This message was deleted.
# kubernetess
sparse-intern-71089
11/23/2020, 6:52 PMThis message was deleted.
b
billowy-army-68599
11/23/2020, 7:07 PM
which SDK are you using?
billowy-army-68599
11/23/2020, 7:08 PM
@bitter-application-91815
b
bitter-application-91815
11/23/2020, 7:09 PMgolang
b
billowy-army-68599
11/23/2020, 7:11 PM
I wrote a component resource to install this in nodejs:
https://github.com/jaxxstorm/pulumi-aws-loadbalancercontroller
you might be able to use it as inspiration for the Go SDK. I'll try and port it if I get some time
🍺 2
b
bitter-application-91815
11/23/2020, 7:16 PMThanks @billowy-army-68599 i'll have a go
bitter-application-91815
11/25/2020, 4:42 PMIn your code, Jaxx you assume in the config there is a preexisting OIDC provider to attach to the policies
bitter-application-91815
11/25/2020, 4:43 PMit's mentioned as step one in the aws notes
bitter-application-91815
11/25/2020, 4:43 PM Copy code
Create an IAM OIDC provider and associate it with your cluster. Replace the <example values> (including <>) with your own.
eksctl utils associate-iam-oidc-provider \
--region <region-code> \
--cluster <my-cluster> \
--approvebitter-application-91815
11/25/2020, 4:43 PMis there a way to do this via the pulumi code, I can't see anything in aws/eks that resembles this ^
b
billowy-army-68599
11/25/2020, 6:58 PM
here's my cluster @bitter-application-91815
Copy code
const cluster = new eks.Cluster(`eks-${stack}`, {
providerCredentialOpts: kubeconfigOpts,
name: `lbrlabs-eks-${stack}`,
vpcId: vpc,
privateSubnetIds: privateSubnets,
publicSubnetIds: publicSubnets,
instanceType: "t2.medium",
desiredCapacity: 2,
minSize: 1,
maxSize: 2,
createOidcProvider: true, // this is the thing you need
export const clusterName = cluster.eksCluster.name
export const kubeconfig = cluster.kubeconfig
export const clusterOidcProvider = cluster.core.oidcProvider?.url
export const clusterOidcProviderArn = cluster.core.oidcProvider?.arn
});b
bitter-application-91815
11/25/2020, 6:59 PMyeah the go sdk doesn't have
Copy code
createOidcProvider: true, // this is the thing you needbitter-application-91815
11/25/2020, 6:59 PMso i was going to hand crank it
bitter-application-91815
11/25/2020, 6:59 PMb
billowy-army-68599
11/25/2020, 7:00 PM
sorry hang on
b
bitter-application-91815
11/25/2020, 7:01 PMno stress
b
billowy-army-68599
11/25/2020, 7:04 PM
ah yeah you found it already, you create the provider that way. You'll need to specify the cert thumbprint which is here:
https://github.com/aws/aws-cdk/pull/6062/files#diff-1b5abdf4656d868abf37929ca321aeb6901593bb7bfcad698927ac4bfa1e4a6eR658
b
bitter-application-91815
11/25/2020, 7:06 PMsound, will have a go
3 Views