SourceSecurityGroupIDs doesn't work in unmanaged node group, but this is not mentioned in the config schema. #2366

readybuilderone · 2020-06-24T09:46:35Z

In the config file schema(https://eksctl.io/usage/schema/) I found the SourceSecurityGroupIDs cloud be used for both managed node group and unmanaged nodegroup.

However, when I tried to create unmanaged nodegroup with SourceSecurityGroupIDs, I run in to the error:
"Error: nodeGroups[0].sourceSecurityGroupIds is not supported for unmanaged nodegroups"

For double confirm, I generated the schema using command: "eksctl utils schema" and found the SourceSecurityGroupIDs cloud be used for both managed node group and unmanaged nodegroup as well.

I did some research and found the validation in this file(https://github.com/weaveworks/eksctl/blob/a7fc5f6e8adc9e5581d7d8d128c7ed806675bb0f/pkg/apis/eksctl.io/v1alpha5/validation.go):

	if ng.SSH != nil {
		if err := validateNodeGroupSSH(ng.SSH); err != nil {
			return err
		}
		if len(ng.SSH.SourceSecurityGroupIDs) > 0 {
			return fmt.Errorf("%s.sourceSecurityGroupIds is not supported for unmanaged nodegroups", path)
		}
	}

So I think the config schema should be wrong, the sourceSecurityGroupIds should be marked, it is not supported for unmanaged nodegroups.

github-actions · 2021-01-18T15:59:08Z

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

zmarouf · 2021-02-10T07:57:59Z

Bump. What's the actual expected state? Will it be supported or should I just use a local/shared/extra attached security group for this on unmanaged nodegroups?
Thank you in advance for clearing this up! :)

cPu1 · 2021-02-11T09:52:31Z

Bump. What's the actual expected state? Will it be supported or should I just use a local/shared/extra attached security group for this on unmanaged nodegroups?
Thank you in advance for clearing this up! :)

We have decided to add support for sourceSecurityGroupIds for unmanaged nodegroups. There's no reason not to support it. This feature can be tracked in this PR: #3254

cPu1 · 2021-02-11T18:34:55Z

The PR has been merged and it'll be out in the next release.

readybuilderone added the kind/bug label Jun 24, 2020

michaelbeaumont self-assigned this Jun 24, 2020

martina-if added area/general-cli priority/backlog Not staffed at the moment. Help wanted. labels Jun 24, 2020

michaelbeaumont added kind/docs User documentation and removed kind/bug labels Jun 25, 2020

github-actions bot added the stale label Jan 18, 2021

michaelbeaumont removed the stale label Jan 19, 2021

cPu1 self-assigned this Feb 10, 2021

cPu1 mentioned this issue Feb 11, 2021

Support sourceSecurityGroupIds for unmanaged nodegroups #3254

Merged

7 tasks

cPu1 added the kind/feature New feature or request label Feb 11, 2021

cPu1 unassigned michaelbeaumont Feb 11, 2021

cPu1 closed this as completed in #3254 Feb 11, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SourceSecurityGroupIDs doesn't work in unmanaged node group, but this is not mentioned in the config schema. #2366

SourceSecurityGroupIDs doesn't work in unmanaged node group, but this is not mentioned in the config schema. #2366

readybuilderone commented Jun 24, 2020 •

edited

github-actions bot commented Jan 18, 2021

zmarouf commented Feb 10, 2021

cPu1 commented Feb 11, 2021

cPu1 commented Feb 11, 2021

SourceSecurityGroupIDs doesn't work in unmanaged node group, but this is not mentioned in the config schema. #2366

SourceSecurityGroupIDs doesn't work in unmanaged node group, but this is not mentioned in the config schema. #2366

Comments

readybuilderone commented Jun 24, 2020 • edited

github-actions bot commented Jan 18, 2021

zmarouf commented Feb 10, 2021

cPu1 commented Feb 11, 2021

cPu1 commented Feb 11, 2021

readybuilderone commented Jun 24, 2020 •

edited