search

aws-quickstart / cdk-eks-blueprints

AWS Quick Start Team
Apache License 2.0
446 stars 197 forks source link

(cluster-providers): (function assertEC2NodeGroup is not considering external EC2 ASG worker nodes) #506

Open softmates opened 1 year ago

softmates commented 1 year ago

Describe the bug

unable to deploy EC2 specific add-on like ssm-agent , xray etc cause function assertEC2NodeGroup fails to recognize Auto scale group that was created via CDK AutoScalingGroup. We do not use cluster provider to create Auto scale node group because its does not meet our customization requirement like providing custom Template.

Expected Behavior

function assertEC2NodeGroup, should consider EC2 ASG that was created outside the cluster provider example using CDK AutoScalingGroup.

Current Behavior

assertEc2NodeGroup only checks in cluster.info as below

export function assertEC2NodeGroup(clusterInfo: ClusterInfo, source: string): eks.Nodegroup[] | asg.AutoScalingGroup[] { if(clusterInfo.nodeGroups != undefined && clusterInfo.nodeGroups.length > 0) { return clusterInfo.nodeGroups; } if(clusterInfo.autoscalingGroups != undefined && clusterInfo.autoscalingGroups.length > 0) { return clusterInfo.autoscalingGroups; } throw new Error(${source} is supported with EKS EC2 only); }

Reproduction Steps

Please create AutoScalingGroup using CDK and configure to eks cluster then do not provide any nodeGroup attributes(autoscalingNodeGroups, managedNodeGroups i.e undefined) to GenericClusterProvider . Try installing ssm-agent you would receive error like "ssh-agent is supported with EKS EC2 only"

Possible Solution

My recommendation provide a method in spi.ClusterInfo to attach external autoscaler node group created via CDK.AutoScalingGroup that way assertEC2NodeGroup can return the AutoScalingGroup

Additional Information/Context

No response

CDK CLI Version

2.37.1

EKS Blueprints Version

1.2.0

Node.js Version

v18.7.0

Environment details (OS name and version, etc.)

mac os

Other information

No response

softmates commented 1 year ago

@elamaran11 please share your thoughts.

softmates commented 1 year ago

@shapirov103 please share your thoughts. what needs to be done?

shapirov103 commented 1 year ago

@softmates we can relax the assertion however there is logic that relies on known nodegroups to add the managed policy to the node group role For example we add AmazonSSMManagedInstanceCore to the nodes to make the SSM agent work.

If you use a custom cluster provider and create the ASG node group, you can return the ClusterInfo object from your provider with the ASGs that you created: https://github.com/aws-quickstart/cdk-eks-blueprints/blob/main/lib/cluster-providers/generic-cluster-provider.ts#L248

E.g. in your createCluster method:


return new ClusterInfo(cluster, version, nodeGroups, autoscalingGroups);