has anyone here been able to use ` pulumi eks Cluster` with Pulumi Community #general

has anyone here been able to use `@pulumi/eks/Clus...

busy-umbrella-36067

06/26/2019, 9:12 PM

has anyone here been able to use

@pulumi/eks/Cluster

with multiple people and IAM creds? If one of us creates the cluster, others can’t even refresh the stack since some K8S resources are created with a provider that doesn’t give them access. (no assume role inside of the

aws-iam-authenticator

section We can create a new provider with the necessary changes to deploy things on top of the cluster but there are still resources created by the

@pulumi/eks/Cluster

class (configmaps, rbac, dashboard) which use the default provider This is blocking us from having multiple people work with the same stack.

white-balloon-205

06/27/2019, 12:52 AM

I believe there are configuration options for specifying the IAM roles and rbac bindings you’d like to setup. Can you share any specific details on what you’ve tried and what specifically doesn’t work? I feel fairly confident what you describe is possible (and I know of several folks using the EKS package in multi-user contexts), but would be helpful to be talking in specifics.

busy-umbrella-36067

06/27/2019, 12:56 AM

I see that you can define IAM and RBAC role bindings via

roleMappings

but the default kubeconfig generated for the provider doesn’t inject it. https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L192

busy-umbrella-36067

06/27/2019, 12:58 AM

After deploying an eks cluster on my machine, a coworker is unable to refresh the same stack and gets

Unauthorized

when pulumi tries to refresh resources that are deployed using the cluster provider

busy-umbrella-36067

06/27/2019, 1:03 AM

Seems theres already an issue opened for this: https://github.com/pulumi/pulumi-eks/issues/140

Open in Slack

Previous Next