breezy-diamond-32138
03/29/2022, 9:35 AM// Create an EKS cluster with the default configuration.
export const cluster = new eks.Cluster(addPrefix("cluster"), {
vpcId: stampVpc.id,
privateSubnetIds: stampVpc.privateSubnetIds,
publicSubnetIds: stampVpc.publicSubnetIds,
nodeAssociatePublicIpAddress: false,
encryptRootBlockDevice: true,
version: config.require("eks.version"),
desiredCapacity: config.requireNumber("eks.desiredCapacity"),
minSize: config.requireNumber("eks.minSize"),
maxSize: config.requireNumber("eks.maxSize"),
instanceType: config.require<aws.ec2.InstanceType>("eks.instanceType"),
nodeAmiId: config.get("eks.ami") ?? latestAmiId,
enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
endpointPublicAccess: true, // TODO: Change this...
endpointPrivateAccess: true,
createOidcProvider: true,
roleMappings: [
{
groups: ["system:masters"],
roleArn: deployerAdminRole.arn,
username: "argocd-deployer"
}
],
publicAccessCidrs: CNC_IPS,
encryptionConfigKeyArn: clusterEncryptionKey.arn,
providerCredentialOpts: {
profileName: AWS_PROFILE,
roleArn: AWS_ROLE_ARN
}
});
And this is the new code:
cluster = new eks.Cluster(addPrefix("cluster"), {
skipDefaultNodeGroup: true,
vpcId: stampVpc.id,
privateSubnetIds: stampVpc.privateSubnetIds,
publicSubnetIds: stampVpc.publicSubnetIds,
nodeAssociatePublicIpAddress: false,
encryptRootBlockDevice: true,
instanceRole: instanceRole,
version: config.require("eks.version"),
enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
endpointPublicAccess: true, // TODO: Change this...
endpointPrivateAccess: true,
createOidcProvider: true,
roleMappings: [
{
groups: ["system:masters"],
roleArn: deployerAdminRole.arn,
username: "argocd-deployer"
}
],
publicAccessCidrs: CNC_IPS,
encryptionConfigKeyArn: clusterEncryptionKey.arn,
providerCredentialOpts: {
profileName: AWS_PROFILE,
roleArn: AWS_ROLE_ARN
},
});
// Create a simple AWS managed node group using a cluster as input.
managedNodeGroup = eks.createManagedNodeGroup("my-cluster-ng", {
cluster: cluster,
nodeGroupName: "aws-managed-ng1",
nodeRole: instanceRole,
amiType: "AL2_x86_64",
instanceTypes: [config.require<aws.ec2.InstanceType>("eks.instanceType")],
// releaseVersion: config.get("eks.ami") ?? latestAmiId,
// labels: { "ondemand": "true" },
scalingConfig: {
minSize: config.requireNumber("eks.minSize"),
maxSize: config.requireNumber("eks.maxSize"),
desiredSize: config.requireNumber("eks.desiredCapacity")
},
}, cluster);
However the security group of the nodes changes and other resources that take the cluster.nodeSecurityGroup.id
get messed up.
How do I link the same security group with the new nodes?
Thanksbillowy-army-68599
03/29/2022, 1:51 PMHowever the security group of the nodes changes and other resources that take the cluster.nodeSecurityGroup.id get messed up.Can you elaborate here? it's not clear what the problem is I'm afraid
breezy-diamond-32138
03/31/2022, 8:18 AM