is there any plans to support

helm hooks

? if helm chart has it, there is no way to install it

I'm trying to set up an EKS cluster and, in order to have it working with Fargate, I need to update the definition of kube-dns, which comes by default with EKS. The easy way is to get the dns.yml file from AWS and then just to a

kubectl apply

. I'm trying to use

yaml.ConfigGroup

to apply those resources, but Pulumi seems to be unable to update existing resources:

(...)
  kubernetes:core:ServiceAccount (kube-system/coredns):
    error: resource kube-system/coredns was not successfully created by the Kubernetes API server : serviceaccounts "coredns" already exists
(...)

Any ideas on how to bypass this? Importing those resources would be a tremendous amount of work (6 documents in that YAML file), also seems to be impossible (https://github.com/pulumi/pulumi-kubernetes/issues/1238) and it means doing manual changes and having multiple runs of Pulumi, which is a big no-no for automation.

The operator is a bit mind-bending, haha. It’s like using a declarative description of a stack, which itself is driven by a declarative description of the infrastructure (i.e., the Pulumi program). It gets even weirder when you think about declaring the CRD resources using Pulumi. It’s just turtles all the way down.

URN seems to be too tightly coupled to helm generated resource names. ie. If I'm trying to install the same chart on two clusters - two distinct kubernetes providers - I get URN duplicates unless I start specifying `resourcePrefix`'s for the charts. However If I go that route I end up with names that are are often too long and break the 53 char rule to be passed to the helm

--name-template

arg which Pulumi is using under the hood AND unecessarily convoluted names for resources within the cluster.

Anyone got any recommendations for using Pulumi with multiple kubernetes clusters and staying sane with resource naming?

Ok... found https://github.com/pulumi/pulumi-kubernetes/issues/1225 reminder to folks like me who forget to look in github issues first.... look in github issues first!

@abundant-airplane-93796 Are you using one stack to create two clusters?

yes

In our env, we have decided to have a single cluster per stack approach. We do have multiple clusters per Azure subscription, but we still do a 1 cluster per stack approach.

right now I have two clusters per stack as I need windows nodes in one cluster, but want to use some incompatible gke features in another. however, even if it weren't for that split, at some point I'll probably want to take this multi-regional and have clusters across several regions in a stack, that are identical to each other. doing a stack per cluster seems like overkill - though I will admit I can see some benefits

either way though, I feel like the URN's for helm resources should be tied to the cluster so that pulumi can support multi-cluster in a stack without these kinds of issues if folks wanna use it

We treat a stack as mostly a configuration boundary, such that everything in the stack gets configured the same. We wanted to be able to update/reconfigure clusters independently, so that contributed to our stack per cluster approach.

With our CI/CD pipelines, it is fairly trivial to update multiple stacks concurrently if we want.

I currently have 2 stacks per environment one sets up core stuff like the gke network/nat etc, and also the creation of the clusters and then the other configures what runs on those clusters. I can potentially see breaking the second stack into per-cluster stacks. going to give it more thought

For our environments, we have: • Network application that has 2 stacks, lowers (dev/test envs) and production. That ensures vnets/subnets are built to look exactly the same, but use different IP ranges per environment. This application would run VERY infrequently. Only when we wanted to add subnets probably. This application is the considered "the base" that everything else will build on • Kubernetes application - this has 6 stacks. lowers-shared, cluster per lowers environment (dev/test/preprod), production-shared, and production. The application ensures that all clusters are structured the same, but vary based on stack configuration values. This application also installs default kubernetes resources that all clusters should have. (nginx + ingress controllers, fluentd, etc) • LoB Applications application(s) - each LoB app that we create (microservices) are responsible for their own deployment (via a pulumi app) into the core infrastructure. All of the exported consts from the kubernetes stacks are available via stack references, so an application has a stack per target environment that shares the same name as the kubernetes cluster that it is destined to run in. Yes, this is a lot of stacks, but it allows us to evolve the pulumi applications, and test them in a specific environment, and also to test various configuration changes in specific environments, and then we migrate those changes up through all environments, testing as we go.

