Skip to content

Instantly share code, notes, and snippets.

@roderik

roderik/crd yaml Secret

Last active September 26, 2020 20:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save roderik/1a969b10c4365841ab72e79b51152b9b to your computer and use it in GitHub Desktop.
Save roderik/1a969b10c4365841ab72e79b51152b9b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
crd yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: aws-node
rules:
- apiGroups:
- crd.k8s.amazonaws.com
resources:
- '*'
- namespaces
verbs:
- '*'
- apiGroups:
- ''
resources:
- pods
- nodes
- namespaces
verbs:
- list
- watch
- get
- apiGroups:
- extensions
resources:
- daemonsets
verbs:
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-node
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: aws-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aws-node
subjects:
- kind: ServiceAccount
name: aws-node
namespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: aws-node
namespace: kube-system
labels:
k8s-app: aws-node
spec:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 10%
selector:
matchLabels:
k8s-app: aws-node
template:
metadata:
labels:
k8s-app: aws-node
spec:
priorityClassName: system-node-critical
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
serviceAccountName: aws-node
hostNetwork: true
tolerations:
- operator: Exists
containers:
- image: '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0'
imagePullPolicy: Always
ports:
- containerPort: 61678
name: metrics
name: aws-node
readinessProbe:
exec:
command:
- /app/grpc-health-probe
- '-addr=:50051'
initialDelaySeconds: 35
livenessProbe:
exec:
command:
- /app/grpc-health-probe
- '-addr=:50051'
initialDelaySeconds: 35
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: stdout
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: AWS_VPC_ENI_MTU
value: '9001'
resources:
requests:
cpu: 10m
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
- mountPath: /host/var/log
name: log-dir
- mountPath: /var/run/docker.sock
name: dockersock
- mountPath: /var/run/dockershim.sock
name: dockershim
volumes:
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
- name: log-dir
hostPath:
path: /var/log
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: dockershim
hostPath:
path: /var/run/dockershim.sock
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: eniconfigs.crd.k8s.amazonaws.com
spec:
scope: Cluster
group: crd.k8s.amazonaws.com
versions:
- name: v1alpha1
served: true
storage: true
names:
plural: eniconfigs
singular: eniconfig
kind: ENIConfig
Raw
full error log
~/Development/pulumitest via ⬢ v14.7.0 took 51s
❯ pulumi up -d -v=5
Previewing update (settlemint/newcluster)
View Live: https://app.pulumi.com/settlemint/pulumitest/newcluster/previews/bb59ccaf-1a21-40ba-93c6-352e9f2f6c6e
Type Name Plan Info
+ pulumi:pulumi:Stack pulumitest-newcluster create 245 debugs
+ ├─ eks:index:Cluster newcluster create
+ │ ├─ eks:index:ServiceRole newcluster-eksRole create
+ │ │ ├─ aws:iam:Role newcluster-eksRole-role create
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-eksRole-4b490823 create
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-eksRole-90eb1c99 create
+ │ ├─ eks:index:ServiceRole newcluster-instanceRole create
+ │ │ ├─ aws:iam:Role newcluster-instanceRole-role create
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-e1b295bd create
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-03516f97 create
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-instanceRole-3eb088f2 create
+ │ ├─ pulumi-nodejs:dynamic:Resource newcluster-cfnStackName create
+ │ ├─ aws:iam:InstanceProfile newcluster-instanceProfile create
+ │ ├─ aws:ec2:SecurityGroup newcluster-eksClusterSecurityGroup create
+ │ ├─ aws:eks:Cluster newcluster-eksCluster create
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksClusterInternetEgressRule create
+ │ ├─ pulumi:providers:kubernetes newcluster-eks-k8s create
+ │ ├─ pulumi-nodejs:dynamic:Resource newcluster-vpc-cni create
+ │ ├─ aws:ec2:SecurityGroup newcluster-nodeSecurityGroup create
+ │ ├─ kubernetes:core:ConfigMap newcluster-nodeAccess create
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksNodeClusterIngressRule create
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksExtApiServerClusterIngressRule create
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksNodeInternetEgressRule create
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksNodeIngressRule create
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksClusterIngressRule create
+ │ ├─ aws:ec2:LaunchConfiguration newcluster-nodeLaunchConfiguration create
+ │ ├─ aws:cloudformation:Stack newcluster-nodes create
+ │ └─ pulumi:providers:kubernetes newcluster-provider create
+ └─ pulumi:providers:aws aws create
Diagnostics:
pulumi:pulumi:Stack (pulumitest-newcluster):
debug: Registering resource: t=pulumi:pulumi:Stack, name=pulumitest-newcluster, custom=false, remote=false
debug: RegisterResource RPC prepared: t=pulumi:pulumi:Stack, name=pulumitest-newcluster
debug: RegisterResource RPC finished: resource:pulumitest-newcluster[pulumi:pulumi:Stack]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster,,,,
debug: Running program '/Users/roderik/Development/pulumitest' in pwd '/Users/roderik/Development/pulumitest' w/ args:
debug: Registering resource: t=pulumi:providers:aws, name=aws, custom=true, remote=false
debug: Registering resource: t=eks:index:Cluster, name=newcluster, custom=false, remote=false
debug: Invoking function: tok=aws:ec2/getVpc:getVpc asynchronously
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-eksRole, custom=false, remote=false
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-eksRole-role, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule, custom=true, remote=false
debug: Registering resource: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster, custom=true, remote=false
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s, custom=true, remote=false
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni, custom=true, remote=false
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-instanceRole, custom=false, remote=false
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-instanceRole-role, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2, custom=true, remote=false
debug: Registering resource: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile, custom=true, remote=false
debug: Registering resource: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule, custom=true, remote=false
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName, custom=true, remote=false
debug: Invoking function: tok=aws:index/getRegion:getRegion asynchronously
debug: Registering resource: t=aws:ec2/launchConfiguration:LaunchConfiguration, name=newcluster-nodeLaunchConfiguration, custom=true, remote=false
debug: Registering resource: t=aws:cloudformation/stack:Stack, name=newcluster-nodes, custom=true, remote=false
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-provider, custom=true, remote=false
debug: , obj={}
debug: , obj={"default":true}
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: , obj={"subnetId":"subnet-139bf968"}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: RegisterResource RPC prepared: t=pulumi:providers:aws, name=aws
debug: RegisterResource RPC prepared: t=eks:index:Cluster, name=newcluster
debug: RegisterResource RPC finished: resource:newcluster[eks:index:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster,,,,
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-eksRole
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-instanceRole
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName
debug: RegisterResource RPC finished: resource:aws[pulumi:providers:aws]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:providers:aws::aws,,region,,,eu-west-3,,
debug: AWS Auth provider used: "EnvProvider"
debug: RegisterResource RPC finished: resource:newcluster-instanceRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole,,,,
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-instanceRole-role
debug: RegisterResource RPC finished: resource:newcluster-eksRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole,,,,
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-eksRole-role
debug: Trying to get account information via sts:GetCallerIdentity
debug: Trying to get account information via sts:GetCallerIdentity
debug: Reading Route Table: {
debug: Filters: [{
debug: Name: "association.subnet-id",
debug: Values: ["subnet-139bf968"]
debug: }]
debug: }
debug: Reading AWS VPC: {
debug: Filters: [{
debug: Name: "isDefault",
debug: Values: ["true"]
debug: }]
debug: }
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-instanceRole-role,,__defaults,,,,,,,,forceDetachPolicies,,,maxSessionDuration,,,name,,,path,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Action":["sts:AssumeRole"],"Effect":"Allow","Principal":{"Service":["ec2.amazonaws.com"]}}]},forceDetachPolicies,,,,false,maxSessionDuration,,3600,name,,,newcluster-instanceRole-role-9cac8e5,path,,,/,,
