Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

instanceRole still created when skipDefaultNodeGroup is enabled. #1176

Open
ringods opened this issue May 31, 2024 · 2 comments
Open

instanceRole still created when skipDefaultNodeGroup is enabled. #1176

ringods opened this issue May 31, 2024 · 2 comments
Labels
impact/breaking Fixing this issue will require a breaking change impact/usability Something that impacts users' ability to use the product easily and intuitively kind/bug Some behavior is incorrect or out of spec

Comments

@ringods
Copy link
Member

ringods commented May 31, 2024

What happened?

Customer reports he doesn't pass an instanceRole or instanceRoles because he enabled skipDefaultNodeGroup (actually the skip_default_node_group in the Python SDK). They don't want our code to still create an instance role.

Example

Role created:

pulumi-eks/nodejs/eks/cluster.ts

Lines 782 to 802 in 161e7af

const instanceRole = new ServiceRole(
`${name}-instanceRole`,
{
service: pulumi.interpolate`ec2.${dnsSuffix}`,
managedPolicyArns: [
{
id: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
arn: pulumi.interpolate`arn:${partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy`,
},
{
id: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
arn: pulumi.interpolate`arn:${partition}:iam::aws:policy/AmazonEKS_CNI_Policy`,
},
{
id: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
arn: pulumi.interpolate`arn:${partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly`,
},
],
},
{ parent, provider },
).role;

Profile skipped due to skipDefaultNodeGroup:

pulumi-eks/nodejs/eks/cluster.ts

Lines 822 to 830 in 161e7af

// Create an instance profile if using a default node group
if (!skipDefaultNodeGroup) {
nodeGroupOptions.instanceProfile = createOrGetInstanceProfile(
name,
parent,
instanceRole,
args.instanceProfileName,
);
}

Output of pulumi about

N/A

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@ringods ringods added needs-triage Needs attention from the triage team kind/bug Some behavior is incorrect or out of spec labels May 31, 2024
@flostadler flostadler added the impact/breaking Fixing this issue will require a breaking change label May 31, 2024
@flostadler
Copy link
Contributor

One workaround is setting the instance_roles parameter to an empty array:

from pulumi_aws import s3
import pulumi_eks as eks

cluster2 = eks.Cluster('eks-cluster', instance_roles=[])

I'd argue that this is not really intuitive, but removing that role now when skipDefaultNodeGroup is true would be a breaking change because some users might use the role through the instanceRoles output.

@flostadler flostadler added impact/usability Something that impacts users' ability to use the product easily and intuitively and removed needs-triage Needs attention from the triage team labels May 31, 2024
@ringods ringods mentioned this issue Jul 1, 2024
Closed
@flostadler
Copy link
Contributor

We could add an additional flag skipInstanceRole, but this would add clutter to the API surface of the cluster. I'd rather take this small enhancement with the next major release

@flostadler flostadler mentioned this issue Sep 30, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
impact/breaking Fixing this issue will require a breaking change impact/usability Something that impacts users' ability to use the product easily and intuitively kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ringods @flostadler