Hmm i have 2 pulumi deployed EKS clusters one in the japan a Pulumi Community #aws

Hmm, i have 2 pulumi deployed EKS clusters, one in...

proud-pizza-80589

05/24/2023, 3:37 PM

Hmm, i have 2 pulumi deployed EKS clusters, one in the japan and one in the singapore region where i can no longer run updates error: Error: Cannot retrieve the certificate fingerprint at the issuer URL: https://oidc.eks.ap-northeast-3.amazonaws.com at /Users/roderik/Development/bpaas/node_modules/.pnpm/@pulumi+eks@1.0.2_@swc+core@1.3.59_@types+node@18.16.14/node_modules/@pulumi/cert-thumprint.ts12711 at Generator.throw (<anonymous>) at rejected (/Users/roderik/Development/bpaas/node_modules/.pnpm/@pulumi+eks@1.0.2_@swc+core@1.3.59_@types+node@18.16.14/node_modules/@pulumi/eks/cert-thumprint.js1965) at processTicksAndRejections (nodeinternal/process/task queues95:5) the same cluster code (different stacks) in other regions still works and updates. So clearly a south east asia problem. Anyone have an idea?

tall-library-51128

05/24/2023, 3:50 PM

I haven't used

pulumi_eks

in a while (moved to

pulumi_aws

) but shouldn't the URL above be in this format ?

<https://oidc.eks.ap-northeast-3.amazonaws.com/id/><id>

or you redacted the value ?

proud-pizza-80589

05/24/2023, 3:51 PM

no, this is just the pulumi output

proud-pizza-80589

05/24/2023, 3:51 PM

the stack export has the right urls and ids

proud-pizza-80589

05/24/2023, 3:53 PM

it swallows the error here https://github.com/pulumi/pulumi-eks/blob/563970bf5d5ef8749f4e56007961fa49fa04ac4c/nodejs/eks/cert-thumprint.ts#L127

proud-pizza-80589

05/24/2023, 3:54 PM

trying to add some debugging code

proud-pizza-80589

05/24/2023, 3:55 PM

Copy code

Error [ERR_SOCKET_CONNECTION_TIMEOUT]: Socket connection timeout
        at new NodeError (node:internal/errors:399:5)
        at internalConnectMultiple (node:net:1099:20)
        at Timeout.internalConnectMultipleTimeout (node:net:1638:3)
        at listOnTimeout (node:internal/timers:575:11)
        at processTimers (node:internal/timers:514:7) {
      code: 'ERR_SOCKET_CONNECTION_TIMEOUT'
    }

tall-library-51128

05/24/2023, 3:56 PM

I see, you're onto something here. Private Endpoint maybe ?

proud-pizza-80589

05/24/2023, 3:56 PM

no, nothing, and i can curl the full url with id from my computer (403 error but no connection issue)

proud-pizza-80589

05/24/2023, 4:00 PM

ok, i accidentally switched to node 20, switched to 18 and it works now

tall-library-51128

05/24/2023, 4:01 PM

sorry, you mean Node js

tall-library-51128

05/24/2023, 4:01 PM

🙂

proud-pizza-80589

05/24/2023, 4:01 PM

😉 not sure what changed in node 20 to cause this

tall-library-51128

05/24/2023, 4:02 PM

good luck! I gave

pulumi_eks

a try last year and ended up using plain

pulumi_aws

so in the case above I would run

pulumi_tls

to get the fingerprint.

proud-pizza-80589

05/24/2023, 4:04 PM

don't actually need node 20, was messign with my zsh config and my aliasses were gone

gray-electrician-97832

05/31/2023, 4:15 PM

asdf

is your friend!

proud-pizza-80589

06/03/2023, 8:23 AM

trying out volta now, also looks cool

27 Views

Open in Slack

Previous Next