-
-
Save roderik/1a969b10c4365841ab72e79b51152b9b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: aws-node | |
rules: | |
- apiGroups: | |
- crd.k8s.amazonaws.com | |
resources: | |
- '*' | |
- namespaces | |
verbs: | |
- '*' | |
- apiGroups: | |
- '' | |
resources: | |
- pods | |
- nodes | |
- namespaces | |
verbs: | |
- list | |
- watch | |
- get | |
- apiGroups: | |
- extensions | |
resources: | |
- daemonsets | |
verbs: | |
- list | |
- watch | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: aws-node | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: aws-node | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: aws-node | |
subjects: | |
- kind: ServiceAccount | |
name: aws-node | |
namespace: kube-system | |
--- | |
kind: DaemonSet | |
apiVersion: apps/v1 | |
metadata: | |
name: aws-node | |
namespace: kube-system | |
labels: | |
k8s-app: aws-node | |
spec: | |
updateStrategy: | |
type: RollingUpdate | |
rollingUpdate: | |
maxUnavailable: 10% | |
selector: | |
matchLabels: | |
k8s-app: aws-node | |
template: | |
metadata: | |
labels: | |
k8s-app: aws-node | |
spec: | |
priorityClassName: system-node-critical | |
affinity: | |
nodeAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/os | |
operator: In | |
values: | |
- linux | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- amd64 | |
- key: eks.amazonaws.com/compute-type | |
operator: NotIn | |
values: | |
- fargate | |
serviceAccountName: aws-node | |
hostNetwork: true | |
tolerations: | |
- operator: Exists | |
containers: | |
- image: '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0' | |
imagePullPolicy: Always | |
ports: | |
- containerPort: 61678 | |
name: metrics | |
name: aws-node | |
readinessProbe: | |
exec: | |
command: | |
- /app/grpc-health-probe | |
- '-addr=:50051' | |
initialDelaySeconds: 35 | |
livenessProbe: | |
exec: | |
command: | |
- /app/grpc-health-probe | |
- '-addr=:50051' | |
initialDelaySeconds: 35 | |
env: | |
- name: MY_NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
- name: AWS_VPC_K8S_CNI_LOGLEVEL | |
value: DEBUG | |
- name: AWS_VPC_K8S_CNI_LOG_FILE | |
value: stdout | |
- name: AWS_VPC_K8S_CNI_VETHPREFIX | |
value: eni | |
- name: AWS_VPC_ENI_MTU | |
value: '9001' | |
resources: | |
requests: | |
cpu: 10m | |
securityContext: | |
privileged: true | |
volumeMounts: | |
- mountPath: /host/opt/cni/bin | |
name: cni-bin-dir | |
- mountPath: /host/etc/cni/net.d | |
name: cni-net-dir | |
- mountPath: /host/var/log | |
name: log-dir | |
- mountPath: /var/run/docker.sock | |
name: dockersock | |
- mountPath: /var/run/dockershim.sock | |
name: dockershim | |
volumes: | |
- name: cni-bin-dir | |
hostPath: | |
path: /opt/cni/bin | |
- name: cni-net-dir | |
hostPath: | |
path: /etc/cni/net.d | |
- name: log-dir | |
hostPath: | |
path: /var/log | |
- name: dockersock | |
hostPath: | |
path: /var/run/docker.sock | |
- name: dockershim | |
hostPath: | |
path: /var/run/dockershim.sock | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: eniconfigs.crd.k8s.amazonaws.com | |
spec: | |
scope: Cluster | |
group: crd.k8s.amazonaws.com | |
versions: | |
- name: v1alpha1 | |
served: true | |
storage: true | |
names: | |
plural: eniconfigs | |
singular: eniconfig | |
kind: ENIConfig |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~/Development/pulumitest via ⬢ v14.7.0 took 51s | |
❯ pulumi up -d -v=5 | |
Previewing update (settlemint/newcluster) | |
View Live: https://app.pulumi.com/settlemint/pulumitest/newcluster/previews/bb59ccaf-1a21-40ba-93c6-352e9f2f6c6e | |
Type Name Plan Info | |
+ pulumi:pulumi:Stack pulumitest-newcluster create 245 debugs | |
+ ├─ eks:index:Cluster newcluster create | |
+ │ ├─ eks:index:ServiceRole newcluster-eksRole create | |
+ │ │ ├─ aws:iam:Role newcluster-eksRole-role create | |
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-eksRole-4b490823 create | |
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-eksRole-90eb1c99 create | |
+ │ ├─ eks:index:ServiceRole newcluster-instanceRole create | |
+ │ │ ├─ aws:iam:Role newcluster-instanceRole-role create | |
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-e1b295bd create | |
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-03516f97 create | |
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-instanceRole-3eb088f2 create | |
+ │ ├─ pulumi-nodejs:dynamic:Resource newcluster-cfnStackName create | |
+ │ ├─ aws:iam:InstanceProfile newcluster-instanceProfile create | |
+ │ ├─ aws:ec2:SecurityGroup newcluster-eksClusterSecurityGroup create | |
+ │ ├─ aws:eks:Cluster newcluster-eksCluster create | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksClusterInternetEgressRule create | |
+ │ ├─ pulumi:providers:kubernetes newcluster-eks-k8s create | |
+ │ ├─ pulumi-nodejs:dynamic:Resource newcluster-vpc-cni create | |
+ │ ├─ aws:ec2:SecurityGroup newcluster-nodeSecurityGroup create | |
+ │ ├─ kubernetes:core:ConfigMap newcluster-nodeAccess create | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksNodeClusterIngressRule create | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksExtApiServerClusterIngressRule create | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksNodeInternetEgressRule create | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksNodeIngressRule create | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksClusterIngressRule create | |
+ │ ├─ aws:ec2:LaunchConfiguration newcluster-nodeLaunchConfiguration create | |
+ │ ├─ aws:cloudformation:Stack newcluster-nodes create | |
+ │ └─ pulumi:providers:kubernetes newcluster-provider create | |
+ └─ pulumi:providers:aws aws create | |
Diagnostics: | |
pulumi:pulumi:Stack (pulumitest-newcluster): | |
debug: Registering resource: t=pulumi:pulumi:Stack, name=pulumitest-newcluster, custom=false, remote=false | |
debug: RegisterResource RPC prepared: t=pulumi:pulumi:Stack, name=pulumitest-newcluster | |
debug: RegisterResource RPC finished: resource:pulumitest-newcluster[pulumi:pulumi:Stack]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster,,,, | |
debug: Running program '/Users/roderik/Development/pulumitest' in pwd '/Users/roderik/Development/pulumitest' w/ args: | |
debug: Registering resource: t=pulumi:providers:aws, name=aws, custom=true, remote=false | |
debug: Registering resource: t=eks:index:Cluster, name=newcluster, custom=false, remote=false | |
debug: Invoking function: tok=aws:ec2/getVpc:getVpc asynchronously | |
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-eksRole, custom=false, remote=false | |
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-eksRole-role, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster, custom=true, remote=false | |
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s, custom=true, remote=false | |
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni, custom=true, remote=false | |
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-instanceRole, custom=false, remote=false | |
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-instanceRole-role, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile, custom=true, remote=false | |
debug: Registering resource: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule, custom=true, remote=false | |
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName, custom=true, remote=false | |
debug: Invoking function: tok=aws:index/getRegion:getRegion asynchronously | |
debug: Registering resource: t=aws:ec2/launchConfiguration:LaunchConfiguration, name=newcluster-nodeLaunchConfiguration, custom=true, remote=false | |
debug: Registering resource: t=aws:cloudformation/stack:Stack, name=newcluster-nodes, custom=true, remote=false | |
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-provider, custom=true, remote=false | |
debug: , obj={} | |
debug: , obj={"default":true} | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: , obj={"subnetId":"subnet-139bf968"} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: RegisterResource RPC prepared: t=pulumi:providers:aws, name=aws | |
debug: RegisterResource RPC prepared: t=eks:index:Cluster, name=newcluster | |
debug: RegisterResource RPC finished: resource:newcluster[eks:index:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster,,,, | |
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-eksRole | |
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-instanceRole | |
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName | |
