pulumi-community #kubernetes

few-painting-77267

09/07/2020, 8:06 AM

Hello! Someone managed to create ingress basic auth secret with Pulumi TypeScript? I am keeping getting invalid password

few-painting-77267

09/07/2020, 8:07 AM

This is what I tried:

Copy code

new Secret("<>>", {
    metadata: {
        name: "<>",
        namespace: "default"
    },
    stringData: {
        auth: password.result.apply(p => {
            let hash = crypto.createHash('md5');
            hash.update(p);
            return hash.digest('base64')
        }).apply(p => `<>:${p}`)
    }
})

few-painting-77267

09/07/2020, 8:07 AM

I tried md5, sha512 and bcrypt - all failed

eager-analyst-8893

09/07/2020, 2:21 PM

Hi guys! What is the best way to install istio with pulumi? I'm generate manifest and then put it to gitrepo and run using k8s.yaml.ConfigFile like this

Copy code

const istio = new k8s.yaml.ConfigFile("istio-1.7.yaml", {
    file: "istio/istio-1.7.yaml",
}, {dependsOn: istioSystemNamespace, providers: {kubernetes: k8sProvider}, customTimeouts: {create: "10m"}});

But may be there is more beautiful way to install ?

nutritious-flower-51098

09/08/2020, 1:48 PM

I’m having some issues trying installing argocd helm chart, and there’s not much information to debug. Definition I have is:

Copy code

const argocd = new kubernetes.helm.v3.Chart("argo", {
    repo: "argo",
    chart: "argo-cd",
    fetchOpts: {
        repo: "<https://argoproj.github.io/argo-helm>",
    },

    namespace: argoNamespace.metadata.name,
}, {
    provider: kubernetesProvider,
    dependsOn: [argoNamespace]
})

limited-rainbow-51650

09/08/2020, 6:36 PM

How can I implement a Pulumi ResourceTransformation callback function in a type-safe manner to modify the container spec for a

StatefulSet

? This is what I have so far:

Copy code

attachPostgreSQLConfiguration(args: pulumi.ResourceTransformationArgs): pulumi.ResourceTransformationResult | undefined {
        let props: pulumi.Input<kubernetes.types.input.apps.v1.StatefulSet> = args.props;
        let env : kubernetes.types.input.core.v1.EnvVar[] = props.spec.template.spec.containers[0].env;
        env = env.concat([
            {
                name: 'ORTHANC__POSTGRESQL__ENABLE_SSL',
                value: 'true'
            }
        ]);
        <http://pulumi.log.info|pulumi.log.info>(`In psql plugin transformation: ${util.inspect(env)}`)
        props.spec.template.spec.containers[0].env = env
        return { props: props, opts: args.opts }
    }

But I get a TypeScript error on

props.spec

saying

Object is possibly 'undefined'

limited-rainbow-51650

09/08/2020, 6:37 PM

followed by

error TS2339: Property 'template' does not exist on type 'Input<StatefulSetSpec>'

dazzling-sundown-39670

09/09/2020, 8:47 AM

I'm looking for a way to run a single job when I do

pulumi up

. I read somewhere that I should do a CronJob without a schedule but the typescript didn't like that. Any other suggestions?

clever-byte-21551

09/09/2020, 5:28 PM

I’m trying to install a helm v3 chart with a custom kubeconfig:

Copy code

p, err := providers.NewProvider(ctx, "kubernetes", &providers.ProviderArgs{
    Kubeconfig: pulumi.StringPtr(k.kubeConfig),
})
if err != nil {
    return errors.Wrap(err, "failed to create k8s provider")
}

_, err = helmv3.NewChart(ctx, "my-chart", helmv3.ChartArgs{
    Path:      pulumi.String(filepath.Join(chartsPath, "my-chart")),
    Namespace: pulumi.String("some-ns"),
}, pulumi.Provider(p))

if err != nil {
    return errors.Wrap(err, "failed to deploy chart")
}

I’m receiving this error:

