Skip to content

Commit

Permalink
fix(eks): in place updates for EKS security group and Subnets (#30114)
Browse files Browse the repository at this point in the history 
### Issue # (if applicable)

Closes #28584

### Reason for this change

To have in place updates for EKS clusters when subnets or SG values are changed.

### Description of changes

Removed `replaceVpc` logic and introduced `updateVpc` to track changes and errors to handle multiple updates in one go

### Description of how you validated changes

Have tested the changes by first deploying a cluster with below config: 
```ts
const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { isDefault: true });
new eks.Cluster(stack, 'Cluster', {
  vpc,
  ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_24),
  defaultCapacity: 0,
});
``` 
TestCase - 1 Update both subnets and Access at the same time
```ts
new eks.Cluster(stack, 'Cluster', {
  vpc,
  ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_29),
  defaultCapacity: 0,
  tags: {
    foo: 'bar',
  },
  endpointAccess: eks.EndpointAccess.PUBLIC,
  vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }],
});
```
Error below is thrown for Cluster custom resource -
```
{
    "errorType": "Error",
    "errorMessage": "Only one type of update - VpcConfigUpdate, LoggingUpdate or EndpointAccessUpdate can be allowed",
    "stack": [
        "Error: Only one type of update - VpcConfigUpdate, LoggingUpdate or EndpointAccessUpdate can be allowed",
        "    at Pi.onUpdate (/var/task/index.js:55:651127)",
        "    at Pi.onEvent (/var/task/index.js:55:647590)",
        "    at Runtime.yR [as handler] (/var/task/index.js:55:657995)",
        "    at Runtime.handleOnceNonStreaming (file:///var/runtime/index.mjs:1173:29)"
    ]
}
```

TestCase - 2 Update subnets to public 

```ts
new eks.Cluster(stack, 'Cluster', {
  vpc,
  ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_29),
  defaultCapacity: 0,
  vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }],
});
```
```
{
    "updates": {
        "replaceName": false,
        "updateVpc": true,
        "updateAccess": false,
        "replaceRole": false,
        "updateVersion": false,
        "updateEncryption": false,
        "updateLogging": false
    }
}
```

```
{
  clientName: 'EKSClient',
  commandName: 'UpdateClusterConfigCommand',
  input: {
    name: 'Cluster9EE0221C-0b6f58b0698348aea43866b93a62b2c9',
    resourcesVpcConfig: { subnetIds: [Array], securityGroupIds: [Array] }
  },
  output: {
    update: {
      createdAt: 2024-05-08T20:55:00.013Z,
      errors: [],
      id: '7d5cd243-5536-3f52-b5ca-4c6e6c044529',
      params: [Array],
      status: 'InProgress',
      type: 'VpcConfigUpdate'
    }
  },
  metadata: {}
}
``` 


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@mrlikl
mrlikl authored May 10, 2024
1 parent c377c34 commit eb39d9e
Show file tree
Hide file tree
Showing 29 changed files with 6,746 additions and 39 deletions.
88 changes: 88 additions & 0 deletions ...ot/asset.15197a5512179542fe2cff74af89bb047793c9c4e0b4395f114641a81cd52ae5/cfn-response.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions ...snapshot/asset.15197a5512179542fe2cff74af89bb047793c9c4e0b4395f114641a81cd52ae5/consts.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit eb39d9e

Please sign in to comment.