Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-eks): Cannot remove logging configuration after setting them #19898

Closed
akefirad opened this issue Apr 13, 2022 · 7 comments · Fixed by #21185
Closed

(aws-eks): Cannot remove logging configuration after setting them #19898

akefirad opened this issue Apr 13, 2022 · 7 comments · Fixed by #21185
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. effort/medium Medium work item – several days of effort p1

Comments

@akefirad
Copy link

akefirad commented Apr 13, 2022
edited
Loading

Describe the bug

Updating a cluster to remove cluster control plane logging cannot succeed. Also the rollback also fails with slightly different error.

Expected Behavior

The cluster should be updated or at least the rollback should complete.

Current Behavior

It fails with "The type for cluster update was not provided." error. Also the rollback also fails with slightly different error: "No changes needed for the logging config provided."

Reproduction Steps

  1. Create and deploy an empty cluster:
export class EksClusterStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: EksClusterStackProps) {
    super(scope, id, props);

    // Cluster /////////////////////////////////////////////////////////////////
    const clusterAdminRole = new iam.Role(this, "ClusterAdminRole", {
      assumedBy: new iam.AccountRootPrincipal(),
    });

    const vpc = ec2.Vpc.fromLookup(this, "MainVpc", { vpcId: props.vpcId });
    this.cluster = new eks.Cluster(this, "EksCluster", {
      vpc: vpc,
      vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }],
      clusterName: `${id}`,
      mastersRole: clusterAdminRole,
      version: eks.KubernetesVersion.V1_22,
      kubectlLayer: new lambda.LayerVersion(this, "KubectlLayer", {
        code: lambda.Code.fromAsset(path.join(__dirname, "layers", "kubectl.zip")),
      }),
    });
  }
}
  1. Change and deploy the cluster stack and add logging configuration:
      clusterLogging: [
        eks.ClusterLoggingTypes.API,
        eks.ClusterLoggingTypes.AUDIT,
        eks.ClusterLoggingTypes.AUTHENTICATOR,
        eks.ClusterLoggingTypes.CONTROLLER_MANAGER,
        eks.ClusterLoggingTypes.SCHEDULER,
      ],
  1. Now remove the above entry to make it like the original setup and deploy it (or you can just remove some and keep some). The Custom::AWSCDK-EKS-Cluster resource fails to update with the following error:
Received response status [FAILED] from custom resource. Message returned: No changes needed for the logging config provided Logs: /aws/lambda/InfraMainCluster-awscdkawse-OnEventHandler at Object.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27) at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/rest_json.js:49:8) at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12) at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:688:12)
  1. Try to complete the rollback, but it'll fails with slightly different error.

Possible Solution

🤷‍♂️

Additional Information/Context

No response

CDK CLI Version

2.20.0 (build 738ef49)

Framework Version

2.20.0

Node.js Version

v16.13.0

OS

Darwin Version 21.4.0

Language

Typescript

Language Version

Version 3.9.10

Other information

No response
@akefirad akefirad added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 13, 2022
@github-actions github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Apr 13, 2022
@ryparker ryparker added p1 effort/medium Medium work item – several days of effort labels Apr 26, 2022
@peterwoodworth peterwoodworth removed the needs-triage This issue or PR still needs to be triaged. label Apr 27, 2022
@otaviomacedo otaviomacedo removed their assignment Jun 27, 2022
guessi added a commit to guessi/aws-cdk that referenced this issue Jul 17, 2022
@guessi
chore(eks): extend support for clusterLogging disable
45a5a18 
Amazon EKS Loggings was first introduced in aws#18112 and added Fargate
logging support in aws#20707. However, disabled loggings was not take into
consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement.
Also, added test cases for no logging configured, partial logging
configured, full logging configured.

Fixes: aws#19898
@guessi guessi mentioned this issue Jul 17, 2022
Merged
4 tasks
guessi added a commit to guessi/aws-cdk that referenced this issue Jul 17, 2022
@guessi
chore(eks): extend support for clusterLogging disable
c434913 
Amazon EKS Loggings was first introduced in aws#18112 and added Fargate
logging support in aws#20707. However, disabled loggings was not take into
consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement.
Also, added test cases for no logging configured, partial logging
configured, full logging configured.

