https://pulumi.com logo
Join Slack
Powered by
```aws eks create-cluster \ --name <CLUSTER_NAM...
# aws
g
Copy code
aws eks create-cluster \
   --name <CLUSTER_NAME> \
   --role-arn <CLUSTER_ROLE_ARN> \
  --resources-vpc-config subnetIds=<value>,endpointPublicAccess=true,endpointPrivateAccess=true \
  --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}' \
  --access-config authenticationMode=API
This is the aws-cli command to create eks cluster. See the last line of access-config. I’d like to add this option for aws.eks.cluster() command. Tried pulumi ai, no luck. It’s to enable clusterApi which seems to me allows to do rbac mappings automatically with iam. though not sure will experiment futher.
ok found it
Copy code
import pulumi
import pulumi_aws as aws

example = aws.iam.Role("example",
    assume_role_policy=example_assume_role_policy["json"],
    name="example")
example_cluster = aws.eks.Cluster("example",
    name="example-cluster",
    role_arn=example.arn,
    vpc_config={
        "endpointPrivateAccess": True,
        "endpointPublicAccess": False,
    },
    access_config={
        "authenticationMode": "CONFIG_MAP",
        "bootstrapClusterCreatorAdminPermissions": True,
    })
Copy code
Wonder if anyone even tried to use ClusterAPI auth method with pulumi: <https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/>
q
Wonder if anyone even tried to use ClusterAPI auth method with pulumi: https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/
We have a few examples using that authentication mode through our pulumi-eks component provider: https://github.com/pulumi/pulumi-eks/blob/986c528a058381be989c382d38a2e74238c9502b/examples/authentication-mode/index.ts#L80
👀 1
7 Views
Open in Slack
PreviousNext
Powered by