Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
v
victorious-exabyte-70545
08/31/2022, 11:49 PMHi all, we recently rotated our AKS certificate and now can no longer access kubernetes with the pulumi k8provider. The certificate (kubeconfig) works with lens and our deployment agents in DevOps pipelines. Any ideas on what the issue is?
kubernetes:apps/v1:Deployment (default/chart):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://***********.hcp.westus2.azmk8s.io:443/openapi/v2?timeout=32s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca")
Again, this started after a kube cert rotation. When I print the kubeconfig it is correct.
kubeconfig = creds.kubeconfigs[0].value.apply(
lambda enc: base64.b64decode(enc).decode())
k8s_provider = k8s.Provider(
f'{stack_name}-k8s-provider',
kubeconfig=kubeconfig
)Then
pulumi.export("kubeconfig", kubeconfig)kubeconfig matches what lens is using and lens works.
b
billowy-army-68599
08/31/2022, 11:59 PM@victorious-exabyte-70545 what’s in your state?
pulumi state exportv
victorious-exabyte-70545
09/01/2022, 12:30 AMThat is probably it! Do I export, update kubeconfig, import?
Stack that is
b
billowy-army-68599
09/01/2022, 12:45 AMYou can do a refresh of the urn. I’m on mobile so can’t share how to do that. Expert and update would work too