important-leather-28796
05/16/2019, 11:08 PMapi
failed to deploy (never ready), but web
which dependsOn: [api]
continued, and in fact it seems the pulumi command did not error in any way.prehistoric-kangaroo-30397
05/16/2019, 11:19 PMquick-action-34599
05/17/2019, 2:35 AMcreamy-jelly-91590
05/17/2019, 11:19 AMOutput<string>
as a kubeconfig
for the k8s.Provider
and I am getting this. If I instead pulumi stack output --show-secrets kubeconfig | pbcopy
and then paste it in as a string literal in my TS code, then it works.creamy-jelly-91590
05/17/2019, 11:23 AMexport const kubeconfig = pulumi.secret(
pulumi
.all([cluster.name, cluster.endpoint, cluster.masterAuth, config.project])
.apply(([clusterName, clusterEndpoint, clusterAuth, project]) =>
createKubeconfig({
project,
region,
clusterCaCertificate: clusterAuth.clusterCaCertificate,
clusterEndpoint: clusterEndpoint,
clusterName: clusterName
})
)
);
const k8sProvider = new k8s.Provider(name, {
kubeconfig
});
export function createKubeconfig(ctx: {
project: string;
region: string;
clusterName: string;
clusterEndpoint: string;
clusterCaCertificate: string;
}) {
const context = `${ctx.project}_${ctx.region}_${ctx.clusterName}`;
return `apiVersion: v1
clusters:
- name: ${context}
cluster:
certificate-authority-data: ${ctx.clusterCaCertificate}
server: https://${ctx.clusterEndpoint}
contexts:
- name: ${context}
context:
cluster: ${context}
user: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
user:
auth-provider:
name: gcp
config:
cmd-args: config config-helper --format=json
cmd-path: gcloud
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
`;
}
busy-air-16359
05/17/2019, 12:30 PMbusy-air-16359
05/17/2019, 12:33 PMaws.eks.Cluster
which lets me configure endpointPrivateAccess
and endpointPublicAccess
but it seems to be a low level API and I’m not finding anyone using itfew-dog-41530
05/17/2019, 1:32 PMorange-tailor-85423
05/17/2019, 3:05 PM--secrets-provider string
flag? I’m failing to find documentation on that the valid options are for this. The release notes mention pluggable encryption is now a thing but I’m failing at finding an example other than setting a passphrase.billowy-garage-68819
05/17/2019, 3:36 PMearly-musician-41645
05/17/2019, 5:15 PMimportant-leather-28796
05/17/2019, 6:31 PMDiagnostics:
kubernetes:<http://apiextensions.k8s.io:CustomResourceDefinition|apiextensions.k8s.io:CustomResourceDefinition> (<http://certificates.certmanager.k8s.io|certificates.certmanager.k8s.io>):
error: Plan apply failed: 1 error occurred:
* expected kind, but got map
kubernetes:<http://apiextensions.k8s.io:CustomResourceDefinition|apiextensions.k8s.io:CustomResourceDefinition> (<http://clusterissuers.certmanager.k8s.io|clusterissuers.certmanager.k8s.io>):
error: Plan apply failed: 1 error occurred:
* expected kind, but got map
kubernetes:<http://apiextensions.k8s.io:CustomResourceDefinition|apiextensions.k8s.io:CustomResourceDefinition> (<http://issuers.certmanager.k8s.io|issuers.certmanager.k8s.io>):
error: Plan apply failed: 1 error occurred:
* expected kind, but got map
https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/cert-manager.yamlfaint-vegetable-61837
05/17/2019, 7:13 PMcould not import deployment: unknown secrets provider type
faint-vegetable-61837
05/17/2019, 7:34 PMpulumi stack output --show-secrets
Still shows an encrypted valuefull-dress-10026
05/17/2019, 7:36 PMwhite-balloon-205
little-garage-43399
05/18/2019, 3:27 PMcolossal-room-15708
05/19/2019, 5:41 AMcreamy-jelly-91590
05/19/2019, 10:29 AMcreamy-jelly-91590
05/19/2019, 11:40 AMconst target = new gcp.compute.TargetPool("node-pool-target", {
sessionAffinity: "CLIENT_IP",
project,
region: location,
instances: defaultNodePool.instanceGroupUrls
.apply(groups =>
groups.map(group => {
const splat = group.split("/");
const idxZones = splat.indexOf("zones");
const zone = splat[idxZones + 1];
const groupId = splat[idxZones + 3];
return { group: groupId, zone };
})
)
.apply(groups =>
Promise.all(
groups.map(group =>
gcp.compute
.getInstanceGroup({ project, name: group.group, zone: group.zone })
.then(r => r.instances)
)
).then(flatten)
)
});
creamy-jelly-91590
05/19/2019, 11:42 AMcreamy-jelly-91590
05/19/2019, 12:01 PMnamed ports
? For this: https://cloud.google.com/load-balancing/docs/backend-service#named_portscreamy-jelly-91590
05/19/2019, 12:03 PMcreamy-jelly-91590
05/19/2019, 12:39 PMaverage-dream-51210
05/19/2019, 7:33 PMaverage-dream-51210
05/19/2019, 7:33 PMaverage-dream-51210
05/19/2019, 7:33 PMaverage-dream-51210
05/19/2019, 7:51 PMaverage-dream-51210
05/19/2019, 8:03 PMwitty-alarm-17249
05/20/2019, 10:40 AM