any easy way to run

pulumi up

programatically?

We had a thread about how a helm-chart I'm installing fails because it's trying to install something that already exists, e.g. ServiceAccount named

aws-node

. I thought that it was managed outside the pulumi stack and raising the error, but that's not the case. I've now confirmed that it's failing even if the entire stack is managed by Pulumi. I first destroyed all the resources, then I

pulumi up

which creates an EKS cluster and a helm chart. The helm chart has a ServiceAccount and it fails with this:

Diagnostics:
  kubernetes:core:ServiceAccount (kube-system/aws-node):
    error: Plan apply failed: serviceaccounts "aws-node" already exists

The expected behavior is that the existing ServiceAccount would not raise an error and instead would get treated as a no-op.

Is there a workaround for this?

Tracked here: https://github.com/pulumi/pulumi-kubernetes/issues/261

I'm trying to build and push a docker image to a local docker repository. I've started off with the example here: https://blog.pulumi.com/program-kubernetes-with-11-cloud-native-pulumi-pearls#8__Build_and_Deploy_Container_Images_A_longside_Configuration_Updates_322 I've changed the server to

127.0.0.1:5000

. It seems to login correctly with the credentials, but when it tries to push the built image, it seems like it's not passing on the servername to the docker push commands.

const myAppDocker = new docker.Image("myapp", {
    build: {
      context: '../',
      dockerfile: '../docker/myapp/Dockerfile'
    },
    imageName: "myapp",
    registry: {
      server: "127.0.0.1:5000",
      username: config.require("dockerUsername"),
      password: config.require("dockerPassword")
    },
});

error: Error: 'docker push myapp:f61cb689da...' failed with exit code 1
    The push refers to repository [<http://docker.io/library/myapp|docker.io/library/myapp>]

How can I do the equivalent of

kubectl apply -f $path_to_file

with Pulumi?

hello

(from france)

I'm looking how to use assumerole from aws ??

not clear to me

I'm using typescript

Hi @agreeable-truck-14797! I can probably help with that

thank @stocky-spoon-28903

You need to configure the provider to assume a role - are you familiar with how Terraform does this?

not really

I know how to do in powershell 😛

Ah ok! One second, let me put together an example for you

does it go in pulumi-dev.yaml

?

It could go in as a configuration point, but you need to configure the provider for it

Which is slightly unusual

I’ll put together a demo now (we need that anyway), but it will be a few minutes as I need to create various roles etc for it

cool

something else

we use a MFA

I'd like to update the

kube-system/aws-auth

ConfigMap in my EKS kubernetes cluster via Pulumi. What's the route to doing that? I'm looking to add a couple roles into the

data.mapRoles

I do something like this

$Creds = (Use-STSRole   -RoleArn $RoleArn -RoleSessionName "SandBoxSession" -SerialNumber $SerialNumber -TokenCode 123456).Credentials

I see. So one option is to give those temporary credentials to Pulumi as

AWS_ACCESS_KEY_ID

,

AWS_SECRET_ACCESS_KEY

and

AWS_SESSION_TOKEN

in the environment. The provider does have native support for assuming a role though

That’s the example I’ll put together