debug: RegisterResource RPC finished: resource:aws[pulumi:providers:aws]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:providers:aws::aws,,region,,,eu-west-3,, | |
debug: AWS Auth provider used: "EnvProvider" | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole,,,, | |
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-instanceRole-role | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole,,,, | |
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-eksRole-role | |
debug: Trying to get account information via sts:GetCallerIdentity | |
debug: Trying to get account information via sts:GetCallerIdentity | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Name: "association.subnet-id", | |
debug: Values: ["subnet-139bf968"] | |
debug: }] | |
debug: } | |
debug: Reading AWS VPC: { | |
debug: Filters: [{ | |
debug: Name: "isDefault", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-instanceRole-role,,__defaults,,,,,,,,forceDetachPolicies,,,maxSessionDuration,,,name,,,path,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Action":["sts:AssumeRole"],"Effect":"Allow","Principal":{"Service":["ec2.amazonaws.com"]}}]},forceDetachPolicies,,,,false,maxSessionDuration,,3600,name,,,newcluster-instanceRole-role-9cac8e5,path,,,/,, | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97 | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2 | |
debug: Invoke RPC finished: tok=aws:index/getRegion:getRegion; err: null, resp: description,,,Europe (Paris),endpoint,,,ec2.eu-west-3.amazonaws.com,id,,,eu-west-3,name,,,eu-west-3, | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-eksRole-role,,__defaults,,,,,,,,forceDetachPolicies,,,maxSessionDuration,,,name,,,path,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Action":["sts:AssumeRole"],"Effect":"Allow","Principal":{"Service":["eks.amazonaws.com"]}}]},description,,,Allows EKS to manage clusters on your behalf.,forceDetachPolicies,,,,false,maxSessionDuration,,3600,name,,,newcluster-eksRole-role-82b5a7a,path,,,/,, | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823 | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99 | |
debug: RegisterResource RPC finished: resource:newcluster-cfnStackName[pulumi-nodejs:dynamic:Resource]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi-nodejs:dynamic:Resource::newcluster-cfnStackName,,__provider,,,exports.handler = __f0; | |
var __provider = {check: __f1, diff: __f2, create: __f3, update: __f5, read: __f6, delete: __f7}; | |
function __f1(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (olds, news) => Promise.resolve({ inputs: news, failedChecks: [] }); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f2(__0, __1, __2) { | |
return (function() { | |
with({ }) { | |
return (id, olds, news) => Promise.resolve({}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f4(__0) { | |
return (function() { | |
with({ crypto: require("crypto") }) { | |
return n => `${n}-${crypto.randomBytes(4).toString("hex")}`; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f3(__0) { | |
return (function() { | |
with({ name: "newcluster-cfnStackName", func: __f4 }) { | |
return (inputs) => Promise.resolve({ | |
id: name, | |
outs: { output: func(inputs.input) }, | |
}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f5(__0, __1, __2) { | |
return (function() { | |
with({ func: __f4 }) { | |
return (id, olds, news) => Promise.resolve({ | |
outs: { output: func(news.input) }, | |
}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f6(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (id, state) => Promise.resolve({ id: id, props: state }); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f7(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (id, props) => Promise.resolve(); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f0() { | |
return (function() { | |
with({ provider: __provider }) { | |
return () => provider; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
,input,,,newcluster,, | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-e1b295bd[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-e1b295bd,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-03516f97[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-03516f97,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-3eb088f2[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-3eb088f2,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole | |
debug: RegisterResource RPC prepared: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole-4b490823[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-4b490823,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSClusterPolicy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole-90eb1c99[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-90eb1c99,,__defaults,,,,,,,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSServicePolicy,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole | |
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole; err: null, resp: | |
debug: RegisterResource RPC finished: resource:newcluster-instanceProfile[aws:iam/instanceProfile:InstanceProfile]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:iam/instanceProfile:InstanceProfile::newcluster-instanceProfile,,__defaults,,,,,,,,name,,,path,name,,,newcluster-instanceProfile-7f65e8e,path,,,/,role,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole; err: null, resp: | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred: | |
* Your query returned no results. Please change your search criteria and try again | |
, resp: undefined | |
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously | |
debug: Reading Subnet: { | |
debug: SubnetIds: ["subnet-139bf968"] | |
debug: } | |
debug: , obj={"id":"subnet-139bf968"} | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-139bf968,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3b,availabilityZoneId,,,euw3-az2,cidrBlock,,,172.31.16.0/20,defaultForAz,,,,true,id,,,subnet-139bf968,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2, | |
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"} | |
debug: DescribeRouteTables { | |
debug: Filters: [{ | |
debug: Name: "vpc-id", | |
debug: Values: ["vpc-ab0925c2"] | |
debug: },{ | |
debug: Name: "association.main", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926153852051300000001,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: Filters: [{ | |
debug: Name: "route-table-id", | |
debug: Values: ["rtb-e197aa88"] | |
debug: }] | |
debug: , obj={"routeTableId":"rtb-e197aa88"} | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getVpc:getVpc; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:vpc/vpc-ab0925c2,cidrBlock,,,172.31.0.0/16,cidrBlockAssociations,,,,,,,,,,associationId,,,vpc-cidr-assoc-20243249,cidrBlock,,,172.31.0.0/16,state,,,associated,default,,,,true,dhcpOptionsId,,,dopt-0a903fa3adfeadc1a,enableDnsHostnames,,,,true,enableDnsSupport,,,,true,id,,,vpc-ab0925c2,instanceTenancy,,,default,mainRouteTableId,,,rtb-e197aa88,ownerId,,,711839938093,state,,,available,tags,,,,,, | |
debug: Invoking function: tok=aws:ec2/getSubnetIds:getSubnetIds asynchronously | |
debug: , obj={"vpcId":"vpc-ab0925c2"} | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup | |
debug: RegisterResource RPC finished: resource:newcluster-eksClusterSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-eksClusterSecurityGroup,,__defaults,,,,,,,,name,description,,,Managed by Pulumi,name,,,newcluster-eksClusterSecurityGroup-83ec25c,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-eksClusterSecurityGroup,__defaults,,,,,,,vpcId,,,vpc-ab0925c2,, | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule | |
debug: RegisterResource RPC prepared: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster | |
debug: RegisterResource RPC finished: resource:newcluster-eksCluster[aws:eks/cluster:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:eks/cluster:Cluster::newcluster-eksCluster,,__defaults,,,,,,,name,,,my-cluster,roleArn,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,tags,,,,,Name,,,newcluster-eksCluster,__defaults,,,,,,,vpcConfig,,,,,__defaults,,,,,,,,endpointPrivateAccess,,,endpointPublicAccess,endpointPrivateAccess,,,,false,endpointPublicAccess,,,,true,securityGroupIds,,,,,,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,subnetIds,,,,,,,,subnet-139bf968,,,subnet-9266d1df,,,subnet-cb94dfa2,, | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup | |
debug: RegisterResource RPC prepared: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s | |
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni | |
debug: RegisterResource RPC finished: resource:newcluster-eksClusterInternetEgressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksClusterInternetEgressRule,,__defaults,,,,,,,,self,cidrBlocks,,,,,,,,0.0.0.0/0,description,,,Allow internet access.,fromPort,,0,protocol,,,-1,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,self,,,,false,toPort,,0,type,,,egress,, | |
debug: RegisterResource RPC finished: resource:newcluster-eks-k8s[pulumi:providers:kubernetes]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi:providers:kubernetes::newcluster-eks-k8s,,kubeconfig,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResource RPC prepared: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess | |
debug: RegisterResource RPC finished: resource:newcluster-vpc-cni[pulumi-nodejs:dynamic:Resource]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi-nodejs:dynamic:Resource::newcluster-vpc-cni,,__provider,,,exports.handler = __f0; | |
var __provider = {check: __f1, diff: __f2, create: __f3, update: __f4, read: __f5, delete: __f6}; | |
function __f1(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (state, inputs) => Promise.resolve({ inputs: inputs, failedChecks: [] }); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f2(__0, __1, __2) { | |
return (function() { | |
with({ }) { | |
return (id, state, inputs) => Promise.resolve({}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __computeVpcCniYaml(__0, __1) { | |
return (function() { | |
with({ jsyaml: require("js-yaml/index.js"), computeVpcCniYaml: __computeVpcCniYaml }) { | |
return function /*computeVpcCniYaml*/(cniYamlText, args) { | |
const cniYaml = jsyaml.safeLoadAll(cniYamlText); | |
// Rewrite the envvars for the CNI daemon set as per the inputs. | |
const daemonSet = cniYaml.filter(o => o.kind === "DaemonSet")[0]; | |
const env = daemonSet.spec.template.spec.containers[0].env; | |
if (args.nodePortSupport) { | |
env.push({ name: "AWS_VPC_CNI_NODE_PORT_SUPPORT", value: args.nodePortSupport ? "true" : "false" }); | |
} | |
if (args.customNetworkConfig) { | |
env.push({ name: "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG", value: args.customNetworkConfig ? "true" : "false" }); | |
} | |
if (args.externalSnat) { | |
env.push({ name: "AWS_VPC_K8S_CNI_EXTERNALSNAT", value: args.externalSnat ? "true" : "false" }); | |
} | |
if (args.warmEniTarget) { | |
env.push({ name: "WARM_ENI_TARGET", value: args.warmEniTarget.toString() }); | |
} | |
if (args.warmIpTarget) { | |
env.push({ name: "WARM_IP_TARGET", value: args.warmIpTarget.toString() }); | |
} | |
if (args.logLevel) { | |
env.push({ name: "AWS_VPC_K8S_CNI_LOGLEVEL", value: args.logLevel.toString() }); | |
} | |
else { | |
env.push({ name: "AWS_VPC_K8S_CNI_LOGLEVEL", value: "DEBUG" }); | |
} | |
if (args.logFile) { | |
env.push({ name: "AWS_VPC_K8S_CNI_LOG_FILE", value: args.logFile.toString() }); | |
} | |
else { | |
env.push({ name: "AWS_VPC_K8S_CNI_LOG_FILE", value: "stdout" }); | |
} | |
if (args.vethPrefix) { | |
env.push({ name: "AWS_VPC_K8S_CNI_VETHPREFIX", value: args.vethPrefix.toString() }); | |
} | |
else { | |
env.push({ name: "AWS_VPC_K8S_CNI_VETHPREFIX", value: "eni" }); | |
} | |
if (args.eniMtu) { | |
env.push({ name: "AWS_VPC_ENI_MTU", value: args.eniMtu.toString() }); | |
} | |
else { | |
env.push({ name: "AWS_VPC_ENI_MTU", value: "9001" }); | |
} | |
if (args.image) { | |
daemonSet.spec.template.spec.containers[0].image = args.image.toString(); | |
} | |
if (args.eniConfigLabelDef) { | |
env.push({ name: "ENI_CONFIG_LABEL_DEF", value: args.eniConfigLabelDef.toString() }); | |
} | |
// Return the computed YAML. | |
return cniYaml.map(o => `---\n${jsyaml.safeDump(o)}`).join(""); | |
}; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __applyVpcCniYaml(__0, __1) { | |
return (function() { | |
with({ tmp: require("tmp/lib/tmp.js"), fs: require("fs"), computeVpcCniYaml: __computeVpcCniYaml, childProcess: require("child_process"), applyVpcCniYaml: __applyVpcCniYaml }) { | |
return function /*applyVpcCniYaml*/(cniYamlText, args) { | |
// Dump the kubeconfig to a file. | |
const tmpKubeconfig = tmp.fileSync(); | |
fs.writeFileSync(tmpKubeconfig.fd, args.kubeconfig); | |
// Compute the required CNI YAML and dump it to a file. | |
const tmpYaml = tmp.fileSync(); | |
fs.writeFileSync(tmpYaml.fd, computeVpcCniYaml(cniYamlText, args)); | |
// Call kubectl to apply the YAML. | |
childProcess.execSync(`kubectl apply -f ${tmpYaml.name}`, { | |
env: Object.assign(Object.assign({}, process.env), { "KUBECONFIG": tmpKubeconfig.name }), | |
}); | |
}; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f3(__0) { | |
return (function() { | |
with({ applyVpcCniYaml: __applyVpcCniYaml, cniYamlText: "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: aws-node\nrules:\n - apiGroups:\n - crd.k8s.amazonaws.com\n resources:\n - \"*\"\n - namespaces\n verbs:\n - \"*\"\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs: [\"list\", \"watch\", \"get\"]\n - apiGroups: [\"extensions\"]\n resources:\n - daemonsets\n verbs: [\"list\", \"watch\"]\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aws-node\n namespace: kube-system\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aws-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aws-node\nsubjects:\n - kind: ServiceAccount\n name: aws-node\n namespace: kube-system\n\n---\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: aws-node\n namespace: kube-system\n labels:\n k8s-app: aws-node\nspec:\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: \"10%\"\n selector:\n matchLabels:\n k8s-app: aws-node\n template:\n metadata:\n labels:\n k8s-app: aws-node\n spec:\n priorityClassName: system-node-critical\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: \"beta.kubernetes.io/os\"\n operator: In\n values:\n - linux\n - key: \"beta.kubernetes.io/arch\"\n operator: In\n values:\n - amd64\n - key: eks.amazonaws.com/compute-type\n operator: NotIn\n values:\n - fargate\n serviceAccountName: aws-node\n hostNetwork: true\n tolerations:\n - operator: Exists\n containers:\n - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0\n imagePullPolicy: Always\n ports:\n - containerPort: 61678\n name: metrics\n name: aws-node\n readinessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n livenessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n - mountPath: /host/var/log\n name: log-dir\n - mountPath: /var/run/docker.sock\n name: dockersock\n - mountPath: /var/run/dockershim.sock\n name: dockershim\n volumes:\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n - name: log-dir\n hostPath:\n path: /var/log\n - name: dockersock\n hostPath:\n path: /var/run/docker.sock\n - name: dockershim\n hostPath:\n path: /var/run/dockershim.sock\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: eniconfigs.crd.k8s.amazonaws.com\nspec:\n scope: Cluster\n group: crd.k8s.amazonaws.com\n versions:\n - name: v1alpha1\n served: true\n storage: true\n names:\n plural: eniconfigs\n singular: eniconfig\n kind: ENIConfig\n", crypto: require("crypto") }) { | |
return (inputs) => { | |
applyVpcCniYaml(cniYamlText, inputs); | |
return Promise.resolve({ id: crypto.randomBytes(8).toString("hex"), outs: {} }); | |
}; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f4(__0, __1, __2) { | |
return (function() { | |
with({ applyVpcCniYaml: __applyVpcCniYaml, cniYamlText: "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: aws-node\nrules:\n - apiGroups:\n - crd.k8s.amazonaws.com\n resources:\n - \"*\"\n - namespaces\n verbs:\n - \"*\"\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs: [\"list\", \"watch\", \"get\"]\n - apiGroups: [\"extensions\"]\n resources:\n - daemonsets\n verbs: [\"list\", \"watch\"]\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aws-node\n namespace: kube-system\n\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aws-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aws-node\nsubjects:\n - kind: ServiceAccount\n name: aws-node\n namespace: kube-system\n\n---\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: aws-node\n namespace: kube-system\n labels:\n k8s-app: aws-node\nspec:\n updateStrategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: \"10%\"\n selector:\n matchLabels:\n k8s-app: aws-node\n template:\n metadata:\n labels:\n k8s-app: aws-node\n spec:\n priorityClassName: system-node-critical\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: \"beta.kubernetes.io/os\"\n operator: In\n values:\n - linux\n - key: \"beta.kubernetes.io/arch\"\n operator: In\n values:\n - amd64\n - key: eks.amazonaws.com/compute-type\n operator: NotIn\n values:\n - fargate\n serviceAccountName: aws-node\n hostNetwork: true\n tolerations:\n - operator: Exists\n containers:\n - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0\n imagePullPolicy: Always\n ports:\n - containerPort: 61678\n name: metrics\n name: aws-node\n readinessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n livenessProbe:\n exec:\n command: [\"/app/grpc-health-probe\", \"-addr=:50051\"]\n initialDelaySeconds: 35\n env:\n - name: MY_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n - mountPath: /host/var/log\n name: log-dir\n - mountPath: /var/run/docker.sock\n name: dockersock\n - mountPath: /var/run/dockershim.sock\n name: dockershim\n volumes:\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n - name: log-dir\n hostPath:\n path: /var/log\n - name: dockersock\n hostPath:\n path: /var/run/docker.sock\n - name: dockershim\n hostPath:\n path: /var/run/dockershim.sock\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: eniconfigs.crd.k8s.amazonaws.com\nspec:\n scope: Cluster\n group: crd.k8s.amazonaws.com\n versions:\n - name: v1alpha1\n served: true\n storage: true\n names:\n plural: eniconfigs\n singular: eniconfig\n kind: ENIConfig\n" }) { | |
return (id, state, inputs) => { | |
applyVpcCniYaml(cniYamlText, inputs); | |
return Promise.resolve({ outs: {} }); | |
}; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f5(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (id, state) => Promise.resolve({ id: id, props: state }); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f6(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (id, state) => Promise.resolve(); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f0() { | |
return (function() { | |
with({ provider: __provider }) { | |
return () => provider; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
,kubeconfig,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResource RPC finished: resource:newcluster-nodeAccess[kubernetes:core/v1:ConfigMap]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$kubernetes:core/v1:ConfigMap::newcluster-nodeAccess,,apiVersion,,,v1,data,,,,,mapRoles,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,kind,,,ConfigMap,metadata,,,,,name,,,aws-auth,namespace,,,kube-system,, | |
debug: RegisterResource RPC finished: resource:newcluster-nodeSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-nodeSecurityGroup,,__defaults,,,,,,,,name,description,,,Managed by Pulumi,name,,,newcluster-nodeSecurityGroup-495e8da,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-nodeSecurityGroup,__defaults,,,,,,,kubernetes.io/cluster/my-cluster,,,owned,vpcId,,,vpc-ab0925c2,, | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Name: "association.subnet-id", | |
debug: Values: ["subnet-9266d1df"] | |
debug: }] | |
debug: } | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule | |
debug: RegisterResource RPC finished: resource:newcluster-eksNodeClusterIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksNodeClusterIngressRule,,__defaults,,,,,,,description,,,Allow worker Kubelets and pods to receive communication from the cluster control plane,fromPort,,1025,protocol,,,tcp,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,sourceSecurityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,toPort,,65535,type,,,ingress,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksExtApiServerClusterIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksExtApiServerClusterIngressRule,,__defaults,,,,,,,description,,,Allow pods running extension API servers on port 443 to receive communication from cluster control plane,fromPort,,443,protocol,,,tcp,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,sourceSecurityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,toPort,,443,type,,,ingress,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksNodeInternetEgressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksNodeInternetEgressRule,,__defaults,,,,,,,,self,cidrBlocks,,,,,,,,0.0.0.0/0,description,,,Allow internet access.,fromPort,,0,protocol,,,-1,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,self,,,,false,toPort,,0,type,,,egress,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksNodeIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksNodeIngressRule,,__defaults,,,,,,,description,,,Allow nodes to communicate with each other,fromPort,,0,protocol,,,-1,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,self,,,,true,toPort,,0,type,,,ingress,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksClusterIngressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksClusterIngressRule,,__defaults,,,,,,,description,,,Allow pods to communicate with the cluster API Server,fromPort,,443,protocol,,,tcp,securityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,sourceSecurityGroupId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,toPort,,443,type,,,ingress,, | |
debug: RegisterResource RPC prepared: t=aws:ec2/launchConfiguration:LaunchConfiguration, name=newcluster-nodeLaunchConfiguration | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2, | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: , obj={"subnetId":"subnet-9266d1df"} | |
debug: RegisterResource RPC finished: resource:newcluster-nodeLaunchConfiguration[aws:ec2/launchConfiguration:LaunchConfiguration]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::newcluster-nodeLaunchConfiguration,,__defaults,,,,,,,,enableMonitoring,,,name,associatePublicIpAddress,,,,true,enableMonitoring,,,,true,iamInstanceProfile,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,imageId,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,instanceType,,,t3.xlarge,name,,,newcluster-nodeLaunchConfiguration-839e4a5,rootBlockDevice,,,,,__defaults,,,,,,,deleteOnTermination,,,,true,volumeSize,,20,volumeType,,,gp2,securityGroups,,,,,,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,userData,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnetIds:getSubnetIds; err: null, resp: id,,,vpc-ab0925c2,ids,,,,,,,,subnet-9266d1df,,,subnet-cb94dfa2,,,subnet-139bf968,vpcId,,,vpc-ab0925c2, | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred: | |
* Your query returned no results. Please change your search criteria and try again | |
, resp: undefined | |
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously | |
debug: Reading Subnet: { | |
debug: SubnetIds: ["subnet-9266d1df"] | |
debug: } | |
debug: , obj={"id":"subnet-9266d1df"} | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-9266d1df,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3c,availabilityZoneId,,,euw3-az3,cidrBlock,,,172.31.32.0/20,defaultForAz,,,,true,id,,,subnet-9266d1df,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2, | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: DescribeRouteTables { | |
debug: Filters: [{ | |
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"} | |
debug: Name: "vpc-id", | |
debug: Values: ["vpc-ab0925c2"] | |
debug: },{ | |
debug: Name: "association.main", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926153852963100000002,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2, | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: , obj={"routeTableId":"rtb-e197aa88"} | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Name: "route-table-id", | |
debug: Values: ["rtb-e197aa88"] | |
debug: }] | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: Filters: [{ | |
debug: Name: "association.subnet-id", | |
debug: Values: ["subnet-cb94dfa2"] | |
debug: , obj={"subnetId":"subnet-cb94dfa2"} | |
debug: }] | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred: | |
* Your query returned no results. Please change your search criteria and try again | |
, resp: undefined | |
debug: Reading Subnet: { | |
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously | |
debug: SubnetIds: ["subnet-cb94dfa2"] | |
debug: } | |
debug: , obj={"id":"subnet-cb94dfa2"} | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-cb94dfa2,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3a,availabilityZoneId,,,euw3-az1,cidrBlock,,,172.31.0.0/20,defaultForAz,,,,true,id,,,subnet-cb94dfa2,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2, | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"} | |
debug: DescribeRouteTables { | |
debug: Filters: [{ | |
debug: Name: "vpc-id", | |
debug: Values: ["vpc-ab0925c2"] | |
debug: },{ | |
debug: Name: "association.main", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926153853998600000003,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2, | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: , obj={"routeTableId":"rtb-e197aa88"} | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Name: "route-table-id", | |
debug: Values: ["rtb-e197aa88"] | |
debug: }] | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2, | |
debug: RegisterResource RPC prepared: t=aws:cloudformation/stack:Stack, name=newcluster-nodes | |
debug: RegisterResource RPC finished: resource:newcluster-nodes[aws:cloudformation/stack:Stack]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:cloudformation/stack:Stack::newcluster-nodes,,__defaults,,,,,,,name,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,tags,,,,,Name,,,newcluster-nodes,__defaults,,,,,,,templateBody,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster | |
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster | |
debug: RegisterResource RPC prepared: t=pulumi:providers:kubernetes, name=newcluster-provider | |
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster; err: null, resp: | |
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster; err: null, resp: | |
debug: RegisterResource RPC finished: resource:newcluster-provider[pulumi:providers:kubernetes]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi:providers:kubernetes::newcluster-provider,,kubeconfig,,,04da6b54-80e4-46f7-96ec-b56ff0331ba9,, | |
Do you want to perform this update? yes | |
Updating (settlemint/newcluster) | |
View Live: https://app.pulumi.com/settlemint/pulumitest/newcluster/updates/4 | |
Type Name Status Info | |
+ pulumi:pulumi:Stack pulumitest-newcluster **creating failed** 1 error; 1 message; 329 debugs | |
+ ├─ eks:index:Cluster newcluster created | |
+ │ ├─ eks:index:ServiceRole newcluster-eksRole created | |
+ │ │ ├─ aws:iam:Role newcluster-eksRole-role created | |
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-eksRole-4b490823 created | |
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-eksRole-90eb1c99 created | |
+ │ ├─ eks:index:ServiceRole newcluster-instanceRole created | |
+ │ │ ├─ aws:iam:Role newcluster-instanceRole-role created | |
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-03516f97 created | |
+ │ │ ├─ aws:iam:RolePolicyAttachment newcluster-instanceRole-3eb088f2 created | |
+ │ │ └─ aws:iam:RolePolicyAttachment newcluster-instanceRole-e1b295bd created | |
+ │ ├─ pulumi-nodejs:dynamic:Resource newcluster-cfnStackName created | |
+ │ ├─ aws:ec2:SecurityGroup newcluster-eksClusterSecurityGroup created | |
+ │ ├─ aws:ec2:SecurityGroupRule newcluster-eksClusterInternetEgressRule created | |
+ │ ├─ aws:eks:Cluster newcluster-eksCluster created | |
+ │ ├─ aws:iam:InstanceProfile newcluster-instanceProfile created | |
+ │ ├─ aws:ec2:SecurityGroup newcluster-nodeSecurityGroup created | |
+ │ ├─ pulumi:providers:kubernetes newcluster-eks-k8s created | |
+ │ └─ pulumi-nodejs:dynamic:Resource newcluster-vpc-cni **creating failed** 1 error | |
+ └─ pulumi:providers:aws aws created | |
Diagnostics: | |
pulumi:pulumi:Stack (pulumitest-newcluster): | |
debug: Registering resource: t=pulumi:pulumi:Stack, name=pulumitest-newcluster, custom=false, remote=false | |
debug: RegisterResource RPC prepared: t=pulumi:pulumi:Stack, name=pulumitest-newcluster | |
debug: RegisterResource RPC finished: resource:pulumitest-newcluster[pulumi:pulumi:Stack]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:pulumi:Stack::pulumitest-newcluster,,,, | |
debug: Running program '/Users/roderik/Development/pulumitest' in pwd '/Users/roderik/Development/pulumitest' w/ args: | |
debug: Registering resource: t=pulumi:providers:aws, name=aws, custom=true, remote=false | |
debug: Registering resource: t=eks:index:Cluster, name=newcluster, custom=false, remote=false | |
debug: Invoking function: tok=aws:ec2/getVpc:getVpc asynchronously | |
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-eksRole, custom=false, remote=false | |
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-eksRole-role, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster, custom=true, remote=false | |
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s, custom=true, remote=false | |
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni, custom=true, remote=false | |
debug: Registering resource: t=eks:index:ServiceRole, name=newcluster-instanceRole, custom=false, remote=false | |
debug: Registering resource: t=aws:iam/role:Role, name=newcluster-instanceRole-role, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2, custom=true, remote=false | |
debug: Registering resource: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile, custom=true, remote=false | |
debug: Registering resource: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule, custom=true, remote=false | |
debug: Registering resource: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule, custom=true, remote=false | |
debug: Registering resource: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName, custom=true, remote=false | |
debug: Invoking function: tok=aws:index/getRegion:getRegion asynchronously | |
debug: Registering resource: t=aws:ec2/launchConfiguration:LaunchConfiguration, name=newcluster-nodeLaunchConfiguration, custom=true, remote=false | |
debug: Registering resource: t=aws:cloudformation/stack:Stack, name=newcluster-nodes, custom=true, remote=false | |
debug: Registering resource: t=pulumi:providers:kubernetes, name=newcluster-provider, custom=true, remote=false | |
debug: , obj={} | |
debug: , obj={"default":true} | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: , obj={"subnetId":"subnet-139bf968"} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: Found free variables: {"required":{},"optional":{}} | |
debug: RegisterResource RPC prepared: t=pulumi:providers:aws, name=aws | |
debug: RegisterResource RPC prepared: t=eks:index:Cluster, name=newcluster | |
debug: RegisterResource RPC finished: resource:newcluster[eks:index:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster::newcluster,,,, | |
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-eksRole | |
debug: RegisterResource RPC prepared: t=eks:index:ServiceRole, name=newcluster-instanceRole | |
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-cfnStackName | |
debug: AWS Auth provider used: "EnvProvider" | |
debug: Trying to get account information via sts:GetCallerIdentity | |
debug: RegisterResource RPC finished: resource:aws[pulumi:providers:aws]; err: null, resp: urn:pulumi:newcluster::pulumitest::pulumi:providers:aws::aws,c6d2ef41-0005-4f92-af75-37d5dbed7da0,region,,,eu-west-3,, | |
debug: Trying to get account information via sts:GetCallerIdentity | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole,,,, | |
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-eksRole-role | |
debug: Invoke RPC finished: tok=aws:index/getRegion:getRegion; err: null, resp: description,,,Europe (Paris),endpoint,,,ec2.eu-west-3.amazonaws.com,id,,,eu-west-3,name,,,eu-west-3, | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred: | |
* Your query returned no results. Please change your search criteria and try again | |
, resp: undefined | |
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously | |
debug: Reading Subnet: { | |
debug: , obj={"id":"subnet-139bf968"} | |
debug: SubnetIds: ["subnet-139bf968"] | |
debug: } | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole[eks:index:ServiceRole]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole,,,, | |
debug: RegisterResource RPC prepared: t=aws:iam/role:Role, name=newcluster-instanceRole-role | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-139bf968,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3b,availabilityZoneId,,,euw3-az2,cidrBlock,,,172.31.16.0/20,defaultForAz,,,,true,id,,,subnet-139bf968,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2, | |
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"} | |
debug: DescribeRouteTables { | |
debug: Filters: [{ | |
debug: Name: "vpc-id", | |
debug: Values: ["vpc-ab0925c2"] | |
debug: },{ | |
debug: Name: "association.main", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: No meta timeoutkey found in Apply() | |
