Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Use namespace resource to share across istio charts to avoid conflicts #1768

Merged
merged 2 commits into from
Sep 19, 2023
Merged

fix: Use namespace resource to share across istio charts to avoid conflicts #1768

merged 2 commits into from
Sep 19, 2023

Conversation

bryantbiggs
Copy link
Contributor

Description

  • Both the istio-base and istiod rely on the istio-system namespace, but if we try to create it in the helm_release resource then the chart that is not creating the namespace fails since the namespace does not exist. Instead, changing to use a standalone namespace resource that is passed into the charts resolves this conflict
  • The istio-ingress automatically pulls the necessary image but only after it has been updated by istiod to know which image it should pull. This creates a hard dependency where istio-ingress requires istiod to be running before its pods are created, otherwise an image value must be specified in the instio-ingress chart values. There are numerous issues for this unfortunate situation, see below a couple of references. To get around this, the documentation has been updated to restart the istio-ingress deployment after the example is first provisioned. This will recycle those pods and they will now be able to pull the correct image
  • The EKS addons were taking quite a bit of time to deploy, CoreDNS routinely taking up to 15 minutes to provision. Historically there has been a better experience when these are deployed via the EKS module which this PR has followed. Once the addons were defined within the EKS module, the addons deploy rather quickly in 1-1.5 minutes
  • Since this pattern is creating a load balancer, we commonly face issues with these resources becoming orphaned when destroying the pattern. The example has been updated to set preserve = true on the VPC CNI to the CNI is able to continue managing and facilitating networking requests while the cluster is being destroyed. This helps to avoid the situation where the cluster resources were deleted too quickly and not allowing the ALB controller enough time to delete its resources and creaitng orphaned load balancer

Motivation and Context

How was this change tested?

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I have updated the docs for this feature
  • Yes, I ran pre-commit run -a with this PR

Additional Notes

@bryantbiggs bryantbiggs requested a review from a team as a code owner September 19, 2023 19:12
@bryantbiggs bryantbiggs temporarily deployed to EKS Blueprints Test September 19, 2023 19:12 — with GitHub Actions Inactive
vchintal
vchintal reviewed Sep 19, 2023
View reviewed changes
Copy link
Contributor

@vchintal vchintal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CoreDNS has been a pain, thanks for pulling it back into EKS module. Do any of the changes made have dependency on the instance type (m5.xlarge)? I am okay with these changes, the cost to retain the best practices is fortunately small.

@bryantbiggs
Copy link
Contributor Author

Let me re-run one more test with these latest changes using the standard 2 nodes of m5.large - one sec

