Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Publish AMI Version in SSM Parameters #423

Closed
bflad opened this issue Feb 26, 2020 · 2 comments
Closed

Publish AMI Version in SSM Parameters #423

bflad opened this issue Feb 26, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@bflad
Copy link

bflad commented Feb 26, 2020

What would you like to be added:

Add an "AMI Version" SSM Parameter, e.g.

Name: /aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/ami_version
Type: String
Value: 1.14.9-20200122

Why is this needed:

The EKS CreateNodeGroup API call accepts a parameter named releaseVersion which needs to match the published "AMI Version" names on the Amazon EKS-Optimized Linux AMI Versions documentation page. e.g. 1.14.8-20191213

The SSM Parameters published by the release pipeline do not seem to include this information currently:

$ aws ssm get-parameters-by-path --path /aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/
{
    "Parameters": [
        {
            "Name": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id",
            "Type": "String",
            "Value": "ami-08d5d1a25493f6a71",
            "Version": 6,
            "LastModifiedDate": "2020-02-25T16:00:58.946000-05:00",
            "ARN": "arn:aws:ssm:us-west-2::parameter/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id"
        },
        {
            "Name": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_name",
            "Type": "String",
            "Value": "amazon-eks-node-1.14-v20200122",
            "Version": 6,
            "LastModifiedDate": "2020-02-25T16:00:58.984000-05:00",
            "ARN": "arn:aws:ssm:us-west-2::parameter/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_name"
        },
        {
            "Name": "/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/schema_version",
            "Type": "String",
            "Value": "1",
            "Version": 6,
            "LastModifiedDate": "2020-02-25T16:00:58.912000-05:00",
            "ARN": "arn:aws:ssm:us-west-2::parameter/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/schema_version"
        }
    ]
}

In the Terraform AWS Provider, we provide end-to-end testing for that parameter. This testing is currently hardcoded because there does not appear to be a lookup mechanism in SSM or the EKS API for an acceptable value:

https://github.com/terraform-providers/terraform-provider-aws/blob/2db63198564e911f320389268b8f46f53c9ca694/aws/resource_aws_eks_node_group_test.go#L271-L295

And after awhile the EKS API will complain about outdated values:

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1225.88s)
    testing.go:654: Step 0 error: errors during apply:
        
        Error: error creating EKS Node Group (tf-acc-test-9113909416381506697:tf-acc-test-9113909416381506697): InvalidParameterException: Requested Node Group release version 1.14.7-20190927 is invalid. Allowed release version is 1.14.8-20191213

Having the SSM Parameter available seems like the easiest path, however we are really looking for any lookup mechanism. Operators would then be able to use changes in this value to automatically trigger EKS Node Group upgrades.

Thanks!

Additional References:

bflad added a commit to hashicorp/terraform-provider-aws that referenced this issue Feb 26, 2020
…aseVersion argument value

Reference: awslabs/amazon-eks-ami#423
Reference: aws/containers-roadmap#771

There is currently no lookup mechanism for these values other than the website. See referenced issue for hopeful path forward via a new SSM Parameter, although there does appear to be a delay between the AMI release and EKS API support.

Previous output from acceptance testing (master and latest version testing):

```
--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1225.88s)
    testing.go:654: Step 0 error: errors during apply:

        Error: error creating EKS Node Group (tf-acc-test-9113909416381506697:tf-acc-test-9113909416381506697): InvalidParameterException: Requested Node Group release version 1.14.7-20190927 is invalid. Allowed release version is 1.14.8-20191213

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1375.87s)
    testing.go:654: Step 0 error: errors during apply:

        Error: error creating EKS Node Group (tf-acc-test-7174874914828901519:tf-acc-test-7174874914828901519): InvalidParameterException: Requested Node Group release version 1.14.9-20200122 is invalid. Allowed release version is 1.14.8-20191213
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (1564.18s)
```
bflad added a commit to hashicorp/terraform-provider-aws that referenced this issue Mar 4, 2020
…aseVersion argument value (#12172)

Reference: awslabs/amazon-eks-ami#423
Reference: aws/containers-roadmap#771

There is currently no lookup mechanism for these values other than the website. See referenced issue for hopeful path forward via a new SSM Parameter, although there does appear to be a delay between the AMI release and EKS API support.