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2
debug: Invoke RPC finished: tok=aws:index/getRegion:getRegion; err: null, resp: description,,,Europe (Paris),endpoint,,,ec2.eu-west-3.amazonaws.com,id,,,eu-west-3,name,,,eu-west-3,
debug: RegisterResource RPC finished: resource:newcluster-eksRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-eksRole-role,,__defaults,,,,,,,,forceDetachPolicies,,,maxSessionDuration,,,name,,,path,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Action":["sts:AssumeRole"],"Effect":"Allow","Principal":{"Service":["eks.amazonaws.com"]}}]},description,,,Allows EKS to manage clusters on your behalf.,forceDetachPolicies,,,,false,maxSessionDuration,,3600,name,,,newcluster-eksRole-role-82b5a7a,path,,,/,,
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99
debug: RegisterResource RPC finished: resource:newcluster-cfnStackName[pulumi-nodejs:dynamic:Resource]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi-nodejs:dynamic:Resource::newcluster-cfnStackName,,__provider,,,exports.handler = __f0;
var __provider = {check: __f1, diff: __f2, create: __f3, update: __f5, read: __f6, delete: __f7};
function __f1(__0, __1) {
return (function() {
with({ }) {
return (olds, news) => Promise.resolve({ inputs: news, failedChecks: [] });
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f2(__0, __1, __2) {
return (function() {
with({ }) {
return (id, olds, news) => Promise.resolve({});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f4(__0) {
return (function() {
with({ crypto: require("crypto") }) {
return n => `${n}-${crypto.randomBytes(4).toString("hex")}`;
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f3(__0) {
return (function() {
with({ name: "newcluster-cfnStackName", func: __f4 }) {
return (inputs) => Promise.resolve({
id: name,
outs: { output: func(inputs.input) },
});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f5(__0, __1, __2) {
return (function() {
with({ func: __f4 }) {
return (id, olds, news) => Promise.resolve({
outs: { output: func(news.input) },
});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f6(__0, __1) {
return (function() {
with({ }) {
return (id, state) => Promise.resolve({ id: id, props: state });
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f7(__0, __1) {
return (function() {
with({ }) {
return (id, props) => Promise.resolve();
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f0() {
return (function() {
with({ provider: __provider }) {
return () => provider;
}
}).apply(undefined, undefined).apply(this, arguments);
}
,input,,,newcluster,,
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-e1b295bd[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-e1b295bd,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-03516f97[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-03516f97,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-3eb088f2[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-3eb088f2,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole
debug: RegisterResource RPC prepared: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile
debug: RegisterResource RPC finished: resource:newcluster-eksRole-4b490823[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-4b490823,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSClusterPolicy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResource RPC finished: resource:newcluster-eksRole-90eb1c99[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-90eb1c99,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSServicePolicy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole; err: null, resp:
debug: RegisterResource RPC finished: resource:newcluster-instanceProfile[aws:iam/instanceProfile:InstanceProfile]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:iam/instanceProfile:InstanceProfile::newcluster-instanceProfile,,__defaults,,,,,,,,name,,,path,name,,,newcluster-instanceProfile-7f65e8e,path,,,/,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole; err: null, resp:
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred:
* Your query returned no results. Please change your search criteria and try again
, resp: undefined
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously
debug: Reading Subnet: {
debug: SubnetIds: ["subnet-139bf968"]
debug: }
debug: , obj={"id":"subnet-139bf968"}
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-139bf968,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3b,availabilityZoneId,,,euw3-az2,cidrBlock,,,172.31.16.0/20,defaultForAz,,,,true,id,,,subnet-139bf968,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2,
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"}
debug: DescribeRouteTables {
debug: Filters: [{
debug: Name: "vpc-id",
debug: Values: ["vpc-ab0925c2"]
debug: },{
debug: Name: "association.main",
debug: Values: ["true"]
debug: }]
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926153852051300000001,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: Filters: [{
debug: Name: "route-table-id",
debug: Values: ["rtb-e197aa88"]
debug: }]
debug: , obj={"routeTableId":"rtb-e197aa88"}
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getVpc:getVpc; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:vpc/vpc-ab0925c2,cidrBlock,,,172.31.0.0/16,cidrBlockAssociations,,,,,,,,,,associationId,,,vpc-cidr-assoc-20243249,cidrBlock,,,172.31.0.0/16,state,,,associated,default,,,,true,dhcpOptionsId,,,dopt-0a903fa3adfeadc1a,enableDnsHostnames,,,,true,enableDnsSupport,,,,true,id,,,vpc-ab0925c2,instanceTenancy,,,default,mainRouteTableId,,,rtb-e197aa88,ownerId,,,711839938093,state,,,available,tags,,,,,,
debug: Invoking function: tok=aws:ec2/getSubnetIds:getSubnetIds asynchronously
debug: , obj={"vpcId":"vpc-ab0925c2"}
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup
debug: RegisterResource RPC finished: resource:newcluster-eksClusterSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-eksClusterSecurityGroup,,__defaults,,,,,,,,name,description,,,Managed by Pulumi,name,,,newcluster-eksClusterSecurityGroup-83ec25c,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-eksClusterSecurityGroup,__defaults,,,,,,,vpcId,,,vpc-ab0925c2,,
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule
debug: RegisterResource RPC prepared: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster
debug: RegisterResource RPC finished: resource:newcluster-eksCluster[aws:eks/cluster:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:eks/cluster:Cluster::newcluster-eksCluster,,__defaults,,,,,,,name,,,my-cluster,roleArn,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,tags,,,,,Name,,,newcluster-eksCluster,__defaults,,,,,,,vpcConfig,,,,,__defaults,,,,,,,,endpointPrivateAccess,,,endpointPublicAccess,endpointPrivateAccess,,,,false,endpointPublicAccess,,,,true,securityGroupIds,,,,,,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,subnetIds,,,,,,,,subnet-139bf968,,,subnet-9266d1df,,,subnet-cb94dfa2,,
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup
debug: RegisterResource RPC prepared: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni
debug: RegisterResource RPC finished: resource:newcluster-eksClusterInternetEgressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksClusterInternetEgressRule,,__defaults,,,,,,,,self,cidrBlocks,,,,,,,,0.0.0.0/0,description,,,Allow internet access.,fromPort,,0,protocol,,,-1,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,self,,,,false,toPort,,0,type,,,egress,,
debug: RegisterResource RPC finished: resource:newcluster-eks-k8s[pulumi:providers:kubernetes]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi:providers:kubernetes::newcluster-eks-k8s,,kubeconfig,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResource RPC prepared: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess
debug: RegisterResource RPC finished: resource:newcluster-vpc-cni[pulumi-nodejs:dynamic:Resource]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi-nodejs:dynamic:Resource::newcluster-vpc-cni,,__provider,,,exports.handler = __f0;
var __provider = {check: __f1, diff: __f2, create: __f3, update: __f4, read: __f5, delete: __f6};
function __f1(__0, __1) {
return (function() {
with({ }) {
return (state, inputs) => Promise.resolve({ inputs: inputs, failedChecks: [] });
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f2(__0, __1, __2) {
return (function() {
with({ }) {
return (id, state, inputs) => Promise.resolve({});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __computeVpcCniYaml(__0, __1) {
return (function() {
with({ jsyaml: require("js-yaml/index.js"), computeVpcCniYaml: __computeVpcCniYaml }) {
return function /*computeVpcCniYaml*/(cniYamlText, args) {
const cniYaml = jsyaml.safeLoadAll(cniYamlText);
// Rewrite the envvars for the CNI daemon set as per the inputs.
