Add scalar types for most commonly used resource outputs #1445
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
flostadler
added
the
needs-release/major
flostadler
force-pushed
the
flostadler/scalar-types
branch
from
dd44cba
to
c4cac37
Compare
flostadler
commented
Oct 16, 2024
| { | ||
| parent, | ||
| provider, | ||
| dependsOn: fargateProfile.apply((profile) => { |
There was a problem hiding this comment.
That's the fix for the Fargate issues. I needed to include it here otherwise I couldn't test the changes in this PR.
Does the PR have any schema changes?Looking good! No breaking changes found. |
flostadler
commented
Oct 16, 2024
| @@ -1103,6 +1145,7 @@ func generateSchema(version semver.Version) schema.PackageSpec { | |||
| }, | |||
| }, | |||
| "eks:index:VpcCniAddon": { | |||
| IsComponent: true, | |||
There was a problem hiding this comment.
Unrelated to this PR, but I noticed this was incorrectly set and we had .get functions for this component.
flostadler
changed the title
t0yv0
reviewed
Oct 16, 2024
| @@ -1077,10 +1077,18 @@ | |||
| "$ref": "/aws/v6.18.2/schema.json#/provider", | |||
| "description": "The AWS resource provider." | |||
| }, | |||
| "clusterIngressRuleId": { | |||
There was a problem hiding this comment.
The additions here can be copied into PR description to make searching easier. Referring to an internal doc is not that helpful for posterity. Thanks!
There was a problem hiding this comment.
Added it to the PR description
t0yv0
reviewed
Oct 16, 2024
| @@ -14,7 +14,7 @@ namespace Pulumi.Eks | |||
| /// For more information see: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html | |||
| /// </summary> | |||
| [EksResourceType("eks:index:VpcCniAddon")] | |||
| public partial class VpcCniAddon : global::Pulumi.CustomResource | |||
| public partial class VpcCniAddon : global::Pulumi.ComponentResource | |||
There was a problem hiding this comment.
Will this break things? Should we call it out? Or it is a new resource.
There was a problem hiding this comment.
New resource, we added it as part of v3 but forgot to mark it as a component
flostadler
added a commit
that referenced
this pull request
Oct 16, 2024
This change builds on top of #1445 and makes `NodeGroup` & `NodeGroupV2` accept the scalar security group properties introduced in that PR. This way users can connect their node groups to the cluster without having to use any applies.
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
To ease the impact of the breaking API changes caused by generating the node SDK, we decided to add additional scalar inputs that simplify UX across all SDKs (for more details [see internal doc](https://docs.google.com/document/d/1f97nmDUG_nrZSllYxu_XSeI7ON8vhZzfVrdBTQQmZzw/edit#heading=h.fbweiu8gc5bw)). This change adds the scalar properties mentioned in the doc and adds acceptance tests for them. While adding the acceptance tests I noticed that running pods on Fargate doesn't work deterministically. In some cases the cluster fails to get healthy (coredns stuck in pending). This was caused by a race-condition between coredns starting and the fargate profile being created. If the fargate profile deployed after coredns, the pods got stuck in pending because they got assigned to the `default-scheduler` instead of the `fargate-scheduler`. The fix is relatively easy; making coredns depend on the fargate profile. I'll separately update the migration guide. ### New properties | Existing Resource | | New Top Level Property | Description | | :---- | :---- | :---- | :---- | | `clusterSecurityGroup: Output<aws.ec2.SecurityGroup \| undefined>` | | `clusterSecurityGroupId: Output<string>` | Only really useful property of a security group. Used to add additional ingress/egress rules. Default to `the EKS created security group id` | | `nodeSecurityGroup: Output<aws.ec2.SecurityGroup \| undefined>` | | `nodeSecurityGroupId: Output<string>` | | | `eksClusterIngressRule: Output<aws.ec2.SecurityGroupRule \| undefined>` | | `clusterIngressRuleId: Output<string>` | Only really useful property of a rule. Default to `””` | | `defaultNodeGroup: Output<eks.NodeGroupData \| undefined>` | | `defaultNodeGroupAsgName: Output<string>` | The only useful property of the default node group is the auto scaling group. Exposing its name allows users to reference it in IAM roles, tags, etc. Default to `””` | | `core` | `fargateProfile: Output<aws.eks.FargateProfile \| undefined>` | `fargateProfileId: Output<string>` | The id of the fargate profile. Can be used to reference it. Default to `””` | | | | `fargateProfileStatus: Output<string>` | The status of the fargate profile. Default to `””` | | | `oidcProvider: Output<aws.iam.OpenIdConnectProvider \| undefined>` | `oidcProviderArn: Output<string>` & `oidcProviderUrl: Output<string>` & `oidcIssuer: Output<string` | Arn and Url are properties needed to set up IAM identities for pods (required for the assume role policy of the IAM role). Users currently need to trim the `https://` part of the url to actually use it. We should expose `oidcProvider` with that already done to ease usage. | Fixes #1041
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
This change builds on top of #1445 and makes `NodeGroup` & `NodeGroupV2` accept the scalar security group properties introduced in that PR. This way users can connect their node groups to the cluster without having to use any applies.
