terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Allow modification of cluster subnets and security groups

Open luciano-buono opened this issue 1 year ago β€’ 1 comments

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

  • Yes βœ…: https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md#5250-november-10-2023. resource/aws_eks_cluster: Allow vpc_config.security_group_ids and vpc_config.subnet_ids to be updated in-place

Starting in November 2023, AWS allows to change the initial subnets and SGs in a already created EKS cluster:

  • https://aws.amazon.com/about-aws/whats-new/2023/10/amazon-eks-modification-cluster-subnets-security/
  • https://aws.amazon.com/blogs/containers/enhanced-vpc-flexibility-modify-subnets-and-security-groups-in-amazon-eks/

Is your request related to a problem? Please describe.

Until now it wasn't possible to add a new subnet to the cluster. This was a problem for clusters where you run out of available IPs addresses in a subnet.

Describe the solution you'd like.

Right now adding a new subnet trigger a cluster recreation where it should trigger a cluster modification.

Describe alternatives you've considered.

Additional context

luciano-buono avatar Jan 09 '24 20:01 luciano-buono

technically you can do this today by using the latest AWS provider FYI

bryantbiggs avatar Jan 09 '24 21:01 bryantbiggs

@luciano-buono Did you test it? And which version of the terraform-aws-eks module did you use?

PeteMac88 avatar Jan 15 '24 12:01 PeteMac88

Hi @PeteMac88, I just tested it. I used AWS 5.25 provider and EKS module v19.20.

I think that using latest module version is not neccesary, the important part is the AWS version as using an older one will result in cluster recreation.

Update is fast, 4m approx. Just make sure the desired subnet is 'elegible'. I just went into the EKS UI to simulate a manual subnet updateand checked that my subnet was listed there

luciano-buono avatar Jan 15 '24 13:01 luciano-buono

Closing as feature is already implemented

luciano-buono avatar Jan 15 '24 13:01 luciano-buono

@luciano-buono Thanks for the response! I am currently testing it with AWS provider 5.32.1. Based on the terraform plan currently the cluster is updated but the self-managed node groups are destroyed and recreated. Did you observe a similiar behaviour?

Update: Sorry the resources which are planed to be destroyed and recreated are "node_groups" of capacity type "SPOT"

PeteMac88 avatar Jan 17 '24 16:01 PeteMac88

if the subnets that are passed to the nodegroup(s) (either self-managed or EKS managed) are changed, that will cause the group to be replaced no matter what

bryantbiggs avatar Jan 17 '24 16:01 bryantbiggs

@bryantbiggs Ok but in my terraform plan the module.eks.aws_autoscaling_group.workers_launch_template resource is updated but the module.eks.module.node_groups.aws_eks_node_group.workers are detroyed/recreated. I am currently using version 17.* of the eks module. Could this be the cause?

PeteMac88 avatar Jan 18 '24 06:01 PeteMac88

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Feb 18 '24 02:02 github-actions[bot]