https://pulumi.com logo
Title
m

mammoth-honey-6147

11/29/2021, 5:28 PM
Got a interesting issue, I'm trying to configure a new
provider
instance:
kubeconfig := toolsCluster.KubeConfig
		clusterProvider, err := kubernetes.NewProvider(ctx, "tools-cluster", &kubernetes.ProviderArgs{
			Kubeconfig: kubeconfig,
		})
For my resource i append
pulumi.Provider(clusterProvider)
to use it but I get:
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://myapiserver>": x509: certificate signed by unknown authority
However I'm using a Letsencrypt cert (production issuer). So I can, for example, do a
curl <https://myaipserver>
without needing to supply
--insecure
etc.
openssl s_client -connect myapiserver:443
also doesn't reveal any cert issues
b

billowy-army-68599

11/29/2021, 5:30 PM
this implies the ca cert in the kubeconfig doesn't have the correct
certificate-authority-data
stanza, how do you construct your kubeconfig?
m

mammoth-honey-6147

11/29/2021, 5:32 PM
It's auto generated by Rancher
You're right - I applyt'd the kubeconfig, wrote it to a file and kubectl is complaining when I point it at the generated Kubeconfig, so not a pulumi problem
thanks for the help 🙂