Why would one use the pulumi-kubernetes-operator instead of running

pulumi up

as part of a CI pipeline?

Hi I am running aws eks using pulumi and deployed an helm chart to the cluster. This setup is running in production for the past few months. Today i ran

pulumi refresh

and update the stack but now every time i try to run

pulumi up

i see that according to preview pulumi is about to delete all helm chart resources. How can i understand the reason for this ? i definitely don't wont to delete those resources from the cluster

How can I retrieve the value of an annotation on a kubernetes resource? ie. I have a service with the following annotations:

metadata:
  annotations:
    <http://beta.cloud.google.com/backend-config|beta.cloud.google.com/backend-config>: '{"default": "istio-ingressgateway"}'
    <http://cloud.google.com/app-protocols|cloud.google.com/app-protocols>: '{"https":"HTTP2"}'
    <http://cloud.google.com/neg|cloud.google.com/neg>: '{"ingress": true}'
    <http://cloud.google.com/neg-status|cloud.google.com/neg-status>: '{"network_endpoint_groups":{"443":"k8s1-5487ae62-istio-system-istio-ingressgateway-443-811432aa"},"zones":["us-east1-d"]}'

I'd like to extract the value of the

<http://cloud.google.com/neg-status|cloud.google.com/neg-status>

annotation in such a way that I can use it to retrieve a gcp network endpoint group like:

const neg = gcp.compute.getNetworkEndpointGroup({
  name: "k8s1-5487ae62-istio-system-istio-ingressgateway-443-811432aa",
  zone: "us-east1-d"
})

I'm usually ok working with outputs, but pulling something that's in json in a property of a property has got me beat right now

Is it possible me to manage, deploy stuff to existing Kubernetes (AKS) cluster ?

Not created with Pulumi

hello. a have a CRD installed in my cluster outside of pulumi. (with Helm). Now I want to start managing that resource using the "k8s.yaml.ConfigFile" in pulumi, but when I run pulumi up, K8s complains that the resource already exists. Cam i use the import feature with k8s resources? Or any other workaround for this?

is it desirable to include the kind and version in a resource? e.g.

const eventRouterServiceAccount = new k8s.core.v1.ServiceAccount(
    "eventRouterServiceAccount",
    {
      apiVersion: "v1", // << Remove?
      kind: "ServiceAccount", // << Remove?
      metadata: {
        name: "eventRouter",
        namespace: "kube-system",
      },
    }
  );

a) we already know we're creating a

ServiceAccount

, b) we're specifying the version twice

core.v1.

This is from kube2pulumi

Hey all, I have problems using

pulumi_kubernetes

on my mac when trying to `import pulumi_kubernetes`:

ModuleNotFoundError: No module named 'pulumi_kubernetes'

I installed pulumi with

brew install pulumi

and additionally use a conda environment. further information: • pulumi v2.9.0 • see

conda list

output in image attached PS:

pulumi up

with another script where I use only

pulumi

and

pulumi_aws

works fine!

👋 hello! New pulumi user here. Quick question on

ConfigFile

. I’m trying to deploy some existing k8s yaml objects with Pulumi/Python. I’m creating a

k8s.yaml.ConfigFile

from my file as shown in this tutorial. However, the tutorial then suggests querying the resources inside the ConfigFile by calling `get_resource(type, name)`[0]. but that function doesn’t exist. Is there a way to “query” the resources inside the ConfigFile in Python? [0] Code snippet:

guestbook = k8s.yaml.ConfigFile('guestbook', 'guestbook-all-in-one.yaml')
# Export the private cluster IP address of the frontend.
frontend = guestbook.get_resource('v1/Service', 'frontend')  # <- fails

I think this question, https://pulumi-community.slack.com/archives/CRVK66N5U/p1598526246018200, might belong here. I seems to have some problems with running

pulumi up

when I have some

ConfigFile

resources. I guess it is because I haven't "authenticated" against the cluster locally. How do I use

ConfigFile

without logging in? Do I create

ComponentResourceOptions

where I set the

Provider

? How do I get the provider from a cluster?

