https://pulumi.com logo
Title
r

rhythmic-rain-31941

10/01/2021, 1:23 AM
Hi Team, I'm using rancher2 and kubernetes plugins for setting up my cluster. below is how my python looks,
rancher_ci_cluster = rancher2.Cluster()

k8s_provider = k8s.Provider("cluster-access",
    kubeconfig=rancher_ci_cluster.kube_config
)

sa = k8s.core.v1.ServiceAccount("microservice",
    metadata=k8s.meta.v1.ObjectMetaArgs(
      namespace="monitoring",
      name="microservice"
    )
)
this keep throwing below error
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://992E92B1DDDD40F85E620599B78C3F9C.sk1.us-east-1.eks.amazonaws.com/openapi/v2?timeout=32s>": dial tcp: lookup <http://992E92B1DDDD40F85E620599B78C3F9C.sk1.us-east-1.eks.amazonaws.com|992E92B1DDDD40F85E620599B78C3F9C.sk1.us-east-1.eks.amazonaws.com> on 10.0.4.55:53: no such host
not sure if the provider is getting set correctly or not, can someone help me here please? p.s: that's not my cluster api server endpoint too
b

billowy-army-68599

10/01/2021, 1:28 AM
you need to pass the provider to your
sa
, try this:
sa = k8s.core.v1.ServiceAccount("microservice",
    metadata=k8s.meta.v1.ObjectMetaArgs(
      namespace="monitoring",
      name="microservice"
    )
    opts=pulumi.ResourceOptions(provider=k8s_provider)
)
r

rhythmic-rain-31941

10/01/2021, 1:36 AM
that worked, but now it throws another error:
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://<hostname>/k8s/clusters/c-5s7qv/openapi/v2?timeout=32s": x509: certificate signed by unknown authority
but i can hit that endpoint from browser with out any issue,. missing anything?
is there a way i can move the pulumi state from cloud to local and run it from
pulumi login --local
or wouldn't that matter?
b

billowy-army-68599

10/01/2021, 1:46 AM
that wouldn't matter
that error is indicating your kubeconfig has a certificaiton authority that isn't valid, which seems weird. I'd export your kubeconfig and examine it, make sure it works against your cluster
r

rhythmic-rain-31941

10/01/2021, 2:01 AM
i think its weird, when rancher2.Cluster() is spitting out kube-config, config has server pointed to rancher endpoint and CA is from EKS, both are clashing?
b

billowy-army-68599

10/01/2021, 2:07 AM
did you create an EKS cluster with rancher2?
it's not clear what the issue is, but it seems related to rancher2. you'll need to do some debugging of the kubeconfig I'm afraid
r

rhythmic-rain-31941

10/01/2021, 2:12 AM
yeah i have created EKS cluster with rancher2. i'm trying to bring rancher in our setups and do all configuration from one place kind of thing. so i have imported the config file down and when did
kubectl get pods
throws same error until i pass this flag
--insecure-skip-tls-verify=true
b

billowy-army-68599

10/01/2021, 2:13 AM
this really is an issue with your rancher setup I'm afraid, did you use a valid https certificate when setting up rancher? it looks like rancher proxies the calls to your cluster
you could do a transformation on the kubeconfig to skip verification of the cluster, but that's probably not what you want to do
r

rhythmic-rain-31941

10/01/2021, 2:17 AM
yeah looks like its with the rancher setup i did, yeah i have valid cert for rancher, but UI endpoint cert is different one
for now if have to over come the tls at config level, can i do it at pulumi provider and say 'no tls' ?
b

billowy-army-68599

10/01/2021, 2:20 AM
we dob't have the option for the provider, no. you'll need to modify the kubeconfig
you can likely build your own kubeconfig with the outputs
r

rhythmic-rain-31941

10/01/2021, 2:22 AM
ah that wouldn't help i guess as my rancher is not available on http.
i have got it fixed on my rancher server setup. thanks for the support @billowy-army-68599, appreciate it