const daemonSet = cniYaml.filter(o => o.kind === "DaemonSet")[0];
const env = daemonSet.spec.template.spec.containers[0].env;
if (args.nodePortSupport) {
env.push({ name: "AWS_VPC_CNI_NODE_PORT_SUPPORT", value: args.nodePortSupport ? "true" : "false" });
}
if (args.customNetworkConfig) {
env.push({ name: "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG", value: args.customNetworkConfig ? "true" : "false" });
}
if (args.externalSnat) {
env.push({ name: "AWS_VPC_K8S_CNI_EXTERNALSNAT", value: args.externalSnat ? "true" : "false" });
}
if (args.warmEniTarget) {
env.push({ name: "WARM_ENI_TARGET", value: args.warmEniTarget.toString() });
}
if (args.warmIpTarget) {
env.push({ name: "WARM_IP_TARGET", value: args.warmIpTarget.toString() });
}
if (args.logLevel) {
env.push({ name: "AWS_VPC_K8S_CNI_LOGLEVEL", value: args.logLevel.toString() });
}
else {
env.push({ name: "AWS_VPC_K8S_CNI_LOGLEVEL", value: "DEBUG" });
}
if (args.logFile) {
env.push({ name: "AWS_VPC_K8S_CNI_LOG_FILE", value: args.logFile.toString() });
}
else {
env.push({ name: "AWS_VPC_K8S_CNI_LOG_FILE", value: "stdout" });
}
if (args.vethPrefix) {
env.push({ name: "AWS_VPC_K8S_CNI_VETHPREFIX", value: args.vethPrefix.toString() });
}
else {
env.push({ name: "AWS_VPC_K8S_CNI_VETHPREFIX", value: "eni" });
}
if (args.eniMtu) {
env.push({ name: "AWS_VPC_ENI_MTU", value: args.eniMtu.toString() });
}
else {
env.push({ name: "AWS_VPC_ENI_MTU", value: "9001" });
}
if (args.image) {
daemonSet.spec.template.spec.containers[0].image = args.image.toString();
}
if (args.eniConfigLabelDef) {
env.push({ name: "ENI_CONFIG_LABEL_DEF", value: args.eniConfigLabelDef.toString() });
}
// Return the computed YAML.
return cniYaml.map(o => `---\n${jsyaml.safeDump(o)}`).join("");
};
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __applyVpcCniYaml(__0, __1) {
return (function() {
with({ tmp: require("tmp/lib/tmp.js"), fs: require("fs"), computeVpcCniYaml: __computeVpcCniYaml, childProcess: require("child_process"), applyVpcCniYaml: __applyVpcCniYaml }) {
return function /*applyVpcCniYaml*/(cniYamlText, args) {
// Dump the kubeconfig to a file.
const tmpKubeconfig = tmp.fileSync();
fs.writeFileSync(tmpKubeconfig.fd, args.kubeconfig);
// Compute the required CNI YAML and dump it to a file.
const tmpYaml = tmp.fileSync();
fs.writeFileSync(tmpYaml.fd, computeVpcCniYaml(cniYamlText, args));
// Call kubectl to apply the YAML.
childProcess.execSync(`kubectl apply -f ${tmpYaml.name}`, {
env: Object.assign(Object.assign({}, process.env), { "KUBECONFIG": tmpKubeconfig.name }),
});
};
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f3(__0) {
return (function() {
with({ applyVpcCniYaml: __applyVpcCniYaml, cniYamlText: "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: aws-node\nrules:\n - apiGroups:\n - crd.k8s.amazonaws.com\n resources:\n - \"*\"\n - namespaces\n verbs:\n - \"*\"\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs: [\"list\", \"watch\", \"get\"]\n - apiGroups: [\"extensions\"]\n resources:\n - daemonsets\n verbs: [\"list\", \"watch\"]\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aws-node\n namespace: kube-system\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aws-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aws-node\nsubjects:\n - kind: ServiceAccount\n name: aws-node\n namespace: kube-system\n\n---\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: aws-node\n namespace: kube-system\n labels:\n k8s-app: aws-node\nspec:\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: \"10%\"\n selector:\n matchLabels:\n k8s-app: aws-node\n template:\n metadata:\n labels:\n k8s-app: aws-node\n spec:\n priorityClassName: system-node-critical\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: \"beta.kubernetes.io/os\"\n operator: In\n values:\n - linux\n - key: \"beta.kubernetes.io/arch\"\n operator: In\n values:\n - amd64\n - key: eks.amazonaws.com/compute-type\n operator: NotIn\n values:\n - fargate\n serviceAccountName: aws-node\n hostNetwork: true\n tolerations:\n - operator: Exists\n containers:\n - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0\n imagePullPolicy: Always\n ports:\n - containerPort: 61678\n name: metrics\n name: aws-node\n readinessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n livenessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n - mountPath: /host/var/log\n name: log-dir\n - mountPath: /var/run/docker.sock\n name: dockersock\n - mountPath: /var/run/dockershim.sock\n name: dockershim\n volumes:\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n - name: log-dir\n hostPath:\n path: /var/log\n - name: dockersock\n hostPath:\n path: /var/run/docker.sock\n - name: dockershim\n hostPath:\n path: /var/run/dockershim.sock\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: eniconfigs.crd.k8s.amazonaws.com\nspec:\n scope: Cluster\n group: crd.k8s.amazonaws.com\n versions:\n - name: v1alpha1\n served: true\n storage: true\n names:\n plural: eniconfigs\n singular: eniconfig\n kind: ENIConfig\n", crypto: require("crypto") }) {
return (inputs) => {
applyVpcCniYaml(cniYamlText, inputs);
return Promise.resolve({ id: crypto.randomBytes(8).toString("hex"), outs: {} });
};
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f4(__0, __1, __2) {
return (function() {
with({ applyVpcCniYaml: __applyVpcCniYaml, cniYamlText: "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: aws-node\nrules:\n - apiGroups:\n - crd.k8s.amazonaws.com\n resources:\n - \"*\"\n - namespaces\n verbs:\n - \"*\"\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs: [\"list\", \"watch\", \"get\"]\n - apiGroups: [\"extensions\"]\n resources:\n - daemonsets\n verbs: [\"list\", \"watch\"]\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aws-node\n namespace: kube-system\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aws-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aws-node\nsubjects:\n - kind: ServiceAccount\n name: aws-node\n namespace: kube-system\n\n---\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: aws-node\n namespace: kube-system\n labels:\n k8s-app: aws-node\nspec:\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: \"10%\"\n selector:\n matchLabels:\n k8s-app: aws-node\n template:\n metadata:\n labels:\n k8s-app: aws-node\n spec:\n priorityClassName: system-node-critical\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: \"beta.kubernetes.io/os\"\n operator: In\n values:\n - linux\n - key: \"beta.kubernetes.io/arch\"\n operator: In\n values:\n - amd64\n - key: eks.amazonaws.com/compute-type\n operator: NotIn\n values:\n - fargate\n serviceAccountName: aws-node\n hostNetwork: true\n tolerations:\n - operator: Exists\n containers:\n - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0\n imagePullPolicy: Always\n ports:\n - containerPort: 61678\n name: metrics\n name: aws-node\n readinessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n livenessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n - mountPath: /host/var/log\n name: log-dir\n - mountPath: /var/run/docker.sock\n name: dockersock\n - mountPath: /var/run/dockershim.sock\n name: dockershim\n volumes:\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n - name: log-dir\n hostPath:\n path: /var/log\n - name: dockersock\n hostPath:\n path: /var/run/docker.sock\n - name: dockershim\n hostPath:\n path: /var/run/dockershim.sock\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: eniconfigs.crd.k8s.amazonaws.com\nspec:\n scope: Cluster\n group: crd.k8s.amazonaws.com\n versions:\n - name: v1alpha1\n served: true\n storage: true\n names:\n plural: eniconfigs\n singular: eniconfig\n kind: ENIConfig\n" }) {
return (id, state, inputs) => {
applyVpcCniYaml(cniYamlText, inputs);
return Promise.resolve({ outs: {} });
};
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f5(__0, __1) {
return (function() {
with({ }) {
return (id, state) => Promise.resolve({ id: id, props: state });
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f6(__0, __1) {
return (function() {
with({ }) {
return (id, state) => Promise.resolve();
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f0() {
