https://pulumi.com logo
Join Slack
Powered by
Hello all - I am looking at the folllowing <https:...
# getting-started
n
Hello all - I am looking at the folllowing https://www.pulumi.com/docs/clouds/aws/guides/eks/ guide as I work on a proof of concept. That being said, the 
Provisioning a New EKS Cluster
steps do not work for me and I’ve now tried multiple languages (and I get the same error). The cluster is provisioned, however the step involving kubeconfig / configmap / vpc-cni fail with errors:
Copy code
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://<really-long-amazon-url>": getting credentials: decoding stdout: couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct ...
It seems that several calls are expecting 
/openapi/v2
on the control plane to work, but the endpoint is returning 
forbidden: user 'system:anonymous' cannot get path '/openapi/v2'
I can replicate this in either C# or python using the samples provided in the documentation:
Copy code
import pulumi
import pulumi_eks as eks

# Create an EKS cluster with the default configuration.
cluster = eks.Cluster("cluster")

# Export the cluster's kubeconfig.
pulumi.export("kubeconfig", cluster.kubeconfig)
or…
Copy code
using System.Collections.Generic;
using Pulumi;
using Eks = Pulumi.Eks;

return await Deployment.RunAsync(() =>
{
    // Create an EKS cluster with the default configuration.
    var cluster = new Eks.Cluster("cluster");

    return new Dictionary<string, object?>
    {
        // Export the cluster's kubeconfig.
        ["kubeconfig"] = cluster.Kubeconfig,
    };
});
I think I am probably missing something really obvious. Does anyone have any ideas?
s
seems like you don't have a login token
I'm not sure what APIs need to be hit but I would make sure your kubectl and az cli tools can run remote commands
n
this is for a brand new cluster that pulumi is managing, my expectation is that it should be getting the kubeconfig with the api equivalent of 
aws eks update-kubeconfig
and returning it as the output
For anyone else who might wander by eventually, It appears to only occur when you are using SSO profiles and may be related to https://github.com/pulumi/pulumi-eks/issues/669 - if I use a normal IAM user, I do not experience this error. I have not yet found a workaround, have tried 
ProviderCredentialOpts
as a workaround and same error.
b
After the cluster is created with Pulumi, you should be able to run 
aws eks update-kubeconfig --name myclustername
on the CLI with whatever creds you have for AWS ( profile, env, or SSO)- does this command work?
n
Yes it does.
If i follow that with 
pulumi up
again, I get a slightly different error (
configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked the client to provide credentials
)
https://github.com/pulumi/pulumi-eks/issues/1091 encapsulates what I’ve noticed so far.
Open in Slack
PreviousNext
Powered by