@bryantbiggs
Copy link
Contributor Author

works great with 2 node of m5.large

module.vpc.aws_vpc.this[0]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_iam_role.this[0]: Creating...
module.eks.aws_cloudwatch_log_group.this[0]: Creating...
module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_policy.this[0]: Creating...
module.eks.aws_iam_role.this[0]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_iam_role.this[0]: Creation complete after 0s [id=initial-eks-node-group-20230919192640863400000001]
module.eks.module.eks_managed_node_group["initial"].aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"]: Creating...
module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_policy.this[0]: Creation complete after 0s [id=arn:aws:iam::794745767729:policy/alb-controller-20230919192640863600000003]
module.eks.aws_iam_role.this[0]: Creation complete after 0s [id=istio-cluster-20230919192640863600000002]
module.eks.module.eks_managed_node_group["initial"].aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"]: Creation complete after 0s [id=initial-eks-node-group-20230919192640863400000001-20230919192641344600000004]
module.eks.aws_iam_role_policy_attachment.this["AmazonEKSClusterPolicy"]: Creating...
module.eks.aws_iam_role_policy_attachment.this["AmazonEKSVPCResourceController"]: Creating...
module.eks.module.kms.data.aws_iam_policy_document.this[0]: Reading...
module.eks.module.kms.data.aws_iam_policy_document.this[0]: Read complete after 0s [id=302610694]
module.eks.module.eks_managed_node_group["initial"].aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"]: Creation complete after 0s [id=initial-eks-node-group-20230919192640863400000001-20230919192641369600000005]
module.eks.module.kms.aws_kms_key.this[0]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"]: Creation complete after 0s [id=initial-eks-node-group-20230919192640863400000001-20230919192641399700000006]
module.eks.aws_iam_role_policy_attachment.this["AmazonEKSVPCResourceController"]: Creation complete after 1s [id=istio-cluster-20230919192640863600000002-20230919192641483900000007]
module.eks.aws_iam_role_policy_attachment.this["AmazonEKSClusterPolicy"]: Creation complete after 1s [id=istio-cluster-20230919192640863600000002-20230919192641505200000008]
module.eks.aws_cloudwatch_log_group.this[0]: Creation complete after 1s [id=/aws/eks/istio/cluster]
module.vpc.aws_vpc.this[0]: Still creating... [10s elapsed]
module.eks.module.kms.aws_kms_key.this[0]: Still creating... [10s elapsed]
module.vpc.aws_vpc.this[0]: Creation complete after 12s [id=vpc-0cfa20f7b7e967d3c]
module.vpc.aws_internet_gateway.this[0]: Creating...
module.vpc.aws_default_route_table.default[0]: Creating...
module.vpc.aws_subnet.private[2]: Creating...
module.vpc.aws_subnet.private[1]: Creating...
module.vpc.aws_subnet.private[0]: Creating...
module.vpc.aws_default_network_acl.this[0]: Creating...
module.vpc.aws_route_table.public[0]: Creating...
module.vpc.aws_subnet.public[1]: Creating...
module.vpc.aws_default_security_group.this[0]: Creating...
module.vpc.aws_default_route_table.default[0]: Creation complete after 1s [id=rtb-0c3b0f593c59d3d42]
module.vpc.aws_subnet.public[2]: Creating...
module.vpc.aws_subnet.public[1]: Creation complete after 1s [id=subnet-0c38722b0329b4a04]
module.vpc.aws_route_table.private[0]: Creating...
module.vpc.aws_subnet.private[2]: Creation complete after 1s [id=subnet-0cad90414123c07c8]
module.vpc.aws_subnet.public[0]: Creating...
module.vpc.aws_internet_gateway.this[0]: Creation complete after 1s [id=igw-05e685f519c1d5f45]
module.eks.aws_security_group.node[0]: Creating...
module.vpc.aws_subnet.private[0]: Creation complete after 2s [id=subnet-0d416ccb38bb371f5]
module.vpc.aws_route_table.public[0]: Creation complete after 2s [id=rtb-09ee1c99b569b7d0c]
module.vpc.aws_subnet.private[1]: Creation complete after 2s [id=subnet-09a8525c9b4926f85]
module.eks.aws_security_group.cluster[0]: Creating...
module.vpc.aws_eip.nat[0]: Creating...
module.vpc.aws_route.public_internet_gateway[0]: Creating...
module.vpc.aws_subnet.public[2]: Creation complete after 1s [id=subnet-0d2fd488cfa1f5326]
module.vpc.aws_subnet.public[0]: Creation complete after 1s [id=subnet-020596f905d9f2583]
module.vpc.aws_route_table_association.public[1]: Creating...
module.vpc.aws_route_table_association.public[2]: Creating...
module.vpc.aws_eip.nat[0]: Creation complete after 0s [id=eipalloc-074dc4a8cbc84d810]
module.vpc.aws_route_table_association.public[0]: Creating...
module.vpc.aws_route_table.private[0]: Creation complete after 1s [id=rtb-0ec14d47a88818320]
module.vpc.aws_route_table_association.private[1]: Creating...
module.vpc.aws_default_security_group.this[0]: Creation complete after 2s [id=sg-07046eea54e7888f9]
module.vpc.aws_route_table_association.private[2]: Creating...
module.vpc.aws_route.public_internet_gateway[0]: Creation complete after 0s [id=r-rtb-09ee1c99b569b7d0c1080289494]
module.vpc.aws_route_table_association.private[0]: Creating...
