Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awsx.ec2.Vpc does not apply tags from subnet_specs if subnet_strategy=awsx.ec2.SubnetAllocationStrategy.AUTO #1287

Closed
renegrob opened this issue May 10, 2024 · 3 comments · Fixed by #1288
Closed

awsx.ec2.Vpc does not apply tags from subnet_specs if subnet_strategy=awsx.ec2.SubnetAllocationStrategy.AUTO #1287

renegrob opened this issue May 10, 2024 · 3 comments · Fixed by #1288
Assignees
@flostadler
Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed

Comments

@renegrob
Copy link

renegrob commented May 10, 2024
edited

What happened?

In order to set up EKS in AWS it is required to tag the subnets accordingly with kubernetes.io tags:

  "kubernetes.io/cluster/my_cluster": "owned",
  "kubernetes.io/role/elb": "1"

pulumi-awsx seems to ignore the subnet tags from subnet_specs as soon as the SubnetAllocationStrategy is set to AUTO and explicit cidr_blocks are defined on subnet level.

Example

Correct Behavior with SubnetAllocationStrategy = LEGACY

    awsx.ec2.Vpc(
        resource_name="temp_vpc",
        enable_dns_hostnames=True,
        number_of_availability_zones=1,
        subnet_strategy=awsx.ec2.SubnetAllocationStrategy.LEGACY,
        subnet_specs=[
            awsx.ec2.SubnetSpecArgs(
                type=awsx.ec2.SubnetType.PUBLIC,
                cidr_mask=19,
                cidr_blocks=['10.202.128.0/19'],
                tags={"my/specific/tag": "1", "my.other.specific.tag": "specific-value"}
            )
        ],
        nat_gateways=awsx.ec2.NatGatewayConfigurationArgs(strategy=NatGatewayStrategy.NONE),
    )

produces the correct output:

    + awsx:ec2:Vpc: (create)
        [urn=urn:pulumi:****:****::awsx:ec2:Vpc::temp_vpc]
        + aws:ec2/vpc:Vpc: (create)
            [urn=urn:pulumi:****:****::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::temp_vpc]
            [provider=urn:pulumi:****:****::pulumi:providers:aws::default_6_32_0::*****]
            cidrBlock         : "10.0.0.0/16"
            enableDnsHostnames: true
            enableDnsSupport  : true
            tags              : {
                Name: "temp_vpc"
            }
            tagsAll           : {
                Name: "temp_vpc"
            }
            + aws:ec2/internetGateway:InternetGateway: (create)
                [urn=urn:pulumi:****:****::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::temp_vpc]
                [provider=urn:pulumi:****:****::pulumi:providers:aws::default_6_32_0::*****]
                tags      : {
                    Name: "temp_vpc"
                }
                tagsAll   : {
                    Name: "temp_vpc"
                }
                vpcId     : output<string>
            + aws:ec2/subnet:Subnet: (create)
                [urn=urn:pulumi:****:****::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::temp_vpc-public-1]
                [provider=urn:pulumi:****:****::pulumi:providers:aws::default_6_32_0::*****]
                assignIpv6AddressOnCreation            : false
                availabilityZone                       : "eu-central-2a"
                cidrBlock                              : "10.0.0.0/19"
                enableDns64                            : false
                enableResourceNameDnsARecordOnLaunch   : false
                enableResourceNameDnsAaaaRecordOnLaunch: false
                ipv6Native                             : false
                mapPublicIpOnLaunch                    : true
                tags                                   : {
                    Name                 : "temp_vpc-public-1"
                    SubnetType           : "Public"
                    my.other.specific.tag: "specific-value"
                    my/specific/tag      : "1"
                }
                tagsAll                                : {
                    Name                 : "temp_vpc-public-1"
                    SubnetType           : "Public"
                    my.other.specific.tag: "specific-value"
                    my/specific/tag      : "1"
                }
                vpcId                                  : output<string>

Incorrect Behavior with SubnetAllocationStrategy = AUTO

    awsx.ec2.Vpc(
        resource_name="temp_vpc",
        enable_dns_hostnames=True,
        number_of_availability_zones=1,
        subnet_strategy=awsx.ec2.SubnetAllocationStrategy.AUTO,
        subnet_specs=[
            awsx.ec2.SubnetSpecArgs(
                type=awsx.ec2.SubnetType.PUBLIC,
                cidr_mask=19,
                cidr_blocks=['10.202.128.0/19'],
                tags={"my/specific/tag": "1", "my.other.specific.tag": "specific-value"}
            )
        ],
        nat_gateways=awsx.ec2.NatGatewayConfigurationArgs(strategy=NatGatewayStrategy.NONE),
    )

As soon as I switch SubnetAllocationStrategy to AUTO the subnet tags are no longer applied:

