Channels
#general
Title
# general
m
melodic-horse-69239
03/09/2022, 4:14 PMHi everyone, i have a question related to pulumi setting up a AWS EKS. Currently i have the issue that the EKS fails to setup the VPC CNI with following error: “You must be logged in to the server (the server has asked for the client to provide credentials)“. When i manually get a kubeconfig from aws-cli for the pulumi created EKS i can use kubectl just fine.
We use temporary credentials since we have SSO enabled. Maybe there is an issue with that and how kubectl tries to generate EKS tokens?
b
billowy-army-68599
03/09/2022, 4:19 PM
@melodic-horse-69239 are you using AWS profiles?
m
melodic-horse-69239
03/09/2022, 4:19 PMyes
but for pulumi i use environment access key and secret key as well as AWS_PROFILE set to the correct sso profile
(and session token ofc)
b
billowy-army-68599
03/09/2022, 4:22 PM
are you setting it in your EKS code though?
m
melodic-horse-69239
03/09/2022, 4:22 PMok, i have checked what kubeconfig the aws cli generates and it differs in one point. the user exec to get the token has a env object which sets AWS_PROFILE to the sso profile name
the pulumi generated kubeconfig doesn’t have that env
b
billowy-army-68599
03/09/2022, 4:23 PM
Copy code
const kubeconfigOpts: eks.KubeconfigOptions = {profileName: profile};
const cluster = new eks.Cluster(name, {
providerCredentialOpts: kubeconfigOpts,
vpcId: vpc.id,
privateSubnetIds: vpc.privateSubnetIds,
publicSubnetIds: vpc.publicSubnetIds,
instanceType: "t2.medium",
desiredCapacity: 2,
minSize: 1,
maxSize: 2,
createOidcProvider: true,
tags: {
Owner: "lbriggs",
owner: "lbriggs",
}
});you need to set your
kubeconfigOptsm
melodic-horse-69239
03/09/2022, 4:24 PMok, let me check, that should be the problem then
that worked, huge thanks 🙂
21 Views