search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.61k stars 3.9k forks source link

eks : changing subnets in EKS cluster fails #30886

Closed lkoniecz closed 3 months ago

lkoniecz commented 3 months ago

Describe the bug

self.eks_cluster = aws_eks.Cluster(
  scope=self,
  id=id,
  cluster_name='SandboxEksCluster',
  #irrelevant parameters
)

by default it takes all available public and private subnets: https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_eks/Cluster.html

in my case 3 public and 3 private

changing it to

self.eks_cluster = aws_eks.Cluster(
  scope=self,
  id=id,
  cluster_name='SandboxEksCluster',
  vpc_subnets=[
      aws_ec2.SubnetSelection(
          subnets=vpc.select_subnets(subnet_type=aws_ec2.SubnetType.PUBLIC).subnets[:2]
      ),
      aws_ec2.SubnetSelection(
          subnets=vpc.select_subnets(subnet_type=aws_ec2.SubnetType.PRIVATE_WITH_EGRESS).subnets[:2]
      )
  ]
  #irrelevant parameters
)

Causes

sandbox-eks-cluster: deploying... [1/1]
sandbox-eks-cluster: creating CloudFormation changeset...
10:42:51 AM | UPDATE_FAILED        | Custom::AWSCDK-EKS-Cluster            | SandboxEksClusterCF446194
Received response status [FAILED] from custom resource. Message returned: Cannot replace cluster "SandboxEksCluster" since it has an explicit physical name. Either rename the cluster or remove the "name" configuration

Logs: /aws/lambda/sandbox-eks-cluster-awscdka-OnEventHandler42BEBAE0-v8fCIC22c14U

at rB.onUpdate (/var/task/index.js:63:9919)
at rB.onEvent (/var/task/index.js:63:6862)
at Runtime.YS [as handler] (/var/task/index.js:63:16996)
at Runtime.handleOnceNonStreaming (file:///var/runtime/index.mjs:1173:29) (RequestId: bbdc1906-2c78-4480-87e9-954dda532309)

fix for https://github.com/aws/aws-cdk/issues/24162 does not work for me

diff: https://www.diffchecker.com/KYQvwKRE/

update vpc flag is set to true

2024-07-18T08:42:49.823Z    68c29b4a-2b61-4517-bca0-2c5e4a6ada2c    INFO    onUpdate: 
{
    "updates": {
        "replaceName": false,
        "replaceVpc": true,
        "updateAccess": false,
        "replaceRole": false,
        "updateVersion": false,
        "updateEncryption": false,
        "updateLogging": false
    }
}

Expected Behavior

Subnets are updated in place

Current Behavior

Error is raised, piece of stack trace in the description

Reproduction Steps

In the description

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.117.0 (build 59d9b23)

Framework Version

No response

Node.js Version

Node.js v18.17.1

OS

MacOS

Language

Python

Language Version

Python 3.12.2

Other information

No response

lkoniecz commented 3 months ago

I might be missing https://github.com/aws/aws-cdk/pull/30114

lkoniecz commented 3 months ago

This is what I am getting now

11:43:44 AM | UPDATE_FAILED        | Custom::AWSCDK-EKS-Cluster            | SandboxEksClusterCF446194
Received response status [FAILED] from custom resource. Message returned: Provided subnets belong to the AZs 'us-east-1a,us-east-1b'. But they should belong to the exact set of AZs 'us-east-1a,us-east-1b,us-east-1c' in which subnets were provided during cluster creation.

Logs: /aws/lambda/sandbox-eks-cluster-awscdka-OnEventHandler42BEBAE0-v8fCIC22c14U

at de_InvalidParameterExceptionRes (/var/runtime/node_modules/@aws-sdk/client-eks/dist-cjs/index.js:2575:21)
at de_CommandError (/var/runtime/node_modules/@aws-sdk/client-eks/dist-cjs/index.js:2473:19)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async /var/runtime/node_modules/@aws-sdk/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20
at async /var/runtime/node_modules/@aws-sdk/node_modules/@smithy/core/dist-cjs/index.js:165:18
at async /var/runtime/node_modules/@aws-sdk/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:38
at async /var/runtime/node_modules/@aws-sdk/middleware-logger/dist-cjs/index.js:33:22
at async Ti.onUpdate (/var/task/index.js:55:653505) (RequestId: d7b51798-7e11-4f6a-a842-4d13efdd15e9)

which looks like to be a limitation of the EKS cluster not the CDK

to be closed

github-actions[bot] commented 3 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

aws-cdk-automation commented 2 months ago

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

aws-cdk-automation commented 2 months ago

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.