This message was deleted.
# kubernetess
sparse-intern-71089
10/25/2021, 10:45 AMThis message was deleted.
b
brainy-lion-38675
10/25/2021, 10:48 AMrun az login before you run pulumi up and follow the instructions
w
wooden-receptionist-75654
10/25/2021, 11:16 AMI’ve already signed
b
brainy-lion-38675
10/25/2021, 11:17 AMah ok, I misunderstood then
w
wooden-receptionist-75654
10/25/2021, 11:17 AMAnd I’d like to get kubeconfig from AKS
wooden-receptionist-75654
10/25/2021, 11:17 AMFor CI etc
b
billowy-army-68599
10/25/2021, 11:59 AM
what does
az account showw
wooden-receptionist-75654
10/25/2021, 12:15 PM Copy code
{
"environmentName": "AzureCloud",
"homeTenantId": "xxxxxxxxxx",
"id": "xxxxxxxx",
"isDefault": true,
"managedByTenants": [],
"name": "AAAAA",
"state": "Enabled",
"tenantId": "xxxxxx",
"user": {
"name": "sergiii",
"type": "user"
}
}b
billowy-army-68599
10/25/2021, 12:17 PM
do you have any env vars set which might be overriding that? check
env | grep -i azurew
wooden-receptionist-75654
10/25/2021, 12:17 PMnope
wooden-receptionist-75654
10/25/2021, 12:18 PMI have other clusters in my local kubeconfig
b
billowy-army-68599
10/25/2021, 12:22 PM
i just ran something like your code without any issues, there has to be something locally that's upsetting the auth process
w
wooden-receptionist-75654
10/25/2021, 12:24 PMSo overall it should works?
b
billowy-army-68599
10/25/2021, 12:25 PM
yes it should work
w
wooden-receptionist-75654
10/25/2021, 12:27 PMThanks. Looks like something with provider
Copy code
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...},{provider: aksProvider})b
billowy-army-68599
10/25/2021, 12:34 PM
if you comment that out, does everything work?
w
wooden-receptionist-75654
10/25/2021, 12:54 PMLooks like provider is added successful
Copy code
const aksProvider = new k8s.Provider("aks", {
kubeconfig: kubeconfig
})wooden-receptionist-75654
10/25/2021, 12:55 PMOnce I added a Role - got
To sign in, use a web browser to open the pageb
billowy-army-68599
10/25/2021, 12:55 PM
i would remove this:
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...}) Copy code
export const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());pulumi stack output kubeconfigw
wooden-receptionist-75654
10/25/2021, 1:06 PMhave a valid config in output
Copy code
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: CERT
server: <https://api:443>
name: dev
contexts:
- context:
cluster: dev
user: clusterUser_aks_dev
name: dev
current-context: dev
kind: Config
preferences: {}
users:
- name: clusterUser_aks-dev
auth-provider:
config:
apiserver-id:cccc
client-id: xxxx
config-mode: "1"
environment: AzurePublicCloud
tenant-id: cccc
name: azurewooden-receptionist-75654
10/25/2021, 1:06 PMbut once i’m trying to run
pulumi upb
billowy-army-68599
10/25/2021, 1:13 PM
if you set the
kubeconfigkubectlw
wooden-receptionist-75654
10/25/2021, 1:19 PMOh, looks like it comes from config
Copy code
pulumi stack output kubeconfig --show-secrets > kubeconfig.yaml
➜ pulumi-aks git:(poc) ✗ KUBECONFIG=./kubeconfig.yaml kubectl get nodes
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code XXXXXX to authenticate.b
billowy-army-68599
10/25/2021, 1:26 PM
yeah that's what I've been trying to say 🙂 your environment isn't set up correctly to auth with a kubeconfig
w
wooden-receptionist-75654
10/25/2021, 1:33 PMThank you much!
wondering hw to setup it now
5 Views