pulumi-community #general

Channels

general

acoustic-dress-83560

01/04/2023, 11:31 AM

Hey all, happy new year! Does anyone know how to use the

config-map

option in the Pulumi GitHub action? I'm having trouble injecting secrets into it to create a new stack to access Azure with a

clientId

clientSecret

in the config. In my action I have a YAML string similar to the following (I've shortened it a lot here):

config-map: "{azure-native:location: {value: westeurope, secret: false}, azure-native:clientSecret: {value: ${{ secrets.AZURE_DETAILS.clientSecret }}, secret: true}, azure-native:tenantId: {value: my-guid, secret: false}}"
env:
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  ARM_CLIENT_ID: ${{ secrets.AZURE_DETAILS.clientId }}
  ARM_CLIENT_SECRET: ${{ secrets.AZURE_DETAILS.clientSecret }}
  ARM_TENANT_ID: ${{ secrets.AZURE_DETAILS.tenantId }}
  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_DETAILS.subscriptionId }}

But I receive an error when the Pulumi step runs, suggesting I've used the wrong `clientSecret`:

azure-native:resources:ResourceGroup rg-myrg- creating (0s) error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to <https://management.azure.com/subscriptions/my-subscription-id-guid/resourcegroups/rg-rg-myrg-a8fcf880?api-version=2019-05-01>: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: ***"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'my-app-guid'.\r\nTrace ID: 8d13de75-afd6-492a-8c0a-aea6ed140801\r\nCorrelation ID: b8fd878d-cbc3-46cf-a1ac-24607590db62\r\nTimestamp: 2023-01-04 11:22:21Z","error_codes":[7000215],"timestamp":"2023-01-04 11:22:21Z","trace_id":"8d13de75-afd6-492a-8c0a-aea6ed140801","correlation_id":"b8fd878d-cbc3-46cf-a1ac-24607590db62","error_uri":"<https://login.microsoftonline.com/error?code=7000215>"*** Endpoint <https://login.microsoftonline.com/my-tenant-id-guid/oauth2/token?api-version=1.0>

If I run the action without

config-map

and just target an existing stack, I can update and destroy the stack just fine. The credentials I'm using are the same in the config and in the

env

, they are from the same GitHub secret. It seems that GitHub secrets are not injected properly into the

config-map

YAML string, using the syntax I am. Though, no syntax is shown in the description and I can't find any examples.

modern-school-54566

01/04/2023, 11:48 AM

Hello everyone I'm having an issue with my pulumi aws credentials it was working yesterday but 4 some reason 2day it refuses to confirm my aws credentials I have created new I am roles Reconfigured it with my aws cli Added It to my pulumi.stack.yaml as config values I even edited them from my .aws.config and .credentials directory in my root user But it still throws a invalid aws credentials wen I run pulumi up

white-architect-1595

01/04/2023, 3:11 PM

Does anyone know why when I create a webapp my appsettings are not showing in the JSON for my web app in the portal? Under siteconfigs in the json view the app settings is null here is how I am creating the webapp

var standardLogicApp = new Pulumi.AzureNative.Web.WebApp($"Instanda-{sn}-logic-", new()
    {
        Kind = "functionapp,workflowapp",
        ResourceGroupName = resourceGroup.Name,
        Location = resourceGroup.Location,
        ServerFarmId = appServicePlace.Id,
        SiteConfig = new SiteConfigArgs
        {
            AppSettings = new[]{

                    new NameValuePairArgs
                    {
                        Name = "FUNCTIONS_EXTENSION_VERSION",
                        Value = "~4"

                    },
                    new NameValuePairArgs
                    {
                        Name = "FUNCTIONS_WORKER_RUNTIME",
                        Value = "node"

                    },
                    new NameValuePairArgs
                    {
                        Name = "WEBSITE_NODE_DEFAULT_VERSION",
                        Value = "~14"