Previous output from acceptance testing (master and latest version testing):

```
--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1225.88s)
    testing.go:654: Step 0 error: errors during apply:

        Error: error creating EKS Node Group (tf-acc-test-9113909416381506697:tf-acc-test-9113909416381506697): InvalidParameterException: Requested Node Group release version 1.14.7-20190927 is invalid. Allowed release version is 1.14.8-20191213

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1375.87s)
    testing.go:654: Step 0 error: errors during apply:

        Error: error creating EKS Node Group (tf-acc-test-7174874914828901519:tf-acc-test-7174874914828901519): InvalidParameterException: Requested Node Group release version 1.14.9-20200122 is invalid. Allowed release version is 1.14.8-20191213
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (1564.18s)
```
@mogren mogren added the enhancement New feature or request label Mar 27, 2020
@mikestef9
Copy link
Contributor

This has been added. Ex

aws ssm get-parameter --name /aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/release_version

@bflad
Copy link
Author

bflad commented May 13, 2020

@mikestef9 Awesome! I'll double check this shortly. 😄

@rtripat rtripat closed this as completed May 13, 2020
bflad added a commit to hashicorp/terraform-provider-aws that referenced this issue May 14, 2020
…change

Reference: #13071
Reference: https://aws.amazon.com/blogs/containers/upcoming-changes-to-ip-assignment-for-eks-managed-node-groups/
Reference: awslabs/amazon-eks-ami#423

This also switches the ReleaseVersion testing to use the newly available SSM Parameter, so it is no longer hardcoded and stale.

Previously:

```
--- FAIL: TestAccAWSEksNodeGroup_basic (1278.58s)
testing.go:683: Step 0 error: errors during apply:
Error: error waiting for EKS Node Group (tf-acc-test-8344543808745629148:tf-acc-test-8344543808745629148) creation: Ec2SubnetInvalidConfiguration: One or more Amazon EC2 Subnets of [subnet-09e307c552d8e2396, subnet-09b4b4c79ae9b1c5a] for node group tf-acc-test-8344543808745629148 does not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet. See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip. Resource IDs: [subnet-09e307c552d8e2396 subnet-09b4b4c79ae9b1c5a]

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1129.51s)
testing.go:683: Step 0 error: errors during apply:
Error: error creating EKS Node Group (tf-acc-test-395161592184105116:tf-acc-test-395161592184105116): InvalidParameterException: releaseVersion 1.14.8-20191213 is invalid
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_AmiType (1539.44s)
--- PASS: TestAccAWSEksNodeGroup_basic (1485.68s)
--- PASS: TestAccAWSEksNodeGroup_disappears (1425.45s)
--- PASS: TestAccAWSEksNodeGroup_DiskSize (1551.75s)
--- PASS: TestAccAWSEksNodeGroup_InstanceTypes (1545.64s)
--- PASS: TestAccAWSEksNodeGroup_Labels (1647.48s)
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (1578.86s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_Ec2SshKey (1566.70s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_SourceSecurityGroupIds (1698.65s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_DesiredSize (1619.70s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MaxSize (1610.20s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MinSize (1551.41s)
--- PASS: TestAccAWSEksNodeGroup_Tags (1501.53s)
--- PASS: TestAccAWSEksNodeGroup_Version (1513.24s)
```
bflad added a commit to hashicorp/terraform-provider-aws that referenced this issue May 19, 2020
…change (#13323)

* service/eks: Fix testing and eks-getting-started example for EKS API change

Reference: #13071
Reference: https://aws.amazon.com/blogs/containers/upcoming-changes-to-ip-assignment-for-eks-managed-node-groups/
Reference: awslabs/amazon-eks-ami#423

This also switches the ReleaseVersion testing to use the newly available SSM Parameter, so it is no longer hardcoded and stale.

