https://pulumi.com logo
g

glamorous-australia-21342

11/16/2021, 12:45 AM
could someone help me understand how pulumi updates the kubeconfig on EKS? my colleagues and my CI are having a heck of a time authenticating. Right now my CI is having
configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
. We have a role that is defined in pulumi
rolemappings
for the cluster and I can confirm the IAM role is in aws-auth configmap. Anyone can auth to the cluster with k9s or kubectl using this role, but if anyone tries to do pulumi commands we get this auth error above. I can do anything beause I created the cluster I guess. I even tried using a different test account and have no issues, but my colleagues and my CI is broken. I am not using a providercredentialopts so pulumi is using whatever profile is in the default profile.
b

brave-ambulance-98491

11/16/2021, 1:08 AM
Did you set
creationRoleProvider
when you created the cluster? I ran into this issue when I first set up EKS and my solution was to use this parameter with a shared admin role. If you don't do this, the cluster is created with whatever your current AWS credentials are.
g

glamorous-australia-21342

11/16/2021, 5:21 PM
no i did not how interesting
if i already created the cluster without it what can i do now?
we had another cluster we had this problem with but using the rolemapping auth works fine
b

brave-ambulance-98491

11/16/2021, 5:28 PM
I might've fixed this by editing my state file directly, but you also might be able to fix by just setting
creationRoleProvider
and updating the program.
g

glamorous-australia-21342

11/16/2021, 6:29 PM
interesting
8 Views