Fixes: aws#19898
guessi added a commit to guessi/aws-cdk that referenced this issue Jul 17, 2022
@guessi
chore(eks): extend support for clusterLogging disable
da58aa1 
Amazon EKS Loggings was first introduced in aws#18112 and added Fargate
logging support in aws#20707. However, disabled loggings was not take into
consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement.
Also, added test cases for no logging configured, partial logging
configured, full logging configured.

Fixes: aws#19898
guessi added a commit to guessi/aws-cdk that referenced this issue Jul 17, 2022
@guessi
chore(eks): extend support for clusterLogging disable
cc7509d 
Amazon EKS Loggings was first introduced in aws#18112 and added Fargate
logging support in aws#20707. However, disabled loggings was not take into
consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement.
Also, added test cases for no logging configured, partial logging
configured, full logging configured.

Fixes: aws#19898
guessi added a commit to guessi/aws-cdk that referenced this issue Jul 24, 2022
@guessi
chore(eks): extend support for clusterLogging disable
95ef236 
Amazon EKS Loggings was first introduced in aws#18112 and added Fargate
logging support in aws#20707. However, disabled loggings was not take into
consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement.
Also, added test cases for no logging configured, partial logging
configured, full logging configured.

Fixes: aws#19898
@mergify mergify bot closed this as completed in #21185 Aug 1, 2022
mergify bot pushed a commit that referenced this issue Aug 1, 2022
@guessi
fix(eks): cannot disable cluster logging once it has been enabled (#2…
e41b073 
…1185)

### Description

Amazon EKS Loggings was first introduced in #18112 and added Fargate logging support in #20707. However, disabled loggings was not take into consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement. Also, added test cases for no logging configured, partial logging configured, full logging configured.

Fixes: #19898

### Test Results

#### Tool versions

```sh
$ node --version
v16.16.0
```

```sh
$ yarn --version
1.22.19
```

#### yarn build

```sh
$ yarn build
yarn run v1.22.19
$ cdk-build
...

Build times for @aws-cdk/aws-eks: Total time (59.5s) | /home/ec2-user/aws-cdk/tools/@aws-cdk/cdk-build-tools/node_modules/jsii/bin/jsii (35.0s) | cfn2ts (0.6s)
Done in 59.94s.
```

#### yarn test

```sh
$ yarn test

yarn run v1.22.19
$ cdk-test
PASS test/cluster.test.js (33.488 s)
PASS test/nodegroup.test.js (10.465 s)
PASS test/helm-chart.test.js (5.964 s)
PASS test/fargate.test.js (5.391 s)
PASS test/k8s-manifest.test.js
PASS test/service-account.test.js
PASS test/user-data.test.js
PASS test/awsauth.test.js
PASS test/alb-controller.test.js
PASS test/k8s-patch.test.js
...

=============================== Coverage summary ===============================
Statements   : 93.08% ( 888/954 )
Branches     : 89.47% ( 442/494 )
Functions    : 94.03% ( 142/151 )
Lines        : 94.83% ( 881/929 )
================================================================================

Test Suites: 13 passed, 13 total
Tests:       277 passed, 277 total
Snapshots:   0 total
Time:        77.227 s, estimated 91 s
Ran all test suites.

Verifying integration test snapshots...

  UNCHANGED  integ.eks-oidc-provider 27.294s
  UNCHANGED  integ.fargate-cluster 35.153s
  UNCHANGED  integ.eks-cluster-private-endpoint 35.223s
  UNCHANGED  integ.eks-helm-asset 35.602s
  UNCHANGED  integ.eks-bottlerocket-ng 35.981s
  UNCHANGED  integ.eks-cluster-handlers-vpc 36.266s
  UNCHANGED  integ.eks-inference 36.801s
  UNCHANGED  integ.alb-controller 37.565s
  UNCHANGED  integ.eks-cluster 38.041s

Snapshot Results:

Tests:    9 passed, 9 total
Tests successful. Total time (1m59.1s) | /home/ec2-user/aws-cdk/node_modules/jest/bin/jest.js (1m18.4s) | integ-runner (40.6s)
Done in 119.26s.
```