module.vpc.aws_default_network_acl.this[0]: Creation complete after 2s [id=acl-090aa2d18666b53d7]
module.vpc.aws_nat_gateway.this[0]: Creating...
module.vpc.aws_route_table_association.public[1]: Creation complete after 1s [id=rtbassoc-05c94d77dd261b7d7]
module.vpc.aws_route_table_association.public[2]: Creation complete after 1s [id=rtbassoc-0ed57d93f6c6950c6]
module.vpc.aws_route_table_association.private[1]: Creation complete after 1s [id=rtbassoc-0b99f6808c391631d]
module.vpc.aws_route_table_association.public[0]: Creation complete after 1s [id=rtbassoc-08932c1a5ee8ea2b0]
module.vpc.aws_route_table_association.private[2]: Creation complete after 1s [id=rtbassoc-0213df6f5c9eac126]
module.vpc.aws_route_table_association.private[0]: Creation complete after 1s [id=rtbassoc-09400825efaba8a32]
module.eks.aws_security_group.node[0]: Creation complete after 2s [id=sg-055ef59d322f50b3c]
module.eks.aws_security_group.cluster[0]: Creation complete after 1s [id=sg-063ed988509b1e10f]
module.eks.aws_security_group_rule.node["egress_all"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_6443_webhook"]: Creating...
module.eks.aws_security_group_rule.node["ingress_15017"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_kubelet"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_8443_webhook"]: Creating...
module.eks.aws_security_group_rule.node["ingress_nodes_ephemeral"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_443"]: Creating...
module.eks.aws_security_group_rule.cluster["ingress_nodes_443"]: Creating...
module.eks.aws_security_group_rule.node["egress_all"]: Creation complete after 1s [id=sgrule-777295868]
module.eks.aws_security_group_rule.cluster["ingress_nodes_443"]: Creation complete after 1s [id=sgrule-2524178362]
module.eks.aws_security_group_rule.node["ingress_cluster_4443_webhook"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_9443_webhook"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_kubelet"]: Creation complete after 1s [id=sgrule-807629962]
module.eks.aws_security_group_rule.node["ingress_15012"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_6443_webhook"]: Creation complete after 2s [id=sgrule-3489560941]
module.eks.aws_security_group_rule.node["ingress_self_coredns_udp"]: Creating...
module.eks.aws_security_group_rule.node["ingress_cluster_8443_webhook"]: Creation complete after 2s [id=sgrule-3701622092]
module.eks.aws_security_group_rule.node["ingress_self_coredns_tcp"]: Creating...
module.eks.aws_security_group_rule.node["ingress_15017"]: Creation complete after 3s [id=sgrule-1862361931]
module.eks.aws_security_group_rule.node["ingress_nodes_ephemeral"]: Creation complete after 4s [id=sgrule-1265439796]
module.eks.aws_security_group_rule.node["ingress_cluster_443"]: Creation complete after 4s [id=sgrule-1649689386]
module.eks.aws_security_group_rule.node["ingress_cluster_4443_webhook"]: Creation complete after 4s [id=sgrule-112991995]
module.eks.module.kms.aws_kms_key.this[0]: Still creating... [20s elapsed]
module.eks.aws_security_group_rule.node["ingress_cluster_9443_webhook"]: Creation complete after 5s [id=sgrule-3087234695]
module.eks.aws_security_group_rule.node["ingress_15012"]: Creation complete after 5s [id=sgrule-2322428636]
module.eks.aws_security_group_rule.node["ingress_self_coredns_udp"]: Creation complete after 5s [id=sgrule-2071514071]
module.eks.aws_security_group_rule.node["ingress_self_coredns_tcp"]: Creation complete after 5s [id=sgrule-3743901752]
module.eks.module.kms.aws_kms_key.this[0]: Creation complete after 23s [id=e78c1de4-ed36-4e31-be97-2f9b00489c13]
module.eks.module.kms.aws_kms_alias.this["cluster"]: Creating...
module.eks.aws_iam_policy.cluster_encryption[0]: Creating...
module.eks.aws_eks_cluster.this[0]: Creating...
module.eks.module.kms.aws_kms_alias.this["cluster"]: Creation complete after 0s [id=alias/eks/istio]
module.eks.aws_iam_policy.cluster_encryption[0]: Creation complete after 1s [id=arn:aws:iam::794745767729:policy/istio-cluster-ClusterEncryption2023091919270407960000000c]
module.eks.aws_iam_role_policy_attachment.cluster_encryption[0]: Creating...
module.eks.aws_iam_role_policy_attachment.cluster_encryption[0]: Creation complete after 0s [id=istio-cluster-20230919192640863600000002-2023091919270496500000000d]
module.vpc.aws_nat_gateway.this[0]: Still creating... [10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [10s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [20s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [30s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [40s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [50s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [1m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [1m0s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [1m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [1m10s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [1m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [1m20s elapsed]
module.vpc.aws_nat_gateway.this[0]: Still creating... [1m30s elapsed]