                    },
                    new NameValuePairArgs
                    {
                        Name = "WEBSITE_CONTENTSHARE",
                        Value = Output.Format($"{workflowfolder}")

                    },
                    new NameValuePairArgs
                    {
                        Name = "AzureWebJobsStorage",
                        Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
                    },
                    new NameValuePairArgs
                    {
                        Name = "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
                        Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
                    },
                    new NameValuePairArgs
                    {
                        Name = "AzureFunctionsJobHost__extensionBundle__id",
                        Value = "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
                    },
                    new NameValuePairArgs
                    {
                        Name = "AzureFunctionsJobHost__extensionBundle__version",
                        Value = "[1.*, 2.0.0)",
                    },

                    new NameValuePairArgs
                    {
                        Name = "APP_KIND",
                        Value = "workflowapp",
                    },
                },
        },

delightful-terabyte-60652

01/04/2023, 3:39 PM

Hi everyone. I'm trying to implement argocd as a CD main tool. Currently, I have all the k8s definitions (Deployments/svc/ing/ etc ) in pulumi. Is there any documentation or example on how to deploy these k8s objects combining argocd and pulumi? According to the official documentation, I see that Pulumi Kubernetes Operator works with Flux. Important note: I am trying to avoid converting all the typescript code to helm charts or Kustomize files. Thanks in advance.

nice-butcher-64302

01/04/2023, 4:18 PM

Hi everyone, I'm trying to understand if there's a way to rotate the private/public keys generated using the

tls.PrivateKey

custom resource. The reason why I'm asking this is because we potentially need to generate a new set of keys to sign JSON web tokens on a regular basis for security purposes. I was thinking something along the lines of what the

random

package provides. Do you think it's possible somehow? Thanks in advance

sparse-soccer-23105

01/04/2023, 7:08 PM

Hi everyone, really simple question, I'm trying to import existing resources but am facing plenty of:

error: Preview failed: unrecognized resource type (Read):

ie:

error: Preview failed: unrecognized resource type (Read): aws:rds/dbclustersnapshot:DBClusterSnapshot

From my understanding, the

token

is wrong, how and/or where can I get a list of those ?

sparse-nail-47035

01/04/2023, 8:01 PM

Dear Pulumians,

sparse-nail-47035

01/04/2023, 8:02 PM

I'm trying to set up a simple K8s cluster script in Azure using Scala and I'm wondering what is the correct way to export a kubeconfig from my cluster definition. I have the following:

val k8sCluster = new ManagedCluster(...)

I do not see any function in the ManagedCluster class that I can use to export the KubeConfig object. Is there any mechanism in the API that can be used to build a KubeConfig from a clsuer instance?

plain-belgium-35196

01/04/2023, 10:55 PM

Hi teams, Try to create eks addon ebs-csi-controller-sa, but got this conflict error: [conflict with “pulumi-resource-kubernetes” using v1: .metadata.labels.app.kubernetes.io/managed-by](error: resource kube-system/ebs-csi-controller-sa was not successfully created by the Kubernetes API server : use the “pulumi.com/patchForce” annotation if you want to overwrite the existing values: Apply failed with 1 conflict: conflict with “pulumi-resource-kubernetes” using v1: .metadata.labels.app.kubernetes.io/managed-by)

sparse-nail-47035

01/05/2023, 4:39 AM

Is the documentation up to date? For example., here in this page the Java how to is missing?

sparse-nail-47035

01/05/2023, 4:39 AM

https://www.pulumi.com/registry/packages/azure-native/version-guide/

steep-raincoat-47738

01/05/2023, 7:40 AM

Hello Pulumians, Is there a way we can host our own custom Resources or collection of Custom resources within Pulumi? Example Use case: I want all developers within my org be default: 1. create S3 buckets which is encrypted with a KMS key 2. Create an EC2 with one of the Golden AMIs

steep-raincoat-47738

01/05/2023, 7:44 AM

Something similar to Private L3 Constructs in AWS CDK

acoustic-dress-83560

01/05/2023, 8:40 AM

Hey all, Anyone have experience with the

remove

option from the Pulumi GitHub action? When my action runs, it shows a warning that

remove

isn't recognised, continues and does not delete the stack from Pulumi after successfully destroying the resources:

Warning: Unexpected input(s) 'remove', valid inputs are ['command', 'stack-name', 'work-dir', 'comment-on-pr', 'comment-on-pr-number', 'github-token', 'cloud-url', 'secrets-provider', 'parallel', 'message', 'config-map', 'expect-no-changes', 'diff', 'replace', 'target', 'target-dependents', 'policyPacks', 'policyPackConfigs', 'refresh', 'upsert', 'edit-pr-comment', 'pulumi-version', 'color']

...

  Resources:
      - 35 deleted
  
  Duration: 4m7s
  
  
  The resources in the stack have been deleted, but the history and configuration associated with the stack are still maintained. 
  If you want to remove the stack completely, run `pulumi stack rm company/infra`.

I'm using

@v3

on the action and I can see the

remove

option in the docs:

- uses: pulumi/actions@v3
  with:
    command: destroy
    stack-name: company/${{ inputs.environment_name }}
    work-dir: ${{ env.working_directory }}
    upsert: false
    remove: true

clever-painter-96148

01/05/2023, 10:37 AM

tf2pulumi

still supported? Apparently I cannot use it because https://github.com/pulumi/pulumi-local doesn't exist.

$ ~/dev/oss/tf2pulumi/tf2pulumi
error: no resource plugin 'pulumi-resource-local' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource local`
$ pulumi plugin install resource local
error: 404 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-local/releases/latest>. If this is a private GitHub repository, try providing a token via the GITHUB_TOKEN environment variable. See: <https://github.com/settings/tokens>

sparse-nail-47035

01/05/2023, 2:08 PM

Any ideas on how I could test my resources even before I could execute pulumi up? I mean is there some possibilities to do some unit testing?

sparse-nail-47035

01/05/2023, 2:10 PM

Is unit testing not available for Java?

white-architect-1595

01/05/2023, 4:26 PM

Hi all - I created a key vault with Pulumi in Azure and in order to get the tenant ID I have the following code

var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
    var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    {
        var data = x.TenantId;
        return Output.Create(data);
    });

Then in my keyvault definition I say TenantId = tenantID When I run pulumi up I get the following error

error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
    Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
       at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
       at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
       at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
       at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
       at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)

sparse-nail-47035

01/05/2023, 8:53 PM

Can someone suggest me some simple to follow guide on how I can configure a AKS cluster? There are different terminologies like RBAC, Resource Quota', Node Pools etc., Is there some documentation available that shows me these configurations in a easy to understand manner?

icy-doctor-13719

01/06/2023, 4:43 AM

pulumi up

throwing an error … started about 20m ago … any ideas?

error: an unhandled error occurred: Program exited with non-zero exit code: 137

thankful-judge-75045

01/06/2023, 8:01 AM

Hey! I would like my pulumi code to live in a separate repo to my application Just thinking how I can update my stack from my application (e.g build a new image and assign to ECS). Anyone solved this in a neat way?

future-refrigerator-88869

01/06/2023, 9:34 AM

Hi all - is it possible to get the README text that is filled with the appropriate outputs instead of the template? I am interested if I can get this programmatically somehow. The use case is that I would like to display that readme with the appropriate service urls directly in the github action page in summary.

dry-keyboard-94795

01/06/2023, 9:45 AM

does it work if you pass it in using the providers list instead?