Previously:

```
--- FAIL: TestAccAWSEksNodeGroup_basic (1278.58s)
testing.go:683: Step 0 error: errors during apply:
Error: error waiting for EKS Node Group (tf-acc-test-8344543808745629148:tf-acc-test-8344543808745629148) creation: Ec2SubnetInvalidConfiguration: One or more Amazon EC2 Subnets of [subnet-09e307c552d8e2396, subnet-09b4b4c79ae9b1c5a] for node group tf-acc-test-8344543808745629148 does not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet. See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip. Resource IDs: [subnet-09e307c552d8e2396 subnet-09b4b4c79ae9b1c5a]

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1129.51s)
testing.go:683: Step 0 error: errors during apply:
Error: error creating EKS Node Group (tf-acc-test-395161592184105116:tf-acc-test-395161592184105116): InvalidParameterException: releaseVersion 1.14.8-20191213 is invalid
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_AmiType (1539.44s)
--- PASS: TestAccAWSEksNodeGroup_basic (1485.68s)
--- PASS: TestAccAWSEksNodeGroup_disappears (1425.45s)
--- PASS: TestAccAWSEksNodeGroup_DiskSize (1551.75s)
--- PASS: TestAccAWSEksNodeGroup_InstanceTypes (1545.64s)
--- PASS: TestAccAWSEksNodeGroup_Labels (1647.48s)
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (1578.86s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_Ec2SshKey (1566.70s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_SourceSecurityGroupIds (1698.65s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_DesiredSize (1619.70s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MaxSize (1610.20s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MinSize (1551.41s)
--- PASS: TestAccAWSEksNodeGroup_Tags (1501.53s)
--- PASS: TestAccAWSEksNodeGroup_Version (1513.24s)
```

* tests/resource/aws_eks_node_group: Fix version test to use version from aws_eks_cluster reference

The EKS Cluster would spin up with the latest Kubernetes version while the Node Group could be hardcoded multiple behind. The EKS API unfortunately does not provide a lookup API for versioning yet.

Previously:

```
Error: error creating EKS Node Group (tf-acc-test-1420558841397012520:tf-acc-test-1420558841397012520): InvalidParameterException: Nodegroup Kubernetes version should be equal to Cluster kubernetes version 1.16 or be behind be 1
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_Version (1630.32s)
```
adamdecaf pushed a commit to adamdecaf/terraform-provider-aws that referenced this issue May 28, 2020
…change (hashicorp#13323)

* service/eks: Fix testing and eks-getting-started example for EKS API change

Reference: hashicorp#13071
Reference: https://aws.amazon.com/blogs/containers/upcoming-changes-to-ip-assignment-for-eks-managed-node-groups/
Reference: awslabs/amazon-eks-ami#423

This also switches the ReleaseVersion testing to use the newly available SSM Parameter, so it is no longer hardcoded and stale.

Previously:

```
--- FAIL: TestAccAWSEksNodeGroup_basic (1278.58s)
testing.go:683: Step 0 error: errors during apply:
Error: error waiting for EKS Node Group (tf-acc-test-8344543808745629148:tf-acc-test-8344543808745629148) creation: Ec2SubnetInvalidConfiguration: One or more Amazon EC2 Subnets of [subnet-09e307c552d8e2396, subnet-09b4b4c79ae9b1c5a] for node group tf-acc-test-8344543808745629148 does not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet. See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip. Resource IDs: [subnet-09e307c552d8e2396 subnet-09b4b4c79ae9b1c5a]

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1129.51s)
testing.go:683: Step 0 error: errors during apply:
Error: error creating EKS Node Group (tf-acc-test-395161592184105116:tf-acc-test-395161592184105116): InvalidParameterException: releaseVersion 1.14.8-20191213 is invalid
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_AmiType (1539.44s)
--- PASS: TestAccAWSEksNodeGroup_basic (1485.68s)
--- PASS: TestAccAWSEksNodeGroup_disappears (1425.45s)
--- PASS: TestAccAWSEksNodeGroup_DiskSize (1551.75s)
--- PASS: TestAccAWSEksNodeGroup_InstanceTypes (1545.64s)
--- PASS: TestAccAWSEksNodeGroup_Labels (1647.48s)
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (1578.86s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_Ec2SshKey (1566.70s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_SourceSecurityGroupIds (1698.65s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_DesiredSize (1619.70s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MaxSize (1610.20s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MinSize (1551.41s)
--- PASS: TestAccAWSEksNodeGroup_Tags (1501.53s)
--- PASS: TestAccAWSEksNodeGroup_Version (1513.24s)
```

