Add best-effort cleanup to EksCreateNodegroupOperator on post-create failure#61145
Merged
shahar1 merged 1 commit intoapache:mainfrom Feb 10, 2026
Merged
Conversation
boring-cyborg
bot
added
area:providers
provider:amazon
o-nikolas
reviewed
Jan 28, 2026
providers/amazon/src/airflow/providers/amazon/aws/operators/eks.py
Outdated
Show resolved
Hide resolved
SameerMesiah97
force-pushed
the
61142-EKSCreateNodeGroupOperator-Cleanup
branch
2 times, most recently
from
345ab8b to
2ff71f0
Compare
occur after successful creation (e.g. waiter failures due to missing DescribeNodegroup permissions). This change adds best-effort cleanup when post-create steps fail by attempting to delete the nodegroup that was successfully created. Cleanup errors are logged but do not mask the original exception. This mode is opt-in by default. Tests cover successful cleanup on waiter failure and ensure cleanup failures do not override the original error.
SameerMesiah97
force-pushed
the
61142-EKSCreateNodeGroupOperator-Cleanup
branch
from
1ed447c to
26b4853
Compare
vincbeck
approved these changes
Jan 28, 2026
shahar1
changed the title
81 tasks
Alok-kumar-priyadarshi
pushed a commit
to Alok-kumar-priyadarshi/airflow
that referenced
this pull request
Feb 11, 2026
Ratasa143
pushed a commit
to Ratasa143/airflow
that referenced
this pull request
Feb 15, 2026
choo121600
pushed a commit
to choo121600/airflow
that referenced
this pull request
Feb 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Added best-effort cleanup for EKS managed nodegroups to ensure nodegroups are deleted when failures occur after a nodegroup has been successfully created. Cleanup behavior is guarded by a flag and is opted in by default.
Previously, nodegroup creation could succeed via
create_nodegroup, but the operator could then fail during post-creation steps (for example, when waiting for nodegroup readiness withwait_for_completion=Trueand missingeks:DescribeNodegrouppermissions). In these cases, the Airflow task failed while the EKS managed nodegroup continued provisioning or running in AWS.Cleanup logic has now been added to the internal
_create_computehelper. If an exception is raised after nodegroup creation during the wait phase, the operator attempts a best-effort deletion of the nodegroup. Cleanup failures are logged but do not mask or replace the original exception.Cleanup is only triggered for post-start EKS nodegroup failures (including
WaiterError), ensuring deletion is attempted only when a nodegroup was successfully created and avoiding interception of non-AWS exceptions.Rationale
EKS managed nodegroups are external resources whose lifecycle extends beyond the execution of the Airflow task. If nodegroup creation succeeds but subsequent steps fail, Airflow may lose the ability to observe or manage the resource, potentially leaving nodegroups running unexpectedly.
Failures after nodegroup creation can occur for multiple reasons, including partial IAM permissions (for example, allowing
eks:CreateNodegroupbut denyingeks:DescribeNodegroup, which is required by the waiter). In such cases, the nodegroup may continue provisioning even though the Airflow task has failed.This change applies only to nodegroup creation and does not affect cluster creation, deletion, or Fargate profiles. Cleanup is scoped narrowly to nodegroups created during the current execution and is only attempted when nodegroup creation has already completed successfully. This prevents interference with unrelated resources while avoiding orphaned EKS-managed infrastructure on post-create failures.
Restricting cleanup to post-creation EKS nodegroup failures prevents unintended deletion in unrelated failure paths while still addressing orphaned nodegroups created during execution.
Notes
These series of changes intentionally avoid introducing a shared abstraction for AWS operator cleanup logic. Resource creation, ownership tracking, and cleanup semantics vary significantly across AWS services, and a generic solution would add complexity without clear benefit. Cleanup is therefore implemented locally where behavior and failure modes are well understood.
Tests
Documentation
The docstring for
EksCreateNodegroupOperatorhas been updated with a brief description of the new flagdelete_nodegroup_on_failure.Backwards Compatibility
A new flag called
delete_nodegroup_on_failurehas been added toEksCreateNodegroupOperatorwith a default setting ofTrue. Best-effort cleanup will now be attempted if a post-creation failure (includingWaiterError) occurs after the nodegroup has been successfully created.Closes: #61142