https://pulumi.com logo
#getting-started
Title
# getting-started
n

nutritious-air-21788

03/20/2024, 8:02 PM
Hello all - I am looking at the folllowing https://www.pulumi.com/docs/clouds/aws/guides/eks/ guide as I work on a proof of concept. That being said, the
Provisioning a New EKS Cluster
steps do not work for me and I’ve now tried multiple languages (and I get the same error). The cluster is provisioned, however the step involving kubeconfig / configmap / vpc-cni fail with errors:
Copy code
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://<really-long-amazon-url>": getting credentials: decoding stdout: couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct ...
It seems that several calls are expecting
/openapi/v2
on the control plane to work, but the endpoint is returning
forbidden: user 'system:anonymous' cannot get path '/openapi/v2'
I can replicate this in either C# or python using the samples provided in the documentation:
Copy code
import pulumi
import pulumi_eks as eks

# Create an EKS cluster with the default configuration.
cluster = eks.Cluster("cluster")

# Export the cluster's kubeconfig.
pulumi.export("kubeconfig", cluster.kubeconfig)
or…
Copy code
using System.Collections.Generic;
using Pulumi;
using Eks = Pulumi.Eks;

return await Deployment.RunAsync(() =>
{
    // Create an EKS cluster with the default configuration.
    var cluster = new Eks.Cluster("cluster");

    return new Dictionary<string, object?>
    {
        // Export the cluster's kubeconfig.
        ["kubeconfig"] = cluster.Kubeconfig,
    };
});
I think I am probably missing something really obvious. Does anyone have any ideas?
s

stale-twilight-75626

03/20/2024, 9:26 PM
seems like you don't have a login token
I'm not sure what APIs need to be hit but I would make sure your kubectl and az cli tools can run remote commands
n

nutritious-air-21788

03/20/2024, 10:04 PM
this is for a brand new cluster that pulumi is managing, my expectation is that it should be getting the kubeconfig with the api equivalent of
aws eks update-kubeconfig
and returning it as the output
For anyone else who might wander by eventually, It appears to only occur when you are using SSO profiles and may be related to https://github.com/pulumi/pulumi-eks/issues/669 - if I use a normal IAM user, I do not experience this error. I have not yet found a workaround, have tried
ProviderCredentialOpts
as a workaround and same error.
b

billions-river-87988

03/25/2024, 4:47 PM
After the cluster is created with Pulumi, you should be able to run
aws eks update-kubeconfig --name myclustername
on the CLI with whatever creds you have for AWS ( profile, env, or SSO)- does this command work?
n

nutritious-air-21788

03/25/2024, 5:07 PM
Yes it does.
If i follow that with
pulumi up
again, I get a slightly different error (
configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked the client to provide credentials
)
https://github.com/pulumi/pulumi-eks/issues/1091 encapsulates what I’ve noticed so far.