module.vpc.aws_nat_gateway.this[0]: Creation complete after 1m36s [id=nat-0741ea01c84e66b6e]
module.vpc.aws_route.private_nat_gateway[0]: Creating...
module.vpc.aws_route.private_nat_gateway[0]: Creation complete after 1s [id=r-rtb-0ec14d47a888183201080289494]
module.eks.aws_eks_cluster.this[0]: Still creating... [1m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [1m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [1m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [2m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [2m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [2m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [2m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [2m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [2m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [3m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [3m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [3m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [3m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [3m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [3m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [4m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [4m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [4m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [4m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [4m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [4m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [5m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [5m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [5m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [5m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [5m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [5m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [6m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [6m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [6m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [6m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [6m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [6m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [7m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [7m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [7m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [7m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [7m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [7m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [8m0s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [8m10s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [8m20s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [8m30s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [8m40s elapsed]
module.eks.aws_eks_cluster.this[0]: Still creating... [8m50s elapsed]
module.eks.aws_eks_cluster.this[0]: Creation complete after 8m57s [id=istio]
module.eks.data.aws_eks_addon_version.this["kube-proxy"]: Reading...
module.eks.data.aws_eks_addon_version.this["vpc-cni"]: Reading...
module.eks.aws_ec2_tag.cluster_primary_security_group["GithubRepo"]: Creating...
module.eks.data.aws_eks_addon_version.this["vpc-cni"]: Read complete after 1s [id=vpc-cni]
module.eks.data.aws_eks_addon_version.this["kube-proxy"]: Read complete after 1s [id=kube-proxy]
module.eks.data.aws_eks_addon_version.this["coredns"]: Reading...
module.eks.data.tls_certificate.this[0]: Reading...
module.eks.time_sleep.this[0]: Creating...
module.eks.aws_ec2_tag.cluster_primary_security_group["Blueprint"]: Creating...
kubernetes_namespace_v1.istio_system: Creating...
module.eks.data.aws_eks_addon_version.this["coredns"]: Read complete after 0s [id=coredns]
module.eks.aws_ec2_tag.cluster_primary_security_group["GithubRepo"]: Creation complete after 2s [id=sg-0ef2dd7feda4fbaf3,GithubRepo]
module.eks.aws_ec2_tag.cluster_primary_security_group["Blueprint"]: Creation complete after 1s [id=sg-0ef2dd7feda4fbaf3,Blueprint]
module.eks.data.tls_certificate.this[0]: Read complete after 1s [id=34b882443ccd2d1a84de1dbac994b28b7f371f17]
module.eks.aws_iam_openid_connect_provider.oidc_provider[0]: Creating...
module.eks.aws_iam_openid_connect_provider.oidc_provider[0]: Creation complete after 1s [id=arn:aws:iam::794745767729:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/02EABAED67C4506856AAC5E115B3A92A]
module.eks_blueprints_addons.time_sleep.this: Creating...
kubernetes_namespace_v1.istio_system: Creation complete after 4s [id=istio-system]
module.eks_blueprints_addons.helm_release.this["istio-ingress"]: Creating...
module.eks_blueprints_addons.helm_release.this["istio-base"]: Creating...
module.eks_blueprints_addons.helm_release.this["istiod"]: Creating...
module.eks.time_sleep.this[0]: Still creating... [10s elapsed]
module.eks_blueprints_addons.time_sleep.this: Still creating... [10s elapsed]
module.eks_blueprints_addons.helm_release.this["istio-ingress"]: Still creating... [10s elapsed]
module.eks_blueprints_addons.helm_release.this["istio-base"]: Still creating... [10s elapsed]
