can t seem to get the simple EKS with Fargate example to wor Pulumi Community #kubernetes

can’t seem to get the simple EKS with Fargate exam...

white-chef-55657

05/07/2022, 6:24 PM

can’t seem to get the simple EKS with Fargate example to work, the IAM user I’m using has the

AdministratorAccess

policy

Copy code

import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";

export const createCluster = (stackName: string) => {
  const vpc = new awsx.ec2.Vpc(`${stackName}-eks-cluster`, {
    numberOfAvailabilityZones: "all",
  });

  const rolesSSOAdmin = pulumi.output(aws.iam.getRoles({
    nameRegex: ".*AWSReservedSSO_AWSAdministratorAccess.*",
  }))

  const cluster = new eks.Cluster(stackName, {
    fargate: true,
    vpcId: vpc.id,
    createOidcProvider: true,
    privateSubnetIds: vpc.privateSubnetIds,
    publicSubnetIds: vpc.publicSubnetIds,
    enabledClusterLogTypes: [
      "api",
      "audit",
      "authenticator",
      "controllerManager",
      "scheduler",
    ],
    roleMappings: [
      {
        groups: ["system:masters"],
        roleArn: rolesSSOAdmin.arns[0],
        username: "pulumi:admin-usr",
      },
    ],
  });

  return cluster;
};

error:

Copy code

eks:index:VpcCni (prod-vpc-cni):
    error: Command failed: kubectl apply -f /var/folders/07/53v8pkz52xd_324b5n15b9l40000gn/T/tmp-369306DJMe7fe12yG.tmp
    error: You must be logged in to the server (the server has asked for the client to provide credentials)

ideas?

billowy-army-68599

05/07/2022, 7:16 PM

@white-chef-55657 that's coming from the

kubectl

configuration that gets created. When an EKS cluster is created, it also creates a kubeconfig and a provider. I would export the

kubeconfig

from the EKS cluster and verify your AWS credentials have adequate access. The

roleMappings

are usually to blame

white-chef-55657

05/07/2022, 8:04 PM

ah.. I had the key/secret configured in the stack config, but I realize now that kubectl won’t be using these.. I must also set the env vars for the key/secret - which makes the config vars redundant

white-chef-55657

05/07/2022, 8:05 PM

you think it’s worth having the eks provider add the aws key/secret from the stack config to the environment? I don’t mind opening a PR with that

billowy-army-68599

05/07/2022, 8:06 PM

that's not really a practice we see all that often tbh. Most people configure the provider using AWS profiles or externally to Pulumi, or use IAM roles

white-chef-55657

05/07/2022, 8:08 PM

right, so configuring AWS profiles is essentially the same as setting the env vars this means I cannot rely solely on the pulumi stack config for credentials

white-chef-55657

05/07/2022, 8:09 PM

the benefit of the pulumi stack config is the encrypted secrets, where as with env vars I don’t have that

billowy-army-68599

05/07/2022, 8:09 PM

understood, would be best to file an issue with your use case I think

white-chef-55657

05/07/2022, 8:09 PM

will do, thanks

white-chef-55657

05/07/2022, 8:19 PM

https://github.com/pulumi/pulumi-eks/issues/694 I hope this is clear enough

116 Views

Open in Slack

Previous Next