Adding a managed node group to an EKS cluster in a different Pulumi stack

Adding a managed node group to an EKS cluster in a different Pulumi stack

Pulumi's Amazon EKS package provides high-level component resources for Amazon's Elastic Kubernetes Service, simplifying the setup of clusters and node groups compared to the lower-level EKS resources available as part of the AWS Classic package.

There's a common question people arrive at when trying to add node groups to an EKS cluster previously created via eks.Cluster in a different stack. Recently someone asked about this problem again on the Pulumi Slack, motivating me to write up this post.

The short version of the question is:

I'm creating an EKS cluster in one stack, and I'd like to add a managed node group to it in a different stack.

But I cannot figure out how to export the eks.Cluster resource so that I can pass it to eks.ManagedNodeGroup.

The answer to this is not obvious, and comes in three parts.

First of all, it's not possible to export and import the entire eks.Cluster component resource. In Pulumi, only values can be exported and imported into other stacks.

Further, contrary to what Pulumi AI will have you believe, there is no equivalent to aws.eks.getCluster() for the Amazon EKS package (relevant GitHub issue).

This means that we'll not be able to obtain an eks.Cluster resource that we could pass to eks.ManagedNodeGroup. However, we can use aws.eks.NodeGroup to add managed node groups to EKS Kubernetes clusters.

Somewhat confusingly, aws.eks.NodeGroup will create what EKS calls a managed nodegroup, while eks.NodeGroup creates what is known as self-managed nodes. In fact, the eks.ManagedNodeGroup component resource does little beyond wrapping an aws.eks.NodeGroup resource (see the source code).

Since aws.eks.NodeGroup only requires the cluster's name and node role ARN, we can create the cluster and export these values:

import pulumi
import pulumi_eks as eks

eks_cluster = eks.Cluster("eks-cluster")

pulumi.export("node_role_arn", eks_cluster.core.instanceRoles[0].arn)

In a second stack, we can reference the first and pass its outputs to aws.eks.NodeGroup:

import pulumi
import pulumi_aws as aws

first_stack = pulumi.StackReference(...)

managed_node_group = aws.eks.NodeGroup(