p

    prehistoric-kite-30979

    6 months ago
    Hi all, Has anyone managed to use eks entirely from credentials stored in the stack config? I’ve got it working on up by actually retrieving the token and shoving it in a kubeconfig but destroy doesn’t appear to re-retrieve the token, just relies on the one stored in the state.
    b

    brave-ambulance-98491

    6 months ago
    I use RBAC and have Pulumi store a role that's assumed on deploy. However, this still requires AWS credentials that can assume that role in order to run Pulumi. Is this what you mean, or are you looking to embed static credentials in the configuration file?
    p

    prehistoric-kite-30979

    6 months ago
    we store credz + role to assume in the stack config and then use that to auth to eks
    so yes basically static credz in our stack config
    p

    purple-plumber-90981

    6 months ago
    in our CI pipe, we subprocess out a call to `aws eks update-kubeconfig and then
    k8s_provider = k8s.Provider(
        "k8s_provider",
        # cluster=current_context,
        context=current_context,
        kubeconfig='~/.kube/config',