https://pulumi.com logo
Join Slack
Powered by
Is there a way to prevent NodeGroup to create EC2 ...
# aws
r
Is there a way to prevent NodeGroup to create EC2 instances with public ip? I'm creating a new NodeGroup, and my EC2 instances have public ip and public dns. If I create ManagedNodeGroup, then EC2 are private
b
you'd need to create the nodes in a private subnet, what code do you have?
r
So, this is the code for creating the NodeGroup
Copy code
const example-ng = new eks.NodeGroup("example-ng", {
    cluster: cluster,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 3,
    instanceProfile: instanceProfile,
    keyName: deployer.keyName,
    nodeUserData: cloudConfig.then((c) => c.rendered)
});
And my cluster has 
privateSubnetIds
set to 
vpc.privateSubnetIds
pulumi-eks source code should default set subnet ids from the 
cluster.privateSubnetIds
b
You need to set the subnet ids: https://www.pulumi.com/registry/packages/eks/api-docs/nodegroup/#nodesubnetids_nodejs
pulumi-eks source code should default set subnet ids from the cluster.privateSubnetIds
Are you saying you expected the nodes to just automatically be in the right subnet?
r
Are you saying you expected the nodes to just automatically be in the right subnet?
No, I'm saying that from pulumi-eks source code, NodeGroup should inherit subnet ids from the cluster https://github.com/pulumi/pulumi-eks/blob/d599a1b1f3650dba4c3dc4f560080e95ce6fb5b1/nodejs/eks/nodegroup.ts#L562 Also, if I set subnet ids, like this, I would expect that my EC2 instances have only private IPv4 address, but they get public IPv4 address also
Copy code
const example-ng = new eks.NodeGroup("example-ng", {
    cluster: cluster,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 3,
    instanceProfile: instanceProfile,
    keyName: deployer.keyName,
    nodeUserData: cloudConfig.then((c) => c.rendered),
    nodeSubnetIds: vpc.privateSubnetIds
});
EC2 from NodeGroup with public address.
If I create ManagedNodeGroup, EC2 instances don't have public address
And just for the record, this is EC2 created with ManagedNodeGroup Here is sample code for that
Copy code
const mng = eks.createManagedNodeGroup("example-managed-ng", {
    cluster: cluster,
    nodeGroupName: "aws-managed-ng",
    nodeRoleArn: role.arn,
    remoteAccess: {
        ec2SshKey: deployer.keyName
    },
    scalingConfig: {
        desiredSize: 1,
        minSize: 1,
        maxSize: 3,
    },
    subnetIds: vpc.privateSubnetIds,
    diskSize: 50,
    instanceTypes: ["c4.4xlarge"],
    labels: {"ondemand": "true"},
}, cluster);
b
oh sorry, I see now. I'll double check
👍 1
r
@billowy-army-68599 did you get the change to check this? 🙂
b
I didn't I'm afraid, will try again today
🙌 1
r
@billowy-army-68599 pinging again, I know that I'm boring 🙂
b
hey sorry, unfortunately I've been sidetracked by other customer requests, could you please open an issue on the pulumi-eks repo
p
r
@polite-napkin-90098 i need to check this, if this also fails I will open an issue 🙂
👍 1
Same result, I will open an issue today
3 Views
Open in Slack
PreviousNext
Powered by