Did something change in the way to create an EKS cluster? Just tonight suddenly

const cluster = new eks.Cluster(name, {
  instanceType: "t2.medium",
  desiredCapacity: 1,
  minSize: 1,
  maxSize: 2,
  storageClasses: 'gp2',
  deployDashboard: false,
});

fails with

Diagnostics:
  eks:index:VpcCni (chartmuseum-vpc-cni):
    error: Command failed: kubectl apply -f /var/folders/4z/2zvwp19d343djqc78xywc6p00000gn/T/tmp-215018e7GR5EVRaFT.tmp
    error: You must be logged in to the server (the server has asked for the client to provide credentials)
 
  kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (chartmuseum-gp2):
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
 
  kubernetes:core/v1:ConfigMap (chartmuseum-nodeAccess):
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
 
  pulumi:pulumi:Stack (chartmuseum-tutorial-chartmuseum):
    error: You must be logged in to the server (the server has asked for the client to provide credentials)
 
    error: update failed

The cluster is created so not sure why this suddenly no longer works

how are you creating the chart museum part?

this is even before it gets there, the eks:index:VpcCni is part of the new Cluster

No Ned releases of Pulumi-eks have happened

It is a blog post i’m wirting i’ve left for 2 weeks and am picking up tonight. https://github.com/roderik/chartmuseum-tutorial/blob/main/index.ts

Have you just started picking up 0.22 or was it always on 0.22?

eks was always 22

what's in your

kubeconfig

?

destroyed nd recreated everything, including the full stack as well

do you have an old

KUBECONFIG

in

~/.kube/config

?

i have 20 something clusters in there

ah wait, no. This is the aws credentials I think

aws configure witht he same creds as the aws:accessKey and secretKey in the pulumi config

okay, the issue you're seeing in an aws auth issue: https://aws.amazon.com/premiumsupport/knowledge-center/eks-api-server-unauthorized-error/

➜ chartmuseum-tutorial (main) ✗ aws --version                        (arn:aws:eks:eu-west-3:711839938093:cluster/chartmuseum-eksCluster-8e59b65/chartmuseum) aws-cli/2.1.29 Python/3.9.2 Darwin/20.4.0 source/arm64 prompt/off

okay, well I'm not totally sure, but the issue is definitely coming from the created cluster. I would output the kubeconfig and try that

➜ chartmuseum-tutorial (main) ✗ aws sts get-caller-identity                 (arn:aws:eks:eu-west-3:711839938093:cluster/chartmuseum-eksCluster-8e59b65/chartmuseum) Could not connect to the endpoint URL: “https://sts.eu-west3.amazonaws.com/”

That’d be it

👍

weird though that i have aws:region: eu-west-3 in my yaml file

It should not

it does for the

kubectl

part

Wel there we go ☝️

the kubectl call out doesn't use the provider I think, because if you look in the generated kubeconfig unless you set the aws profile and region, it uses the defaults

i have had problems with that before, you can make GKE clusters with the config in the yml file, but not talk to the cluster because the kubernetes provider does not use those vaiables

it runs

aws eks get-token

which will use your default profile if it's set

i have bypassed this by duplicating some stuff i found in a pulumi repo somehwere

Yeah all of that has disappeared now :)

Not sure what the intended behaviour is (as all these providers are standalone), but as a user, if i set my creds in the pulumi yaml, i kind of expect them to be used everywhere.