Closed flostadler closed 1 month ago
github-actions[bot]
commented
1 month ago Found 4 breaking changes:
🟢 "clusterSecurityGroup" property is no longer Required🟢 "eksClusterIngressRule" property is no longer Required🟢 "nodeSecurityGroup" property is no longer Required
🟢 "eks:index:CoreData": required: "clusterSecurityGroup" property is no longer Required
No new resources/functions.
flostadler
commented
1 month ago @t0yv0 @corymhall can you please have another look? I had to change the approach due to the issues with .get in MLCs.
t0yv0
commented
1 month ago I had to change the approach due to the issues with .get in MLCs.
Very much worth spending time on to extract a repro and link here 🙏 If you are out of capacity sent it over to me as I might have some bandwidth.
flostadler
commented
1 month ago I had to change the approach due to the issues with .get in MLCs.
Very much worth spending time on to extract a repro and link here 🙏 If you are out of capacity sent it over to me as I might have some bandwidth.
Fully agreed! I already had a chat with Will about this. I'll try to create a minimal repro tomorrow to further investigate
Pulumi EKS currently always creates a cluster security group and node security group.
NodeGroupandNodeGroupV2components that do not specify a custom security group.Users that either manage the node security themselves or use the
ManagedNodeGroupcomponent (uses the EKS created SG) do not need those default security groups.This change adds a flag on the cluster (
skipDefaultSecurityGroups) that will skip creating those default security groups. Instead.This introduces a small breaking change, the
clusterSecurityGroup,nodeSecurityGroupandclusterIngressRuleoutputs are now optional. The impact of this should be minimal because users that create custom node groups usually do not use the security groups of the cluster for that. If they do, they need to add a null check.Fixes https://github.com/pulumi/pulumi-eks/issues/747