Hi Team, I'm using rancher2 and kubernetes plugins...
# kubernetesr
rhythmic-rain-31941
10/01/2021, 1:23 AMHi Team, I'm using rancher2 and kubernetes plugins for setting up my cluster. below is how my python looks,
Copy code
rancher_ci_cluster = rancher2.Cluster()
k8s_provider = k8s.Provider("cluster-access",
kubeconfig=rancher_ci_cluster.kube_config
)
sa = k8s.core.v1.ServiceAccount("microservice",
metadata=k8s.meta.v1.ObjectMetaArgs(
namespace="monitoring",
name="microservice"
)
) Copy code
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://992E92B1DDDD40F85E620599B78C3F9C.sk1.us-east-1.eks.amazonaws.com/openapi/v2?timeout=32s>": dial tcp: lookup <http://992E92B1DDDD40F85E620599B78C3F9C.sk1.us-east-1.eks.amazonaws.com|992E92B1DDDD40F85E620599B78C3F9C.sk1.us-east-1.eks.amazonaws.com> on 10.0.4.55:53: no such hostb
billowy-army-68599
10/01/2021, 1:28 AM
you need to pass the provider to your
sa Copy code
sa = k8s.core.v1.ServiceAccount("microservice",
metadata=k8s.meta.v1.ObjectMetaArgs(
namespace="monitoring",
name="microservice"
)
opts=pulumi.ResourceOptions(provider=k8s_provider)
)r
rhythmic-rain-31941
10/01/2021, 1:36 AMthat worked, but now it throws another error:
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://<hostname>/k8s/clusters/c-5s7qv/openapi/v2?timeout=32s": x509: certificate signed by unknown authorityrhythmic-rain-31941
10/01/2021, 1:38 AMis there a way i can move the pulumi state from cloud to local and run it from
pulumi login --localrhythmic-rain-31941
10/01/2021, 1:41 AMor wouldn't that matter?
b
billowy-army-68599
10/01/2021, 1:46 AM
that wouldn't matter
billowy-army-68599
10/01/2021, 1:46 AM
that error is indicating your kubeconfig has a certificaiton authority that isn't valid, which seems weird. I'd export your kubeconfig and examine it, make sure it works against your cluster
r
rhythmic-rain-31941
10/01/2021, 2:01 AMi think its weird, when rancher2.Cluster() is spitting out kube-config, config has server pointed to rancher endpoint and CA is from EKS, both are clashing?
b
billowy-army-68599
10/01/2021, 2:07 AM
did you create an EKS cluster with rancher2?
billowy-army-68599
10/01/2021, 2:09 AM
it's not clear what the issue is, but it seems related to rancher2. you'll need to do some debugging of the kubeconfig I'm afraid
r
rhythmic-rain-31941
10/01/2021, 2:12 AMyeah i have created EKS cluster with rancher2. i'm trying to bring rancher in our setups and do all configuration from one place kind of thing. so i have imported the config file down and when did
kubectl get pods--insecure-skip-tls-verify=trueb
billowy-army-68599
10/01/2021, 2:13 AM
this really is an issue with your rancher setup I'm afraid, did you use a valid https certificate when setting up rancher? it looks like rancher proxies the calls to your cluster
billowy-army-68599
10/01/2021, 2:15 AM
you could do a transformation on the kubeconfig to skip verification of the cluster, but that's probably not what you want to do
r
rhythmic-rain-31941
10/01/2021, 2:17 AMyeah looks like its with the rancher setup i did, yeah i have valid cert for rancher, but UI endpoint cert is different one
rhythmic-rain-31941
10/01/2021, 2:18 AMfor now if have to over come the tls at config level, can i do it at pulumi provider and say 'no tls' ?
b
billowy-army-68599
10/01/2021, 2:20 AM
we dob't have the option for the provider, no. you'll need to modify the kubeconfig
billowy-army-68599
10/01/2021, 2:21 AM
you can likely build your own kubeconfig with the outputs
r
rhythmic-rain-31941
10/01/2021, 2:22 AMah that wouldn't help i guess as my rancher is not available on http.
rhythmic-rain-31941
10/01/2021, 3:55 AMi have got it fixed on my rancher server setup. thanks for the support @billowy-army-68599, appreciate it
16 Views