* tests/resource/aws_eks_node_group: Fix version test to use version from aws_eks_cluster reference

The EKS Cluster would spin up with the latest Kubernetes version while the Node Group could be hardcoded multiple behind. The EKS API unfortunately does not provide a lookup API for versioning yet.

Previously:

```
Error: error creating EKS Node Group (tf-acc-test-1420558841397012520:tf-acc-test-1420558841397012520): InvalidParameterException: Nodegroup Kubernetes version should be equal to Cluster kubernetes version 1.16 or be behind be 1
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_Version (1630.32s)
```
iffyuva pushed a commit to dockup/terraform-aws that referenced this issue Jun 1, 2020
…change (#13323)

* service/eks: Fix testing and eks-getting-started example for EKS API change

Reference: hashicorp/terraform-provider-aws#13071
Reference: https://aws.amazon.com/blogs/containers/upcoming-changes-to-ip-assignment-for-eks-managed-node-groups/
Reference: awslabs/amazon-eks-ami#423

This also switches the ReleaseVersion testing to use the newly available SSM Parameter, so it is no longer hardcoded and stale.

Previously:

```
--- FAIL: TestAccAWSEksNodeGroup_basic (1278.58s)
testing.go:683: Step 0 error: errors during apply:
Error: error waiting for EKS Node Group (tf-acc-test-8344543808745629148:tf-acc-test-8344543808745629148) creation: Ec2SubnetInvalidConfiguration: One or more Amazon EC2 Subnets of [subnet-09e307c552d8e2396, subnet-09b4b4c79ae9b1c5a] for node group tf-acc-test-8344543808745629148 does not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet. See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip. Resource IDs: [subnet-09e307c552d8e2396 subnet-09b4b4c79ae9b1c5a]

--- FAIL: TestAccAWSEksNodeGroup_ReleaseVersion (1129.51s)
testing.go:683: Step 0 error: errors during apply:
Error: error creating EKS Node Group (tf-acc-test-395161592184105116:tf-acc-test-395161592184105116): InvalidParameterException: releaseVersion 1.14.8-20191213 is invalid
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_AmiType (1539.44s)
--- PASS: TestAccAWSEksNodeGroup_basic (1485.68s)
--- PASS: TestAccAWSEksNodeGroup_disappears (1425.45s)
--- PASS: TestAccAWSEksNodeGroup_DiskSize (1551.75s)
--- PASS: TestAccAWSEksNodeGroup_InstanceTypes (1545.64s)
--- PASS: TestAccAWSEksNodeGroup_Labels (1647.48s)
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (1578.86s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_Ec2SshKey (1566.70s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_SourceSecurityGroupIds (1698.65s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_DesiredSize (1619.70s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MaxSize (1610.20s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MinSize (1551.41s)
--- PASS: TestAccAWSEksNodeGroup_Tags (1501.53s)
--- PASS: TestAccAWSEksNodeGroup_Version (1513.24s)
```

* tests/resource/aws_eks_node_group: Fix version test to use version from aws_eks_cluster reference

The EKS Cluster would spin up with the latest Kubernetes version while the Node Group could be hardcoded multiple behind. The EKS API unfortunately does not provide a lookup API for versioning yet.

Previously:

```
Error: error creating EKS Node Group (tf-acc-test-1420558841397012520:tf-acc-test-1420558841397012520): InvalidParameterException: Nodegroup Kubernetes version should be equal to Cluster kubernetes version 1.16 or be behind be 1
```

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_Version (1630.32s)
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants