Access entries on Windows MNGs with custom AMIs #3411
Description
Description
We have several mixed workload EKS clusters running multiple MNG's on Windows EKS optimized AMI's.
We're now trying to migrate to using custom AMI's but are running into the issue that the Access Entries for these MNG's are all of type EC2_LINUX instead of EC2_WINDOWS.
This renders the nodes useless as the networking on the containers is broken.
It looks like AWS has no idea which type of node group this is and assumes it is Linux when creating the access entry.
The same problem has already been mentioned in issue #2994 and #3292 but that issue was closed without solution on this subject.
Versions
Module version [Required]: 20.24.3
Terraform version: 1.10.1
Provider version(s):
aws: 5.61.0
Reproduction Code [Required]
ng-win-cpg-2019-cust = {
name = "ng-win-mod-2019-cust"
ami_type = "CUSTOM"
ami_id = "ami-xxxxxxx"
platform = "windows"
instance_types = ["m6a.xlarge"]
capacity_type = "ON_DEMAND"
create_launch_template = true
use_custom_launch_template = true
enable_bootstrap_user_data = true
enable_monitoring = true
disk_size = 200
block_device_mappings = {
sda1 = {
device_name = "/dev/sda1"
ebs = {
volume_size = 200
volume_type = "gp3"
iops = 3000
throughput = 125
encrypted = false
}
}
}
max_size = "20"
min_size = "2"
desired_size = "2"
key_name = "xxxxxx"
labels = {}
}
Steps to reproduce the behavior:
Create a new node group on your eks cluster. When you create to node via Terraform based on a CUSTOM ami then the node group is created as expected except for the access grant. For that matter the Windows NodeGroup is defined as an EC2_Linux node group.
Expected behavior
An access rule of type EC2_WINDOWS is created for the MNG.
Actual behavior
An access rule of type EC2_LINUX is created for the MNG.