Copy code

failed to deploy k8s stack: failed to update stack: code: 0
, stdout: Updating (yarin/test-aws/k8s_us-west-2):
  pulumi:pulumi:Stack: (same)
      [urn=urn:pulumi:yarin/test-aws/k8s_us-west-2::test-aws::pulumi:pulumi:Stack::test-aws-yarin/test-aws/k8s_us-west-2]
          + pulumi:providers:kubernetes: (create)
                  [urn=urn:pulumi:yarin/test-aws/k8s_us-west-2::test-aws::pulumi:providers:kubernetes::kubernetes]
                          kubeconfig: \"CENSORED\"
                          + 1 created
                              1 unchanged
                              Duration: 5s
                              , stderr: engine: 127.0.0.1:57240resmon: 127.0.0.1:57252error: expected '::' in provider reference ''
                              : failed to run update: failed to run inline program and shutdown gracefully: rpc error: code = Unavailable desc = transport is closing"

So I’m not sure what:

Copy code

expected '::' in provider reference ''

supposed to mean

worried-needle-99800

09/09/2020, 8:20 PM

Hi everyone, we recently moved

crd2pulumi

, a CLI tool that generates typed CustomResources based on a k8s CRD, to a stand-alone repo at

pulumi/crd2pulumi.

You can download the latest release here, which now supports Python and C#. Please reach out to me if you run into any bugs!

👍 2

🍺 1

kind-mechanic-53546

09/09/2020, 11:42 PM

Does anyone have any advice on which prometheus deployment method to use? Per prometheus-operator, there are many options(Prometheus Operator vs. kube-prometheus vs. community helm chart) Which one to use?

worried-ambulance-50217

09/10/2020, 12:23 AM

Hi, Is there an option for a custom provider to refresh before preview/delete when getting the token through the data?

limited-rainbow-51650

09/11/2020, 2:38 PM

How can I find on what

pulumi

is hanging/waiting during a

preview

(or the preview part of

up

)? This started happening since I deployed

cert-manager

v0.16.1 on a k8s 1.15 cluster.

clever-byte-21551

09/14/2020, 7:36 AM

Is it planned to actually support helm releases? Currently when I have an interrupted helm deployment (process was killed) we are left with resources in the kubernetes that we have to manually deploy in order to run pulumi again. If the helm integration used proper helm releases it would be able to “upgrade” a failed release. There was some discussion about it in https://github.com/pulumi/pulumi-kubernetes/issues/1092 But I didn’t see any resolution about this matter. @gorgeous-egg-16927

✅ 1

hundreds-receptionist-31352

09/14/2020, 3:38 PM

Hi I'm trying to get the clusterIp of the guestbook example https://www.pulumi.com/docs/guides/adopting/from_kubernetes/ but I'm not getting any output of the line export const privateIp = frontend.spec.clusterIP; and if I try console.log(privateIp); I get OutputImpl { __pulumiOutput: true, resources: [Function], allResources: [Function], isKnown: Promise { <pending> }, isSecret: Promise { <pending> }, promise: [Function], toString: [Function], toJSON: [Function] } what could be the reason that I can't get the output of ip address?

faint-motherboard-95438

09/15/2020, 2:44 PM

Hi there, Is there a proper pulumi way to restart a specific service during an update ? (I typically have to restart the pgpool service after adding a user to the config)

abundant-airplane-93796

09/17/2020, 1:08 AM

What's the best way to grab a service created by an operator as a pulumi resource? ie. I'm Installing the Istio operator via Pulumi, and then applying the CR so it sets up Istio. I then want to grab the

istio-ingressgateway

service as a resource so that I can extract the value of some annotations to use in some later resources

creamy-forest-42826

09/17/2020, 11:54 AM

Hi, I would like ask you for advice. I am now dealing with the creation of several pods and as input to them I need to smuggle the IP addresses of all these pods. It is some possible way? I tried following code, but services waiting on "Finding Pods to direct traffic to" and I cannot resolve

pulumi.all(...).apply(...)