{ providers: [clusterProvider] }

Certmanager looks to be a Provider that wraps the kubernetes provider, which would explain why you can't pass in the kubernetes provider directly

rhythmic-sunset-53997

01/06/2023, 10:45 AM

Hi, a quick question about project configuration. How can I define a global path for the Python

virtualenv

option? My aim is for the project config to be • usable by anyone (so there cannot be an absolute path like

/Users/myname/foo

), and • the same

virtualenv

to be used by multiple Pulumi projects (I do not want to install the full 1.5-GB venv for every single project) The following would work, but sadly

does not get expanded to the home directory, so the virtualenv is created under

/Users/myname/path/project/~/.pulumi/venv

runtime:
  name: python
  options:
    virtualenv: ~/.pulumi/venv

Another option would be to define this via an environment variable, but I have not found any documentation on how that would be possible.

sparse-nail-47035

01/06/2023, 11:33 AM

Where do I find the API docs for AKS? https://www.pulumi.com/registry/packages/azure-native/api-docs/

echoing-oil-42947

01/06/2023, 8:41 PM

👋 Hey everyone, question about Pulumi Service; if you're on an individual project, do you have any credit restrictions? Trying to decide if I want to do an S3 backed pulumi or use pulumi service for my homelab

plain-keyboard-29627

01/06/2023, 10:06 PM

Is there anything specific to be aware of when passing secrets to a Dynamic Resource Provider? I see the secrets are resolved when I use them in my

create

and

update

methods, but wanted to make sure they were safe (e.g. will be stored encrypted) to return as results. If I passed

config.requireSecret('mySecretKey')

as an argument to my provider, is it safe to set

outs

like this?

async update(id, olds, news) {
    await this.createOrUpdate(olds, news); // internal, implementation doesn't matter
    return { outs: news };
}

hallowed-australia-10473

01/07/2023, 7:55 AM

I am trying to import a DigitalOcean spaces bucket but am getting an error that mentions the possibility of a bug in the provider. I’ll put the error in a thread — if I should be reporting this to DigitalOcean instead of you folks, please let me know!

elegant-crayon-4967

01/07/2023, 3:51 PM

Referencing the tls-self-signed-cert.SelfSignedCertificate can anyone ELI5 the difference between the

localValidityPeriodHours

validityPeriodHours

abundant-oxygen-75465

01/08/2023, 1:05 PM

Hello everyone. I'm new to devops and pulumi. I'm trying to recreate the code in this github: https://github.com/aporia-ai/mlplatform-workshop/tree/main/infra And... I'm struggling. I've registered a domain in Route35 and the only bit that I changed about the above code is the postgres version from 11.10 to 11. I'll post the errors i'm seeing in the thread but I appreciate if someone can guide me through this.

Title

abundant-oxygen-75465

01/08/2023, 1:05 PM

Diagnostics:

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://middlewares.traefik.containo.us|middlewares.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://middlewares.traefik.containo.us|middlewares.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://ingressroutes.traefik.containo.us|ingressroutes.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://ingressroutes.traefik.containo.us|ingressroutes.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://tlsoptions.traefik.containo.us|tlsoptions.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://tlsoptions.traefik.containo.us|tlsoptions.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

kubernetes:<http://traefik.containo.us/v1alpha1:IngressRoute|traefik.containo.us/v1alpha1:IngressRoute> (traefik-dashboard):

warning: This resource contains Helm hooks that are not currently supported by Pulumi. The resource will be created, but any hooks will not be executed. Hooks support is tracked at <https://github.com/pulumi/pulumi-kubernetes/issues/555> -- This warning can be disabled by setting the PULUMI_K8S_SUPPRESS_HELM_HOOK_WARNINGS environment variable

error: creation of resource default/traefik-dashboard failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "IngressRoute" in version "<http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>"