module.eks_blueprints_addons.helm_release.this["istiod"]: Still creating... [10s elapsed]
module.eks_blueprints_addons.helm_release.this["istio-ingress"]: Creation complete after 13s [id=istio-ingress]
module.eks.time_sleep.this[0]: Still creating... [20s elapsed]
module.eks_blueprints_addons.time_sleep.this: Still creating... [20s elapsed]
module.eks_blueprints_addons.helm_release.this["istio-base"]: Creation complete after 19s [id=istio-base]
module.eks_blueprints_addons.helm_release.this["istiod"]: Creation complete after 19s [id=istiod]
module.eks.time_sleep.this[0]: Still creating... [30s elapsed]
module.eks.time_sleep.this[0]: Creation complete after 30s [id=2023-09-19T19:36:31Z]
module.eks.module.eks_managed_node_group["initial"].aws_launch_template.this[0]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_launch_template.this[0]: Creation complete after 0s [id=lt-05b01daf920805cba]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Creating...
module.eks_blueprints_addons.time_sleep.this: Still creating... [30s elapsed]
module.eks_blueprints_addons.time_sleep.this: Creation complete after 30s [id=2023-09-19T19:36:33Z]
module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.assume[0]: Reading...
module.eks_blueprints_addons.module.aws_load_balancer_controller.data.aws_iam_policy_document.assume[0]: Read complete after 0s [id=2445206849]
module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]: Creating...
module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role.this[0]: Creation complete after 0s [id=alb-controller-20230919193633771700000012]
module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role_policy_attachment.this[0]: Creating...
module.eks_blueprints_addons.module.aws_load_balancer_controller.aws_iam_role_policy_attachment.this[0]: Creation complete after 0s [id=alb-controller-20230919193633771700000012-20230919193634115300000013]
module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]: Creating...
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [10s elapsed]
module.eks_blueprints_addons.module.aws_load_balancer_controller.helm_release.this[0]: Creation complete after 10s [id=aws-load-balancer-controller]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [20s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [30s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [40s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [50s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [1m0s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [1m10s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [1m20s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [1m30s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Still creating... [1m40s elapsed]
module.eks.module.eks_managed_node_group["initial"].aws_eks_node_group.this[0]: Creation complete after 1m50s [id=istio:initial-20230919193632352300000010]
module.eks.aws_eks_addon.this["kube-proxy"]: Creating...
module.eks.aws_eks_addon.this["vpc-cni"]: Creating...
module.eks.aws_eks_addon.this["coredns"]: Creating...
module.eks.aws_eks_addon.this["kube-proxy"]: Creation complete after 5s [id=istio:kube-proxy]
module.eks.aws_eks_addon.this["coredns"]: Still creating... [10s elapsed]
module.eks.aws_eks_addon.this["vpc-cni"]: Still creating... [10s elapsed]
module.eks.aws_eks_addon.this["coredns"]: Creation complete after 15s [id=istio:coredns]
module.eks.aws_eks_addon.this["vpc-cni"]: Still creating... [20s elapsed]
module.eks.aws_eks_addon.this["vpc-cni"]: Still creating... [30s elapsed]
module.eks.aws_eks_addon.this["vpc-cni"]: Creation complete after 36s [id=istio:vpc-cni]
╷
│ Warning: Argument is deprecated
│
│   with module.eks.aws_eks_addon.this["vpc-cni"],
│   on .terraform/modules/eks/main.tf line 392, in resource "aws_eks_addon" "this":
│  392:   resolve_conflicts        = try(each.value.resolve_conflicts, "OVERWRITE")
│
│ The "resolve_conflicts" attribute can't be set to "PRESERVE" on initial resource creation. Use "resolve_conflicts_on_create" and/or "resolve_conflicts_on_update" instead
│
│ (and 2 more similar warnings elsewhere)
╵

Apply complete! Resources: 69 added, 0 changed, 0 destroyed.

Outputs:

configure_kubectl = "aws eks --region us-west-2 update-kubeconfig --name istio"

@bryantbiggs bryantbiggs temporarily deployed to EKS Blueprints Test September 19, 2023 20:08 — with GitHub Actions Inactive
rodrigobersa
rodrigobersa approved these changes Sep 19, 2023
View reviewed changes
Copy link
Contributor

@rodrigobersa rodrigobersa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

@bryantbiggs bryantbiggs merged commit e281f77 into main Sep 19, 2023
56 checks passed
@bryantbiggs bryantbiggs deleted the fix/istio-ordering branch September 19, 2023 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vchintal vchintal vchintal left review comments

@rodrigobersa rodrigobersa rodrigobersa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The ordered deployment of Helm charts for Istio pattern is broken with latest commit
3 participants
@bryantbiggs @vchintal @rodrigobersa