Search code examples

How can I achieve Pulumi EKS RoleMappings with C#

There are Kubernetes RBAC in Amazon EKS with Pulumi instructions for TypeScript.

const vpc = new awsx.ec2.Vpc("vpc", {});
const cluster = new eks.Cluster("eks-cluster", {
  vpcId             :,
  subnetIds         : vpc.publicSubnetIds,
  instanceType      : "t2.medium",
  nodeRootVolumeSize: 200,
  desiredCapacity   : 1,
  maxSize           : 2,
  minSize           : 1,
  deployDashboard   : false,
  vpcCniOptions     : {
    warmIpTarget    : 4,
  roleMappings      : [
    // Provides full administrator cluster access to the k8s cluster
      groups    : ["system:masters"],
      roleArn   : clusterAdminRole.arn,
      username  : "pulumi:admin-usr",
    // Map IAM role arn "AutomationRoleArn" to the k8s user with name "automation-usr", e.g. gitlab CI
      groups    : ["pulumi:automation-grp"],
      roleArn   : AutomationRole.arn,
      username  : "pulumi:automation-usr",
    // Map IAM role arn "EnvProdRoleArn" to the k8s user with name "prod-usr"
      groups    : ["pulumi:prod-grp"],
      roleArn   : EnvProdRole.arn,
      username  : "pulumi:prod-usr",

Kubernetes RBAC in AWS EKS with open source Pulumi packages | Pulumi

I'm looking for how to achieve this with .NET C#? It looks like eks roleMappings extensions is only available for TypeScript, so that C# may be require to construct configmap manifest with Pulumi.Kubernetes?


  • The pulumi-eks package is currently only available in TypeScript. There is a plan to bring it to all languages later this year, but for now you basically have two options:

    1. Use TypeScript. If needed, break down your complete deployment into multiple stacks. The stack that defines the EKS package would be in TypeScript, while other stacks can be in C#.

    2. Refer to the pulumi-eks implementation that you linked above and transfer that code manually to C#. This is a non-trivial work, so be careful with feasibility estimation.