search

pulumi / pulumi-eks

A Pulumi component for easily creating and managing an Amazon EKS Cluster
https://www.pulumi.com/registry/packages/eks/
Apache License 2.0
171 stars 80 forks source link

`instanceRole` still created when `skipDefaultNodeGroup` is enabled. #1176

Open ringods opened 4 months ago

ringods commented 4 months ago

What happened?

Customer reports he doesn't pass an instanceRole or instanceRoles because he enabled skipDefaultNodeGroup (actually the skip_default_node_group in the Python SDK). They don't want our code to still create an instance role.

Example

Role created:

https://github.com/pulumi/pulumi-eks/blob/161e7af6803b58fea43ffdc3c6f9ee85cf658134/nodejs/eks/cluster.ts#L782-L802

Profile skipped due to skipDefaultNodeGroup:

https://github.com/pulumi/pulumi-eks/blob/161e7af6803b58fea43ffdc3c6f9ee85cf658134/nodejs/eks/cluster.ts#L822-L830

Output of pulumi about

N/A

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

flostadler commented 4 months ago

One workaround is setting the instance_roles parameter to an empty array:

from pulumi_aws import s3
import pulumi_eks as eks

cluster2 = eks.Cluster('eks-cluster', instance_roles=[])

I'd argue that this is not really intuitive, but removing that role now when skipDefaultNodeGroup is true would be a breaking change because some users might use the role through the instanceRoles output.

flostadler commented 1 month ago

We could add an additional flag skipInstanceRole, but this would add clutter to the API surface of the cluster. I'd rather take this small enhancement with the next major release