eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

Error messaging around private subnets is misleading

Open illuminatedwax opened this issue 2 years ago • 3 comments

If a managed nodegroup specifies the "subnet" option, and a private subnet is listed without having "privateNetworking" set to "true", the error listed is "subnet ID XXX does not exist".

Example:

vpc:
  id: vpc-xxx
  cidr: "10.0.0.0/16"
  subnets:
    public:
      old-public-1a:
        id: "subnet-aaa"
      old-public-1b:
        id: "subnet-bbb"
      new-public-1a:
        id: "subnet-ccc"
      new-public-1b:
        id: "subnet-ddd"
    private:
      old-private-1a:
        id: "subnet-eee"
      old-private-1b:
        id: "subnet-fff"
      new-private-1a:
        id: "subnet-ggg"
      new-private-1b:
        id: "subnet-hhh"
managedNodeGroups:

  - name: kube-system-workers
    labels:
      Savvi: "kube-system-workers"
      Environment: "staging"
    desiredCapacity: 1
    minSize: 1
    maxSize: 20
    volumeSize: 30
    instanceType: m4.large
    subnets:
      - "new-private-1a"
      - "new-private-1b"
      - "old-private-1a"
      - "old-private-1b"


Error: could not find public subnets: could not select subnets from subnet IDs (allSubnets=v1alpha5.AZSubnetMapping{"new-public-1a":v1alpha5.AZSubnetSpec{ID:"subnet-ccc", AZ:"us-east-1a", CIDR:(*ipnet.IPNet)(0xc000eac2d0), CIDRIndex:0}, "new-public-1b":v1alpha5.AZSubnetSpec{ID:"subnet-ddd", AZ:"us-east-1b", CIDR:(*ipnet.IPNet)(0xc000eac270), CIDRIndex:0}, "old-public-1a":v1alpha5.AZSubnetSpec{ID:"subnet-aaa", AZ:"us-east-1a", CIDR:(*ipnet.IPNet)(0xc000eac390), CIDRIndex:0}, "old-public-1b":v1alpha5.AZSubnetSpec{ID:"subnet-bbb", AZ:"us-east-1b", CIDR:(*ipnet.IPNet)(0xc000eac210), CIDRIndex:0}} localZones=[]string(nil) subnets=[]string{"new-private-1a", "new-private-1b", "old-private-1a", "old-private-1b"}): operation error EC2: DescribeSubnets, https response error StatusCode: 400, RequestID: 1fb6a6ca-0410-4045-b5bc-410d831c16f8, api error InvalidSubnetID.NotFound: The subnet ID 'new-private-1a' does not exist

(actual ids replaced) All the referenced subnet IDs do in fact exist.

When privateNetworking: true is added to the managed node group configuration, the command works.

illuminatedwax avatar Jun 27 '22 15:06 illuminatedwax

Hello illuminatedwax :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-3 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

github-actions[bot] avatar Jun 27 '22 15:06 github-actions[bot]

Thanks for opening a detailed issue. I agree that the error message can be improved here to say something along these lines:

Error: could not find public subnets: subnet "subnet-id" is a private subnet which can only be used when `privateNetworking` is enabled.

We'll add this to our backlog.

cPu1 avatar Jun 27 '22 15:06 cPu1

Hi, I'd like to work on this. Should I add a check to see if the subnet is present as a private subnet in the AWS account or is just having a check if privateNetworking is not set and display a message like

Error: could not find public subnets: subnet "subnet-id" might be a private subnet which can only be used when `privateNetworking` is enabled.

sufficent?

avinashupadhya99 avatar Aug 12 '22 15:08 avinashupadhya99