
@billowy-army-68599 pinging again, I know that I'm boring 🙂
b

billowy-army-68599

04/12/2022, 1:56 PM
hey sorry, unfortunately I've been sidetracked by other customer requests, could you please open an issue on the pulumi-eks repo
p

polite-napkin-90098

04/12/2022, 2:32 PM
r

rhythmic-whale-48997

04/12/2022, 2:45 PM
@polite-napkin-90098 i need to check this, if this also fails I will open an issue 🙂
👍 1
Same result, I will open an issue today