Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to pass bootstrapSelfManagedAddons argument to cluster #1475

Open
ahanoff opened this issue Nov 8, 2024 · 6 comments
Open

Allow to pass bootstrapSelfManagedAddons argument to cluster #1475

ahanoff opened this issue Nov 8, 2024 · 6 comments
Labels
blocked The issue cannot be resolved without 3rd party action. kind/enhancement Improvements or new features

Comments

@ahanoff
Copy link

ahanoff commented Nov 8, 2024
edited by flostadler
Loading

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Currently EKS cluster sets by default bootstrapSelfManagedAddons as true which can not be overridden. That setting creates 3 addons: vpc-cni, coredns, and kube-proxy

As a workaround users can use the defaultAddonsToRemove input property with ["vpc-cni", "coredns", and "kube-proxy"] to remove all addons on cluster creation.

Affected area/feature

Prevents from creating clean cluster without any addon which is beneficial if you use custom CNI like Cilium
@ahanoff ahanoff added kind/enhancement Improvements or new features needs-triage Needs attention from the triage team labels Nov 8, 2024
@t0yv0
Copy link
Member

t0yv0 commented Nov 8, 2024

Hi @ahanoff thanks for the issue. Have you tried the defaultAddonsToRemove property?

https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#defaultaddonstoremove_nodejs

I believe if you populate that property with a list of "vpc-cni", "coredns", "kube-proxy" then they should not be auto-created anymore.

@t0yv0 t0yv0 added awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team labels Nov 8, 2024
@ahanoff
Copy link
Author

ahanoff commented Nov 11, 2024
edited
Loading

Have you tried the defaultAddonsToRemove property?

hi @t0yv0, thanks! Yes, that's what I currently set while waiting for this issue resolution

List of addons to remove upon creation. Any addon listed will be "adopted" and then removed

Actually I'm confused with two things:

  • defaultAddonsToRemove comment above as I'm not sure what adopted means in this case. If it means it will be installed first and then removed, would it be a case when AWS VPC CNI leaves some iptables rules that needs to be cleared?
  • having two options (bootstrapSelfManagedAddons and defaultAddonsToRemove) to do same things?

Anyway I'm going test your suggestion this week and get back with feedback

@pulumi-bot pulumi-bot added needs-triage Needs attention from the triage team and removed awaiting-feedback Blocked on input from the author labels Nov 11, 2024
@t0yv0
Copy link
Member

t0yv0 commented Nov 11, 2024

Great feedback, let me double-check and see if we can clarify the docstrings.

@flostadler
Copy link
Contributor

flostadler commented Nov 12, 2024
edited
Loading

Hey @ahanoff, defaultAddonsToRemove wouldn't leave any ip tables rules behind because the adopt->delete procedure is done before there's any nodes in the cluster.
In detail, we're creating an EKS Addon for every addon you mention in defaultAddonsToRemove. This adopts the existing resources on the cluster into Pulumi's management. Finally, we're deleting those addons again, which cleans up the underlying resources.

But I agree with you that having two options to achieve the same goal is not ideal! pulumi-eks inherits this option from the pulumi-aws provider that manages the underlying cluster resource. defaultAddonsToRemove was added to that provider before AWS added the bootstrapSelfManagedAddons feature. I created an issue in pulumi-aws to track unifying this situation: pulumi/pulumi-aws#4755

@flostadler flostadler removed the needs-triage Needs attention from the triage team label Nov 12, 2024
@ahanoff
Copy link
Author

ahanoff commented Nov 13, 2024

have you tried the defaultAddonsToRemove property?

hi @t0yv0, @flostadler, I've tested this and would like to confirm that addons are removed and Cilium CNI installed passing cilium connectivity test successfully

@flostadler
Copy link
Contributor

Awesome, thanks @ahanoff. I'll keep the issue open to track this enhancement once we tackled pulumi/pulumi-aws#4755.

I also updated the description with the defaultAddonsToRemove workaround

@flostadler flostadler added the blocked The issue cannot be resolved without 3rd party action. label Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked The issue cannot be resolved without 3rd party action. kind/enhancement Improvements or new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@t0yv0 @ahanoff @flostadler @pulumi-bot