return (function() {
with({ provider: __provider }) {
return () => provider;
}
}).apply(undefined, undefined).apply(this, arguments);
}
,kubeconfig,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResource RPC finished: resource:newcluster-nodeAccess[kubernetes:core/v1:ConfigMap]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$kubernetes:core/v1:ConfigMap::newcluster-nodeAccess,,apiVersion,,,v1,data,,,,,mapRoles,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,kind,,,ConfigMap,metadata,,,,,name,,,aws-auth,namespace,,,kube-system,,
debug: RegisterResource RPC finished: resource:newcluster-nodeSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-nodeSecurityGroup,,__defaults,,,,,,,,name,description,,,Managed by Pulumi,name,,,newcluster-nodeSecurityGroup-495e8da,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-nodeSecurityGroup,__defaults,,,,,,,kubernetes.io/cluster/my-cluster,,,owned,vpcId,,,vpc-ab0925c2,,
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule
debug: Reading Route Table: {
debug: Filters: [{
debug: Name: "association.subnet-id",
debug: Values: ["subnet-9266d1df"]
debug: }]
debug: }
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule
debug: RegisterResource RPC finished: resource:newcluster-eksNodeClusterIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksNodeClusterIngressRule,,__defaults,,,,,,,description,,,Allow worker Kubelets and pods to receive communication from the cluster control plane,fromPort,,1025,protocol,,,tcp,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,sourceSecurityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,toPort,,65535,type,,,ingress,,
debug: RegisterResource RPC finished: resource:newcluster-eksExtApiServerClusterIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksExtApiServerClusterIngressRule,,__defaults,,,,,,,description,,,Allow pods running extension API servers on port 443 to receive communication from cluster control plane,fromPort,,443,protocol,,,tcp,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,sourceSecurityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,toPort,,443,type,,,ingress,,
debug: RegisterResource RPC finished: resource:newcluster-eksNodeInternetEgressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksNodeInternetEgressRule,,__defaults,,,,,,,,self,cidrBlocks,,,,,,,,0.0.0.0/0,description,,,Allow internet access.,fromPort,,0,protocol,,,-1,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,self,,,,false,toPort,,0,type,,,egress,,
debug: RegisterResource RPC finished: resource:newcluster-eksNodeIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksNodeIngressRule,,__defaults,,,,,,,description,,,Allow nodes to communicate with each other,fromPort,,0,protocol,,,-1,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,self,,,,true,toPort,,0,type,,,ingress,,
debug: RegisterResource RPC finished: resource:newcluster-eksClusterIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksClusterIngressRule,,__defaults,,,,,,,description,,,Allow pods to communicate with the cluster API Server,fromPort,,443,protocol,,,tcp,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,sourceSecurityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,toPort,,443,type,,,ingress,,
debug: RegisterResource RPC prepared: t=aws:ec2/launchConfiguration:LaunchConfiguration, name=newcluster-nodeLaunchConfiguration
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2,
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: , obj={"subnetId":"subnet-9266d1df"}
debug: RegisterResource RPC finished: resource:newcluster-nodeLaunchConfiguration[aws:ec2/launchConfiguration:LaunchConfiguration]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::newcluster-nodeLaunchConfiguration,,__defaults,,,,,,,,enableMonitoring,,,name,associatePublicIpAddress,,,,true,enableMonitoring,,,,true,iamInstanceProfile,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,imageId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,instanceType,,,t3.xlarge,name,,,newcluster-nodeLaunchConfiguration-839e4a5,rootBlockDevice,,,,,__defaults,,,,,,,deleteOnTermination,,,,true,volumeSize,,20,volumeType,,,gp2,securityGroups,,,,,,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,userData,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: Invoke RPC finished: tok=aws:ec2/getSubnetIds:getSubnetIds; err: null, resp: id,,,vpc-ab0925c2,ids,,,,,,,,subnet-9266d1df,,,subnet-cb94dfa2,,,subnet-139bf968,vpcId,,,vpc-ab0925c2,
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred:
* Your query returned no results. Please change your search criteria and try again
, resp: undefined
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously
debug: Reading Subnet: {
debug: SubnetIds: ["subnet-9266d1df"]
debug: }
debug: , obj={"id":"subnet-9266d1df"}
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-9266d1df,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3c,availabilityZoneId,,,euw3-az3,cidrBlock,,,172.31.32.0/20,defaultForAz,,,,true,id,,,subnet-9266d1df,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2,
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: DescribeRouteTables {
debug: Filters: [{
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"}
debug: Name: "vpc-id",
debug: Values: ["vpc-ab0925c2"]
debug: },{
debug: Name: "association.main",
debug: Values: ["true"]
debug: }]
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926153852963100000002,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2,
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: , obj={"routeTableId":"rtb-e197aa88"}
debug: Reading Route Table: {
debug: Filters: [{
debug: Name: "route-table-id",
debug: Values: ["rtb-e197aa88"]
debug: }]
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: Filters: [{
debug: Name: "association.subnet-id",
debug: Values: ["subnet-cb94dfa2"]
debug: , obj={"subnetId":"subnet-cb94dfa2"}
debug: }]
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred:
* Your query returned no results. Please change your search criteria and try again
, resp: undefined
debug: Reading Subnet: {
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously
debug: SubnetIds: ["subnet-cb94dfa2"]
debug: }
debug: , obj={"id":"subnet-cb94dfa2"}
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-cb94dfa2,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3a,availabilityZoneId,,,euw3-az1,cidrBlock,,,172.31.0.0/20,defaultForAz,,,,true,id,,,subnet-cb94dfa2,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2,
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"}
debug: DescribeRouteTables {
debug: Filters: [{
debug: Name: "vpc-id",
debug: Values: ["vpc-ab0925c2"]
debug: },{
debug: Name: "association.main",
debug: Values: ["true"]
debug: }]
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926153853998600000003,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2,
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: , obj={"routeTableId":"rtb-e197aa88"}
debug: Reading Route Table: {
debug: Filters: [{
debug: Name: "route-table-id",
debug: Values: ["rtb-e197aa88"]
debug: }]
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2,
debug: RegisterResource RPC prepared: t=aws:cloudformation/stack:Stack, name=newcluster-nodes
debug: RegisterResource RPC finished: resource:newcluster-nodes[aws:cloudformation/stack:Stack]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:cloudformation/stack:Stack::newcluster-nodes,,__defaults,,,,,,,name,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,tags,,,,,Name,,,newcluster-nodes,__defaults,,,,,,,templateBody,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster
debug: RegisterResource RPC prepared: t=pulumi:providers:kubernetes, name=newcluster-provider
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster; err: null, resp:
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster; err: null, resp:
debug: RegisterResource RPC finished: resource:newcluster-provider[pulumi:providers:kubernetes]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi:providers:kubernetes::newcluster-provider,,kubeconfig,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,,
