pulumi-eks icon indicating copy to clipboard operation
pulumi-eks copied to clipboard

Published 20 hours ago verified publisher icon pulumi

If no VPC id passed into cluster, then try to deduce it

Open pierskarsenbarg opened this issue 3 years ago • 2 comments

Problem description

If you don't pass in a VPC id to an EKS Cluster but do pass in public and private subnet ids then it fails to be created because security groups aren't in the correct VPC. (presumably, it's using the default VPC)

Errors & Logs

Error message: Security group(s) [sg-{id}] are not in the same VPC as the subnets. Please specify a security group that is associated with the VPC: vpc-{id}.

Reproducing the issue

import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";

const vpc = new awsx.ec2.Vpc("vpc", {
    subnets: [{type: "private"}, {type: "public"}],
    numberOfAvailabilityZones: 2
});

const cluster = new eks.Cluster("cluster", {
    version: "1.18",
    publicSubnetIds: vpc.publicSubnetIds,
    privateSubnetIds: vpc.privateSubnetIds,
    enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
    createOidcProvider: true,
    skipDefaultNodeGroup: true,
})

Suggestions for a fix

If the subnets are specified and they're in the same VPC, then assume that's the VPC the security groups and indeed the cluster should be in.

pierskarsenbarg avatar Jan 25 '21 16:01 pierskarsenbarg

Happy to discuss further, but if this is a "we shouldn't do this" feel free to just close it

pierskarsenbarg avatar Jan 25 '21 16:01 pierskarsenbarg

Similar to https://github.com/pulumi/pulumi-awsx/pull/819

stack72 avatar Jul 27 '22 14:07 stack72