https://pulumi.com logo
#python
Title
g

gentle-diamond-70147

04/22/2020, 3:53 PM
@sparse-state-34229 that Kubernetes guide is using our
@pulumi/eks
module which is a set of higher-level components on top of the low-level AWS resources.
@pulumi/eks
is only available for TypeScript and JavaScript currently so that representation of an EKS cluster won't match exactly what you see in Python.
s

sparse-state-34229

04/22/2020, 3:57 PM
The same arguments are used in the
pulumi_aws
module docs...hmm
g

gentle-diamond-70147

04/22/2020, 4:01 PM
Yea, there might be some overlap in the arguments as they ultimately get passed to the same "raw" aws resources.
The
@pulumi/eks
cluster code is at https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts. You could likely find what you're looking for in there.
s

sparse-state-34229

04/22/2020, 4:59 PM
thanks, pretty sure I looked there already but I will double check. not feeling good about using python with pulumi given this lol šŸ˜ž
g

gentle-diamond-70147

04/22/2020, 5:18 PM
We do have more examples and high-level packages (EKS and AWSX) in TypeScript, but the capabilities are the same across all the languages. To put it another way,
@pulumi/eks
comes pre-assembled, where using EKS with
pulumi-aws
requires assembly.
s

sparse-state-34229

04/22/2020, 5:39 PM
yeah looks like I need to use
pulumi_kubernetes.core.v1.ConfigMap
like this https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cluster.ts#L610
hm shit, this presents a chicken/egg problem: my eks cluster is completely private and provisioned with the VPC lol
g

gentle-diamond-70147

04/22/2020, 7:58 PM
Not sure I follow... which is the chicken and which is the egg
s

sparse-state-34229

04/22/2020, 7:59 PM
VPC and EKS are in the same stack, Iā€™m running pulumi from my workstation
EKS is private thus only accessible from VPC
I may move EKS into another stack, or peer with a VPC w/bastion
so the VPC is the chicken and EKS is the egg
fffff Iā€™m so close
Copy code
error: resource kube-system/aws-auth was not successfully created by the Kubernetes API server : ConfigMap in version "v1" cannot be handled as a ConfigMap: v1.ConfigMap.Data: ReadString: expects " or n, but found [, error found in #10 byte of ...|apRoles":[{"groups":|..., bigger context ...|{"apiVersion":"v1","data":{"mapRoles":[{"groups":["system:masters"],"roleArn":"bastion-75|...
hmm think I got it, just need to figure out how to update an existing ConfigMap
took a break, came back and got it:
Copy code
config_map_data = {
            "mapRoles": pulumi.Output.all([bastion_role_arn]).apply(
                lambda x: yaml.dump(
                    [
                        {
                            "rolearn": x[0][0],
                            "username": "bastion",
                            "groups": ["system:masters"],
                        }
                    ]
                )
            )
        }

        node_access = ConfigMap(
            f"{self.name}-node-access",
            metadata={"name": "aws-auth", "namespace": "kube-system"},
            data=config_map_data,
            opts=pulumi.ResourceOptions(
                provider=self._provider(), depends_on=[self.cluster]
            ),
        )
šŸ‘ 2
thanks for the help @gentle-diamond-70147!
g

gentle-diamond-70147

04/23/2020, 2:26 AM
Glad you got it working. šŸ‘