Do you want to perform this update? yes
Updating (settlemint/newcluster)
View Live: https://app.pulumi.com/settlemint/pulumitest/newcluster/updates/4
Type Name Status Info
+ pulumi:pulumi:Stack pulumitest-newcluster **creating failed** 1 error; 1 message; 329 debugs
+ ├─ eks:index:Cluster newcluster created
+ │ ├─ eks:index:ServiceRole newcluster-eksRole created
+ │ │ ├─ aws:iam:Role newcluster-eksRole-role created
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-eksRole-4b490823 created
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-eksRole-90eb1c99 created
+ │ ├─ eks:index:ServiceRole newcluster-instanceRole created
+ │ │ ├─ aws:iam:Role newcluster-instanceRole-role created
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-03516f97 created
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-3eb088f2 created
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-instanceRole-e1b295bd created
+ │ ├─ pulumi-nodejs:dynamic:Resource newcluster-cfnStackName created
+ │ ├─ aws:ec2:SecurityGroup newcluster-eksClusterSecurityGroup created
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksClusterInternetEgressRule created
+ │ ├─ aws:eks:Cluster newcluster-eksCluster created
+ │ ├─ aws:iam:InstanceProfile newcluster-instanceProfile created
+ │ ├─ aws:ec2:SecurityGroup newcluster-nodeSecurityGroup created
+ │ ├─ pulumi:providers:kubernetes newcluster-eks-k8s created
+ │ └─ pulumi-nodejs:dynamic:Resource newcluster-vpc-cni **creating failed** 1 error
+ └─ pulumi:providers:aws aws created
Diagnostics:
pulumi:pulumi:Stack (pulumitest-newcluster):
debug: Registering resource: t=pulumi:pulumi:Stack, name=pulumitest-newcluster, custom=false, remote=false
debug: RegisterResource RPC prepared: t=pulumi:pulumi:Stack, name=pulumitest-newcluster
debug: RegisterResource RPC finished: resource:pulumitest-newcluster[pulumi:pulumi:Stack]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster,,,,
debug: Running program '/Users/roderik/Development/pulumitest' in pwd '/Users/roderik/Development/pulumitest' w/ args:
debug: Registering resource: t=pulumi:providers:aws, name=aws, custom=true, remote=false
debug: Registering resource: t=eks:index:Cluster, name=newcluster, custom=false, remote=false
debug: Invoking function: tok=aws:ec2/getVpc:getVpc asynchronously
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-eksRole, custom=false, remote=false
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-eksRole-role, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule, custom=true, remote=false
debug: Registering resource: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster, custom=true, remote=false
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s, custom=true, remote=false
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni, custom=true, remote=false
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-instanceRole, custom=false, remote=false
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-instanceRole-role, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd, custom=true, remote=false
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2, custom=true, remote=false
debug: Registering resource: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile, custom=true, remote=false
debug: Registering resource: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule, custom=true, remote=false
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule, custom=true, remote=false
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName, custom=true, remote=false
debug: Invoking function: tok=aws:index/getRegion:getRegion asynchronously
debug: Registering resource: t=aws:ec2/launchConfiguration:LaunchConfiguration, name=newcluster-nodeLaunchConfiguration, custom=true, remote=false
debug: Registering resource: t=aws:cloudformation/stack:Stack, name=newcluster-nodes, custom=true, remote=false
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-provider, custom=true, remote=false
debug: , obj={}
debug: , obj={"default":true}
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: , obj={"subnetId":"subnet-139bf968"}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: Found free variables: {"required":{},"optional":{}}
debug: RegisterResource RPC prepared: t=pulumi:providers:aws, name=aws
debug: RegisterResource RPC prepared: t=eks:index:Cluster, name=newcluster
debug: RegisterResource RPC finished: resource:newcluster[eks:index:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster,,,,
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-eksRole
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-instanceRole
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName
debug: AWS Auth provider used: "EnvProvider"
debug: Trying to get account information via sts:GetCallerIdentity
debug: RegisterResource RPC finished: resource:aws[pulumi:providers:aws]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:providers:aws::aws,c6d2ef41-0005-4f92-af75-37d5dbed7da0,region,,,eu-west-3,,
debug: Trying to get account information via sts:GetCallerIdentity
debug: RegisterResource RPC finished: resource:newcluster-eksRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole,,,,
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-eksRole-role
debug: Invoke RPC finished: tok=aws:index/getRegion:getRegion; err: null, resp: description,,,Europe (Paris),endpoint,,,ec2.eu-west-3.amazonaws.com,id,,,eu-west-3,name,,,eu-west-3,
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred:
* Your query returned no results. Please change your search criteria and try again
, resp: undefined
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously
debug: Reading Subnet: {
debug: , obj={"id":"subnet-139bf968"}
debug: SubnetIds: ["subnet-139bf968"]
debug: }
debug: RegisterResource RPC finished: resource:newcluster-instanceRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole,,,,
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-instanceRole-role
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-139bf968,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3b,availabilityZoneId,,,euw3-az2,cidrBlock,,,172.31.16.0/20,defaultForAz,,,,true,id,,,subnet-139bf968,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2,
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"}
debug: DescribeRouteTables {
debug: Filters: [{
debug: Name: "vpc-id",
debug: Values: ["vpc-ab0925c2"]
debug: },{
debug: Name: "association.main",
debug: Values: ["true"]
debug: }]
debug: }
debug: No meta timeoutkey found in Apply()
debug: Waiting for state to become: [success]
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926154711095800000001,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: Filters: [{
debug: Name: "route-table-id",
debug: Values: ["rtb-e197aa88"]
debug: }]
debug: , obj={"routeTableId":"rtb-e197aa88"}
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getVpc:getVpc; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:vpc/vpc-ab0925c2,cidrBlock,,,172.31.0.0/16,cidrBlockAssociations,,,,,,,,,,associationId,,,vpc-cidr-assoc-20243249,cidrBlock,,,172.31.0.0/16,state,,,associated,default,,,,true,dhcpOptionsId,,,dopt-0a903fa3adfeadc1a,enableDnsHostnames,,,,true,enableDnsSupport,,,,true,id,,,vpc-ab0925c2,instanceTenancy,,,default,mainRouteTableId,,,rtb-e197aa88,ownerId,,,711839938093,state,,,available,tags,,,,,,
debug: Invoking function: tok=aws:ec2/getSubnetIds:getSubnetIds asynchronously
debug: , obj={"vpcId":"vpc-ab0925c2"}
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: Filters: [{
debug: Name: "association.subnet-id",
debug: Values: ["subnet-9266d1df"]
debug: , obj={"subnetId":"subnet-9266d1df"}
debug: }]
debug: }
debug: No meta timeoutkey found in Apply()
debug: Waiting for state to become: [success]
debug: Invoke RPC finished: tok=aws:ec2/getSubnetIds:getSubnetIds; err: null, resp: id,,,vpc-ab0925c2,ids,,,,,,,,subnet-9266d1df,,,subnet-cb94dfa2,,,subnet-139bf968,vpcId,,,vpc-ab0925c2,
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred:
* Your query returned no results. Please change your search criteria and try again