debug: Waiting for state to become: [success] | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926154711095800000001,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: Filters: [{ | |
debug: Name: "route-table-id", | |
debug: Values: ["rtb-e197aa88"] | |
debug: }] | |
debug: , obj={"routeTableId":"rtb-e197aa88"} | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getVpc:getVpc; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:vpc/vpc-ab0925c2,cidrBlock,,,172.31.0.0/16,cidrBlockAssociations,,,,,,,,,,associationId,,,vpc-cidr-assoc-20243249,cidrBlock,,,172.31.0.0/16,state,,,associated,default,,,,true,dhcpOptionsId,,,dopt-0a903fa3adfeadc1a,enableDnsHostnames,,,,true,enableDnsSupport,,,,true,id,,,vpc-ab0925c2,instanceTenancy,,,default,mainRouteTableId,,,rtb-e197aa88,ownerId,,,711839938093,state,,,available,tags,,,,,, | |
debug: Invoking function: tok=aws:ec2/getSubnetIds:getSubnetIds asynchronously | |
debug: , obj={"vpcId":"vpc-ab0925c2"} | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-eksClusterSecurityGroup | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: Filters: [{ | |
debug: Name: "association.subnet-id", | |
debug: Values: ["subnet-9266d1df"] | |
debug: , obj={"subnetId":"subnet-9266d1df"} | |
debug: }] | |
debug: } | |
debug: No meta timeoutkey found in Apply() | |
debug: Waiting for state to become: [success] | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnetIds:getSubnetIds; err: null, resp: id,,,vpc-ab0925c2,ids,,,,,,,,subnet-9266d1df,,,subnet-cb94dfa2,,,subnet-139bf968,vpcId,,,vpc-ab0925c2, | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred: | |
* Your query returned no results. Please change your search criteria and try again | |
, resp: undefined | |
debug: Reading Subnet: { | |
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously | |
debug: SubnetIds: ["subnet-9266d1df"] | |
debug: } | |
debug: , obj={"id":"subnet-9266d1df"} | |
debug: RegisterResource RPC finished: resource:newcluster-cfnStackName[pulumi-nodejs:dynamic:Resource]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi-nodejs:dynamic:Resource::newcluster-cfnStackName,newcluster-cfnStackName,__provider,,,exports.handler = __f0; | |
var __provider = {check: __f1, diff: __f2, create: __f3, update: __f5, read: __f6, delete: __f7}; | |
function __f1(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (olds, news) => Promise.resolve({ inputs: news, failedChecks: [] }); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f2(__0, __1, __2) { | |
return (function() { | |
with({ }) { | |
return (id, olds, news) => Promise.resolve({}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f4(__0) { | |
return (function() { | |
with({ crypto: require("crypto") }) { | |
return n => `${n}-${crypto.randomBytes(4).toString("hex")}`; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f3(__0) { | |
return (function() { | |
with({ name: "newcluster-cfnStackName", func: __f4 }) { | |
return (inputs) => Promise.resolve({ | |
id: name, | |
outs: { output: func(inputs.input) }, | |
}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f5(__0, __1, __2) { | |
return (function() { | |
with({ func: __f4 }) { | |
return (id, olds, news) => Promise.resolve({ | |
outs: { output: func(news.input) }, | |
}); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f6(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (id, state) => Promise.resolve({ id: id, props: state }); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f7(__0, __1) { | |
return (function() { | |
with({ }) { | |
return (id, props) => Promise.resolve(); | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
function __f0() { | |
return (function() { | |
with({ provider: __provider }) { | |
return () => provider; | |
} | |
}).apply(undefined, undefined).apply(this, arguments); | |
} | |
,output,,,newcluster-556c093c,, | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-9266d1df,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3c,availabilityZoneId,,,euw3-az3,cidrBlock,,,172.31.32.0/20,defaultForAz,,,,true,id,,,subnet-9266d1df,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2, | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: DescribeRouteTables { | |
debug: Filters: [{ | |
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"} | |
debug: Name: "vpc-id", | |
debug: Values: ["vpc-ab0925c2"] | |
debug: },{ | |
debug: Name: "association.main", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: Security Group create configuration: { | |
debug: Description: "Managed by Pulumi", | |
debug: GroupName: "newcluster-eksClusterSecurityGroup-16c7096", | |
debug: TagSpecifications: [{ | |
debug: ResourceType: "security-group", | |
debug: Tags: [{ | |
debug: Key: "Name", | |
debug: Value: "newcluster-eksClusterSecurityGroup" | |
debug: }] | |
debug: }], | |
debug: VpcId: "vpc-ab0925c2" | |
debug: } | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926154712054000000002,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Name: "route-table-id", | |
debug: Values: ["rtb-e197aa88"] | |
debug: }] | |
debug: } | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: , obj={"routeTableId":"rtb-e197aa88"} | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: Name: "association.subnet-id", | |
debug: Values: ["subnet-cb94dfa2"] | |
debug: }] | |
debug: , obj={"subnetId":"subnet-cb94dfa2"} | |
debug: } | |
debug: Security Group ID: sg-0c93bb68edcdca3c9 | |
debug: Waiting for Security Group (sg-0c93bb68edcdca3c9) to exist | |
debug: Waiting for state to become: [exists] | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-eksRole-role,newcluster-eksRole-role-cbaf2b2,arn,,,arn:aws:iam::711839938093:role/newcluster-eksRole-role-cbaf2b2,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"eks.amazonaws.com"},"Action":"sts:AssumeRole"}]},createDate,,,2020-09-26T15:47:11Z,description,,,Allows EKS to manage clusters on your behalf.,forceDetachPolicies,,,,false,id,,,newcluster-eksRole-role-cbaf2b2,maxSessionDuration,,3600,name,,,newcluster-eksRole-role-cbaf2b2,path,,,/,tags,,,,,,uniqueId,,,AROA2LPHXOYW2JBAI7C3V,, | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-4b490823 | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-eksRole-90eb1c99 | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: Error: 2 UNKNOWN: invocation of aws:ec2/getRouteTable:getRouteTable returned an error: invoking aws:ec2/getRouteTable:getRouteTable: 1 error occurred: | |
* Your query returned no results. Please change your search criteria and try again | |
, resp: undefined | |
debug: Reading Subnet: { | |
debug: Invoking function: tok=aws:ec2/getSubnet:getSubnet asynchronously | |
debug: SubnetIds: ["subnet-cb94dfa2"] | |
debug: } | |
debug: , obj={"id":"subnet-cb94dfa2"} | |
debug: No meta timeoutkey found in Apply() | |
debug: Revoking default egress rule for Security Group for sg-0c93bb68edcdca3c9 | |
debug: No meta timeoutkey found in Apply() | |
debug: Invoke RPC finished: tok=aws:ec2/getSubnet:getSubnet; err: null, resp: arn,,,arn:aws:ec2:eu-west-3:711839938093:subnet/subnet-cb94dfa2,assignIpv6AddressOnCreation,,,,false,availabilityZone,,,eu-west-3a,availabilityZoneId,,,euw3-az1,cidrBlock,,,172.31.0.0/20,defaultForAz,,,,true,id,,,subnet-cb94dfa2,mapPublicIpOnLaunch,,,,true,outpostArn,,,,ownerId,,,711839938093,state,,,available,tags,,,,,kubernetes.io/cluster/consortia-europe,,,shared,kubernetes.io/cluster/peach-sap-procure2,,,shared,kubernetes.io/cluster/shared-europe,,,shared,kubernetes.io/cluster/staging-consortia-europe,,,shared,kubernetes.io/cluster/staging-shared-europe,,,shared,vpcId,,,vpc-ab0925c2, | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Invoking function: tok=aws:ec2/getRouteTables:getRouteTables asynchronously | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: DescribeRouteTables { | |
debug: Filters: [{ | |
debug: , obj={"filters":[{"name":"association.main","values":["true"]}],"vpcId":"vpc-ab0925c2"} | |
debug: Name: "vpc-id", | |
debug: Values: ["vpc-ab0925c2"] | |
debug: },{ | |
debug: Name: "association.main", | |
debug: Values: ["true"] | |
debug: }] | |
debug: } | |
debug: Revoking default IPv6 egress rule for Security Group for sg-0c93bb68edcdca3c9 | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-role[aws:iam/role:Role]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::newcluster-instanceRole-role,newcluster-instanceRole-role-395332b,arn,,,arn:aws:iam::711839938093:role/newcluster-instanceRole-role-395332b,assumeRolePolicy,,,{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]},createDate,,,2020-09-26T15:47:12Z,description,,,,forceDetachPolicies,,,,false,id,,,newcluster-instanceRole-role-395332b,maxSessionDuration,,3600,name,,,newcluster-instanceRole-role-395332b,path,,,/,tags,,,,,,uniqueId,,,AROA2LPHXOYW26DZRTZKL,, | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-03516f97 | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-e1b295bd | |
