Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-eks): FromClusterAttributes() functions requires parameters at synth time commonly available at deploy time #14058

Closed
vgribok opened this issue Apr 8, 2021 · 2 comments
Closed

(aws-eks): FromClusterAttributes() functions requires parameters at synth time commonly available at deploy time #14058

vgribok opened this issue Apr 8, 2021 · 2 comments
Assignees
@iliapolo
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@vgribok
Copy link

vgribok commented Apr 8, 2021

Finding an existing cluster via CDK FromClusterAttributes() may require several arguments, like VPC and OIDC provider id that are frequently available at deploy time.

Reproduction Steps

var eksCluster = Cluster.FromClusterAttributes(this, "EksCluster", new ClusterAttributes
            {
                ClusterName = "my-cluster"
            };

Adding installation of AWS LB Controller and App Mesh Controller that involve creating service accounts, using OIDC and Helm result in

"Amazon.JSII.Runtime.JsiiException: "kubectlRole" is not defined, cannot issue kubectl commands against this cluster"
"Amazon.JSII.Runtime.JsiiException: "openIdConnectProvider" is not defined for this imported cluster"
"Amazon.JSII.Runtime.JsiiException: "vpc" is not defined for this imported cluster"

Running aws eks describe-cluster --name clusterName returns information on VPC, OIDC, but not a role suitable for kubectl mapped to "system:masters". The latter is understandable, but VPC and OIDC data may be (dare I say likely to be) accessible at deploy time and should be made optional for FromClusterAttributes()

What did you expect to happen?

cdk synth should not fail if vpc and OpenIdConnectProvider arguments are not supplied to Cluster.FromClusterAttributes() even if subsequent EKS stack operations require them. diff/deploy should fail only if vpc and OpenIdConnectProvider are not supplied and "aws eks describe-cluster --name clustername" or its equivalent API call does not return required data.

Install AWS LB Controller, AWS App Mesh Controller and App Mesh Ingress Gateway on an existing EKS cluster without having to dig for cluster information accessible to the stack at deploy time.

What actually happened?

I had to create an (imperative) script returning data that is then fed to "cdk deploy -c" (declarative) stack, while I should not be required to do the boilerplate step that could be performed by the stack itself. I also had to add three outputs to another EKS cluster creating stack to supply this information.

"Amazon.JSII.Runtime.JsiiException: "openIdConnectProvider" is not defined for this imported cluster"
"Amazon.JSII.Runtime.JsiiException: "vpc" is not defined for this imported cluster"

Environment

  • CDK CLI Version : 1.92.0
  • Framework Version: 1.92.0
  • Node.js Version: v15.5.0
  • OS : Windows 10 20H2
  • Language (Version): all

Other

Related to #12468

This is 🐛 Bug Report
@vgribok vgribok added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 8, 2021
@github-actions github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Apr 8, 2021
@iliapolo
Copy link
Contributor

iliapolo commented Apr 8, 2021

@vgribok The fromClusterAttributes method is intentionally not designed to perform live queries, it is simply a way to create type-safe objects from well known static values.

What you are referring to is called context lookups. And we actually already have a feature request to add a Cluster.fromLookup method, similarly to how we do VPC Lookups.

@iliapolo iliapolo added guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. bug This issue is a bug. labels Apr 8, 2021
@github-actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Apr 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iliapolo iliapolo

Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vgribok @iliapolo