, resp: undefined
debug: Reading Subnet: {
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously
debug: SubnetIds: ["subnet-9266d1df"]
debug: }
debug: , obj={"id":"subnet-9266d1df"}
debug: RegisterResource RPC finished: resource:newcluster-cfnStackName[pulumi-nodejs:dynamic:Resource]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi-nodejs:dynamic:Resource::newcluster-cfnStackName,newcluster-cfnStackName,__provider,,,exports.handler = __f0;
var __provider = {check: __f1, diff: __f2, create: __f3, update: __f5, read: __f6, delete: __f7};
function __f1(__0, __1) {
return (function() {
with({ }) {
return (olds, news) => Promise.resolve({ inputs: news, failedChecks: [] });
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f2(__0, __1, __2) {
return (function() {
with({ }) {
return (id, olds, news) => Promise.resolve({});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f4(__0) {
return (function() {
with({ crypto: require("crypto") }) {
return n => `${n}-${crypto.randomBytes(4).toString("hex")}`;
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f3(__0) {
return (function() {
with({ name: "newcluster-cfnStackName", func: __f4 }) {
return (inputs) => Promise.resolve({
id: name,
outs: { output: func(inputs.input) },
});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f5(__0, __1, __2) {
return (function() {
with({ func: __f4 }) {
return (id, olds, news) => Promise.resolve({
outs: { output: func(news.input) },
});
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f6(__0, __1) {
return (function() {
with({ }) {
return (id, state) => Promise.resolve({ id: id, props: state });
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f7(__0, __1) {
return (function() {
with({ }) {
return (id, props) => Promise.resolve();
}
}).apply(undefined, undefined).apply(this, arguments);
}
function __f0() {
return (function() {
with({ provider: __provider }) {
return () => provider;
}
}).apply(undefined, undefined).apply(this, arguments);
}
,output,,,newcluster-556c093c,,
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-9266d1df,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3c,availabilityZoneId,,,euw3-az3,cidrBlock,,,172.31.32.0/20,defaultForAz,,,,true,id,,,subnet-9266d1df,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2,
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: DescribeRouteTables {
debug: Filters: [{
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"}
debug: Name: "vpc-id",
debug: Values: ["vpc-ab0925c2"]
debug: },{
debug: Name: "association.main",
debug: Values: ["true"]
debug: }]
debug: }
debug: Security Group create configuration: {
debug: Description: "Managed by Pulumi",
debug: GroupName: "newcluster-eksClusterSecurityGroup-16c7096",
debug: TagSpecifications: [{
debug: ResourceType: "security-group",
debug: Tags: [{
debug: Key: "Name",
debug: Value: "newcluster-eksClusterSecurityGroup"
debug: }]
debug: }],
debug: VpcId: "vpc-ab0925c2"
debug: }
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926154712054000000002,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Filters: [{
debug: Name: "route-table-id",
debug: Values: ["rtb-e197aa88"]
debug: }]
debug: }
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: , obj={"routeTableId":"rtb-e197aa88"}
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Filters: [{
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: Name: "association.subnet-id",
debug: Values: ["subnet-cb94dfa2"]
debug: }]
debug: , obj={"subnetId":"subnet-cb94dfa2"}
debug: }
debug: Security Group ID: sg-0c93bb68edcdca3c9
debug: Waiting for Security Group (sg-0c93bb68edcdca3c9) to exist
debug: Waiting for state to become: [exists]
debug: RegisterResource RPC finished: resource:newcluster-eksRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-eksRole-role,newcluster-eksRole-role-cbaf2b2,arn,,,arn:aws:iam::711839938093:role/newcluster-eksRole-role-cbaf2b2,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"eks.amazonaws.com"},"Action":"sts:AssumeRole"}]},createDate,,,2020-09-26T15:47:11Z,description,,,Allows EKS to manage clusters on your behalf.,forceDetachPolicies,,,,false,id,,,newcluster-eksRole-role-cbaf2b2,maxSessionDuration,,3600,name,,,newcluster-eksRole-role-cbaf2b2,path,,,/,tags,,,,,,uniqueId,,,AROA2LPHXOYW2JBAI7C3V,,
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred:
* Your query returned no results. Please change your search criteria and try again
, resp: undefined
debug: Reading Subnet: {
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously
debug: SubnetIds: ["subnet-cb94dfa2"]
debug: }
debug: , obj={"id":"subnet-cb94dfa2"}
debug: No meta timeoutkey found in Apply()
debug: Revoking default egress rule for Security Group for sg-0c93bb68edcdca3c9
debug: No meta timeoutkey found in Apply()
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-cb94dfa2,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3a,availabilityZoneId,,,euw3-az1,cidrBlock,,,172.31.0.0/20,defaultForAz,,,,true,id,,,subnet-cb94dfa2,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2,
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: DescribeRouteTables {
debug: Filters: [{
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"}
debug: Name: "vpc-id",
debug: Values: ["vpc-ab0925c2"]
debug: },{
debug: Name: "association.main",
debug: Values: ["true"]
debug: }]
debug: }
debug: Revoking default IPv6 egress rule for Security Group for sg-0c93bb68edcdca3c9
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-instanceRole-role,newcluster-instanceRole-role-395332b,arn,,,arn:aws:iam::711839938093:role/newcluster-instanceRole-role-395332b,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]},createDate,,,2020-09-26T15:47:12Z,description,,,,forceDetachPolicies,,,,false,id,,,newcluster-instanceRole-role-395332b,maxSessionDuration,,3600,name,,,newcluster-instanceRole-role-395332b,path,,,/,tags,,,,,,uniqueId,,,AROA2LPHXOYW26DZRTZKL,,
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926154713175300000003,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2,
debug: Reading Route Table: {
debug: Filters: [{
debug: Name: "route-table-id",
debug: Values: ["rtb-e197aa88"]
debug: }]
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously
debug: }
debug: , obj={"routeTableId":"rtb-e197aa88"}
debug: Waiting for Security Group (sg-0c93bb68edcdca3c9) to exist
debug: Waiting for state to become: [exists]
debug: No meta timeoutkey found in Apply()
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2,
debug: No meta timeoutkey found in Apply()
debug: Waiting for Security Group (sg-0c93bb68edcdca3c9) to exist
debug: Waiting for state to become: [exists]
debug: No meta timeoutkey found in Apply()
debug: RegisterResource RPC finished: resource:newcluster-eksClusterSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-eksClusterSecurityGroup,sg-0c93bb68edcdca3c9,__meta,,,{"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0":{"create":600000000000,"delete":600000000000},"schema_version":"1"},arn,,,arn:aws:ec2:eu-west-3:711839938093:security-group/sg-0c93bb68edcdca3c9,description,,,Managed by Pulumi,egress,,,,,,,id,,,sg-0c93bb68edcdca3c9,ingress,,,,,,,name,,,newcluster-eksClusterSecurityGroup-16c7096,namePrefix,,,,ownerId,,,711839938093,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-eksClusterSecurityGroup,vpcId,,,vpc-ab0925c2,,
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule
debug: RegisterResource RPC finished: resource:newcluster-eksRole-4b490823[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-4b490823,newcluster-eksRole-role-cbaf2b2-20200926154713416900000004,id,,,newcluster-eksRole-role-cbaf2b2-20200926154713416900000004,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSClusterPolicy,role,,,newcluster-eksRole-role-cbaf2b2,,
debug: No meta timeoutkey found in Apply()
debug: Locking "sg-0c93bb68edcdca3c9"
debug: Locked "sg-0c93bb68edcdca3c9"
debug: Authorizing security group sg-0c93bb68edcdca3c9 Egress rule: {
debug: IpProtocol: "-1",
debug: IpRanges: [{
debug: CidrIp: "0.0.0.0/0",
debug: Description: "Allow internet access."