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
|
This PR has been shipped in release v3.0.0-beta.2. |
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
To ease the impact of the breaking API changes caused by generating the node SDK, we decided to add additional scalar inputs that simplify UX across all SDKs (for more details [see internal doc](https://docs.google.com/document/d/1f97nmDUG_nrZSllYxu_XSeI7ON8vhZzfVrdBTQQmZzw/edit#heading=h.fbweiu8gc5bw)). This change adds the scalar properties mentioned in the doc and adds acceptance tests for them. While adding the acceptance tests I noticed that running pods on Fargate doesn't work deterministically. In some cases the cluster fails to get healthy (coredns stuck in pending). This was caused by a race-condition between coredns starting and the fargate profile being created. If the fargate profile deployed after coredns, the pods got stuck in pending because they got assigned to the `default-scheduler` instead of the `fargate-scheduler`. The fix is relatively easy; making coredns depend on the fargate profile. I'll separately update the migration guide. ### New properties | Existing Resource | | New Top Level Property | Description | | :---- | :---- | :---- | :---- | | `clusterSecurityGroup: Output<aws.ec2.SecurityGroup \| undefined>` | | `clusterSecurityGroupId: Output<string>` | Only really useful property of a security group. Used to add additional ingress/egress rules. Default to `the EKS created security group id` | | `nodeSecurityGroup: Output<aws.ec2.SecurityGroup \| undefined>` | | `nodeSecurityGroupId: Output<string>` | | | `eksClusterIngressRule: Output<aws.ec2.SecurityGroupRule \| undefined>` | | `clusterIngressRuleId: Output<string>` | Only really useful property of a rule. Default to `””` | | `defaultNodeGroup: Output<eks.NodeGroupData \| undefined>` | | `defaultNodeGroupAsgName: Output<string>` | The only useful property of the default node group is the auto scaling group. Exposing its name allows users to reference it in IAM roles, tags, etc. Default to `””` | | `core` | `fargateProfile: Output<aws.eks.FargateProfile \| undefined>` | `fargateProfileId: Output<string>` | The id of the fargate profile. Can be used to reference it. Default to `””` | | | | `fargateProfileStatus: Output<string>` | The status of the fargate profile. Default to `””` | | | `oidcProvider: Output<aws.iam.OpenIdConnectProvider \| undefined>` | `oidcProviderArn: Output<string>` & `oidcProviderUrl: Output<string>` & `oidcIssuer: Output<string` | Arn and Url are properties needed to set up IAM identities for pods (required for the assume role policy of the IAM role). Users currently need to trim the `https://` part of the url to actually use it. We should expose `oidcProvider` with that already done to ease usage. | Fixes #1041
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
This change builds on top of #1445 and makes `NodeGroup` & `NodeGroupV2` accept the scalar security group properties introduced in that PR. This way users can connect their node groups to the cluster without having to use any applies.
flostadler
added a commit
that referenced
this pull request
Oct 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To ease the impact of the breaking API changes caused by generating the node SDK, we decided to add additional scalar inputs that simplify UX across all SDKs (for more details see internal doc).
This change adds the scalar properties mentioned in the doc and adds acceptance tests for them.
While adding the acceptance tests I noticed that running pods on Fargate doesn't work deterministically. In some cases the cluster fails to get healthy (coredns stuck in pending).
This was caused by a race-condition between coredns starting and the fargate profile being created. If the fargate profile deployed after coredns, the pods got stuck in pending because they got assigned to the
default-schedulerinstead of thefargate-scheduler.The fix is relatively easy; making coredns depend on the fargate profile.
I'll separately update the migration guide.
New properties
clusterSecurityGroup: Output<aws.ec2.SecurityGroup | undefined>clusterSecurityGroupId: Output<string>the EKS created security group idnodeSecurityGroup: Output<aws.ec2.SecurityGroup | undefined>nodeSecurityGroupId: Output<string>eksClusterIngressRule: Output<aws.ec2.SecurityGroupRule | undefined>clusterIngressRuleId: Output<string>””defaultNodeGroup: Output<eks.NodeGroupData | undefined>defaultNodeGroupAsgName: Output<string>””corefargateProfile: Output<aws.eks.FargateProfile | undefined>fargateProfileId: Output<string>””fargateProfileStatus: Output<string>””oidcProvider: Output<aws.iam.OpenIdConnectProvider | undefined>oidcProviderArn: Output<string>&oidcProviderUrl: Output<string>&oidcIssuer: Output<stringhttps://part of the url to actually use it. We should exposeoidcProviderwith that already done to ease usage.Fixes #1041