Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(eks): in place updates for EKS security group and Subnets (#30114)
### Issue # (if applicable) Closes #28584 ### Reason for this change To have in place updates for EKS clusters when subnets or SG values are changed. ### Description of changes Removed `replaceVpc` logic and introduced `updateVpc` to track changes and errors to handle multiple updates in one go ### Description of how you validated changes Have tested the changes by first deploying a cluster with below config: ```ts const vpc = ec2.Vpc.fromLookup(stack, 'Vpc', { isDefault: true }); new eks.Cluster(stack, 'Cluster', { vpc, ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_24), defaultCapacity: 0, }); ``` TestCase - 1 Update both subnets and Access at the same time ```ts new eks.Cluster(stack, 'Cluster', { vpc, ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_29), defaultCapacity: 0, tags: { foo: 'bar', }, endpointAccess: eks.EndpointAccess.PUBLIC, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], }); ``` Error below is thrown for Cluster custom resource - ``` { "errorType": "Error", "errorMessage": "Only one type of update - VpcConfigUpdate, LoggingUpdate or EndpointAccessUpdate can be allowed", "stack": [ "Error: Only one type of update - VpcConfigUpdate, LoggingUpdate or EndpointAccessUpdate can be allowed", " at Pi.onUpdate (/var/task/index.js:55:651127)", " at Pi.onEvent (/var/task/index.js:55:647590)", " at Runtime.yR [as handler] (/var/task/index.js:55:657995)", " at Runtime.handleOnceNonStreaming (file:///var/runtime/index.mjs:1173:29)" ] } ``` TestCase - 2 Update subnets to public ```ts new eks.Cluster(stack, 'Cluster', { vpc, ...getClusterVersionConfig(stack, eks.KubernetesVersion.V1_29), defaultCapacity: 0, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], }); ``` ``` { "updates": { "replaceName": false, "updateVpc": true, "updateAccess": false, "replaceRole": false, "updateVersion": false, "updateEncryption": false, "updateLogging": false } } ``` ``` { clientName: 'EKSClient', commandName: 'UpdateClusterConfigCommand', input: { name: 'Cluster9EE0221C-0b6f58b0698348aea43866b93a62b2c9', resourcesVpcConfig: { subnetIds: [Array], securityGroupIds: [Array] } }, output: { update: { createdAt: 2024-05-08T20:55:00.013Z, errors: [], id: '7d5cd243-5536-3f52-b5ca-4c6e6c044529', params: [Array], status: 'InProgress', type: 'VpcConfigUpdate' } }, metadata: {} } ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information