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://ingressroutetcps.traefik.containo.us|ingressroutetcps.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://ingressroutetcps.traefik.containo.us|ingressroutetcps.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

kubernetes:<http://traefik.containo.us/v1alpha1:Middleware|traefik.containo.us/v1alpha1:Middleware> (mlflow-strip-prefix):

error: creation of resource mlflow/mlflow-strip-prefix-33bf2e4f failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "Middleware" in version "<http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>"

kubernetes:<http://traefik.containo.us/v1alpha1:Middleware|traefik.containo.us/v1alpha1:Middleware> (mlflow-trailing-slash):

error: creation of resource mlflow/mlflow-trailing-slash-0d17ce3f failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "Middleware" in version "<http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>"

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://ingressrouteudps.traefik.containo.us|ingressrouteudps.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://ingressrouteudps.traefik.containo.us|ingressrouteudps.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://traefikservices.traefik.containo.us|traefikservices.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://traefikservices.traefik.containo.us|traefikservices.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

pulumi:pulumi:Stack (ml-infra-dev):

error: update failed

error: Error: invocation of kubernetes:helm:template returned an error: error reading from server: read tcp 127.0.0.1:53702->127.0.0.1:53700: use of closed network connection

at Object.callback (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@pulumi/runtime/invoke.ts:172:33)

at Object.onReceiveStatus (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/client.ts:338:26)

at Object.onReceiveStatus (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)

at Object.onReceiveStatus (/Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)

at /Users/Programming/projects/ml-pipeline/ml-infra/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24

at processTicksAndRejections (node:internal/process/task_queues:77:11)

I0108 12:50:16.966189    2838 request.go:682] Waited for 1.032607959s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/apps/v1?timeout=32s>

I0108 12:50:27.164277    2838 request.go:682] Waited for 4.434218083s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/batch/v1beta1?timeout=32s>

I0108 12:50:37.364251    2838 request.go:682] Waited for 1.036100542s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/rbac.authorization.k8s.io/v1?timeout=32s>

I0108 12:50:47.564198    2838 request.go:682] Waited for 4.433233583s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/storage.k8s.io/v1?timeout=32s>

I0108 12:50:57.764186    2838 request.go:682] Waited for 1.032272375s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/node.k8s.io/v1beta1?timeout=32s>

I0108 12:51:07.964178    2838 request.go:682] Waited for 4.432762875s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/flowcontrol.apiserver.k8s.io/v1beta2?timeout=32s>

I0108 12:51:20.563948    2838 request.go:682] Waited for 1.09841225s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/batch/v1beta1?timeout=32s>

I0108 12:51:34.163858    2838 request.go:682] Waited for 1.102064041s due to client-side throttling, not priority and fairness, request: GET:<https://2DD036C575E8E66E280A78402AFB414F.gr7.us-west-2.eks.amazonaws.com/apis/rbac.authorization.k8s.io/v1?timeout=32s>

kubernetes:<http://apiextensions.k8s.io/v1beta1:CustomResourceDefinition|apiextensions.k8s.io/v1beta1:CustomResourceDefinition> (<http://tlsstores.traefik.containo.us|tlsstores.traefik.containo.us>):

warning: apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

error: resource <http://tlsstores.traefik.containo.us|tlsstores.traefik.containo.us> was not successfully created by the Kubernetes API server : apiVersion "<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>" was removed in Kubernetes 1.22. Use "<http://apiextensions.k8s.io/v1/CustomResourceDefinition|apiextensions.k8s.io/v1/CustomResourceDefinition>" instead.

dry-keyboard-94795

01/08/2023, 1:29 PM

Looks like your cluster is too new of a version for your traefik helm chart

abundant-oxygen-75465

01/08/2023, 1:41 PM

So I'm guessing one solution is to deploy an older version of eks?

dry-keyboard-94795

01/08/2023, 1:45 PM

Maybe, you'll need to look into how long 1.21 will be available for

abundant-oxygen-75465

01/08/2023, 2:12 PM

It's not for production and only for learning purposes so if it's not supported down the line it's ok. Is this how i'd specify an older version:

const cluster = new eks.Cluster('mlplatform-eks', {

createOidcProvider: true,

version: 1.21,

});

View count: 1