Support for different subnets in fargate profile configurations

[aittam]

I have issues

I want to create an eks cluster with both fargate and node group support. I also want to have many fargate profiles with different subnet configurations.

I'm submitting a...

• bug report
• feature request
• support request - read the FAQ first!
• kudos, thank you, warm fuzzy

What is the current behavior?

The current behavior is that all fargate profiles shares the same private subnets as the EKS cluster. Specifically the ones passed by the variable subnets.

What's the expected behavior?

The expected behavior is to be able to customize the fargate profiles subnets input variable for each profile

Are you able to fix this problem and submit a PR? Link here if you have already.

I have already contributed to a fix, this is the PR link.

Environment details

• Affected module version: latest
• OS: all
• Terraform version: 0.13

Any other relevant info

[TBeijen]

Running into same issue.

Created clusters with both private and public subnets, although the worker groups are restricted to private subnets. Can't really remember the reason. Maybe it was the initial requirement of managed nodes to be in public subnets, maybe I goofed up.

[myoung34]

The problem seems to be that fargate only supports private subnets but the module attaches all subnets with no regard to private public (thus attaching public) here

[aittam]

@myoung34 actually the patch provided gives you the ability to pass any subnet to the fargate profile. If you don't pass a specific subnet it's going to use the var.subnets. In that case yes, if var.subnets contains public subnet it may be a problem (did not verify it) but is not really related with this patch, it keeps the same default behaviour as before. I can actually close this since the patch has been merged.

[myoung34]

That's part of the problem @aittam

there's only one subnets variable. Per doc: A list of subnets to place the EKS cluster and workers within.

This makes it so that you cant have a public control plane and private fargate workers, no?

[aittam]

@myoung34 yes you can, you can pass whatever subnet you want to the fargate profile regardless of var.subnet. Look at the example. You can specify the subnets inside the fargate profile.

[myoung34]

Ah, looks like the patch fixed the issue I had. I'll try again when I get back to this one

[barryib]

closing since we now have subnets argument for fargate profile.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.