debug: }]
debug: }
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-03516f97[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-03516f97,newcluster-instanceRole-role-395332b-20200926154713949800000006,id,,,newcluster-instanceRole-role-395332b-20200926154713949800000006,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy,role,,,newcluster-instanceRole-role-395332b,,
debug: Computed group rule ID sgrule-2103724647
debug: Waiting for state to become: [success]
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-3eb088f2[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-3eb088f2,newcluster-instanceRole-role-395332b-20200926154714220300000007,id,,,newcluster-instanceRole-role-395332b-20200926154714220300000007,policyArn,,,arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly,role,,,newcluster-instanceRole-role-395332b,,
debug: RegisterResource RPC finished: resource:newcluster-eksRole-90eb1c99[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-90eb1c99,newcluster-eksRole-role-cbaf2b2-20200926154713787000000005,id,,,newcluster-eksRole-role-cbaf2b2-20200926154713787000000005,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSServicePolicy,role,,,newcluster-eksRole-role-cbaf2b2,,
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole
debug: RegisterResource RPC prepared: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster
debug: Found rule for Security Group Rule (sgrule-2103724647): {
debug: IpProtocol: "-1",
debug: IpRanges: [{
debug: CidrIp: "0.0.0.0/0",
debug: Description: "Allow internet access."
debug: }]
debug: }
debug: Unlocking "sg-0c93bb68edcdca3c9"
debug: Unlocked "sg-0c93bb68edcdca3c9"
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-e1b295bd[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-e1b295bd,newcluster-instanceRole-role-395332b-20200926154714528500000008,id,,,newcluster-instanceRole-role-395332b-20200926154714528500000008,policyArn,,,arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy,role,,,newcluster-instanceRole-role-395332b,,
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole
debug: RegisterResource RPC prepared: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: Truncating attribute path of 0 diagnostics for TypeSet
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole; err: null, resp:
debug: RegisterResource RPC finished: resource:newcluster-eksClusterInternetEgressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksClusterInternetEgressRule,sgrule-2103724647,__meta,,,{"schema_version":"2"},cidrBlocks,,,,,,,,0.0.0.0/0,description,,,Allow internet access.,fromPort,,0,id,,,sgrule-2103724647,protocol,,,-1,securityGroupId,,,sg-0c93bb68edcdca3c9,self,,,,false,toPort,,0,type,,,egress,,
debug: Creating EKS Cluster: {
debug: Logging: {
debug: ClusterLogging: [{
debug: Enabled: true,
debug: Types: []
debug: },{
debug: Enabled: false,
debug: Types: [
debug: "controllerManager",
debug: "scheduler",
debug: "authenticator",
debug: "audit",
debug: "api"
debug: ]
debug: }]
debug: },
debug: Name: "my-cluster",
debug: ResourcesVpcConfig: {
debug: EndpointPrivateAccess: false,
debug: EndpointPublicAccess: true,
debug: SecurityGroupIds: ["sg-0c93bb68edcdca3c9"],
debug: SubnetIds: ["subnet-9266d1df","subnet-139bf968","subnet-cb94dfa2"]
debug: },
debug: RoleArn: "arn:aws:iam::711839938093:role/newcluster-eksRole-role-cbaf2b2",
debug: Tags: {
debug: Name: "newcluster-eksCluster"
debug: }
debug: }
debug: Waiting for state to become: [success]
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole; err: null, resp:
debug: No meta timeoutkey found in Apply()
debug: Waiting for state to become: [ACTIVE]
debug: Waiting for state to become: [success]
debug: Waiting 200ms before next try
debug: RegisterResource RPC finished: resource:newcluster-instanceProfile[aws:iam/instanceProfile:InstanceProfile]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:iam/instanceProfile:InstanceProfile::newcluster-instanceProfile,newcluster-instanceProfile-5eab1ab,arn,,,arn:aws:iam::711839938093:instance-profile/newcluster-instanceProfile-5eab1ab,createDate,,,2020-09-26T15:47:17Z,id,,,newcluster-instanceProfile-5eab1ab,name,,,newcluster-instanceProfile-5eab1ab,path,,,/,role,,,newcluster-instanceRole-role-395332b,uniqueId,,,AIPA2LPHXOYWZPEE6X44N,,
debug: RegisterResource RPC finished: resource:newcluster-eksCluster[aws:eks/cluster:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:eks/cluster:Cluster::newcluster-eksCluster,my-cluster,__meta,,,{"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0":{"create":1800000000000,"delete":900000000000,"update":3600000000000}},arn,,,arn:aws:eks:eu-west-3:711839938093:cluster/my-cluster,certificateAuthority,,,,,data,,,LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3lOakUxTlRReU5Wb1hEVE13TURreU5ERTFOVFF5TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHZPClFxL0JyNUZkR3ZKOHRiaytOREJsbkprZFpnNlhDUjVmRDIyTUIrdkt5d2VHY1FTSW9GYW1MSWY5aFQ2ak90K0UKS3ZXK3VyU1A3WEdVNnpBaERwZkFyWFRPZ3NDOWtEODQ0cFBwMlJOM0Z1WjdWdXFhZVdleWEvaHc1QVlkOUk2agptSmJNSlpxZGpDMVB3ZWhZaUlSNC9Gam1PcTdtZVcxS0NJeG5PQW8zcDF1Q0JNc1FqMzJGQ1ZtRm0xcGNGT01mCmVuSFNOckhpZXcwd3ZZS1B0bHJTOHdGNHIycm9HUUxQZ3E3ejRYTHBoUmlNQm5lanVJd3M3VUhWK0psVEROeFUKNGxibEMrUGtPNExBUnkrclJSbVYydzJhQXUxSkxUREZyRk44V2ZLTW0zcU5KdjhSeStSOTkva2hoNGgvN3l1cwoyKzNwN1BLZU9nNWlhWjlWQWRjQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHTExISlZ0UHNrZmQ4Unp6YU5XeDdMVjJqVlIKNWRMTGFUOGVmVnQxR2lMdWNlZ1VHN2oxNHBWVlF0MzBIRUp0QkdkemJobENlZ3VOWS9RL3FFQWZsMlZBRkc1cApPZDFTTGtMeDc3ZzJwTEZaZ1VMUGdxVU91azZwSU1iN1NsUThkMHZTeFNXdlprN1RnWFdPTnZmcUtYcjFJdmtpCkFPNUczWnF1dDVjcVNhMHZJbTJUMk5qdlVsSWdlSFBmWUpqSmpHd1hQSUEyRitEWDUzQkFyaVU4RXl2VStlaVQKUW4weWE4Tm4zOUsyRnlGWnh6VzA3dG0xR04xb1RaRENzZHNDQldsUjU2cVBXYmVkTnZtQnZOakVTcmRCeDlKcApYR1B2THVRaHl3aHhVcXRrcUc1OWp4a1hsd2FzRnUvOThRc1NPMWs1cFp3M1E0aEdtUUFuU3A4WGYyND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=,createdAt,,,2020-09-26 15:47:17.798 +0000 UTC,enabledClusterLogTypes,,,,,,,encryptionConfig,0,endpoint,,,https://014B4B4E8D7AA2689D6DC3327C722BF4.yl4.eu-west-3.eks.amazonaws.com,id,,,my-cluster,identities,,,,,,,,,,oidcs,,,,,,,,,,issuer,,,https://oidc.eks.eu-west-3.amazonaws.com/id/014B4B4E8D7AA2689D6DC3327C722BF4,name,,,my-cluster,platformVersion,,,eks.3,roleArn,,,arn:aws:iam::711839938093:role/newcluster-eksRole-role-cbaf2b2,status,,,ACTIVE,tags,,,,,Name,,,newcluster-eksCluster,version,,,1.17,vpcConfig,,,,,clusterSecurityGroupId,,,sg-04afbcb79b641df99,endpointPrivateAccess,,,,false,endpointPublicAccess,,,,true,publicAccessCidrs,,,,,,,,0.0.0.0/0,securityGroupIds,,,,,,,,sg-0c93bb68edcdca3c9,subnetIds,,,,,,,,subnet-9266d1df,,,subnet-139bf968,,,subnet-cb94dfa2,vpcId,,,vpc-ab0925c2,,
