pulumi-community #general

cold-coat-35200

10/29/2018, 9:33 AM

I think I bumped into this issue: https://github.com/pulumi/pulumi/issues/1990 I'm using a slightly modified version of the eks lib with the kubernetes dashboard deploy enabled, which creates the dashboard based on yaml files: https://github.com/pulumi/eks/blob/master/nodejs/eks/cluster.ts#L427 As you can see it tries to create the service for the dashboard first, but fails, because unable to find any pods based on the selector, because the deployment didn't started. Read through the issue, but can't see a workaround for this, besides separating the yaml files and use "k8s.yaml.ConfigFile" instead of "k8s.yaml.ConfigGroup" with correct "dependsOn". Last week it worked out of the box, I assume the ordering was correct, today I destroyed the whole stack and found this issue

-.txt

orange-tailor-85423

10/29/2018, 6:53 PM

oh man - new K8s cluster if you update the allowed CIDR blocks to the master? That's brutal

orange-tailor-85423

10/29/2018, 6:54 PM

is this expected?

orange-tailor-85423

10/29/2018, 8:24 PM

NPM issue

orange-tailor-85423

10/29/2018, 8:25 PM

sorry for the ignorance..... coworker pulled down code repo .... identical to mine. However, his "npm install" set up newer versions of modules. Didn't seem to respect the package-lock.json file in the repo. Is there good guidance around the workflow for checking code in/out and package versions with Pulumi?

orange-tailor-85423

10/29/2018, 8:26 PM

He was attempting "pulumi update" and kept getting different output than I did. Turned out the pulumi, gcp and 1 other package were a newer version on his machine

orange-tailor-85423

10/29/2018, 8:29 PM

Bug with package-lock.json?

orange-tailor-85423

10/29/2018, 8:29 PM

and nmp?

orange-tailor-85423

10/29/2018, 8:29 PM

npm

early-musician-41645

10/29/2018, 8:34 PM

Where can I find the list of supported AWS instance types?

Copy code

Types of property 'instanceType' are incompatible.
        Type '"m5.xlarge"' is not assignable to type '"c3.2xlarge" | "c3.4xlarge" | "c3.8xlarge" | "c3.large" | "c3.xlarge" | "c4.2xlarge" | "c4.4xlarge" | "c4.8xlarge" | "c4.large" | "c4.xlarge" | "d2.2xlarge" | "d2.4xlarge" | ... 47 more ... | undefined'.

early-musician-41645

10/29/2018, 8:37 PM

Is there a plan to add the

m5

instance types to

@pulumi/aws/ec2/instanceType.d.ts

early-musician-41645

10/29/2018, 9:01 PM

Before I open an issue on this... Trying out the eks.Cluster and there's a missing dependency on aws-iam-authenticator:

Copy code

$ pulumi up
Previewing update (poc):

     Type                                                              Name                                                           Plan
     pulumi:pulumi:Stack                                               eks-cluster-poc
     ├─ eks:index:Cluster                                              online-sandbox-pulumi-poc-eks-cluster
 +   │  ├─ kubernetes:<http://storage.k8s.io:StorageClass|storage.k8s.io:StorageClass>                      online-sandbox-pulumi-poc-eks-cluster-gp2                      create
 +   │  ├─ aws:ec2:SecurityGroupRule                                   online-sandbox-pulumi-poc-eks-cluster-eksClusterIngressRule    create
 ...

     Type                                          Name                                                         Status                  Info
     pulumi:pulumi:Stack                           eks-cluster-poc
     ├─ eks:index:Cluster                          online-sandbox-pulumi-poc-eks-cluster
 +   │  ├─ kubernetes:<http://storage.k8s.io:StorageClass|storage.k8s.io:StorageClass>  online-sandbox-pulumi-poc-eks-cluster-gp2                    **creating failed**     1 error
 +   │  └─ aws:ec2:SecurityGroupRule               online-sandbox-pulumi-poc-eks-cluster-eksClusterIngressRule  created
 +   └─ aws:ec2:SecurityGroupRule                  ssh-ingress                                                  created

