Is it safe to delete node group ?

0

Hello, I have two node group using the same IAM role. I want to delete one of the node groups as I no longer have use for it but the documentation says:

If you delete a managed node group that uses a node IAM role that isn't used by any other managed node group in the cluster, the role is removed from the aws-auth ConfigMap. If any of the self-managed node groups in the cluster are using the same node IAM role, the self-managed nodes move to the NotReady status. Additionally, the cluster operation are also disrupted. You can add the mapping back to the ConfigMap to minimize disruption.

I'm not sure what this means exactly. Does the rolearn key/value get removed from aws-auth configmap and I have to add it after the deletion otherwise my cluster operations get disrupted?

2 Answers
0

Yes you will have to add the mapping back to the ConfigMap if you remove one of the nodegrooup

AWS
Anurag
answered 9 months ago
0

I know what that means! Because AWS dropped the whole prod cluster right now because of this! It is unbelievable! Should I read the whole EKS documentation each time I do any operation with an EKS cluster? I think it is a good idea. I removed the last node group and, of course, I had no idea that AWS could change the crucial AWS-Auth ConfigMap with just a notice somewhere deep in the documentation. Is it serious? YES! You can be fired because AWS has some magic, unexpected behavior. In my case, my AWS-Auth contains a few additional required mapRoles, and after I removed the last node group, AWS just reset AWS-Auth to the default state in which all K8s resources become red. Hopefully, we use Terraform and it shows me that AWS-Auth is not up to date.

Alex
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions