This message was deleted.

sparse-intern-71089

06/16/2022, 2:34 AM

This message was deleted.

🙌 1

billowy-army-68599

06/16/2022, 2:45 AM

hey Sushant, there's a lot of stuff this could be unfortunately. security groups configured correctly? route tables configured properly?

worried-xylophone-86184

06/16/2022, 4:39 AM

Hey Lee ! Thanks for getting back. Security Group wise I havent configured anything , assuming that pulumi_eks will bring it up accordingly. Route Tables wise I have created new route tables for the private subnets which have the traffic 0.0.0.0/0 routed to NAT Gateways (public in public subnet)

worried-xylophone-86184

06/16/2022, 4:39 AM

This is the code

Copy code

eks_cluster = eks.Cluster(
    cluster_name,
    name=cluster_name,
    private_subnet_ids=list(private_subnets.values()),
    tags={"Name": cluster_name, "Stack": stack_name},
    vpc_id=vpc_id,
    version="1.21",
    instance_role=eks_ec2_role,
    endpoint_public_access=False,
    endpoint_private_access=True,
    node_associate_public_ip_address=True,
    skip_default_node_group=True,
)


node_group = eks.ManagedNodeGroup(
    node_group_name,
    cluster=eks_cluster.core,
    capacity_type="SPOT",
    instance_types=["t3a.medium"],
    node_group_name=node_group_name,
    node_role=eks_ec2_role,
    tags={"Name": cluster_name, "Stack": stack_name},
    subnet_ids=list(private_subnets.values()),
    scaling_config=pulumi_aws.eks.NodeGroupScalingConfigArgs(
        desired_size=1,
        min_size=1,
        max_size=3,
    ),
)

worried-xylophone-86184

06/16/2022, 4:40 AM

This is what the pulumi up output is

billowy-army-68599

06/16/2022, 3:23 PM

@worried-xylophone-86184 that IP address is a private IP in one of your subnets?

worried-xylophone-86184

06/16/2022, 3:32 PM

Yes

polite-napkin-90098

06/16/2022, 4:52 PM

It's been a wee while since I made this work for me, but the most obvious difference between my cluster block and yours is the serviceRole I have created and added to the cluster command. The other thing to be aware of is that you will need various VPC Endpoints to make the cluster work in a private subnet. https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html should have all the details

billowy-army-68599

06/16/2022, 5:04 PM

i bet its the VPC Endpoints, good find @polite-napkin-90098!

😃 1

67 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.