debug: Invoking function: tok=aws:ssm/getParameter:getParameter asynchronously
debug: , obj={"name":"/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id"}
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup
debug: RegisterResource RPC prepared: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni
debug: Invoke RPC finished: tok=aws:ssm/getParameter:getParameter; err: null, resp: arn,,,arn:aws:ssm:eu-west-3:711839938093:parameter/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id,id,,,/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id,name,,,/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id,type,,,String,value,,,ami-0daa783a28b127c5e,version,,6,withDecryption,,,,true,
debug: Security Group create configuration: {
debug: Description: "Managed by Pulumi",
debug: GroupName: "newcluster-nodeSecurityGroup-5b185ec",
debug: TagSpecifications: [{
debug: ResourceType: "security-group",
debug: Tags: [{
debug: Key: "Name",
debug: Value: "newcluster-nodeSecurityGroup"
debug: },{
debug: Key: "kubernetes.io/cluster/my-cluster",
debug: Value: "owned"
debug: }]
debug: }],
debug: VpcId: "vpc-ab0925c2"
debug: }
debug: Security Group ID: sg-0808ceb720c176e1f
debug: Waiting for Security Group (sg-0808ceb720c176e1f) to exist
debug: Waiting for state to become: [exists]
debug: Revoking default egress rule for Security Group for sg-0808ceb720c176e1f
debug: RegisterResource RPC finished: resource:newcluster-eks-k8s[pulumi:providers:kubernetes]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi:providers:kubernetes::newcluster-eks-k8s,b16ad71a-a9c1-4c2a-8ec7-5d55685ee5ae,kubeconfig,,,{"apiVersion":"v1","clusters":[{"cluster":{"server":"https://014B4B4E8D7AA2689D6DC3327C722BF4.yl4.eu-west-3.eks.amazonaws.com","certificate-authority-data":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3lOakUxTlRReU5Wb1hEVE13TURreU5ERTFOVFF5TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHZPClFxL0JyNUZkR3ZKOHRiaytOREJsbkprZFpnNlhDUjVmRDIyTUIrdkt5d2VHY1FTSW9GYW1MSWY5aFQ2ak90K0UKS3ZXK3VyU1A3WEdVNnpBaERwZkFyWFRPZ3NDOWtEODQ0cFBwMlJOM0Z1WjdWdXFhZVdleWEvaHc1QVlkOUk2agptSmJNSlpxZGpDMVB3ZWhZaUlSNC9Gam1PcTdtZVcxS0NJeG5PQW8zcDF1Q0JNc1FqMzJGQ1ZtRm0xcGNGT01mCmVuSFNOckhpZXcwd3ZZS1B0bHJTOHdGNHIycm9HUUxQZ3E3ejRYTHBoUmlNQm5lanVJd3M3VUhWK0psVEROeFUKNGxibEMrUGtPNExBUnkrclJSbVYydzJhQXUxSkxUREZyRk44V2ZLTW0zcU5KdjhSeStSOTkva2hoNGgvN3l1cwoyKzNwN1BLZU9nNWlhWjlWQWRjQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHTExISlZ0UHNrZmQ4Unp6YU5XeDdMVjJqVlIKNWRMTGFUOGVmVnQxR2lMdWNlZ1VHN2oxNHBWVlF0MzBIRUp0QkdkemJobENlZ3VOWS9RL3FFQWZsMlZBRkc1cApPZDFTTGtMeDc3ZzJwTEZaZ1VMUGdxVU91azZwSU1iN1NsUThkMHZTeFNXdlprN1RnWFdPTnZmcUtYcjFJdmtpCkFPNUczWnF1dDVjcVNhMHZJbTJUMk5qdlVsSWdlSFBmWUpqSmpHd1hQSUEyRitEWDUzQkFyaVU4RXl2VStlaVQKUW4weWE4Tm4zOUsyRnlGWnh6VzA3dG0xR04xb1RaRENzZHNDQldsUjU2cVBXYmVkTnZtQnZOakVTcmRCeDlKcApYR1B2THVRaHl3aHhVcXRrcUc1OWp4a1hsd2FzRnUvOThRc1NPMWs1cFp3M1E0aEdtUUFuU3A4WGYyND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="},"name":"kubernetes"}],"contexts":[{"context":{"cluster":"kubernetes","user":"aws"},"name":"aws"}],"current-context":"aws","kind":"Config","users":[{"name":"aws","user":{"exec":{"apiVersion":"client.authentication.k8s.io/v1alpha1","command":"aws","args":["eks","get-token","--cluster-name","my-cluster","--role","arn:aws:iam::711839938093:role/eksServiceRole"]}}}]},,
debug: RegisterResource RPC prepared: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess
debug: Revoking default IPv6 egress rule for Security Group for sg-0808ceb720c176e1f
debug: Waiting for Security Group (sg-0808ceb720c176e1f) to exist
debug: Waiting for state to become: [exists]
debug: Waiting for Security Group (sg-0808ceb720c176e1f) to exist
debug: Waiting for state to become: [exists]
debug: RegisterResource RPC finished: resource:newcluster-nodeSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-nodeSecurityGroup,sg-0808ceb720c176e1f,__meta,,,{"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0":{"create":600000000000,"delete":600000000000},"schema_version":"1"},arn,,,arn:aws:ec2:eu-west-3:711839938093:security-group/sg-0808ceb720c176e1f,description,,,Managed by Pulumi,egress,,,,,,,id,,,sg-0808ceb720c176e1f,ingress,,,,,,,name,,,newcluster-nodeSecurityGroup-5b185ec,namePrefix,,,,ownerId,,,711839938093,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-nodeSecurityGroup,kubernetes.io/cluster/my-cluster,,,owned,vpcId,,,vpc-ab0925c2,,
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule
error: update failed
error: You must be logged in to the server (the server has asked for the client to provide credentials)
pulumi-nodejs:dynamic:Resource (newcluster-vpc-cni):
error: Command failed: kubectl apply -f /var/folders/93/trfs1ns93nx39y22gbwx6hmr0000gn/T/tmp-13508VziZRSVp56CV.tmp
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Resources:
+ 19 created
Duration: 10m32s
Raw
kubeconfig
~/Development/pulumitest via ⬢ v14.7.0
❯ cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority: /Users/roderik/.minikube/ca.crt
server: https://127.0.0.1:32772
name: minikube
contexts:
- context:
cluster: minikube
namespace: prometheus
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /Users/roderik/.minikube/profiles/minikube/client.crt
client-key: /Users/roderik/.minikube/profiles/minikube/client.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment