https://pulumi.com logo
Powered by
#kubernetes
Title
# kubernetes
v

victorious-exabyte-70545

08/31/2022, 11:49 PM
Hi all, we recently rotated our AKS certificate and now can no longer access kubernetes with the pulumi k8provider. The certificate (kubeconfig) works with lens and our deployment agents in DevOps pipelines. Any ideas on what the issue is?
kubernetesapps/v1Deployment (default/chart): error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://***********.hcp.westus2.azmk8s.io:443/openapi/v2?timeout=32s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca")
Again, this started after a kube cert rotation. When I print the kubeconfig it is correct.
Copy code
kubeconfig = creds.kubeconfigs[0].value.apply(
    lambda enc: base64.b64decode(enc).decode())

k8s_provider = k8s.Provider(
    f'{stack_name}-k8s-provider',
    kubeconfig=kubeconfig
)
Then
Copy code
pulumi.export("kubeconfig", kubeconfig)
kubeconfig matches what lens is using and lens works.
b

billowy-army-68599

08/31/2022, 11:59 PM
@victorious-exabyte-70545 what’s in your state? 
pulumi state export
- i bet the kubeconfig is still stored in state with the wrong cert
v

victorious-exabyte-70545

09/01/2022, 12:30 AM
That is probably it! Do I export, update kubeconfig, import?
Stack that is
b

billowy-army-68599

09/01/2022, 12:45 AM
You can do a refresh of the urn. I’m on mobile so can’t share how to do that. Expert and update would work too
6 Views
Powered by