New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Solutions for "expect exactly one securityGroup tagged with kubernetes.io/cluster/<NAME>" don't work as expected #2258
Comments
I stumbled over this as well when using solution 1, though the error in my case was a bit different:
However, solution 2 worked for me with a slight modification: use
This was also suggested in the related issue |
This solution doesn't work. After migration from v17 to v18. I've got this error I've used the first solution |
This issue has been resolved in version 18.30.2 🎉 |
Using version 18.30.2 still actively producing this error |
This causes a scenario where the module goes into a never ending loop. When I revert back to 18.30, I am able to create a EKS managed node group without an issue. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
The recent addition in the FAQ about the
expect exactly one securityGroup tagged with kubernetes.io/cluster/<NAME>
is very much welcomed but it seems some of the solutions don't work properly.Solution 2 & 3 don't work because
aws-load-balancer-controller
seems to not care about the actual value of the tag.Whether it is set to empty string or something else,
aws-load-balancer-controller
still complains withexpect exactly one securityGroup tagged with kubernetes.io/cluster/...
Also Solution 3 might not work in the long run as EKS might put back the tag upon platform update.
Solution 1 doesn't work out of the box as creating a new cluster with the given setup results in the following errors:
This is caused by cluster_security_group_rules referencing the
node_security_group
being always added to the cluster security group despitenode_security_group_id
being set to null.This can be solved by either providing our own
node_security_group_id
or disabling the creation or the cluster_security_group, (create_cluster_security_group = false
) but it causes the replacement of the EKS cluster for an existing one (and a priori, a custom cluster security group should be provided in that case)The solution 4. works fine.
(It's in fact linked to Multiple security groups are created with the kubernetes.io/cluster tag #1986 which is already closed)
Expected behavior
The documentation should probably be updated to remove 2 & 3 solutions.
For solution 1. it is unclear to me if the module should be fixed to support having no node_security_group set, or if the doc should be updated to indicate that a custom node security group should be created.
The text was updated successfully, but these errors were encountered: