anyone figure out how to generate your cluster oidc provider url with the pulumi sdk? i..e, the equivalent of this command

aws eks describe-cluster --name cluster_name --query "cluster.identity.oidc.issuer" --output text

Trying to enable iam roles for service accounts on my cluster..

There is a PR in flight to handle the creation of the OIDC provider: https://github.com/pulumi/pulumi-eks/pull/320

Excited about that @breezy-hamburger-69619! Anyone creating a new cluster with eks will likely want that.

Can’t wait for this to release, thanks for doing the hard work of figuring out all the nasty details I was missing.

the release is up on npm.... still in alpha though.. I'm itching to remove the disgusting code I wrote with it!

CI has been acting up and has stalled this feat from being available. Hoping to fix it soon to ship a new release. Stay tuned

i've got a branch ready to go! Tried a preview with the alpha branch and the output is correct. Stoked.

v0.18.22 has been released, which includes OIDC provider support. • https://github.com/pulumi/pulumi-eks/blob/master/CHANGELOG.md#01822-released-february-24-2020 • https://www.npmjs.com/package/@pulumi/eks/v/0.18.22

recreated the cluster with createOidcProvider: true this time.. however, once i brought up the apps in k8s, i get this error message when attempting to access resources: WebIdentityErr: failed to retrieve credentials\ncaused by: InvalidIdentityToken: OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint\n\tstatus code: 400. do you know what this means @breezy-hamburger-69619?

There’s a bug in the thumbprint used [1]. A PR is in-flight [2] to fix it 1 - https://github.com/pulumi/pulumi-eks/issues/342 2- https://github.com/pulumi/pulumi-eks/pull/343

would love to see an alpha release when that's merged so i don't need to move backwards

I have been trying the new error and occasionally see it fail with this error:

Diagnostics:
pulumi:pulumi:Stack (infrastructure-clusters):
  Method handler getSchema for /pulumirpc.ResourceProvider/GetSchema expected but not provided

  Method handler getSchema for /pulumirpc.ResourceProvider/GetSchema expected but not provided

  error: Running program '/home/jenkins/agent/workspace/INFURA_infrastructure_oidc' failed with an unhandled exception:
  TypeError: Cannot read property 'fingerprint' of undefined
      at TLSSocket.<anonymous> (/home/jenkins/agent/workspace/INFURA_infrastructure_oidc/node_modules/@pulumi/cert-thumprint.ts:77:82)
      at TLSSocket.emit (events.js:321:20)
      at TLSSocket.EventEmitter.emit (domain.js:485:12)
      at TLSSocket.onConnectSecure (_tls_wrap.js:1504:10)
      at TLSSocket.emit (events.js:321:20)
      at TLSSocket.EventEmitter.emit (domain.js:485:12)
      at TLSSocket._finishInit (_tls_wrap.js:918:8)
      at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:688:12)

. I’ll create an issue in pulumi/eks but wanted to mention here.

@calm-parrot-72437 we’ve cut a new release with the fix, PTAL https://github.com/pulumi/pulumi-eks/blob/master/CHANGELOG.md#01823-released-march-5-2020

Yup I am using

0.18.23

. I have not seen that example, but I am basically doing the same thing. And the stack with this error is only provisioning the cluster with

createOidcProvider: true

, none of the other stuff

Thanks, @breezy-hamburger-69619, I'll give it a try.