👋 Hi! How can I get the Loadbalancer address after creating an Ingress? From the reference, I thought I could do:

pulumi.export('ingress-address', ingress.status.load_balancer.ingress[0].hostname)

However, that fails (turns out that

ingress.status

is

{}

). However, the load balancer’s address shows just fine when running kubectl:

$ kubect get ingress -n test
NAME           HOSTS   ADDRESS                                                                 PORTS   AGE
ingress-main   *       <http://bdcc2d51-test-ingressmain-8b89-1677642024.us-east-2.elb.amazonaws.com|bdcc2d51-test-ingressmain-8b89-1677642024.us-east-2.elb.amazonaws.com>   80      10m

Has anyone figured out how to deploy a helm chart with CRDs to multiple clusters in the same pulumi stack? (https://github.com/pulumi/pulumi-kubernetes/issues/1225#issuecomment-684237439)

Hello guys. I have a GCP cluster in a "Rapid Release Channel" with the latest version

Master version	
1.17.9-gke.1503

The nature of the "Rapid Channel" is that it auto-upgrades the master version, and then a simple change in pulumi config works fine. Problems arise when you try to upgrade the node versions

panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:smth-integration-1::smth-integration-1::gcp:container/cluster:Cluster::mixed-cluster-1
    goroutine 144 [running]:
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)>
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/go/common/util/contract/failfast.go:23
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assertf(0xc000724300|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assertf(0xc000724300>, 0x3b887dd, 0x48, 0xc0012357a8, 0x1, 0x1)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/go/common/util/contract/assert.go:33 +0x197
    <http://github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Update(0xc0001ea000|github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Update(0xc0001ea000>, 0x41492a0, 0xc001001dd0, 0xc000fd0d20, 0xc0001ea000, 0x3620a01, 0xc00101d500)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v2@v2.7.3/pkg/tfbridge/provider.go:971 +0x81d
    <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler.func1(0x41492a0|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler.func1(0x41492a0>, 0xc001001dd0, 0x39f4e40, 0xc000fd0d20, 0x39f3540, 0x580a850, 0x41492a0, 0xc001001dd0)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/proto/go/provider.pb.go:1920 +0x89
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x41492a0|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x41492a0>, 0xc001000210, 0x39f4e40, 0xc000fd0d20, 0xc000ffe640, 0xc000ffe660, 0x0, 0x0, 0x410c160, 0xc000210aa0)
        /home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x2eb
    <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler(0x3a67500|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler(0x3a67500>, 0xc0001ea000, 0x41492a0, 0xc001000210, 0xc000f5f7a0, 0xc000b594a0, 0x41492a0, 0xc001000210, 0xc0006e7800, 0x3613)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/proto/go/provider.pb.go:1922 +0x14b
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000e3dc0|google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000e3dc0>, 0x4184520, 0xc000702c00, 0xc0013fcd00, 0xc000af1050, 0x57ca978, 0x0, 0x0, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:1171 +0x50a
    <http://google.golang.org/grpc.(*Server).handleStream(0xc0000e3dc0|google.golang.org/grpc.(*Server).handleStream(0xc0000e3dc0>, 0x4184520, 0xc000702c00, 0xc0013fcd00, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:1494 +0xccd
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000adbba0|google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000adbba0>, 0xc0000e3dc0, 0x4184520, 0xc000702c00, 0xc0013fcd00)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:834 +0xa1
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:832 +0x204

I use:

pulumi version ==> v2.9.2

Python Modules:
pulumi==2.9.2
pulumi-gcp==3.21.1
pulumi-kubernetes==2.5.0
pulumi-postgresql==2.3.0
pulumi-random==2.3.1

Hello, I'm trying to run a few unit tests on a k8s cluster. For instance, I'd like to check that a deployment name is well formed. The problem I have (golang) is that the method

Deployment.Metadata.Name()

returns a

pulumi.StringPtrOutput

and I don't have a clue about how to get a string back... I guess it's pretty obvious but I can't see how to fix that...

Hello! I have an interesting problem: I want to set labels to the existing default NS - what is the best way to do it? How can I import and update existing resource?