debug: RegisterResource RPC prepared: t=aws:iam/rolePolicyAttachment:RolePolicyAttachment, name=newcluster-instanceRole-3eb088f2 | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTables:getRouteTables; err: null, resp: filters,,,,,,,,,,name,,,association.main,values,,,,,,,,true,id,,,terraform-20200926154713175300000003,ids,,,,,,,,rtb-e197aa88,vpcId,,,vpc-ab0925c2, | |
debug: Reading Route Table: { | |
debug: Filters: [{ | |
debug: Name: "route-table-id", | |
debug: Values: ["rtb-e197aa88"] | |
debug: }] | |
debug: Invoking function: tok=aws:ec2/getRouteTable:getRouteTable asynchronously | |
debug: } | |
debug: , obj={"routeTableId":"rtb-e197aa88"} | |
debug: Waiting for Security Group (sg-0c93bb68edcdca3c9) to exist | |
debug: Waiting for state to become: [exists] | |
debug: No meta timeoutkey found in Apply() | |
debug: Invoke RPC finished: tok=aws:ec2/getRouteTable:getRouteTable; err: null, resp: associations,,,,,,,,,,gatewayId,,,,main,,,,true,routeTableAssociationId,,,rtbassoc-b431dfdc,routeTableId,,,rtb-e197aa88,subnetId,,,,id,,,rtb-e197aa88,ownerId,,,711839938093,routeTableId,,,rtb-e197aa88,routes,,,,,,,,,,cidrBlock,,,0.0.0.0/0,egressOnlyGatewayId,,,,gatewayId,,,igw-eea0c387,instanceId,,,,ipv6CidrBlock,,,,localGatewayId,,,,natGatewayId,,,,networkInterfaceId,,,,transitGatewayId,,,,vpcPeeringConnectionId,,,,tags,,,,,,vpcId,,,vpc-ab0925c2, | |
debug: No meta timeoutkey found in Apply() | |
debug: Waiting for Security Group (sg-0c93bb68edcdca3c9) to exist | |
debug: Waiting for state to become: [exists] | |
debug: No meta timeoutkey found in Apply() | |
debug: RegisterResource RPC finished: resource:newcluster-eksClusterSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-eksClusterSecurityGroup,sg-0c93bb68edcdca3c9,__meta,,,{"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0":{"create":600000000000,"delete":600000000000},"schema_version":"1"},arn,,,arn:aws:ec2:eu-west-3:711839938093:security-group/sg-0c93bb68edcdca3c9,description,,,Managed by Pulumi,egress,,,,,,,id,,,sg-0c93bb68edcdca3c9,ingress,,,,,,,name,,,newcluster-eksClusterSecurityGroup-16c7096,namePrefix,,,,ownerId,,,711839938093,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-eksClusterSecurityGroup,vpcId,,,vpc-ab0925c2,, | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterInternetEgressRule | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole-4b490823[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-4b490823,newcluster-eksRole-role-cbaf2b2-20200926154713416900000004,id,,,newcluster-eksRole-role-cbaf2b2-20200926154713416900000004,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSClusterPolicy,role,,,newcluster-eksRole-role-cbaf2b2,, | |
debug: No meta timeoutkey found in Apply() | |
debug: Locking "sg-0c93bb68edcdca3c9" | |
debug: Locked "sg-0c93bb68edcdca3c9" | |
debug: Authorizing security group sg-0c93bb68edcdca3c9 Egress rule: { | |
debug: IpProtocol: "-1", | |
debug: IpRanges: [{ | |
debug: CidrIp: "0.0.0.0/0", | |
debug: Description: "Allow internet access." | |
debug: }] | |
debug: } | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-03516f97[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-03516f97,newcluster-instanceRole-role-395332b-20200926154713949800000006,id,,,newcluster-instanceRole-role-395332b-20200926154713949800000006,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy,role,,,newcluster-instanceRole-role-395332b,, | |
debug: Computed group rule ID sgrule-2103724647 | |
debug: Waiting for state to become: [success] | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-3eb088f2[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-3eb088f2,newcluster-instanceRole-role-395332b-20200926154714220300000007,id,,,newcluster-instanceRole-role-395332b-20200926154714220300000007,policyArn,,,arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly,role,,,newcluster-instanceRole-role-395332b,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksRole-90eb1c99[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-eksRole-90eb1c99,newcluster-eksRole-role-cbaf2b2-20200926154713787000000005,id,,,newcluster-eksRole-role-cbaf2b2-20200926154713787000000005,policyArn,,,arn:aws:iam::aws:policy/AmazonEKSServicePolicy,role,,,newcluster-eksRole-role-cbaf2b2,, | |
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole | |
debug: RegisterResource RPC prepared: t=aws:eks/cluster:Cluster, name=newcluster-eksCluster | |
debug: Found rule for Security Group Rule (sgrule-2103724647): { | |
debug: IpProtocol: "-1", | |
debug: IpRanges: [{ | |
debug: CidrIp: "0.0.0.0/0", | |
debug: Description: "Allow internet access." | |
debug: }] | |
debug: } | |
debug: Unlocking "sg-0c93bb68edcdca3c9" | |
debug: Unlocked "sg-0c93bb68edcdca3c9" | |
debug: RegisterResource RPC finished: resource:newcluster-instanceRole-e1b295bd[aws:iam/rolePolicyAttachment:RolePolicyAttachment]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::newcluster-instanceRole-e1b295bd,newcluster-instanceRole-role-395332b-20200926154714528500000008,id,,,newcluster-instanceRole-role-395332b-20200926154714528500000008,policyArn,,,arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy,role,,,newcluster-instanceRole-role-395332b,, | |
debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole | |
debug: RegisterResource RPC prepared: t=aws:iam/instanceProfile:InstanceProfile, name=newcluster-instanceProfile | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: Truncating attribute path of 0 diagnostics for TypeSet | |
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-eksRole; err: null, resp: | |
debug: RegisterResource RPC finished: resource:newcluster-eksClusterInternetEgressRule[aws:ec2/securityGroupRule:SecurityGroupRule]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::newcluster-eksClusterInternetEgressRule,sgrule-2103724647,__meta,,,{"schema_version":"2"},cidrBlocks,,,,,,,,0.0.0.0/0,description,,,Allow internet access.,fromPort,,0,id,,,sgrule-2103724647,protocol,,,-1,securityGroupId,,,sg-0c93bb68edcdca3c9,self,,,,false,toPort,,0,type,,,egress,, | |
debug: Creating EKS Cluster: { | |
debug: Logging: { | |
debug: ClusterLogging: [{ | |
debug: Enabled: true, | |
debug: Types: [] | |
debug: },{ | |
debug: Enabled: false, | |
debug: Types: [ | |
debug: "controllerManager", | |
debug: "scheduler", | |
debug: "authenticator", | |
debug: "audit", | |
debug: "api" | |
debug: ] | |
debug: }] | |
debug: }, | |
debug: Name: "my-cluster", | |
debug: ResourcesVpcConfig: { | |
debug: EndpointPrivateAccess: false, | |
debug: EndpointPublicAccess: true, | |
debug: SecurityGroupIds: ["sg-0c93bb68edcdca3c9"], | |
debug: SubnetIds: ["subnet-9266d1df","subnet-139bf968","subnet-cb94dfa2"] | |
debug: }, | |
debug: RoleArn: "arn:aws:iam::711839938093:role/newcluster-eksRole-role-cbaf2b2", | |
debug: Tags: { | |
debug: Name: "newcluster-eksCluster" | |
debug: } | |
debug: } | |
debug: Waiting for state to become: [success] | |
debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:newcluster::pulumitest::eks:index:Cluster$eks:index:ServiceRole::newcluster-instanceRole; err: null, resp: | |
debug: No meta timeoutkey found in Apply() | |
debug: Waiting for state to become: [ACTIVE] | |
debug: Waiting for state to become: [success] | |
debug: Waiting 200ms before next try | |
debug: RegisterResource RPC finished: resource:newcluster-instanceProfile[aws:iam/instanceProfile:InstanceProfile]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:iam/instanceProfile:InstanceProfile::newcluster-instanceProfile,newcluster-instanceProfile-5eab1ab,arn,,,arn:aws:iam::711839938093:instance-profile/newcluster-instanceProfile-5eab1ab,createDate,,,2020-09-26T15:47:17Z,id,,,newcluster-instanceProfile-5eab1ab,name,,,newcluster-instanceProfile-5eab1ab,path,,,/,role,,,newcluster-instanceRole-role-395332b,uniqueId,,,AIPA2LPHXOYWZPEE6X44N,, | |
