cdk-eks-blueprints icon indicating copy to clipboard operation
cdk-eks-blueprints copied to clipboard
verified publisher icon aws-quickstart

(cluster-providers): (function assertEC2NodeGroup is not considering external EC2 ASG worker nodes)

Open softmates opened this issue 3 years ago • 3 comments

Describe the bug

unable to deploy EC2 specific add-on like ssm-agent , xray etc cause function assertEC2NodeGroup fails to recognize Auto scale group that was created via CDK AutoScalingGroup. We do not use cluster provider to create Auto scale node group because its does not meet our customization requirement like providing custom Template.

Expected Behavior

function assertEC2NodeGroup, should consider EC2 ASG that was created outside the cluster provider example using CDK AutoScalingGroup.

Current Behavior

assertEc2NodeGroup only checks in cluster.info as below

export function assertEC2NodeGroup(clusterInfo: ClusterInfo, source: string): eks.Nodegroup[] | asg.AutoScalingGroup[] { if(clusterInfo.nodeGroups != undefined && clusterInfo.nodeGroups.length > 0) { return clusterInfo.nodeGroups; } if(clusterInfo.autoscalingGroups != undefined && clusterInfo.autoscalingGroups.length > 0) { return clusterInfo.autoscalingGroups; } throw new Error(${source} is supported with EKS EC2 only); }

Reproduction Steps

Please create AutoScalingGroup using CDK and configure to eks cluster then do not provide any nodeGroup attributes(autoscalingNodeGroups, managedNodeGroups i.e undefined) to GenericClusterProvider . Try installing ssm-agent you would receive error like "ssh-agent is supported with EKS EC2 only"

Possible Solution

My recommendation provide a method in spi.ClusterInfo to attach external autoscaler node group created via CDK.AutoScalingGroup that way assertEC2NodeGroup can return the AutoScalingGroup

Additional Information/Context

No response

CDK CLI Version

2.37.1

EKS Blueprints Version

1.2.0

Node.js Version

v18.7.0

Environment details (OS name and version, etc.)

mac os

Other information

No response

softmates avatar Sep 22 '22 06:09 softmates

@elamaran11 please share your thoughts.

softmates avatar Sep 28 '22 22:09 softmates

@shapirov103 please share your thoughts. what needs to be done?

softmates avatar Dec 05 '22 20:12 softmates

@softmates we can relax the assertion however there is logic that relies on known nodegroups to add the managed policy to the node group role For example we add AmazonSSMManagedInstanceCore to the nodes to make the SSM agent work.

If you use a custom cluster provider and create the ASG node group, you can return the ClusterInfo object from your provider with the ASGs that you created: https://github.com/aws-quickstart/cdk-eks-blueprints/blob/main/lib/cluster-providers/generic-cluster-provider.ts#L248

E.g. in your createCluster method:


return new ClusterInfo(cluster, version, nodeGroups, autoscalingGroups);

shapirov103 avatar Dec 07 '22 15:12 shapirov103