Hi everyone, i have a question related to pulumi s...
# general
Hi everyone, i have a question related to pulumi setting up a AWS EKS. Currently i have the issue that the EKS fails to setup the VPC CNI with following error: “You must be logged in to the server (the server has asked for the client to provide credentials)“. When i manually get a kubeconfig from aws-cli for the pulumi created EKS i can use kubectl just fine. We use temporary credentials since we have SSO enabled. Maybe there is an issue with that and how kubectl tries to generate EKS tokens?
@melodic-horse-69239 are you using AWS profiles?
but for pulumi i use environment access key and secret key as well as AWS_PROFILE set to the correct sso profile
(and session token ofc)
are you setting it in your EKS code though?
ok, i have checked what kubeconfig the aws cli generates and it differs in one point. the user exec to get the token has a env object which sets AWS_PROFILE to the sso profile name the pulumi generated kubeconfig doesn’t have that env
Copy code
const kubeconfigOpts: eks.KubeconfigOptions = {profileName: profile};

const cluster = new eks.Cluster(name, {
    providerCredentialOpts: kubeconfigOpts,
    vpcId: vpc.id,
    privateSubnetIds: vpc.privateSubnetIds,
    publicSubnetIds: vpc.publicSubnetIds,
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    createOidcProvider: true,
    tags: {
        Owner: "lbriggs",
        owner: "lbriggs",
you need to set your
like this
ok, let me check, that should be the problem then
that worked, huge thanks 🙂