Fix ManagedNodeGroup instances not registering with EKS when using enableIMDSv2 (#1287)

flostadler · web-flow · commit 257f0d6f413d · 2024-07-30T21:52:30.000+02:00
diff --git a/examples/managed-nodegroups/index.ts b/examples/managed-nodegroups/index.ts
@@ -69,3 +69,10 @@ const managedNodeGroup2 = eks.createManagedNodeGroup(
   },
   cluster
 );
+
+// Create a simple AWS managed node group with IMDSv2 enabled
+const managedNodeGroup3 = eks.createManagedNodeGroup("example-managed-ng3", {
+  cluster: cluster,
+  nodeRole: role2,
+  enableIMDSv2: true,
+});
diff --git a/examples/tests/managed-ng-with-version/index.ts b/examples/tests/managed-ng-with-version/index.ts
@@ -5,6 +5,7 @@ import * as iam from "./iam";
 // IAM roles for the node groups.
 const role0 = iam.createRole("example-role0");
 const role1 = iam.createRole("example-role1");
+const role2 = iam.createRole("example-role2");
 
 // Create a new VPC
 const eksVpc = new awsx.ec2.Vpc("eks-vpc", {
@@ -21,7 +22,7 @@ const cluster = new eks.Cluster("example-managed-nodegroups", {
     publicSubnetIds: eksVpc.publicSubnetIds,
     // Private subnets will be used for cluster nodes
     privateSubnetIds: eksVpc.privateSubnetIds,
-    instanceRoles: [role0, role1],
+    instanceRoles: [role0, role1, role2],
 });
 
 // Export the cluster's kubeconfig.
@@ -43,3 +44,11 @@ const managedNodeGroup1 = eks.createManagedNodeGroup("example-managed-ng1", {
     nodeRoleArn: role1.arn,
     version: cluster.eksCluster.version,
 }, cluster);
+
+// Managed node group with IMDSv2 enabled
+const managedNodeGroup2 = eks.createManagedNodeGroup("example-managed-ng2", {
+    cluster: cluster,
+    nodeRole: role2,
+    version: cluster.eksCluster.version,
+    enableIMDSv2: true,
+}, cluster);
diff --git a/nodejs/eks/nodegroup.ts b/nodejs/eks/nodegroup.ts
@@ -1742,7 +1742,10 @@ function createManagedNodeGroupInternal(
     let launchTemplate: aws.ec2.LaunchTemplate | undefined;
     if (args.kubeletExtraArgs || args.bootstrapExtraArgs || args.enableIMDSv2) {
         launchTemplate = createMNGCustomLaunchTemplate(name, args, core, parent, provider);
-        // EKS doesn't allow setting the kubernetes version in the node group if a custom launch template is used.
+    }
+
+    if (launchTemplate?.imageId) {
+        // EKS doesn't allow setting the kubernetes version in the node group if an image id is provided within the launch template.
         delete nodeGroupArgs.version;
     }
 
@@ -1843,9 +1846,9 @@ Content-Type: text/x-shellscript; charset="us-ascii"
         {
             userData,
             metadataOptions,
-            // We need to always supply an imageId, otherwise AWS will attempt to merge the user data which will result in
+            // We need to supply an imageId if userData is set, otherwise AWS will attempt to merge the user data which will result in
             // nodes failing to join the cluster.
-            imageId: getRecommendedAMI(args, core.cluster.version, parent),
+            imageId: userData ? getRecommendedAMI(args, core.cluster.version, parent) : undefined,
         },
         { parent, provider },
     );
