purple-orange-91853
04/28/2021, 3:40 PMSTACK_TRACE:
Error
at Object.debuggablePromise (/Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/debuggable.js:69:75)
at /Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/invoke.js:126:45
at Generator.next (<anonymous>)
at fulfilled (/Users/tonyelliott/repos/temp-platform/deployments/aws-us-east-1-eks/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
unhandled rejection: CONTEXT(105): Invoking function: tok=kubernetes:yaml:decode asynchronously
cool-fireman-90027
04/28/2021, 5:00 PMpulumi up --logtostderr -v9 --debug
purple-orange-91853
04/28/2021, 5:23 PMbillowy-army-68599
04/28/2021, 6:04 PMpurple-orange-91853
04/28/2021, 6:05 PMbillowy-army-68599
04/28/2021, 6:11 PMKUBECONFIG
var?purple-orange-91853
04/28/2021, 6:18 PMnew aws.Provider('aws-provider', {
profile: profileName,
region: awsRegion as pulumi.Input<aws.Region>
})
const kubeconfigOpts = { profileName: profileName }
deployKubeStateMetrics({ provider: cluster.provider, parent: rpaNodeGroup })
new k8s.yaml.ConfigFile(
'metrics-server',
{
file:
'<https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml>'
},
{ provider: cluster.provider }
)
{
"dependencies": {
"@pulumi/aws": "^4.1.0",
"@pulumi/awsx": "^0.30.0",
"@pulumi/eks": "^0.30.0",
"@pulumi/kubernetes": "^3.0.0",
"@pulumi/pulumi": "^3.1.0",
"lodash": "^4.17.21"
},
"devDependencies": {
"@types/node": "^15.0.1"
}
}
billowy-army-68599
04/28/2021, 6:30 PMexport const kubeconfig = cluster.provider.kubeconfig
I thinkpurple-orange-91853
04/28/2021, 6:42 PMbillowy-army-68599
04/28/2021, 6:57 PMpurple-orange-91853
04/28/2021, 6:59 PMbillowy-army-68599
04/28/2021, 7:16 PMpurple-orange-91853
04/28/2021, 7:49 PMbillowy-army-68599
04/28/2021, 8:05 PMpurple-orange-91853
04/28/2021, 8:09 PMbillowy-army-68599
04/28/2021, 8:21 PMpurple-orange-91853
04/28/2021, 8:22 PMroleMappings: [
{
groups: ['system:bootstrappers','system:nodes','system:master'],
roleArn: "arn:aws:iam::acct:role/role1",
username: "role1"
},
{
groups: ['system:bootstrappers','system:nodes','system:master'],
roleArn: "arn:aws:iam::acct:role/role2",
username: "role2"
},
],
// deployKubeStateMetrics({ provider: cluster.provider, parent: rpaNodeGroup })
// new k8s.yaml.ConfigFile(
// 'metrics-server',
// {
// file:
// '<https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml>'
// },
// { provider: cluster.provider }
// )
and
// /** deploy datadog helm chart */
// deployDatadog({
// deploymentName,
// parent: rpaNodeGroup,
// provider: cluster.provider
// })
billowy-army-68599
04/28/2021, 8:38 PMpulumi stack output kubeconfig > /tmp/kubeconfig
export KUBECONFIG=/tmp/kubeconfig
kubectl cluster-info
kubectl get nodes
purple-orange-91853
04/28/2021, 9:29 PMerror: Command failed: kubectl apply -f /var/folders/z9/fpyqxxm94ks_f43rcnbx67mh0000gn/T/tmp-112470Juedctt5MJr.tmp
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "<http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>, Resource=clusterroles", GroupVersionKind: "<http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>, Kind=ClusterRole"
Name: "aws-node", Namespace: ""
from server for: "/var/folders/z9/fpyqxxm94ks_f43rcnbx67mh0000gn/T/tmp-112470Juedctt5MJr.tmp": <http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> "aws-node" is forbidden: User "AdminRole-TEMP" cannot get resource "clusterroles" in API group "<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>" at the cluster scope
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount"
Name: "aws-node", Namespace: "kube-system"
pulumi destroy --logtostderr -v9 --debug 2> errors.txt
tonyelliott@Tony-Elliott-MBP:aws-us-east-1-eks/ (feature/pulumi3*) $ pulumi state delete urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster::temp
warning: This command will edit your stack's state directly. Confirm? Yes
error: This resource can't be safely deleted because the following resources depend on it:
* "temp-eksRole" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$eks:index:ServiceRole::temp-eksRole)
* "temp-eksClusterSecurityGroup" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::temp-eksClusterSecurityGroup)
* "temp-eksClusterInternetEgressRule" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::temp-eksClusterInternetEgressRule)
* "temp-eksCluster" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$aws:eks/cluster:Cluster::temp-eksCluster)
* "temp-eks-k8s" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$pulumi:providers:kubernetes::temp-eks-k8s)
* "temp-oidcProvider" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$aws:iam/openIdConnectProvider:OpenIdConnectProvider::temp-oidcProvider)
* "temp-provider" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$pulumi:providers:kubernetes::temp-provider)
* "temp-nodeSecurityGroup" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::temp-nodeSecurityGroup)
* "temp-defaultEncrypted" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$<kubernetes:storage.k8s.io/v1:StorageClass::temp-defaultEncrypted>)
* "temp-nodeAccess" (urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$kubernetes:core/v1:ConfigMap::temp-nodeAccess)
Delete those resources first before deleting this one.
tonyelliott@Tony-Elliott-MBP:aws-us-east-1-eks/ (feature/pulumi3*) $ pulumi state delete urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster$eks:index:ServiceRole::temp-eksRole
warning: This command will edit your stack's state directly. Confirm? Yes
error: No such resource "urn:pulumi:temp::aws-us-east-1-eks::eks:index:Cluster:index:ServiceRole::temp-eksRole" exists in the current state
tonyelliott@Tony-Elliott-MBP:aws-us-east-1-eks/ (feature/pulumi3*) $