sparse-intern-71089
05/26/2023, 11:29 AMgorgeous-lunch-7514
05/26/2023, 11:35 AMDiagnostics:
kubernetes:core/v1:Namespace (cluster-svcs):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:Namespace (app-svcs):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (cluster-gp2-encrypted):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRoleBinding|rbac.authorization.k8s.io/v1:ClusterRoleBinding> (privileged):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:Namespace (ingress-nginx):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
eks:index:VpcCni (cluster-vpc-cni):
error: Command failed: kubectl apply -f /tmp/tmp-1881iwETQCX8mFB1.tmp
error: You must be logged in to the server (the server has asked for the client to provide credentials)
pulumi:pulumi:Stack (cluster-dev):
error: update failed
error: You must be logged in to the server (the server has asked for the client to provide credentials)
kubernetes:core/v1:ConfigMap (cluster-nodeAccess):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (cluster-sc1):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:policy/v1beta1:PodSecurityPolicy (restrictive):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:Namespace (apps):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
billowy-army-68599
billowy-army-68599
gorgeous-lunch-7514
05/26/2023, 11:52 AM// Create an AWS provider instance.
const awsProvider = new aws.Provider(`${projectName}-aws`, {
region: aws.config.region,
profile: aws.config.profile,
});
// Create an EKS cluster.
const cluster = new eks.Cluster(`${projectName}`, {
providerCredentialOpts: {
profileName: aws.config.profile,
},
instanceRoles: [
aws.iam.Role.get("adminsIamRole", stdNodegroupIamRoleName),
aws.iam.Role.get("devsIamRole", perfNodegroupIamRoleName),
],
roleMappings: [
{
roleArn: config.adminsIamRoleArn,
groups: ["system:masters"],
username: "pulumi:admins",
},
{
roleArn: config.devsIamRoleArn,
groups: ["pulumi:devs"],
username: "pulumi:alice",
},
],
vpcId: config.vpcId,
publicSubnetIds: config.publicSubnetIds,
privateSubnetIds: config.privateSubnetIds,
storageClasses: {
"gp2-encrypted": { type: "gp2", encrypted: true},
"sc1": { type: "sc1"}
},
nodeAssociatePublicIpAddress: false,
skipDefaultNodeGroup: true,
deployDashboard: false,
version: "1.24",
tags: {
"Project": "k8s-aws-cluster",
"Org": "pulumi",
},
clusterSecurityGroupTags: { "ClusterSecurityGroupTag": "true" },
nodeSecurityGroupTags: { "NodeSecurityGroupTag": "true" },
enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
// endpointPublicAccess: false, // Requires bastion to access cluster API endpoint
// endpointPrivateAccess: true, // Requires bastion to access cluster API endpoint
}, {
provider: awsProvider,
});
billowy-army-68599
gorgeous-lunch-7514
05/26/2023, 11:53 AMgorgeous-lunch-7514
05/26/2023, 11:54 AMbillowy-army-68599
AWS_PROFILE
to the generated kubeconfiggorgeous-lunch-7514
05/26/2023, 1:48 PMgorgeous-lunch-7514
05/26/2023, 1:50 PMgorgeous-lunch-7514
05/26/2023, 1:51 PMbillowy-army-68599
billowy-army-68599
gorgeous-lunch-7514
05/26/2023, 1:53 PMgorgeous-lunch-7514
05/26/2023, 1:53 PMgorgeous-lunch-7514
05/26/2023, 1:53 PM# Add new AWS profile from secrets named development
- name: Add developmemt AWS profile from secrets 🔑
run: |
aws configure set aws_access_key_id ${{ secrets.DEVELOPMENT_AWS_ACCESS_KEY_ID }} --profile development
aws configure set aws_secret_access_key ${{ secrets.DEVELOPMENT_AWS_SECRET_ACCESS_KEY }} --profile development
aws configure set region eu-west-2 --profile development
aws configure set output json --profile development
gorgeous-lunch-7514
05/26/2023, 1:53 PMgorgeous-lunch-7514
05/26/2023, 1:53 PMgorgeous-lunch-7514
05/26/2023, 2:15 PMgorgeous-lunch-7514
05/26/2023, 2:16 PMeks:index:Cluster
gets created at least 😩gorgeous-lunch-7514
05/26/2023, 2:39 PMgorgeous-lunch-7514
05/26/2023, 3:31 PM