https://pulumi.com logo
#general
Title
# general
b

busy-umbrella-36067

06/26/2019, 9:12 PM
has anyone here been able to use
@pulumi/eks/Cluster
with multiple people and IAM creds? If one of us creates the cluster, others can’t even refresh the stack since some K8S resources are created with a provider that doesn’t give them access. (no assume role inside of the
aws-iam-authenticator
section We can create a new provider with the necessary changes to deploy things on top of the cluster but there are still resources created by the
@pulumi/eks/Cluster
class (configmaps, rbac, dashboard) which use the default provider This is blocking us from having multiple people work with the same stack.
w

white-balloon-205

06/27/2019, 12:52 AM
I believe there are configuration options for specifying the IAM roles and rbac bindings you’d like to setup. Can you share any specific details on what you’ve tried and what specifically doesn’t work? I feel fairly confident what you describe is possible (and I know of several folks using the EKS package in multi-user contexts), but would be helpful to be talking in specifics.
b

busy-umbrella-36067

06/27/2019, 12:56 AM
I see that you can define IAM and RBAC role bindings via
roleMappings
but the default kubeconfig generated for the provider doesn’t inject it. https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L192
After deploying an eks cluster on my machine, a coworker is unable to refresh the same stack and gets
Unauthorized
when pulumi tries to refresh resources that are deployed using the cluster provider
Seems theres already an issue opened for this: https://github.com/pulumi/pulumi-eks/issues/140