Skip to content

Commit

Permalink
Allow passing scalar security group properties to node groups (#1446)
Browse files Browse the repository at this point in the history
This change builds on top of
#1445 and makes `NodeGroup` &
`NodeGroupV2` accept the scalar security group properties introduced in
that PR.

This way users can connect their node groups to the cluster without
having to use any applies.
  • Loading branch information
flostadler authored Oct 16, 2024
1 parent 1e2e4aa commit d40deeb
Show file tree
Hide file tree
Showing 28 changed files with 1,169 additions and 78 deletions.
17 changes: 17 additions & 0 deletions examples/examples_nodejs_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -923,6 +923,23 @@ func TestAccSelfManagedNodeGroupOS(t *testing.T) {

assert.NoError(t, utils.ValidateNodePodCapacity(t, info.Outputs["kubeconfig"], 4, 100, "increased-pod-capacity"))
assert.NoError(t, utils.ValidateNodeStorage(t, info.Outputs["kubeconfig"], 4, 100*1_000_000_000, "increased-storage-capacity"))

// Validate that nodeSecurityGroupId is set to the security group passed in as an input
require.NotNil(t, info.Outputs["standardNodeSecurityGroup"])
require.NotNil(t, info.Outputs["standardNodeSecurityGroupV2"])
standardSecurityGroup := info.Outputs["standardNodeSecurityGroup"].(map[string]interface{})
standardSecurityGroupV2 := info.Outputs["standardNodeSecurityGroupV2"].(map[string]interface{})
assert.Equal(t, standardSecurityGroup["id"], info.Outputs["standardNodeSecurityGroupId"])
assert.Equal(t, standardSecurityGroupV2["id"], info.Outputs["standardNodeSecurityGroupIdV2"])

// Validate that the nodeSecurityGroupId is set to security group ID passed in as an input
assert.Nil(t, info.Outputs["customNodeSecurityGroup"])
assert.Nil(t, info.Outputs["customNodeSecurityGroupV2"])
require.NotEmpty(t, info.Outputs["clusterNodeSecurityGroupId"])
clusterNodeGroupId := info.Outputs["clusterNodeSecurityGroupId"].(string)

assert.Equal(t, clusterNodeGroupId, info.Outputs["customNodeSecurityGroupId"])
assert.Equal(t, clusterNodeGroupId, info.Outputs["customNodeSecurityGroupIdV2"])
},
})

Expand Down
4 changes: 2 additions & 2 deletions examples/tests/migrate-nodegroups/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ export function createNodeGroup(
): eks.NodeGroup {
return new eks.NodeGroup(name, {
cluster: args.cluster,
nodeSecurityGroup: args.cluster.nodeSecurityGroup.apply(v => v!),
clusterIngressRule: args.cluster.eksClusterIngressRule.apply(v => v!),
nodeSecurityGroupId: args.cluster.nodeSecurityGroupId,
clusterIngressRuleId: args.cluster.clusterIngressRuleId,
instanceType: args.instanceType,
nodeAssociatePublicIpAddress: false,
desiredCapacity: args.desiredCapacity,
Expand Down
29 changes: 29 additions & 0 deletions examples/tests/self-managed-ng-os/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -186,3 +186,32 @@ const nodeGroupBottlerocketUserdata = new eks.NodeGroupV2("bottlerocket-userdata
},
},
});

const nodegroupWithSecurityGroupId = new eks.NodeGroup("ng-security-group-id", {
...capacity,
cluster: cluster,
instanceType: "t3.medium",
instanceProfile: instanceProfile,
nodeSecurityGroupId: cluster.nodeSecurityGroupId,
clusterIngressRuleId: cluster.clusterIngressRuleId,
});

const nodegroupV2WithSecurityGroupId = new eks.NodeGroupV2("ng-security-group-id", {
...capacity,
cluster: cluster,
instanceType: "t3.medium",
instanceProfile: instanceProfile,
nodeSecurityGroupId: cluster.nodeSecurityGroupId,
clusterIngressRuleId: cluster.clusterIngressRuleId,
});

export const standardNodeSecurityGroup = nodeGroupAL2023V1.nodeSecurityGroup;
export const standardNodeSecurityGroupId = nodeGroupAL2023V1.nodeSecurityGroupId;
export const standardNodeSecurityGroupV2 = nodeGroupAL2023.nodeSecurityGroup;
export const standardNodeSecurityGroupIdV2 = nodeGroupAL2023.nodeSecurityGroupId;

export const clusterNodeSecurityGroupId = cluster.nodeSecurityGroupId;
export const customNodeSecurityGroup = nodegroupWithSecurityGroupId.nodeSecurityGroup;
export const customNodeSecurityGroupId = nodegroupWithSecurityGroupId.nodeSecurityGroupId;
export const customNodeSecurityGroupV2 = nodegroupV2WithSecurityGroupId.nodeSecurityGroup;
export const customNodeSecurityGroupIdV2 = nodegroupV2WithSecurityGroupId.nodeSecurityGroupId;
2 changes: 2 additions & 0 deletions nodejs/eks/cmd/provider/nodegroup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ const nodeGroupProvider: pulumi.provider.Provider = {
urn: nodegroup.urn,
state: {
nodeSecurityGroup: nodegroup.nodeSecurityGroup,
nodeSecurityGroupId: nodegroup.nodeSecurityGroupId,
extraNodeSecurityGroups: nodegroup.extraNodeSecurityGroups,
cfnStack: nodegroup.cfnStack,
autoScalingGroupName: nodegroup.autoScalingGroupName,
Expand Down Expand Up @@ -85,6 +86,7 @@ const nodeGroupV2Provider: pulumi.provider.Provider = {
urn: nodegroup.urn,
state: {
nodeSecurityGroup: nodegroup.nodeSecurityGroup,
nodeSecurityGroupId: nodegroup.nodeSecurityGroupId,
extraNodeSecurityGroups: nodegroup.extraNodeSecurityGroups,
autoScalingGroup: nodegroup.autoScalingGroup,
},
Expand Down
Loading

0 comments on commit d40deeb

Please sign in to comment.