Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws_eks): Using the default cluster role triggers a cluster health issue #32222

Open
1 task
Gum-Christopher-bah opened this issue Nov 21, 2024 · 7 comments
Open
1 task

(aws_eks): Using the default cluster role triggers a cluster health issue #32222

Gum-Christopher-bah opened this issue Nov 21, 2024 · 7 comments
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. p3

Comments

@Gum-Christopher-bah
Copy link

Gum-Christopher-bah commented Nov 21, 2024
edited
Loading

Describe the bug

Creating a new cluster with no user created role passed triggers a health event with the following message.

Hello,

Amazon EKS detected cluster health issues in your AWS account 1234567890.

The following is a list of affected clusters with their cluster arns, cluster health status and corresponding cluster health issues(s):
arn:aws:eks:us-east-1:1234567890:cluster/my-cluster : IMPAIRED : Your cluster is not using the Amazon EKS service-linked-role. We couldnt assume the role associated with your cluster to perform required Amazon EKS management operations. Check the role exists and has the required trust policy.

It seems like the role still works for normal operations, but the new observability checks do not play nicely with it.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

Default role does not trigger the health event

Current Behavior

See Above

Reproduction Steps

Create a cluster

new eks.Cluster(this, 'hello-eks', {
  version: eks.KubernetesVersion.V1_31,
  kubectlLayer: new KubectlV31Layer(this, 'kubectl'),
});

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.168.0

Framework Version

No response

Node.js Version

18.20.4

OS

Mac

Language

TypeScript

Language Version

No response

Other information

No response
@Gum-Christopher-bah Gum-Christopher-bah added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 21, 2024
@github-actions github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Nov 21, 2024
@pahud pahud self-assigned this Nov 21, 2024
@pahud
Copy link
Contributor

pahud commented Nov 21, 2024

Hi

Creating a new cluster with no user created role passed triggers a health event with the following message.

where did you see this event?

@pahud pahud added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p3 and removed needs-triage This issue or PR still needs to be triaged. labels Nov 21, 2024
@pahud pahud removed their assignment Nov 21, 2024
@pahud
Copy link
Contributor

pahud commented Nov 21, 2024

ref: V1587868095

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Nov 21, 2024
@Gum-Christopher-bah
Copy link
Author

If you go into the console, under ClusterHealth issues, it will take you to the dashboard showing the problem. It is very possible that this may have been a fluke, I haven't been able to reproduce the issue

@pahud
Copy link
Contributor

pahud commented Nov 22, 2024

@Gum-Christopher-bah

Thank you. Let me verify it on my end.

@pahud pahud self-assigned this Nov 22, 2024
@pahud
Copy link
Contributor

pahud commented Nov 22, 2024

I didn't see that for now. Will keep watching it.

image

@pahud
Copy link
Contributor

pahud commented Nov 25, 2024

@Gum-Christopher-bah are you still seeing this warning in your console?

@pahud pahud added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Nov 25, 2024
@pahud pahud removed their assignment Nov 25, 2024
@Gum-Christopher-bah
Copy link
Author

Hello @pahud
I have figured out how to recreate this issue. This pops up only when the cluster stack is deleting and the cluster itself is lagging behind for whatever reason, unable to be deleted. There is not an explicit dependsOn generated between the cluster resource and the role, so the role is deleted first, which causes this to fire. This issue can be closed, but it would be nice if the construct handled deletion in the proper order so this would not pop up. Thank you and apologies for not responding sooner

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Nov 27, 2024
@github-actions github-actions bot mentioned this issue Dec 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @Gum-Christopher-bah