pulumi-eks
pulumi-eks copied to clipboard
pulumi
VPC CNI creation does not respect the `proxy` config or `HTTP_PROXY` environment variable
What happened?
When creating a cluster with public endpoint disabled and using the proxy variable (and HTTP_PROXY environment variable) to use a private proxy to access cluster, the kubectl apply -f command for creating the vpc cni fails. Here is the error message:
warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://*****.sk1.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp ******:443: i/o timeout
error: configured Kubernetes cluster is unreachable. If the cluster was deleted, you can remove this resource from Pulumi state by rerunning the operation with the PULUMI_K8S_DELETE_UNREACHABLE environment variable set to "true"
error: error validating "/var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/tmp-747385hRwjppawMzD.tmp": error validating data: failed to download openapi: Get "https://*****.sk1.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp *****:443: i/o timeout; if you choose to ignore these errors, turn validation off with --validate=false
error: Command failed: kubectl apply -f /var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/tmp-747385hRwjppawMzD.tmp
error: error validating "/var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/tmp-747385hRwjppawMzD.tmp": error validating data: failed to download openapi: Get "https://9FBFDD077550C4CA53ECF87BF123DDB0.sk1.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp *****:443: i/o timeout; if you choose to ignore these errors, turn validation off with --validate=false
After reading the code, the issue seems to be because https://github.com/pulumi/pulumi-eks/blob/92465dce68dd560ae48fd0211cae9a74b4ee19e4/nodejs/eks/cmd/provider/cni.ts#L301 https://github.com/pulumi/pulumi-eks/blob/92465dce68dd560ae48fd0211cae9a74b4ee19e4/nodejs/eks/cmd/provider/cni.ts#L269 does not pass the correct environment variables (or the ability to do customizations/overrides on kube config)
Example
const cluster = new eks.Cluster(clusterName, {
name: clusterName,
authenticationMode:,
privateSubnetIds: config.requireObject("eks-private-subnet-ids"),
publicSubnetIds: config.requireObject("eks-public-subnet-ids"),
endpointPublicAccess: config.getBoolean("eks-endpoint-public-access"),
endpointPrivateAccess: true,
skipDefaultNodeGroup: true,
createOidcProvider: true,
version: "1.26",
vpcId: getEksVpcId(),
proxy: config.get("eks-proxy"),
roleMappings: [
****
],
userMappings: config.requireObject("eks-iam-user-mappings"),
enabledClusterLogTypes: config.requireObject("enabled-cluster-log-types"),
}, {
});
Output of pulumi about
pulumi about
CLI
Version 3.119.0
Go Version go1.22.4
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 6.39.0
resource eks 2.6.0
resource kubernetes 4.13.1
resource kubernetes 3.21.4
language nodejs unknown
Host
OS darwin
Version 14.2.1
Arch x86_64
This project is written in nodejs: executable='/Users/miadabrin/.nvm/versions/node/v20.10.0/bin/node' version='v20.10.0'
Current Stack: *****
TYPE URN
*****
Found no pending operations associated with fellowapp/staging
Backend
Name pulumi.com
URL https://app.pulumi.com/miadabrin
User miadabrin
Organizations miadabrin, fellowapp
Token type personal
Dependencies:
NAME VERSION
@pulumi/pulumi 3.119.0
prettier 2.6.1
lodash 4.17.21
@types/node 17.0.23
@typescript-eslint/eslint-plugin 4.33.0
eslint-config-prettier 8.5.0
@pulumi/eks v2.6.0
@pulumi/kubernetes v3.21.4
typescript 4.6.3
eslint 7.32.0
ts-dedent 2.2.0
@pulumi/aws 6.39.0
@types/lodash 4.14.182
@typescript-eslint/parser 4.33.0
Pulumi locates its logs in /var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/ by default
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