Diagnostics:
  kubernetes:<http://storage.k8s.io:StorageClass|storage.k8s.io:StorageClass> (online-sandbox-pulumi-poc-eks-cluster-gp2):
    error: Plan apply failed: unable to fetch resource description for <http://storage.k8s.io/v1|storage.k8s.io/v1>: Get <https://C8A29503A514BB2E580F0CFA2959B7EF.sk1.us-west-2.eks.amazonaws.com/apis/storage.k8s.io/v1>: getting token: exec: exec: "aws-iam-authenticator": executable file not found in $PATH

Resources:
    2 changes
    + 2 created
    19 unchanged

Duration: 3.48585638s

Permalink: <https://app.pulumi.com/eshamay/poc/updates/7>
error: update failed

Did I miss that in the docs?

early-musician-41645

10/29/2018, 10:18 PM

I worked around the missing

aws-iam-authenticator

issue and just installed it locally. However, now I'm hitting an error during

eks.Cluster

creation timing out while creating the kubernetes-dashboard.

Copy code

Do you want to perform this update? yes
Updating (poc):

     Type                                                              Name                                              Status                  Info
     pulumi:pulumi:Stack                                               eks-cluster-poc
     └─ eks:index:Cluster                                              online-sandbox-pulumi-poc-eks-cluster
 +      ├─ kubernetes:<http://storage.k8s.io:StorageClass|storage.k8s.io:StorageClass>                      online-sandbox-pulumi-poc-eks-cluster-gp2         created
 +      ├─ kubernetes:core:ConfigMap                                   online-sandbox-pulumi-poc-eks-cluster-nodeAccess  created
 +      ├─ aws:cloudformation:Stack                                    online-sandbox-pulumi-poc-eks-cluster-nodes       created
 +      ├─ pulumi:providers:kubernetes                                 online-sandbox-pulumi-poc-eks-cluster-provider    created
 +      ├─ kubernetes:core:ServiceAccount                              online-sandbox-pulumi-poc-eks-cluster-eks-admin   created
 +      ├─ kubernetes:<http://rbac.authorization.k8s.io:ClusterRoleBinding|rbac.authorization.k8s.io:ClusterRoleBinding>     online-sandbox-pulumi-poc-eks-cluster-eks-admin   created
        └─ kubernetes:yaml:ConfigGroup                                 online-sandbox-pulumi-poc-eks-cluster-dashboard
 +         ├─ kubernetes:core:ServiceAccount                           kube-system/heapster                              created
 +         ├─ kubernetes:core:Secret                                   kube-system/kubernetes-dashboard-certs            created
 +         ├─ kubernetes:core:ServiceAccount                           kube-system/kubernetes-dashboard                  created
 +         ├─ kubernetes:<http://rbac.authorization.k8s.io:ClusterRoleBinding|rbac.authorization.k8s.io:ClusterRoleBinding>  heapster                                          created
 +         ├─ kubernetes:<http://rbac.authorization.k8s.io:RoleBinding|rbac.authorization.k8s.io:RoleBinding>         kube-system/kubernetes-dashboard-minimal          created
 +         └─ kubernetes:core:Service                                  kube-system/kubernetes-dashboard                  **creating failed**     1 error

Diagnostics:
  kubernetes:core:Service (kube-system/kubernetes-dashboard):
    error: Plan apply failed: Timeout occurred for 'kubernetes-dashboard'

Resources:
    11 changes
    + 11 created
    22 unchanged

Duration: 11m16.35025328s

Permalink: <https://app.pulumi.com/eshamay/poc/updates/9>
error: update failed

I retried

pulumi up

but got this error:

Copy code

Updating (poc):

     Type                               Name                                             Status                  Info
     pulumi:pulumi:Stack                eks-cluster-poc
     └─ eks:index:Cluster               online-sandbox-pulumi-poc-eks-cluster
        └─ kubernetes:yaml:ConfigGroup  online-sandbox-pulumi-poc-eks-cluster-dashboard
 +         └─ kubernetes:core:Service   kube-system/kubernetes-dashboard                 **creating failed**     1 error

Diagnostics:
  kubernetes:core:Service (kube-system/kubernetes-dashboard):
    error: Plan apply failed: services "kubernetes-dashboard" already exists

This seems to be blocking further updates to the stack

early-musician-41645

10/29/2018, 10:18 PM

Should I open an issue?

early-musician-41645

10/29/2018, 10:19 PM

It almost seems like it timed out, and then the deployment of the dashboard service (helm service?) isn't using a

helm upgrade -i

but instead doing a

helm install

and failing because it already exists... ??

early-musician-41645

10/29/2018, 10:26 PM

Following the install of a kubernetes cluster I'd like to automate deployment of a few helm charts. The charts are hosted in a private helm repo hosted in S3 that I normally access with

helm repo add my-repo <s3://my-helm-repo/charts>

. Given the example service deployment (copied below) how do I specify custom repo endpoints using the S3 plugin?

