(eks): LoadBalancer type of Service failed to start in the EKS cluster created by CDK

[yjw113080]

Right after I create an EKS cluster with CDK I tried to provision a Service Object with LoadBalancer Type. I got the following error when I describe the service:

  Warning  SyncLoadBalancerFailed  6s (x4 over 43s)  service-controller  Error syncing load balancer: failed to ensure load balancer: Multiple tagged security groups found for instance i-0f13b228f51aa3c4c; ensure only the k8s security group is tagged; the tagged groups were sg-01e539b21c944bd17(ClusterStack-us-west-2-demogoclusterspotgroupInstanceSecurityGroupA4E3F5E6-13FWAGRXOSPPM) sg-02e6abb7dd3641358(eks-cluster-sg-demogo-1335419381)

I added ASG capacity with Spot Instances and CDK assigned two Security Groups with kubernetes.io/cluster/CLUSTER_NAME=owned tags.
From one of the Security Groups, I delete the tag (ref: kubernetes/kubernetes#73906) then it worked.
Changing the tag to shared did not work for me.

Reproduction Steps

1. Create cluster and CI/CD resources using this: https://github.com/yjw113080/aws-cdk-eks-multi-region
2. I applied Kubernetes Resources including Deployment and Service (Type=LoadBalancer)

What did you expect to happen?

Create Service without any issue.

What actually happened?

The service went pending.

Environment

• CDK CLI Version : 1.79.0 (build 8b3bf9c)
• Framework Version: 1.79.0
• Node.js Version: v14.7.0
• OS : Mojave 10.14.6
• Language (Version): TypeScript (4.0.2)

Other

---

This is 🐛 Bug Report

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.