fix(eks): nodegroup synthesis fails when configured with an AMI type that is not compatible to the default instance type#12441
Merged
mergify[bot] merged 15 commits intomasterfrom Jan 12, 2021
Conversation
|
|
iliapolo
commented
Jan 10, 2021
Contributor
Author
|
Not quite ready yet |
iliapolo
commented
Jan 10, 2021
eladb
approved these changes
Jan 11, 2021
Contributor
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Collaborator
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
mergify bot
pushed a commit
that referenced
this pull request
Dec 17, 2021
As `Nodegroup` now supports different AMI types including Bottlerocket for both x86_64 and ARM_64, we cannot determine correct amiType simply from the `instanceTypes` property(#17641 ). However, when `instanceTypes` are provided, we still can check: 1. if instance types of different CPU architectures are mxied and throw an error 2. if the provided `amyType` compatible with the instanceTypes If user opt in Bottlerocket or any other AMI types other than AL2, users have to specify the `amiType` explicitly. If it's unspecified, we will use AL2 implicitly to avoid breaking changes, which is the default behavior previously. The only case `amiType` has to be undefined is that when custom AMI is defined in the launch template. As we can't check this case, users have to explicitly leave it undefined. We add a notice in the property doc string for this. Related to #12441 Fixes: #17641 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
TikiTDO
pushed a commit
to TikiTDO/aws-cdk
that referenced
this pull request
Feb 21, 2022
As `Nodegroup` now supports different AMI types including Bottlerocket for both x86_64 and ARM_64, we cannot determine correct amiType simply from the `instanceTypes` property(aws#17641 ). However, when `instanceTypes` are provided, we still can check: 1. if instance types of different CPU architectures are mxied and throw an error 2. if the provided `amyType` compatible with the instanceTypes If user opt in Bottlerocket or any other AMI types other than AL2, users have to specify the `amiType` explicitly. If it's unspecified, we will use AL2 implicitly to avoid breaking changes, which is the default behavior previously. The only case `amiType` has to be undefined is that when custom AMI is defined in the launch template. As we can't check this case, users have to explicitly leave it undefined. We add a notice in the property doc string for this. Related to aws#12441 Fixes: aws#17641 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem 1
When creating a
Nodegroupwithout passing instance types, we currently default to uset3.medium:aws-cdk/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts
Line 294 in da1ed08
This default is then used to calculate the expected AMI type, and assert that the configured AMI type is indeed as expected:
aws-cdk/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts
Lines 302 to 304 in da1ed08
However, a user might configure instance types on the launch template, and an AMI type on the nodegroup. In this scenario, we still use the default instance type to perform the validation, which will fail if the ami type is not compatible with it.
To make things worse, we don't actually use the default instance type at all, apart from the validation:
aws-cdk/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts
Lines 329 to 330 in da1ed08
And in-fact, this default was only introduced in this PR, which also added the problematic validation.
Solution
Drop the default instance type altogether, like it was before. The new validation will only take place if the user explicitly configured both
instanceTypesandamiTypeon the nodegroup. Since the default value was never actually used, this doesn't incur any behavior change.Problem 2
When a launch template is used, we currently ignore the value of
amiTypeexplicitly passed by the user:aws-cdk/packages/@aws-cdk/aws-eks/lib/managed-nodegroup.ts
Lines 324 to 325 in da1ed08
This behavior means that users who configured a launch template without a custom ami, and passing an
amiTypeto the nodegroup, would now result in no ami specification at all, defaulting to whatever EKS does, which might not be what the user had in mind.There's no good reason to do this, we should either throw a validation error if both are used, or pass the explicit value nevertheless, even though it might cause problems.
Solution
When a user explicitly passes an AMI type, just use it and assume the user knows what he/she is doing. When a user does not explicitly pass it, only apply the default if a launch template is not used.
This change means that users who previously "relied" on this override, might now experience a deployment failure if they are using a custom AMI in the launch template, those users can resolve the problem by removing the
amiTypeproperty from the nodegroup (since it wasn't used, its not needed). I don't imagine many such users exist since this behavior is new and it doesn't make much sense to configure both a custom AMI and anamiType.Fixes #12389
BREAKING CHANGE: Explicitly passing
amiTypeto nodegroups will now take affect even if a launch template is configured as well. If your launch template contains a custom AMI, this will cause a deployment failure, to resolve, remove the explicitamiTypefrom the nodegroup configuration.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license