gorgeous-lunch-7514
05/26/2023, 11:29 AMaws:profile
to our test sub aws account. If I deploy w/o the profile to the creds within env vars it works but I’m getting authorisation failed from k8s errors within the GitHub action I’m running, the other AWS specific stacks are deploying correctly but stops at k8s.
Any advice?
I’m seeing this a lot within github issues but not really a suitable solution.
Errors within thread.Diagnostics:
kubernetes:core/v1:Namespace (cluster-svcs):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:Namespace (app-svcs):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (cluster-gp2-encrypted):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRoleBinding|rbac.authorization.k8s.io/v1:ClusterRoleBinding> (privileged):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:Namespace (ingress-nginx):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
eks:index:VpcCni (cluster-vpc-cni):
error: Command failed: kubectl apply -f /tmp/tmp-1881iwETQCX8mFB1.tmp
error: You must be logged in to the server (the server has asked for the client to provide credentials)
pulumi:pulumi:Stack (cluster-dev):
error: update failed
error: You must be logged in to the server (the server has asked for the client to provide credentials)
kubernetes:core/v1:ConfigMap (cluster-nodeAccess):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (cluster-sc1):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:policy/v1beta1:PodSecurityPolicy (restrictive):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:Namespace (apps):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
billowy-army-68599
05/26/2023, 11:51 AMgorgeous-lunch-7514
05/26/2023, 11:52 AM// Create an AWS provider instance.
const awsProvider = new aws.Provider(`${projectName}-aws`, {
region: aws.config.region,
profile: aws.config.profile,
});
// Create an EKS cluster.
const cluster = new eks.Cluster(`${projectName}`, {
providerCredentialOpts: {
profileName: aws.config.profile,
},
instanceRoles: [
aws.iam.Role.get("adminsIamRole", stdNodegroupIamRoleName),
aws.iam.Role.get("devsIamRole", perfNodegroupIamRoleName),
],
roleMappings: [
{
roleArn: config.adminsIamRoleArn,
groups: ["system:masters"],
username: "pulumi:admins",
},
{
roleArn: config.devsIamRoleArn,
groups: ["pulumi:devs"],
username: "pulumi:alice",
},
],
vpcId: config.vpcId,
publicSubnetIds: config.publicSubnetIds,
privateSubnetIds: config.privateSubnetIds,
storageClasses: {
"gp2-encrypted": { type: "gp2", encrypted: true},
"sc1": { type: "sc1"}
},
nodeAssociatePublicIpAddress: false,
skipDefaultNodeGroup: true,
deployDashboard: false,
version: "1.24",
tags: {
"Project": "k8s-aws-cluster",
"Org": "pulumi",
},
clusterSecurityGroupTags: { "ClusterSecurityGroupTag": "true" },
nodeSecurityGroupTags: { "NodeSecurityGroupTag": "true" },
enabledClusterLogTypes: ["api", "audit", "authenticator", "controllerManager", "scheduler"],
// endpointPublicAccess: false, // Requires bastion to access cluster API endpoint
// endpointPrivateAccess: true, // Requires bastion to access cluster API endpoint
}, {
provider: awsProvider,
});
billowy-army-68599
05/26/2023, 11:52 AMgorgeous-lunch-7514
05/26/2023, 11:53 AMbillowy-army-68599
05/26/2023, 12:25 PMAWS_PROFILE
to the generated kubeconfiggorgeous-lunch-7514
05/26/2023, 1:48 PMbillowy-army-68599
05/26/2023, 1:52 PMgorgeous-lunch-7514
05/26/2023, 1:53 PM# Add new AWS profile from secrets named development
- name: Add developmemt AWS profile from secrets 🔑
run: |
aws configure set aws_access_key_id ${{ secrets.DEVELOPMENT_AWS_ACCESS_KEY_ID }} --profile development
aws configure set aws_secret_access_key ${{ secrets.DEVELOPMENT_AWS_SECRET_ACCESS_KEY }} --profile development
aws configure set region eu-west-2 --profile development
aws configure set output json --profile development
eks:index:Cluster
gets created at least 😩