Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
r
rhythmic-whale-48997
03/29/2022, 1:46 PMIs there a way to prevent NodeGroup to create EC2 instances with public ip?
I'm creating a new NodeGroup, and my EC2 instances have public ip and public dns. If I create ManagedNodeGroup, then EC2 are private
b
billowy-army-68599
03/29/2022, 1:50 PMyou'd need to create the nodes in a private subnet, what code do you have?
r
rhythmic-whale-48997
03/29/2022, 1:53 PMSo, this is the code for creating the NodeGroup
const example-ng = new eks.NodeGroup("example-ng", {
cluster: cluster,
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 3,
instanceProfile: instanceProfile,
keyName: deployer.keyName,
nodeUserData: cloudConfig.then((c) => c.rendered)
});privateSubnetIdsvpc.privateSubnetIdscluster.privateSubnetIdsb
billowy-army-68599
03/29/2022, 2:04 PMYou need to set the subnet ids: https://www.pulumi.com/registry/packages/eks/api-docs/nodegroup/#nodesubnetids_nodejs
pulumi-eks source code should default set subnet ids from the cluster.privateSubnetIdsAre you saying you expected the nodes to just automatically be in the right subnet?
r
rhythmic-whale-48997
03/29/2022, 2:12 PMAre you saying you expected the nodes to just automatically be in the right subnet?No, I'm saying that from pulumi-eks source code, NodeGroup should inherit subnet ids from the cluster https://github.com/pulumi/pulumi-eks/blob/d599a1b1f3650dba4c3dc4f560080e95ce6fb5b1/nodejs/eks/nodegroup.ts#L562 Also, if I set subnet ids, like this, I would expect that my EC2 instances have only private IPv4 address, but they get public IPv4 address also
const example-ng = new eks.NodeGroup("example-ng", {
cluster: cluster,
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 3,
instanceProfile: instanceProfile,
keyName: deployer.keyName,
nodeUserData: cloudConfig.then((c) => c.rendered),
nodeSubnetIds: vpc.privateSubnetIds
});If I create ManagedNodeGroup, EC2 instances don't have public address
And just for the record, this is EC2 created with ManagedNodeGroup
Here is sample code for that
const mng = eks.createManagedNodeGroup("example-managed-ng", {
cluster: cluster,
nodeGroupName: "aws-managed-ng",
nodeRoleArn: role.arn,
remoteAccess: {
ec2SshKey: deployer.keyName
},
scalingConfig: {
desiredSize: 1,
minSize: 1,
maxSize: 3,
},
subnetIds: vpc.privateSubnetIds,
diskSize: 50,
instanceTypes: ["c4.4xlarge"],
labels: {"ondemand": "true"},
}, cluster);b
billowy-army-68599
03/29/2022, 2:32 PMoh sorry, I see now. I'll double check
👍 1
r
rhythmic-whale-48997
03/30/2022, 12:58 PM@billowy-army-68599 did you get the change to check this? 🙂
b
billowy-army-68599
03/30/2022, 3:22 PMI didn't I'm afraid, will try again today
🙌 1
r
rhythmic-whale-48997
04/12/2022, 1:13 PM@billowy-army-68599 pinging again, I know that I'm boring 🙂
b
billowy-army-68599
04/12/2022, 1:56 PMhey sorry, unfortunately I've been sidetracked by other customer requests, could you please open an issue on the pulumi-eks repo
p
polite-napkin-90098
04/12/2022, 2:32 PMhttps://www.pulumi.com/registry/packages/eks/api-docs/cluster/#nodeassociatepublicipaddress_nodejs Isn't this the toggle you need to flip?
r
rhythmic-whale-48997
04/12/2022, 2:45 PM@polite-napkin-90098 i need to check this, if this also fails I will open an issue 🙂
👍 1
Same result, I will open an issue today