https://pulumi.com logo
m

most-parrot-35986

11/12/2019, 8:08 AM
What is the preferred way to make sure Pulumi can validate the existence of a new EKS cluster and keep the EKS API endpoint private?
b

broad-dog-22463

11/12/2019, 8:09 AM
Hi, Not sure what you mean. But I think you are asking how can you ensure that Pulumi succeeded without exposing the cluster URL?
m

most-parrot-35986

11/12/2019, 8:24 AM
Yes, that's what I meant. Clearly haven't had enough yet.
b

broad-dog-22463

11/12/2019, 8:58 AM
if you are on TypeScript then you can do something like:
Copy code
export const clusterId = myCluster.Id;
using the correct id output of course
q

quaint-garden-96746

11/12/2019, 10:29 AM
Copy code
// Create an EKS cluster
const cluster = new eks.Cluster(
  "cluster",
  {
   ...
  },
  {
    customTimeouts: { create: "30m", delete: "30m", update: "30m" }
  }
);
export const kubeconfig = pulumi.secret(cluster.kubeconfig);
it’ll outputs:
Copy code
Outputs:
    kubeconfig: "[secret]"
then when you need to use it for kubectl
Copy code
pulumi stack output --show-secrets kubeconfig > ~/.kube/config