-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-eks] Unable to use subnets of imported VPC #10341
Comments
@dmoser04 Haven't been able to reproduce this. Are you sure your VPC actually contains private subnets? Mind sharing your |
Hi @iliapolo, I believe you're right and it was an error on our side. So what we are actually doing is something like const vpc = ec2.Vpc.fromLookup(this, "myvpc", {
vpcId: "vpcId"
});
const subnetsToSelect = ["subnet-03b480529ed1ddcf6", "subnet-0b551f64601296295", "subnet-082440ba51cdfe9b0"]
const selectedSubnets = vpc.privateSubnets.filter(vpcSubnet => subnetsToSelect.includes(vpcSubnet.subnetId))
const cluster = new eks.Cluster(this, "mycluster", {
clusterName: "mycluster",
version: eks.KubernetesVersion.V1_17,
defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
defaultCapacity: 2,
defaultCapacityInstance: new ec2.InstanceType("t3.large"),
endpointAccess: eks.EndpointAccess.PRIVATE,
vpc: vpc,
vpcSubnets: [
{subnets: selectedSubnets }
]
}); So when CDK passes over the code the first time, it detects that the context is missing some info and refreshes it. However, Please accept my apologies for this invalid bug report. Feel free to close it. |
@dmoser04 I'm still a little vague as to what exactly is happening. You mentioned:
Why is Also, is vpcSubnets: [
{ subnets: subnetsToSelect.map((id, index) => ec2.Subnet.fromSubnetId(this, `Subnet${index}`, id)) }
] Will that do the trick? |
Hi @iliapolo ,
When you run this code with a non-existent or empty const vpc = ec2.Vpc.fromLookup(this, "MyVpc", { vpcId: "vpc-3ccd3554" });
const subnetsToSelect = ["subnet-03b480529ed1ddcf6", "subnet-0b551f64601296295", "subnet-082440ba51cdfe9b0"]
let selectedSubnets = vpc.privateSubnets.filter(vpcSubnet => subnetsToSelect.includes(vpcSubnet.subnetId))
// Check if the correct subnets are resolved after CDK has refreshed its context (i.e. after
// the vpcId is no longer the dummy vpc id)
// if (vpc.vpcId != 'vpc-12345') {
// const a = subnetsToSelect.sort()
// const b = selectedSubnets.map(sn => sn.subnetId).sort()
// for(let i=0; i<a.length; i++) {
// assert(a[i] === b[i])
// }
// } else {
// // Otherwise eks.Cluster would complain
// selectedSubnets = vpc.privateSubnets
// }
console.log("----------------- VPC Info -----------------")
console.log(vpc)
console.log("----------------- /VPC Info -----------------")
console.log("----------------- Subnet Info -----------------")
console.log(selectedSubnets)
console.log("----------------- /Subnet Info -----------------")
const cluster = new eks.Cluster(this, "mycluster", {
clusterName: "mycluster",
version: eks.KubernetesVersion.V1_17,
defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
defaultCapacity: 2,
defaultCapacityInstance: new ec2.InstanceType("t3.large"),
endpointAccess: eks.EndpointAccess.PRIVATE,
vpc: vpc,
vpcSubnets: [
{ subnets: selectedSubnets }
]
}); it will fail with the error shown above. From the log you can see, that CDK is using a dummy VPC (
However, if we include the commented code as well, it works because CDK seems to execute everything twice:
See the log
Yes, the VPC and subnet ids are fixed and injected via the build pipeline.
Works like a charm! Many thank for that tip |
@dmoser04 Thanks for the details. I'll see if I can make sense of it cause something still feels fishy. In any case, glad it helped 👍 |
I'm experiencing the exact same issue as described in #6115.
If
cdk.context.json
is nonexistent/empty and an imported VPC is used ineks.Cluster
, CDK fails withVpc must contain private subnets to configure private endpoint access
.Reproduction Steps
What did you expect to happen?
What actually happened?
Environment
Other
Stack trace
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: