[aws-eks] restore_patch fails in KubernetesPatch

[melodyyangaws]

Patch restore fails if switch from LoadBalancer service to ClusterIP. This is a known issue in Kubernetes: kubernetes/kubernetes#33766 . Is it possible to make the restore_patch an optional parameter?

Use Case

The following code usually works, however, if anything goes wrong, CDK will try to revert the service back to ClusterIP and throws an error: spec.ports[0].nodePort: Invalid value: 30179: may not be used when type is 'ClusterIP' .

patch = eks.KubernetesPatch( self, 'port-forwarding',
            cluster=my_cluster,
            resource_name='service/argo-server',
            apply_patch={"spec": {"type": "LoadBalancer"}},
            restore_patch={"spec": {"type": "ClusterIP"}}, 
            resource_namespace='argo'
        )

If someone intentionally change the type from external to internal balancing, ie. apply_patch -> ClusterIP, restore_patch -> LoadBalancer, the CDK deployment will fail.

Proposed Solution

The workaround is to manually delete the service or uninstall the entire application. Maybe make the restore_patch optional, or add some validation checks in the aws_eks module.

Other

kubernetes/kubernetes#33766

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[iliapolo]

@melodyyangaws Do you mean that the apply_patch goes through fine but if something else in the stack fails (causing a stack rollback) it will try to invoke the restore_patch - which will now fail because of the issue you mentioned?

Are you able to workaround this issue by using an restore_patch={}?

[melodyyangaws]

@iliapolo yes, it will fail when stack rollback to restore_patch={"spec": {"type": "ClusterIP"}}. The workaround restore_patch={} works! Thanks.

[iliapolo]

@melodyyangaws Great!

In general, requiring a restore_patch is good practice, and I wouldn't want to sacrifice that experience for the sake of supporting this scenario. Especially since a reasonable workaround exists.

I'm going to close this out in the meantime and if we accumulate more use-cases that justify making restore_patch optional we will consider it then.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.