#### yarn integ

```sh
$ yarn integ
yarn run v1.22.19
$ integ-runner

Verifying integration test snapshots...

  UNCHANGED  integ.eks-oidc-provider 25.049s
  UNCHANGED  integ.eks-bottlerocket-ng 34.895s
  UNCHANGED  integ.eks-cluster-private-endpoint 35.012s
  UNCHANGED  integ.fargate-cluster 35.417s
  UNCHANGED  integ.eks-cluster-handlers-vpc 35.563s
  UNCHANGED  integ.eks-helm-asset 35.691s
  UNCHANGED  integ.eks-inference 36.303s
  UNCHANGED  integ.alb-controller 37.071s
  UNCHANGED  integ.eks-cluster 37.843s

Snapshot Results:

Tests:    9 passed, 9 total
Done in 40.59s.
```

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [X] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Aug 1, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@TheRealAmazonKendra TheRealAmazonKendra mentioned this issue Aug 10, 2022
Merged
4 tasks
mergify bot pushed a commit that referenced this issue Aug 10, 2022
@TheRealAmazonKendra
revert "fix(eks): cannot disable cluster logging once it has been ena…
5515ce4 
…bled" (#21545)

Reverts #21185 and #21463
Closes #21515
Re-opens #19898. Fix for this in progress.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
vinayak-kukreja pushed a commit that referenced this issue Aug 10, 2022
@TheRealAmazonKendra @vinayak-kukreja
revert "fix(eks): cannot disable cluster logging once it has been ena…
c6c1aba 
…bled" (#21545)

Reverts #21185 and #21463
Closes #21515
Re-opens #19898. Fix for this in progress.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
josephedward pushed a commit to josephedward/aws-cdk that referenced this issue Aug 30, 2022
@guessi @josephedward
fix(eks): cannot disable cluster logging once it has been enabled (aw…
a73dbda 
…s#21185)

### Description

Amazon EKS Loggings was first introduced in aws#18112 and added Fargate logging support in aws#20707. However, disabled loggings was not take into consideration at the very beginning of the design.

With this PR, enabled clusterLogging support for enablement/disablement. Also, added test cases for no logging configured, partial logging configured, full logging configured.

Fixes: aws#19898

### Test Results

#### Tool versions

```sh
$ node --version
v16.16.0
```

```sh
$ yarn --version
1.22.19
```

#### yarn build

```sh
$ yarn build
yarn run v1.22.19
$ cdk-build
...

Build times for @aws-cdk/aws-eks: Total time (59.5s) | /home/ec2-user/aws-cdk/tools/@aws-cdk/cdk-build-tools/node_modules/jsii/bin/jsii (35.0s) | cfn2ts (0.6s)
Done in 59.94s.
```

#### yarn test

```sh
$ yarn test

yarn run v1.22.19
$ cdk-test
PASS test/cluster.test.js (33.488 s)
PASS test/nodegroup.test.js (10.465 s)
PASS test/helm-chart.test.js (5.964 s)
PASS test/fargate.test.js (5.391 s)
PASS test/k8s-manifest.test.js
PASS test/service-account.test.js
PASS test/user-data.test.js
PASS test/awsauth.test.js
PASS test/alb-controller.test.js
PASS test/k8s-patch.test.js
...

=============================== Coverage summary ===============================
Statements   : 93.08% ( 888/954 )
Branches     : 89.47% ( 442/494 )
Functions    : 94.03% ( 142/151 )
Lines        : 94.83% ( 881/929 )
================================================================================

Test Suites: 13 passed, 13 total
Tests:       277 passed, 277 total
Snapshots:   0 total
Time:        77.227 s, estimated 91 s
Ran all test suites.

Verifying integration test snapshots...

  UNCHANGED  integ.eks-oidc-provider 27.294s
  UNCHANGED  integ.fargate-cluster 35.153s
  UNCHANGED  integ.eks-cluster-private-endpoint 35.223s
  UNCHANGED  integ.eks-helm-asset 35.602s
  UNCHANGED  integ.eks-bottlerocket-ng 35.981s
  UNCHANGED  integ.eks-cluster-handlers-vpc 36.266s
  UNCHANGED  integ.eks-inference 36.801s
  UNCHANGED  integ.alb-controller 37.565s
  UNCHANGED  integ.eks-cluster 38.041s

Snapshot Results:

Tests:    9 passed, 9 total
Tests successful. Total time (1m59.1s) | /home/ec2-user/aws-cdk/node_modules/jest/bin/jest.js (1m18.4s) | integ-runner (40.6s)
Done in 119.26s.
```

