Hello, i am trying to deploy an eks cluster with crosswalk using an explicit provider like this, but i am getting the following error

pulumi:pulumi:Stack aws_test-cluster_aws_test_fhm running error: eks:index:Cluster resource 'eks' has a problem: Could not find aws CLI for EKS. See <https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html> for installation instructions.

I do not have the aws cli installed but from experience with azure etc. this is not required when configuring the provider explicitly. I have tried spinning up other resources like EC2 which works fine.

var provider = new Pulumi.Aws.Provider("aws", new()
            {
                AccessKey = "redacted",
                SecretKey = "redacted",
                Region = "redacted"
            });
            
            var eks = new Pulumi.Eks.Cluster("eks", new()
            {
                AutoMode = new AutoModeOptionsArgs()
                {
                    Enabled = true
                },
            }, new()
            {
                Provider = provider
            });

EKS is special with regards to that. In order to gain access to the cluster (i.e. exchange IAM credentials for cluster credentials) you need to call an AWS API. That's what the AWS CLI is needed for.

If you don’t have the AWS CLI installed and configured, set that up too.

per https://www.pulumi.com/blog/easily-create-and-manage-aws-eks-kubernetes-clusters-with-pulumi/

You can see how this works inernally by running

aws eks update-kubeconfig

for your cluster and inspecting your kubeconfig. The AWS CLI adds special exec commands into the kubeconfig for this auth dance. The EKS provider does the same thing when it creates the kubeconfig for interacting with the cluster

So i managed to get the cluster up but cannot deploy anything into it. my code looks like this. I am getting the following error

+  kubernetes:core/v1:Namespace keyshot **creating failed** error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

From what i can see from various documentation i am only supposed to create the kubernetes provider with the kubeconfig provided by the cluster when it is created, but this somehow doesn't seem to work an i have no idea why. Thanks in advance

var provider = new Pulumi.Aws.Provider("aws", new()
            {
                AccessKey = "redacted",
                SecretKey = "redacted",
                Region = "redacted"
            });

            var cluster = new Cluster("eks", new ClusterArgs
            {
                AutoMode = new AutoModeOptionsArgs { Enabled = true },
                AuthenticationMode = AuthenticationMode.Api,
            }, 
            new()
            {
                Provider = provider
            });
            
            var k8sProvider = new Pulumi.Kubernetes.Provider("k8s", new Pulumi.Kubernetes.ProviderArgs
            {
                KubeConfig = cluster.KubeconfigJson,
            }, new CustomResourceOptions
            {
                DependsOn = { cluster }
            });

            var ns = new Namespace("keyshot", new NamespaceArgs(), new CustomResourceOptions
            {
                Provider = k8sProvider,
            });

That error message indicates that your pulumi program is trying to connect to the k8s API server, but the credentials in the kubeconfig are not sufficient for authentication. You are creating an explicit AWS provider with hardcoded credentials, but the Kubernetes provider does not use these credentials directly. Instead, it relies on the kubeconfig, which may reference your local AWS CLI credentials. Try running

kubectl --kubeconfig=<path-to-kubeconfig> get ns

using the kubeconfig output by pulumi. If this fails, pulumi will also fail. You can use

pulumi stack output kubeconfig --show-secrets > kubeconfig.yaml

to output to your local directory (assuming you create an output called "kubeconfig").

I tried your suggestions by taking the kubeconfig output and using kubectl directly to acces the cluster and i'm getting the same errormessage

E0922 10:06:34.279062  942241 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server has asked for the client to provide credentials"

When setting up an eks cluster using crosswalk do i have to setup access myself? am i missing something here?

Wherever you are executing that

kubectl

command, do you have the same

AccessKey

&

SecretKey

that you used in the Explicit Provider available as env variables?