    + awsx:ec2:Vpc: (create)
        [urn=urn:pulumi:****:****::awsx:ec2:Vpc::temp_vpc]
        + aws:ec2/vpc:Vpc: (create)
            [urn=urn:pulumi:****:****::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::temp_vpc]
            [provider=urn:pulumi:****:****::pulumi:providers:aws::default_6_32_0::*****]
            cidrBlock         : "10.0.0.0/16"
            enableDnsHostnames: true
            enableDnsSupport  : true
            tags              : {
                Name: "temp_vpc"
            }
            tagsAll           : {
                Name: "temp_vpc"
            }
            + aws:ec2/internetGateway:InternetGateway: (create)
                [urn=urn:pulumi:****:****::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::temp_vpc]
                [provider=urn:pulumi:****:****::pulumi:providers:aws::default_6_32_0::*****]
                tags      : {
                    Name: "temp_vpc"
                }
                tagsAll   : {
                    Name: "temp_vpc"
                }
                vpcId     : output<string>
            + aws:ec2/subnet:Subnet: (create)
                [urn=urn:pulumi:****:****::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::temp_vpc-public-1]
                [provider=urn:pulumi:****:****::pulumi:providers:aws::default_6_32_0::*****]
                assignIpv6AddressOnCreation            : false
                availabilityZone                       : "eu-central-2a"
                cidrBlock                              : "10.0.0.0/19"
                enableDns64                            : false
                enableResourceNameDnsARecordOnLaunch   : false
                enableResourceNameDnsAaaaRecordOnLaunch: false
                ipv6Native                             : false
                mapPublicIpOnLaunch                    : true
                tags                                   : {
                    Name                 : "temp_vpc-public-1"
                    SubnetType           : "Public"
                    my.other.specific.tag: "specific-value"
                    my/specific/tag      : "1"
                }
                tagsAll                                : {
                    Name                 : "temp_vpc-public-1"
                    SubnetType           : "Public"
                    my.other.specific.tag: "specific-value"
                    my/specific/tag      : "1"
                }
                vpcId                                  : output<string>

Output of pulumi about

$ pulumi about
CLI
Version      3.115.2
Go Version   go1.22.2
Go Compiler  gc

Plugins
KIND      NAME        VERSION
resource  aws         6.34.0
resource  awsx        2.9.0
resource  docker      4.5.3
resource  gitlab      6.11.0
resource  kubernetes  4.11.0
resource  postgresql  3.11.0
language  python      unknown
resource  random      4.16.1
resource  tls         5.0.2

Host
OS       Microsoft Windows 11 Pro
Version  10.0.22621 Build 22621
Arch     x86_64

This project is written in python: executable='C:\Users\gre\AppData\Local\Programs\Python\Python311\python.exe' version='3.11.9'

...

Dependencies:
NAME               VERSION
cryptography       42.0.6
Jinja2             3.1.3
pip                24.0
pulumi_awsx        2.9.0
pulumi_gitlab      6.11.0
pulumi_kubernetes  4.11.0
pulumi_postgresql  3.11.0
pulumi_random      4.16.1
pulumi_tls         5.0.2
pywin32            306
setuptools         65.5.0

Additional context

I guess that here

pulumi-awsx/awsx/ec2/subnetDistributorNew.ts

Lines 154 to 159 in adae402

subnets.push({
cidrBlock: subnetCidr,
type: subnetSpec.type,
azName,
subnetName: subnetName(vpcName, subnetSpec, azNum),
});
the tags have to be included (as it is done in the legacy implementation

pulumi-awsx/awsx/ec2/subnetDistributorLegacy.ts

Lines 131 to 137 in adae402

publicSubnetsOut.push({
azName: azNames[i],
cidrBlock: nextAddress.address,
type: "Public",
subnetName: `${vpcName}-${publicSubnetsIn[j].name ?? "public"}-${i + 1}`,
tags: publicSubnetsIn[j].tags,
});
)

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@renegrob renegrob added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels May 10, 2024
@flostadler
Copy link
Contributor

Hey @renegrob thanks for reporting this, you're absolutely right!

As a workaround you could use transformations (https://www.pulumi.com/docs/concepts/options/transformations/) to inject the right tags on the underlying aws:ec2/subnet:Subnet resource while we work on providing a fix.

@flostadler flostadler self-assigned this May 10, 2024
@flostadler flostadler removed the needs-triage Needs attention from the triage team label May 10, 2024
@flostadler flostadler mentioned this issue May 13, 2024
Merged
@renegrob
Copy link
Author

Hi @flostadler
Thank you for the quick feedback. I also saw that you already submitted a fix.
I tried using transformations. Unfortunately, I would have to use a global stack transformation and then try to figure which subnet belongs to which VPC. I would end up in pretty dirty code. I wonder when the next patch release will be published so that I could avoid writing a workaround.

flostadler added a commit that referenced this issue May 13, 2024
@flostadler
Propagate subnet tags for explicit strategy (#1288)
18bd13b 
Previously when using the explicit subnet distribution strategy (i.e.
when specifying specific subnet CIDRs) the tags didn't get propagated to
the subnet. This fixes that.

Fixes #1287
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label May 13, 2024
@flostadler
Copy link
Contributor

@renegrob This was just released in https://github.com/pulumi/pulumi-awsx/releases/tag/v2.10.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@flostadler flostadler

Labels
kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Propagate subnet tags for explicit strategy pulumi/pulumi-awsx
3 participants
@flostadler @renegrob @pulumi-bot