search

pulumi / pulumi-eks

A Pulumi component for easily creating and managing an Amazon EKS Cluster
https://www.pulumi.com/registry/packages/eks/
Apache License 2.0
168 stars 76 forks source link

VPC CNI creation does not respect the `proxy` config or `HTTP_PROXY` environment variable #1191

Open miadabrin opened 2 weeks ago

miadabrin commented 2 weeks ago

What happened?

When creating a cluster with public endpoint disabled and using the proxy variable (and HTTP_PROXY environment variable) to use a private proxy to access cluster, the kubectl apply -f command for creating the vpc cni fails. Here is the error message:

warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://*****.sk1.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp ******:443: i/o timeout
error: configured Kubernetes cluster is unreachable. If the cluster was deleted, you can remove this resource from Pulumi state by rerunning the operation with the PULUMI_K8S_DELETE_UNREACHABLE environment variable set to "true"
error: error validating "/var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/tmp-747385hRwjppawMzD.tmp": error validating data: failed to download openapi: Get "https://*****.sk1.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp *****:443: i/o timeout; if you choose to ignore these errors, turn validation off with --validate=false

error: Command failed: kubectl apply -f /var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/tmp-747385hRwjppawMzD.tmp
error: error validating "/var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/tmp-747385hRwjppawMzD.tmp": error validating data: failed to download openapi: Get "https://9FBFDD077550C4CA53ECF87BF123DDB0.sk1.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp *****:443: i/o timeout; if you choose to ignore these errors, turn validation off with --validate=false

After reading the code, the issue seems to be because https://github.com/pulumi/pulumi-eks/blob/92465dce68dd560ae48fd0211cae9a74b4ee19e4/nodejs/eks/cmd/provider/cni.ts#L301 https://github.com/pulumi/pulumi-eks/blob/92465dce68dd560ae48fd0211cae9a74b4ee19e4/nodejs/eks/cmd/provider/cni.ts#L269 does not pass the correct environment variables (or the ability to do customizations/overrides on kube config)

Example

const cluster = new eks.Cluster(clusterName, {
        name: clusterName,
        authenticationMode:,
        privateSubnetIds: config.requireObject("eks-private-subnet-ids"),
        publicSubnetIds: config.requireObject("eks-public-subnet-ids"),
        endpointPublicAccess: config.getBoolean("eks-endpoint-public-access"),
        endpointPrivateAccess: true,
        skipDefaultNodeGroup: true,
        createOidcProvider: true,
        version: "1.26",
        vpcId: getEksVpcId(),
        proxy: config.get("eks-proxy"),
        roleMappings: [
            ****
        ],
        userMappings: config.requireObject("eks-iam-user-mappings"),
        enabledClusterLogTypes: config.requireObject("enabled-cluster-log-types"),
    }, {

    });

Output of pulumi about

pulumi about
CLI          
Version      3.119.0
Go Version   go1.22.4
Go Compiler  gc

Plugins
KIND      NAME        VERSION
resource  aws         6.39.0
resource  eks         2.6.0
resource  kubernetes  4.13.1
resource  kubernetes  3.21.4
language  nodejs      unknown

Host     
OS       darwin
Version  14.2.1
Arch     x86_64

This project is written in nodejs: executable='/Users/miadabrin/.nvm/versions/node/v20.10.0/bin/node' version='v20.10.0'

Current Stack: *****

TYPE                                                 URN
*****

Found no pending operations associated with fellowapp/staging

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/miadabrin
User           miadabrin
Organizations  miadabrin, fellowapp
Token type     personal

Dependencies:
NAME                              VERSION
@pulumi/pulumi                    3.119.0
prettier                          2.6.1
lodash                            4.17.21
@types/node                       17.0.23
@typescript-eslint/eslint-plugin  4.33.0
eslint-config-prettier            8.5.0
@pulumi/eks                       v2.6.0
@pulumi/kubernetes                v3.21.4
typescript                        4.6.3
eslint                            7.32.0
ts-dedent                         2.2.0
@pulumi/aws                       6.39.0
@types/lodash                     4.14.182
@typescript-eslint/parser         4.33.0

Pulumi locates its logs in /var/folders/m7/5pc_qrhx72g_grd3md7hzftc0000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

rquitales commented 2 weeks ago

Thanks for reporting this issue. We're looking into migrating the way we handle management of the VPC CNI addon (tracked by https://github.com/pulumi/pulumi-eks/issues/1132). This should also resolve the issues faced here.