sparse-intern-71089
06/03/2021, 6:36 PMbillowy-army-68599
aws eks get-token
to talk to the control plane.
The only option this command takes is --profile
and --role
options. It's not ever really touched by pulumi
You can see this here: https://github.com/pulumi/pulumi-eks/blob/c0d357bdf3f283006f8b0a6cd4bc2f1c09df34c0/nodejs/eks/cluster.ts#L182
The short version is: it's a limitation of EKS and unfortunately, there's not much we can do 😞billowy-army-68599
Given Pulumi already has the AWS credentials to use to authenticate to create the cluster, why can’t it use those when talking to Kubernetes properThe provider itself uses aws the Go SDK, which is way more configurable than the kubeconfig/`aws eks get-token`
bored-table-20691
06/03/2021, 7:36 PMbored-table-20691
06/03/2021, 7:38 PMbillowy-army-68599
bored-table-20691
06/03/2021, 8:10 PMbored-table-20691
06/03/2021, 8:10 PMbillowy-army-68599
eks get-token
mechanism handles the refresh toobored-table-20691
06/03/2021, 8:15 PMpulumi eks get-token <stackname>
(just like it invokes aws eks get-token
), which internally would use this pattern (i.e. get the credentials from the stack config, generate the pre-signed token and return it)billowy-army-68599
bored-table-20691
06/03/2021, 8:30 PMbillowy-army-68599
bored-table-20691
06/03/2021, 8:38 PM