https://pulumi.com logo
Powered by
b

bitter-application-91815

11/23/2020, 6:52 PM
Hey guys, i'm looking to install load balancer mentioned here for my eks cluster - https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
b

billowy-army-68599

11/23/2020, 7:07 PM
which SDK are you using?
@bitter-application-91815
b

bitter-application-91815

11/23/2020, 7:09 PM
golang
b

billowy-army-68599

11/23/2020, 7:11 PM
I wrote a component resource to install this in nodejs: https://github.com/jaxxstorm/pulumi-aws-loadbalancercontroller you might be able to use it as inspiration for the Go SDK. I'll try and port it if I get some time
🍺 2
b

bitter-application-91815

11/23/2020, 7:16 PM
Thanks @billowy-army-68599 i'll have a go
In your code, Jaxx you assume in the config there is a preexisting OIDC provider to attach to the policies
it's mentioned as step one in the aws notes
Copy code
Create an IAM OIDC provider and associate it with your cluster. Replace the <example values> (including <>) with your own.

eksctl utils associate-iam-oidc-provider \
    --region <region-code> \
    --cluster <my-cluster> \
    --approve
is there a way to do this via the pulumi code, I can't see anything in aws/eks that resembles this ^
b

billowy-army-68599

11/25/2020, 6:58 PM
here's my cluster @bitter-application-91815
Copy code
const cluster = new eks.Cluster(`eks-${stack}`, {
    providerCredentialOpts: kubeconfigOpts,
    name: `lbrlabs-eks-${stack}`,
    vpcId: vpc,
    privateSubnetIds: privateSubnets,
    publicSubnetIds: publicSubnets,
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    createOidcProvider: true, // this is the thing you need

export const clusterName = cluster.eksCluster.name
export const kubeconfig = cluster.kubeconfig
export const clusterOidcProvider = cluster.core.oidcProvider?.url
export const clusterOidcProviderArn = cluster.core.oidcProvider?.arn
});
b

bitter-application-91815

11/25/2020, 6:59 PM
yeah the go sdk doesn't have
Copy code
createOidcProvider: true, // this is the thing you need
so i was going to hand crank it
b

billowy-army-68599

11/25/2020, 7:00 PM
sorry hang on
b

bitter-application-91815

11/25/2020, 7:01 PM
no stress
b

billowy-army-68599

11/25/2020, 7:04 PM
ah yeah you found it already, you create the provider that way. You'll need to specify the cert thumbprint which is here: https://github.com/aws/aws-cdk/pull/6062/files#diff-1b5abdf4656d868abf37929ca321aeb6901593bb7bfcad698927ac4bfa1e4a6eR658
b

bitter-application-91815

11/25/2020, 7:06 PM
sound, will have a go
3 Views
Powered by