Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(aws-ecs): make Cluster.addAsgCapacityProvider() not need specify machineImageType. #16360

Closed
2 tasks
neilkuan opened this issue Sep 3, 2021 · 1 comment · Fixed by #16361
Closed
2 tasks

fix(aws-ecs): make Cluster.addAsgCapacityProvider() not need specify machineImageType. #16360

neilkuan opened this issue Sep 3, 2021 · 1 comment · Fixed by #16361
Assignees
@madeline-k @upparekh
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container feature-request A feature should be added or improved.

Comments

@neilkuan
Copy link
Contributor

neilkuan commented Sep 3, 2021

Now Cluster.addAsgCapacityProvider() need to be specified machineImageType to determine whether it is MachineImageType.AMAZON_LINUX_2 or MachineImageType.BOTTLEROCKET.
But this approach is not very intuitive.

Because when you create AsgCapacityProvider, you already can specify the machineImageType.

example create Bottlerocket autoscaling provider:

const capacityProviderBottlerocket = new ecs.AsgCapacityProvider(stack, 'providerBottlerocket', {
      autoScalingGroup: autoScalingGroupBottlerocket,
      enableManagedTerminationProtection: false,
      machineImageType: ecs.MachineImageType.BOTTLEROCKET, // <- machineImageType
    });

But now you have to specify machineImageType once at Cluster.addAsgCapacityProvider(capacityProviderBottlerocket, { machineImageType: ecs.MachineImageType.BOTTLEROCKET, }) again, which is very unintuitive.

const cluster = new ecs.Cluster(this, 'cluster', { vpc, });

const capacityProviderBottlerocket = new ecs.AsgCapacityProvider(stack, 'providerBottlerocket', {
      autoScalingGroup: autoScalingGroupBottlerocket,
      enableManagedTerminationProtection: false,
      machineImageType: ecs.MachineImageType.BOTTLEROCKET, // <- machineImageType
    });

cluster.addAsgCapacityProvider(capacityProviderBottlerocket, {
 machineImageType: ecs.MachineImageType.BOTTLEROCKET,
});

And if you create Bottlerocket autoscaling provider, but forgot to specify machineImageType at Cluster.addAsgCapacityProvider(), Bottlerocket Node will failed to register to ecs cluster.
root case is:

aws-cdk/packages/@aws-cdk/aws-ecs/lib/cluster.ts

Lines 357 to 388 in 174b066

private configureAutoScalingGroup(autoScalingGroup: autoscaling.AutoScalingGroup, options: AddAutoScalingGroupCapacityOptions = {}) {
if (autoScalingGroup.osType === ec2.OperatingSystemType.WINDOWS) {
this.configureWindowsAutoScalingGroup(autoScalingGroup, options);
} else {
// Tie instances to cluster
switch (options.machineImageType) {
// Bottlerocket AMI
case MachineImageType.BOTTLEROCKET: {
autoScalingGroup.addUserData(
// Connect to the cluster
// Source: https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-ECS.md#connecting-to-your-cluster
'[settings.ecs]',
`cluster = "${this.clusterName}"`,
);
// Enabling SSM
// Source: https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-ECS.md#enabling-ssm
autoScalingGroup.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'));
// required managed policy
autoScalingGroup.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonEC2ContainerServiceforEC2Role'));
break;
}
default:
// Amazon ECS-optimized AMI for Amazon Linux 2
autoScalingGroup.addUserData(`echo ECS_CLUSTER=${this.clusterName} >> /etc/ecs/ecs.config`);
if (!options.canContainersAccessInstanceRole) {
// Deny containers access to instance metadata service
// Source: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html
autoScalingGroup.addUserData('sudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP');
autoScalingGroup.addUserData('sudo service iptables save');
// The following is only for AwsVpc networking mode, but doesn't hurt for the other modes.
autoScalingGroup.addUserData('echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config');
}

Proposed Solution

Let Cluster.addAsgCapacityProvider() not need to specify machineImageType.

cluster.addAsgCapacityProvider(capacityProviderBottlerocket, {
 machineImageType: ecs.MachineImageType.BOTTLEROCKET,
});
cluster.addAsgCapacityProvider(capacityProviderBottlerocket);

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@neilkuan neilkuan added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 3, 2021
@github-actions github-actions bot added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Sep 3, 2021
@neilkuan neilkuan mentioned this issue Sep 3, 2021
Merged
@upparekh upparekh removed the needs-triage This issue or PR still needs to be triaged. label Oct 8, 2021
@upparekh upparekh self-assigned this Oct 8, 2021
@mergify mergify bot closed this as completed in #16361 Oct 12, 2021
mergify bot pushed a commit that referenced this issue Oct 12, 2021
@neilkuan
fix(aws-ecs): add ASG capacity via Capacity Provider by not specifyin…
93b3fdc 
…g machineImageType (#16361)

fix(aws-ecs): make `Cluster.addAsgCapacityProvider()` not need specify `machineImageType`

close #16360 
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Feb 21, 2022
@neilkuan @TikiTDO
fix(aws-ecs): add ASG capacity via Capacity Provider by not specifyin…
c2ee4f1 
…g machineImageType (aws#16361)

fix(aws-ecs): make `Cluster.addAsgCapacityProvider()` not need specify `machineImageType`

close aws#16360 
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@madeline-k madeline-k

@upparekh upparekh

Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(aws-ecs): add ASG capacity via Capacity Provider by not specifying machineImageType
3 participants
@neilkuan @madeline-k @upparekh