Terraform-aws-eks: Auto rotate managed node groups by setting node group name
When creating managed node groups, the name is auto generated. This doesn't change once the node group is created. Apparently, this also means that a terraform apply doesn't rotate the EC2 instances, leaving patch management up to the user.
This could be changed if there was a way to set the name manually.
Hence what I'd like to see is the possibility of setting a name for the node groups, like this:
node_groups = {
some_group = {
name = "some_group-12345"
desired_capacity = 2
max_capacity = 3
min_capacity = 1
subnets = data.aws_subnet_ids.some.ids
instance_type = "m5.large"
}
}
If node_group_name inside the (sub) module would be determined like this:
node_group_name = lookup(each.value, "name", "") != "" ? each.value["name"] : join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])
one could choose between having an auto generated name or setting it manually – and therefore being able to rotate all nodes by just doing a terraform apply.
Open for a PR?
splieth
All 7 comments
It would be great if we could explicitly specify MNG names.
babilen5
on 23 Jan 2020
@max-rocket-internet any feedback on this?
splieth
on 6 Feb 2020
Is using the node group key is ok for you ?
node_groups = {
some_group-12345 = {
desired_capacity = 2
max_capacity = 3
min_capacity = 1
subnets = data.aws_subnet_ids.some.ids
instance_type = "m5.large"
}
}
Actually the map key and cluster name are used to build the MNG name prefix.
barryib
on 6 Feb 2020
Apparently not since this produces a different behavior. An example: a cluster with 3 nodes and 3 Pods with a pod disruption budget that targets 2/3 of the pods up and running.
Using your suggestion, a second node group would be created parallel to deleting the old one. The node deletion process would start immediately which would leave the fresh pod that spawns after that pending until the new node comes up.
My suggestion would lead to a different flow: first, the new nodes would be created and once that is done, draining & terminating the old ones will start.
My concern with the first approach is that in high load situations, I would be forced to provision a larger replica set since a pod can be pending for a couple of minutes.
splieth
on 6 Feb 2020
@barryib any feedback on this? I would like to open a PR for that in case there is a chance that it gets merged :)
splieth
on 13 Feb 2020
If we can't set the MNG names now, sure open a PR for that.
But I don't really undestand how an autogenerated name or being able to specify a name affects your process? Either way, there a name and you can create and remove the groups as you wish?
max-rocket-internet
on 13 Feb 2020
one could choose between having an auto generated name or setting it manually – and therefore being able to rotate all nodes by just doing a terraform apply.
I think my lack of experience with MNGs here is show. If you want to create a PR, go for it 😃
max-rocket-internet
on 13 Feb 2020
Related issues
einyx
·
4Comments
max-rocket-internet
·
4Comments
discordianfish
·
4Comments
gb-ckedzierski
·
5Comments
mojochao
·
3Comments