Copy code

// Sample copied from <https://github.com/pulumi/examples/blob/master/kubernetes-ts-helm-wordpress/index.ts>

// Deploy the latest version of the stable/wordpress chart.
const wordpress = new k8s.helm.v2.Chart("wpdev", {
    repo: "stable",
    version: "2.1.3",
    chart: "wordpress"
});

orange-tailor-85423

10/29/2018, 10:32 PM

Is Pulumi running tsc under the hood at all? Say during Pulumi preview? Trying to understand what should go into CI and CD scripts

orange-tailor-85423

10/29/2018, 10:33 PM

i.e. just run TS things like tslint and tsc at build time then Pulumi later? Or does Pulumi wrap those other things?

early-musician-41645

10/29/2018, 11:03 PM

I'm trying to create an EKS cluster and then deploy helm charts to it. The code for the cluster is in the same projects/file as for deploying the chart. However, when I do a

pulumi up

it says:

Copy code

Diagnostics:
  kubernetes:core:ConfigMap (kube-system/online-splunk-config):
    error: Unable to read kubectl config: invalid configuration: no configuration has been provided

Obviously the kubeconfig doesn't yet exist because the cluster isn't created. Once the cluster is created I need to write out the kubeconfig, copy it somewhere, then configure the local helm to use it. Is there an example of this workflow?

glamorous-printer-66548

10/29/2018, 11:08 PM

@lemon-spoon-91807 I noticed that you recently made a change how docker images are tagged in pulumi docker (https://github.com/pulumi/pulumi-docker/pull/31 ). Basically it seems they’re now always tagged with the image-id which in my understanding changes whenever any layer changes. The problem I’m facing now that his kind of makes using

cacheFrom

almost impossible. In order to effectively use

cacheFrom

I need some stable tag (i.e.

latest

) or some other identifier that can be derived from logic in the code before the build runs. Prior to your change I was adding

latest

as tag to all images which in conjunction with

cacheFrom: true

enabled quite good caching. Any thoughts how I can achieve good caching now?

quaint-queen-37896

10/30/2018, 12:54 AM

On 11/02 we'll start billing your card on file, ending in XXXX, $0.00 per year.

quaint-queen-37896

10/30/2018, 12:55 AM

aha

glamorous-printer-66548

10/30/2018, 1:27 AM

@creamy-potato-29402 did you recently change something about the deployment order / concurrency in pulumi-kubernetes? I’m somehow suddenly seeing really slow creation of a particular stack which contains about 10 ComponentResources with each 1 service, 1 deployment and one dockerfile. Somehow pulumi creates the

Deployments

and

Services

one-by-one instead of concurrently. I’m not sure if this previously also the case, but I guess not. Versions: pulumi CLI 0.16.1 ,

@pulumi/pulumi: 0.16.2

@pulumi/kubernetes: 0.17.3

acoustic-candle-40090

10/30/2018, 5:14 AM

Is it possible to do local testing with Pulumi?

👍 1

quick-action-34599

10/30/2018, 12:46 PM

What’s the proper way to do a stack output from inside an async function?

quick-action-34599

10/30/2018, 1:36 PM

another question: is this the right way to get the name from a subnet and use it on an rds instance?

dbSubnetGroupName: subnet.tags.apply((t: any) => t.Name),

quick-action-34599

10/30/2018, 1:46 PM

^ oh I think I was using the wrong type of subnet

quick-action-34599

10/30/2018, 1:50 PM

Error authorizing security group ingress: InvalidParameterValue: VPC DB Security Groups cannot be modified with this API version.  Please use an API version between 2012-01-15 and 2012-10-31 to modify this group.

😞

quick-action-34599

10/30/2018, 2:38 PM

What are we supposed to do when pulumi somehow gets out of sync? I’ve got a security group that has no rules, but pulumi seems to think that they exist

quick-action-34599

10/30/2018, 2:38 PM

pulumi up does nothing, pulumi refresh does nothing, pulumi stack export shows the rules which don’t actually exist