This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

07/21/2021, 11:43 PM

This message was deleted.

bored-table-20691

07/22/2021, 12:05 AM

We do a similar-ish thing in Go using the Automation API (we don’t push a kubeconfig, but other parts of the stack output).

busy-journalist-6936

07/22/2021, 3:31 AM

interesting

busy-journalist-6936

07/22/2021, 4:38 AM

I'm getting closer, but my limited programming language knowledge is leaving me stumped:

Copy code

const keksAdminBucket = new aws.s3.Bucket("keksAdminBucket", {acl: "private"});
const keksAdminBucketObject = new aws.s3.BucketObject("keksAdminBucketObject", {
    key: "kubeconfig",
    bucket: keksAdminBucket.id,
    source: new pulumi.asset.StringAsset(cluster.kubeconfig),
    serverSideEncryption: "aws:kms",
});

busy-journalist-6936

07/22/2021, 4:52 AM

getting closer

Copy code

const keksAdminBucket = new aws.s3.Bucket("keksAdminBucket", {acl: "private"});
const keksAdminBucketObject = new aws.s3.BucketObject("keksAdminBucketObject", {
    key: "kubeconfig",
    bucket: keksAdminBucket.id,
    source: new pulumi.asset.StringAsset(String(cluster.kubeconfig)),
    serverSideEncryption: "aws:kms",
});

busy-journalist-6936

07/22/2021, 5:40 AM

yep, ending today's battle with these kinds of errors:

Copy code

index.ts(45,42): error TS2345: Argument of type 'Output<any>' is not assignable to parameter of type 'string | Promise<string>'.
      Type 'OutputInstance<any>' is not assignable to type 'string | Promise<string>'.
        Type 'OutputInstance<any>' is missing the following properties from type 'Promise<string>': then, catch, [Symbol.toStringTag], finally

steep-toddler-94095

07/22/2021, 6:52 AM

cluster.kubeconfig

is type

Output<any>

but

StringAsset

takes in a

string

Promise<string>

. Your problem is that of incompatible types. One way to solve this is:

Copy code

const keksAdminBucketObject = eksCluster.kubeconfig.apply(
  (config) =>
    new BucketObject("keksAdminBucketObject", {
      key: "kubeconfig",
      bucket: keksAdminBucket.id,
      source: new StringAsset(config),
      serverSideEncryption: "aws:kms",
    })
)

by calling

apply

kubeconfig

, you are able to interact with its value as a

string

instead of

Output<string>

within the callback function (with the

config

variable). The caveat now is that

keksAdminBucketObject

becomes a

Output<BucketObject>

instead of a

BucketObject

so if you ever want to reference values from

keksAdminBucketObject

you'll need to do the same

apply

trick. It's generally not advised to create cloud resources within an

apply

, but sometimes it's sort of the only way. In your case, I don't know of a better way to do it.

steep-toddler-94095

07/22/2021, 6:55 AM

One question I have though is why you want the kubeconfig contents in an S3 bucket. What are you trying to achieve here? With EKS you are able to map IAM users/roles to Kubernetes roles. If you are trying to give a CI user admin to the cluster, I'd recommend going that route instead.

busy-journalist-6936

07/22/2021, 2:30 PM

To answer the logical question, you are right, this isnt an advanced implementation yet. I'm admittedly catching up to the 101 level. OIDC enabled is the plan for the near future but this is primarily to hand off to a customer and we're going to iteratively improve as we go. Kubeconfig for now is for human consumption.

busy-journalist-6936

07/22/2021, 2:31 PM

Copy code

const keksAdminBucket = new aws.s3.Bucket("keksAdminBucket")
const keksAdminBucketObject = cluster.kubeconfig.apply(
  (config) =>
    new aws.s3.BucketObject("keksAdminBucketObject", {
      key: "kubeconfig",
      bucket: keksAdminBucket.id,
      source: new pulumi.asset.StringAsset(config),
      serverSideEncryption: "aws:kms",
    })
)

And for the technical question, I took your example, adjusted for a few errors, and now I'm down to this one:

Copy code

pulumi:pulumi:Stack KongOnEKS-KongOnEKS running error: Error: failed to register new resource keksAdminBucketObject [aws:s3/bucketObject:BucketObject]: 2 UNKNOWN: unexpected asset text of type map[string]interface {}

busy-journalist-6936

07/22/2021, 4:43 PM

Is this supposed to be a closer approximation to something that might work?

Copy code

const keksAdminBucket = new aws.s3.Bucket("keksAdminBucket", {acl: "private"});
const keksAdminBucketObject = new aws.s3.BucketObject("keksAdminBucketObject", {
    key: "kubeconfig",
    bucket: keksAdminBucket.id,
    source: cluster.kubeconfig.apply(s => new pulumi.asset.StringAsset(String(s))),
    serverSideEncryption: "aws:kms",
});

steep-toddler-94095

07/22/2021, 4:45 PM

I incorrectly thought

config

was a

string

, but it's actually an

Object

. Use the same code I gave you, but change the

source

line to

Copy code

source: new StringAsset(JSON.stringify(config)),

busy-journalist-6936

07/22/2021, 4:46 PM

ah, i was playing with JSON.stringify yesterday. let me try your suggestion

busy-journalist-6936

07/22/2021, 4:48 PM

OMG THAT MADE MY DAY!!!

😄 1

busy-journalist-6936

07/22/2021, 4:48 PM

Copy code

const keksAdminBucket = new aws.s3.Bucket("keksAdminBucket", {acl: "private"});
const keksAdminBucketObject = cluster.kubeconfig.apply(
  (config) =>
    new aws.s3.BucketObject("keksAdminBucketObject", {
      key: "kubeconfig",
      bucket: keksAdminBucket.id,
      source: new pulumi.asset.StringAsset(JSON.stringify(config)),
      serverSideEncryption: "aws:kms",
    })
)

busy-journalist-6936

07/22/2021, 4:49 PM

That's the magic right there.

busy-journalist-6936

07/22/2021, 4:49 PM

Thank you @steep-toddler-94095

👍 1

Open in Slack

Previous Next