could someone help me understand how pulumi updates the kube Pulumi Community #kubernetes

could someone help me understand how pulumi update...

glamorous-australia-21342

11/16/2021, 12:45 AM

could someone help me understand how pulumi updates the kubeconfig on EKS? my colleagues and my CI are having a heck of a time authenticating. Right now my CI is having

configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

. We have a role that is defined in pulumi

rolemappings

for the cluster and I can confirm the IAM role is in aws-auth configmap. Anyone can auth to the cluster with k9s or kubectl using this role, but if anyone tries to do pulumi commands we get this auth error above. I can do anything beause I created the cluster I guess. I even tried using a different test account and have no issues, but my colleagues and my CI is broken. I am not using a providercredentialopts so pulumi is using whatever profile is in the default profile.

brave-ambulance-98491

11/16/2021, 1:08 AM

Did you set

creationRoleProvider

when you created the cluster? I ran into this issue when I first set up EKS and my solution was to use this parameter with a shared admin role. If you don't do this, the cluster is created with whatever your current AWS credentials are.

glamorous-australia-21342

11/16/2021, 5:21 PM

no i did not how interesting

glamorous-australia-21342

11/16/2021, 5:21 PM

if i already created the cluster without it what can i do now?

glamorous-australia-21342

11/16/2021, 5:21 PM

we had another cluster we had this problem with but using the rolemapping auth works fine

brave-ambulance-98491

11/16/2021, 5:28 PM

I might've fixed this by editing my state file directly, but you also might be able to fix by just setting

creationRoleProvider

and updating the program.

glamorous-australia-21342

11/16/2021, 6:29 PM

interesting

8 Views

Open in Slack

Previous Next