debug: RegisterResource RPC finished: resource:newcluster-eksCluster[aws:eks/cluster:Cluster]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:eks/cluster:Cluster::newcluster-eksCluster,my-cluster,__meta,,,{"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0":{"create":1800000000000,"delete":900000000000,"update":3600000000000}},arn,,,arn:aws:eks:eu-west-3:711839938093:cluster/my-cluster,certificateAuthority,,,,,data,,,LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3lOakUxTlRReU5Wb1hEVE13TURreU5ERTFOVFF5TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHZPClFxL0JyNUZkR3ZKOHRiaytOREJsbkprZFpnNlhDUjVmRDIyTUIrdkt5d2VHY1FTSW9GYW1MSWY5aFQ2ak90K0UKS3ZXK3VyU1A3WEdVNnpBaERwZkFyWFRPZ3NDOWtEODQ0cFBwMlJOM0Z1WjdWdXFhZVdleWEvaHc1QVlkOUk2agptSmJNSlpxZGpDMVB3ZWhZaUlSNC9Gam1PcTdtZVcxS0NJeG5PQW8zcDF1Q0JNc1FqMzJGQ1ZtRm0xcGNGT01mCmVuSFNOckhpZXcwd3ZZS1B0bHJTOHdGNHIycm9HUUxQZ3E3ejRYTHBoUmlNQm5lanVJd3M3VUhWK0psVEROeFUKNGxibEMrUGtPNExBUnkrclJSbVYydzJhQXUxSkxUREZyRk44V2ZLTW0zcU5KdjhSeStSOTkva2hoNGgvN3l1cwoyKzNwN1BLZU9nNWlhWjlWQWRjQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHTExISlZ0UHNrZmQ4Unp6YU5XeDdMVjJqVlIKNWRMTGFUOGVmVnQxR2lMdWNlZ1VHN2oxNHBWVlF0MzBIRUp0QkdkemJobENlZ3VOWS9RL3FFQWZsMlZBRkc1cApPZDFTTGtMeDc3ZzJwTEZaZ1VMUGdxVU91azZwSU1iN1NsUThkMHZTeFNXdlprN1RnWFdPTnZmcUtYcjFJdmtpCkFPNUczWnF1dDVjcVNhMHZJbTJUMk5qdlVsSWdlSFBmWUpqSmpHd1hQSUEyRitEWDUzQkFyaVU4RXl2VStlaVQKUW4weWE4Tm4zOUsyRnlGWnh6VzA3dG0xR04xb1RaRENzZHNDQldsUjU2cVBXYmVkTnZtQnZOakVTcmRCeDlKcApYR1B2THVRaHl3aHhVcXRrcUc1OWp4a1hsd2FzRnUvOThRc1NPMWs1cFp3M1E0aEdtUUFuU3A4WGYyND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=,createdAt,,,2020-09-26 15:47:17.798 +0000 UTC,enabledClusterLogTypes,,,,,,,encryptionConfig,0,endpoint,,,https://014B4B4E8D7AA2689D6DC3327C722BF4.yl4.eu-west-3.eks.amazonaws.com,id,,,my-cluster,identities,,,,,,,,,,oidcs,,,,,,,,,,issuer,,,https://oidc.eks.eu-west-3.amazonaws.com/id/014B4B4E8D7AA2689D6DC3327C722BF4,name,,,my-cluster,platformVersion,,,eks.3,roleArn,,,arn:aws:iam::711839938093:role/newcluster-eksRole-role-cbaf2b2,status,,,ACTIVE,tags,,,,,Name,,,newcluster-eksCluster,version,,,1.17,vpcConfig,,,,,clusterSecurityGroupId,,,sg-04afbcb79b641df99,endpointPrivateAccess,,,,false,endpointPublicAccess,,,,true,publicAccessCidrs,,,,,,,,0.0.0.0/0,securityGroupIds,,,,,,,,sg-0c93bb68edcdca3c9,subnetIds,,,,,,,,subnet-9266d1df,,,subnet-139bf968,,,subnet-cb94dfa2,vpcId,,,vpc-ab0925c2,, | |
debug: Invoking function: tok=aws:ssm/getParameter:getParameter asynchronously | |
debug: , obj={"name":"/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id"} | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroup:SecurityGroup, name=newcluster-nodeSecurityGroup | |
debug: RegisterResource RPC prepared: t=pulumi:providers:kubernetes, name=newcluster-eks-k8s | |
debug: RegisterResource RPC prepared: t=pulumi-nodejs:dynamic:Resource, name=newcluster-vpc-cni | |
debug: Invoke RPC finished: tok=aws:ssm/getParameter:getParameter; err: null, resp: arn,,,arn:aws:ssm:eu-west-3:711839938093:parameter/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id,id,,,/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id,name,,,/aws/service/eks/optimized-ami/1.17/amazon-linux-2/recommended/image_id,type,,,String,value,,,ami-0daa783a28b127c5e,version,,6,withDecryption,,,,true, | |
debug: Security Group create configuration: { | |
debug: Description: "Managed by Pulumi", | |
debug: GroupName: "newcluster-nodeSecurityGroup-5b185ec", | |
debug: TagSpecifications: [{ | |
debug: ResourceType: "security-group", | |
debug: Tags: [{ | |
debug: Key: "Name", | |
debug: Value: "newcluster-nodeSecurityGroup" | |
debug: },{ | |
debug: Key: "kubernetes.io/cluster/my-cluster", | |
debug: Value: "owned" | |
debug: }] | |
debug: }], | |
debug: VpcId: "vpc-ab0925c2" | |
debug: } | |
debug: Security Group ID: sg-0808ceb720c176e1f | |
debug: Waiting for Security Group (sg-0808ceb720c176e1f) to exist | |
debug: Waiting for state to become: [exists] | |
debug: Revoking default egress rule for Security Group for sg-0808ceb720c176e1f | |
debug: RegisterResource RPC finished: resource:newcluster-eks-k8s[pulumi:providers:kubernetes]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$pulumi:providers:kubernetes::newcluster-eks-k8s,b16ad71a-a9c1-4c2a-8ec7-5d55685ee5ae,kubeconfig,,,{"apiVersion":"v1","clusters":[{"cluster":{"server":"https://014B4B4E8D7AA2689D6DC3327C722BF4.yl4.eu-west-3.eks.amazonaws.com","certificate-authority-data":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3lOakUxTlRReU5Wb1hEVE13TURreU5ERTFOVFF5TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHZPClFxL0JyNUZkR3ZKOHRiaytOREJsbkprZFpnNlhDUjVmRDIyTUIrdkt5d2VHY1FTSW9GYW1MSWY5aFQ2ak90K0UKS3ZXK3VyU1A3WEdVNnpBaERwZkFyWFRPZ3NDOWtEODQ0cFBwMlJOM0Z1WjdWdXFhZVdleWEvaHc1QVlkOUk2agptSmJNSlpxZGpDMVB3ZWhZaUlSNC9Gam1PcTdtZVcxS0NJeG5PQW8zcDF1Q0JNc1FqMzJGQ1ZtRm0xcGNGT01mCmVuSFNOckhpZXcwd3ZZS1B0bHJTOHdGNHIycm9HUUxQZ3E3ejRYTHBoUmlNQm5lanVJd3M3VUhWK0psVEROeFUKNGxibEMrUGtPNExBUnkrclJSbVYydzJhQXUxSkxUREZyRk44V2ZLTW0zcU5KdjhSeStSOTkva2hoNGgvN3l1cwoyKzNwN1BLZU9nNWlhWjlWQWRjQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHTExISlZ0UHNrZmQ4Unp6YU5XeDdMVjJqVlIKNWRMTGFUOGVmVnQxR2lMdWNlZ1VHN2oxNHBWVlF0MzBIRUp0QkdkemJobENlZ3VOWS9RL3FFQWZsMlZBRkc1cApPZDFTTGtMeDc3ZzJwTEZaZ1VMUGdxVU91azZwSU1iN1NsUThkMHZTeFNXdlprN1RnWFdPTnZmcUtYcjFJdmtpCkFPNUczWnF1dDVjcVNhMHZJbTJUMk5qdlVsSWdlSFBmWUpqSmpHd1hQSUEyRitEWDUzQkFyaVU4RXl2VStlaVQKUW4weWE4Tm4zOUsyRnlGWnh6VzA3dG0xR04xb1RaRENzZHNDQldsUjU2cVBXYmVkTnZtQnZOakVTcmRCeDlKcApYR1B2THVRaHl3aHhVcXRrcUc1OWp4a1hsd2FzRnUvOThRc1NPMWs1cFp3M1E0aEdtUUFuU3A4WGYyND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="},"name":"kubernetes"}],"contexts":[{"context":{"cluster":"kubernetes","user":"aws"},"name":"aws"}],"current-context":"aws","kind":"Config","users":[{"name":"aws","user":{"exec":{"apiVersion":"client.authentication.k8s.io/v1alpha1","command":"aws","args":["eks","get-token","--cluster-name","my-cluster","--role","arn:aws:iam::711839938093:role/eksServiceRole"]}}}]},, | |
debug: RegisterResource RPC prepared: t=kubernetes:core/v1:ConfigMap, name=newcluster-nodeAccess | |
debug: Revoking default IPv6 egress rule for Security Group for sg-0808ceb720c176e1f | |
debug: Waiting for Security Group (sg-0808ceb720c176e1f) to exist | |
debug: Waiting for state to become: [exists] | |
debug: Waiting for Security Group (sg-0808ceb720c176e1f) to exist | |
debug: Waiting for state to become: [exists] | |
debug: RegisterResource RPC finished: resource:newcluster-nodeSecurityGroup[aws:ec2/securityGroup:SecurityGroup]; err: null, resp: urn:pulumi:newcluster::pulumitest::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::newcluster-nodeSecurityGroup,sg-0808ceb720c176e1f,__meta,,,{"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0":{"create":600000000000,"delete":600000000000},"schema_version":"1"},arn,,,arn:aws:ec2:eu-west-3:711839938093:security-group/sg-0808ceb720c176e1f,description,,,Managed by Pulumi,egress,,,,,,,id,,,sg-0808ceb720c176e1f,ingress,,,,,,,name,,,newcluster-nodeSecurityGroup-5b185ec,namePrefix,,,,ownerId,,,711839938093,revokeRulesOnDelete,,,,true,tags,,,,,Name,,,newcluster-nodeSecurityGroup,kubernetes.io/cluster/my-cluster,,,owned,vpcId,,,vpc-ab0925c2,, | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeIngressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeInternetEgressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksClusterIngressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksNodeClusterIngressRule | |
debug: RegisterResource RPC prepared: t=aws:ec2/securityGroupRule:SecurityGroupRule, name=newcluster-eksExtApiServerClusterIngressRule | |
error: update failed | |
error: You must be logged in to the server (the server has asked for the client to provide credentials) | |
pulumi-nodejs:dynamic:Resource (newcluster-vpc-cni): | |
error: Command failed: kubectl apply -f /var/folders/93/trfs1ns93nx39y22gbwx6hmr0000gn/T/tmp-13508VziZRSVp56CV.tmp | |
error: You must be logged in to the server (the server has asked for the client to provide credentials) | |
Resources: | |
+ 19 created | |
Duration: 10m32s | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~/Development/pulumitest via ⬢ v14.7.0 | |
❯ cat ~/.kube/config | |
apiVersion: v1 | |
clusters: | |
- cluster: | |
certificate-authority: /Users/roderik/.minikube/ca.crt | |
server: https://127.0.0.1:32772 | |
name: minikube | |
contexts: | |
- context: | |
cluster: minikube | |
namespace: prometheus | |
user: minikube | |
name: minikube | |
current-context: minikube | |
kind: Config | |
preferences: {} | |
users: | |
- name: minikube | |
user: | |
client-certificate: /Users/roderik/.minikube/profiles/minikube/client.crt | |
client-key: /Users/roderik/.minikube/profiles/minikube/client.key | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment