Containers-roadmap: [EKS] Managed Node Groups Launch Template Support
Launch template support ability to launch managed nodes using a provided EC2 launch template. This will support multiple customization options for managed nodes including providing custom AMIs and passing user data during node provisioning.
tabern
All 15 comments
will this allow adding node taints for EKS managed node groups?
ivanmp91
on 20 Nov 2019
This issue has the unintended potential to become a bucket for all features. Let's make sure we track the launch template support separately from other feature requests like custom AMIs, passing user data, tainting nodes during provisioning/editing nodegroups. Launch template should definitely support any feature supported by NodeGroups just in a declarative way.
@ivanmp91 - Can you please open an issue if one doesn't exist for node taints and describe the use case and the expected workflow that needs to support node tainting? I am assuming here that you want nodes to be tainted as part of provisioning / editing nodegroups?
eswarbala
on 26 Nov 2019
Hi @eswarbala ! That's right, I'd like to have nodes tainted as part of the provisioning/editing nodegroups. Looks like somebody else created an issue: https://github.com/aws/containers-roadmap/issues/507, my use case it's pretty much the same as the one already described, but I'm gonna provide some more details there. Thanks!
ivanmp91
on 27 Nov 2019
Will this feature allow adding nodes to NLB target groups?
yann-soubeyrand
on 8 Dec 2019
we have use case to configure forward proxy to the managed worker nodes, looking forward to have this feature released.
halimwi
on 24 Dec 2019
The managed nodegroup currently only allows IAM role with following attached IAM policies:
- AmazonEKSWorkerNodePolicy
- AmazonEKS_CNI_Policy
- AmazonEC2ContainerRegistryReadOnly
It does not support the usage of IAM roles for the nodes without the above managed policies, even though the roles have required capabilities. Supporting this feature as well as can help on doing IAM role customization.
0xlen
on 25 Dec 2019
Can this feature also support associate public IPs for nodes = false. Would like to have private subnets of managed nodes (no public IPs) on the nodes.
AndrewMcFarren
on 27 Dec 2019
Hi all!
I want to use EKS managed nodegroups without automatic public IPv4 and root volume encryption. I modified the launch template genereted by the managed nodegroup, and i changed the default launch template version to the newer one. In the EKS console, now i see that the managed nodegroup is DEGRADED so no longer managed by EKS The Amazon EC2 Launch Template : lt-*** has a new version (2), which is not managed by AWS EKS.
My questions are:
This degraded nodegroup will be updated if there is a new AMI?
Do you have any workaround for this problem?
thanks
tomiszili
on 8 Jan 2020
Update version ( update-nodegroup-version api ) is disallowed if the Launch Template of the ASG has been modified since customer changes are not guaranteed to be sticky after our upgrade.
To be able to perform update and upgrade operation on the node group, kindly revert the manual changes made on the node group resources.
Thanks
ravisinha0506
on 9 Jan 2020
When using IAM Roles for Service Accounts (IRSA), the best practice describe in https://docs.aws.amazon.com/eks/latest/userguide/restrict-ec2-credential-access.html is to edit the launch config user-data of the worker node to use iptables block docker container access to the metadata server. When we were running self managed worker nodes, we had this configured in the user-data. The managed worker nodes don't seem to do this on their own (they really should, no?), and there's no way to add it via existing EKS managed worker node apis.
llamahunter
on 26 Feb 2020
Hey all,
I see that this is on the roadmap but as of the last update it doesn't look like there was a timeline set. Has there been any movement on this one? We are hoping to use the launch template to push traffic to a proxy in a secured internal only environment.
Thanks
jhoule-splice
on 8 Apr 2020
Hi @jhoule-splice we are working on this feature, but as per the roadmap guidelines, we can't share specific timelines in this forum.
mikestef9
on 8 Apr 2020
Will this support tagging of ec2 instances launched by managed worker node groups? https://github.com/aws/containers-roadmap/issues/608
llamahunter
on 11 May 2020
Managed node groups now supports EC2 launch templates! See the launch blog and EKS documentation for more details
This launch addresses the following feature requests, and these issues will be closed soon:
- Custom security groups #609
- Custom user data #596
- Tagging EC2 instances #608
- Custom AMIs #741
- Volume configuration and encryption #665 #719
- Changing instance types #746
The latest eksctl release supports launch template functionality.
Excited to see all the use cases this unlocks for applications running on managed node groups, and as always, we welcome your feedback!
mikestef9
on 17 Aug 2020
Great feature! Congrats
os-virtualretail
on 18 Aug 2020
Related issues
aliabas7
路
3Comments
adlemich
路
3Comments
yavor-atanasov
路
3Comments
tabern
路
3Comments
abby-fuller
路
3Comments
Most helpful comment
Managed node groups now supports EC2 launch templates! See the launch blog and EKS documentation for more details
This launch addresses the following feature requests, and these issues will be closed soon:
The latest eksctl release supports launch template functionality.
Excited to see all the use cases this unlocks for applications running on managed node groups, and as always, we welcome your feedback!