#### yarn integ

```sh
$ yarn integ
yarn run v1.22.19
$ integ-runner

Verifying integration test snapshots...

  UNCHANGED  integ.eks-oidc-provider 25.049s
  UNCHANGED  integ.eks-bottlerocket-ng 34.895s
  UNCHANGED  integ.eks-cluster-private-endpoint 35.012s
  UNCHANGED  integ.fargate-cluster 35.417s
  UNCHANGED  integ.eks-cluster-handlers-vpc 35.563s
  UNCHANGED  integ.eks-helm-asset 35.691s
  UNCHANGED  integ.eks-inference 36.303s
  UNCHANGED  integ.alb-controller 37.071s
  UNCHANGED  integ.eks-cluster 37.843s

Snapshot Results:

Tests:    9 passed, 9 total
Done in 40.59s.
```

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [X] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
josephedward pushed a commit to josephedward/aws-cdk that referenced this issue Aug 30, 2022
@TheRealAmazonKendra @josephedward
revert "fix(eks): cannot disable cluster logging once it has been ena…
d2d529c 
…bled" (aws#21545)

Reverts aws#21185 and aws#21463
Closes aws#21515
Re-opens aws#19898. Fix for this in progress.

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@0xRIZE
Copy link

0xRIZE commented Nov 29, 2022
edited
Loading

We are running into the same issue on an existing cluster (EKS 1.22 and CDK 2.53). Deploy stack with:

  1. API logging enabled
  2. Authentication logging enabled

Afterwards, deploy with cluster logging disabled.

Is there any update on when this issue will be resolved?

@plumdog
Copy link
Contributor

plumdog commented Jan 17, 2023

In case this helps someone: I was getting "Received response status [FAILED] from custom resource. Message returned: The type for cluster update was not provided." even with this fix in place (CDK 2.59.0).

Resolved by manually turning off all logging on the EKS cluster, then applying the change in Cloudformation.

@AlecZebrick
Copy link

AlecZebrick commented Jan 31, 2023
edited
Loading

Had same issue on my end with:

Received response status [FAILED] from custom resource. Message returned: No changes needed for the logging config provided Logs

I deployed it with:
clusterLogging: [ eks.ClusterLoggingTypes.API, eks.ClusterLoggingTypes.AUDIT, eks.ClusterLoggingTypes.AUTHENTICATOR, eks.ClusterLoggingTypes.CONTROLLER_MANAGER, eks.ClusterLoggingTypes.SCHEDULER, ],

Trying to remove the API logging line and running another CDK Deploy results in the error.

I have found a solution by using a custom resource instead to update this which includes the onDelete line
Credit: #4159 (comment)

@AlecZebrick
Copy link

AlecZebrick commented Feb 7, 2023
edited
Loading

Trying to remove logging via CDK like this:
image

Results in this change plan:
image

Resulting in
1:49:09 PM | UPDATE_FAILED | Custom::AWSCDK-EKS-Cluster | EksClusterFAB68BDB
Received response status [FAILED] from custom resource. Message returned: No changes needed for the logging config provided

Removing the clusterLogging option completely results in the same error.

@pahud
Copy link
Contributor

pahud commented Apr 23, 2024

resolving by #24688

@pahud pahud closed this as completed Apr 23, 2024
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. effort/medium Medium work item – several days of effort p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(eks): cannot disable cluster logging once it has been enabled guessi/aws-cdk
9 participants
@pahud @otaviomacedo @akefirad @plumdog @0xRIZE @ryparker @peterwoodworth @TheRealAmazonKendra @AlecZebrick