Copy code

for (let i = 0; i < args.containerConf.replicas; i++) {
            const service = new k8s.core.v1.Service(
                `zooservice-${i}`,
                {
                    metadata: {
                        name: `zooservice-${i}`,
                        labels: {
                            app: ZookeeperApp,
                        },
                    },
                    spec: {
                        ports: [
                            { port: 2181, name: "client" },
                            { port: 2888, name: "server" },
                            { port: 3888, name: "leader-election" },
                        ],
                    },
                },
                {
                    parent: this,
                }
            );
            this.zkServices.push(service);
        }

        const inputIPs = this.getZookeeperServicesIPs();
        pulumi.all(inputIPs).apply((servicesIPs) => {
            servicesIPs.forEach((ip) => {
                console.log(ip);
            });
            for (let i = 0; i < args.containerConf.replicas; i++) {
                const zookeeper = new Zookeeper(
                    `zookeeper-${i}`,
                    {
                        containerConf: args.containerConf,
                        imagePullSecrets: args.imagePullSecrets,
                        serviceIPs: servicesIPs,
                    },
                    {
                        parent: this,
                    }
                );
                this.zookeepers.push(zookeeper);
            }
        });

PS: I cannot use DNS names.

dazzling-sundown-39670

09/17/2020, 2:11 PM

Sometimes when I run

pulumi up

it takes down all my cluster nodes and starts them again because of a new template body. Can I avoid this? This time I didn't even change anything related to the cluster

chilly-garage-80867

09/18/2020, 7:27 PM

Howdy, I am trting to use python to deploy some istio crds and I get this issue

Copy code

Exception: invocation of kubernetes:yaml:decode returned an error: error converting YAML to JSON: yaml: line 128: mapping values are not allowed in this context

brash-waiter-73733

09/19/2020, 12:34 PM

Following https://github.com/pulumi/pulumi-kubernetes/issues/1025 I was able to get

render_yaml_to_directory

to output YAML files from my Python code. However, I noticed (as documented) that this means I can’t then deploy those resources to the cluster with Pulumi as well. Does anyone have a pattern for doing both? ie. 1. run

pulumi up

2. deploy to cluster 3. generate YAML I tried: • Passing

providers

and a list of providers, but that didn’t seemed to revert to defaults ❌ • Using a config as a toggle between two providers, but this led to state problems ❌ • Abstracting the resources, and then applying twice in the same script, but Pulumi complains about them having the same name ❌ Appreciate this has a nice

BETA FEATURE

warning. I’d be interested if anyone has a pattern for doing the above, or if this might be supported in thee future.

:param pulumi.Input[str] render_yaml_to_directory: BETA FEATURE - If present, render resource manifests to this directory. In this mode, resources will not

be created on a Kubernetes cluster, but the rendered manifests will be kept in sync with changes

to the Pulumi program. This feature is in developer preview, and is disabled by default.

Note that some computed Outputs such as status fields will not be populated

since the resources are not created on a Kubernetes cluster. These Output values will remain undefined,

and may result in an error if they are referenced by other resources. Also note that any secret values

used in these resources will be rendered in plaintext to the resulting YAML.

salmon-account-74572

09/21/2020, 7:49 PM

Apologies for the x-posting; anyone have any pointers for this? https://pulumi-community.slack.com/archives/CCWP5TJ5U/p1600717465002200

salmon-account-74572

09/21/2020, 8:28 PM

Is there a way to get Pulumi's

kustomize

support to also render YAML to a directory? (It appears as if Pulumi's

kustomize

support is acting more like

kubectl -k

as opposed to standalone

kustomize

bitter-application-91815

09/23/2020, 8:34 AM

hey guys

bitter-application-91815

09/23/2020, 8:34 AM

trying to figure out a nice way to deploy this via pulumi

bitter-application-91815

09/23/2020, 8:34 AM

Copy code

kubectl apply -f <https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml>
kubectl -n kube-system annotate deployment.apps/cluster-autoscaler <http://cluster-autoscaler.kubernetes.io/safe-to-evict=%22false%22|cluster-autoscaler.kubernetes.io/safe-to-evict="false">

bitter-application-91815

09/23/2020, 8:35 AM

I did it by hand by running those two commands manually but when stressed and the autoscaler kicks in, it fails to autoscale due to permissions so i was looking at your autoscale package it doesn't seem to be similar to just 'run this yaml file' , what do you suggest, should i try to figure out how to use yaml with the yaml package and set the permissions on the node groups, hopefully fixing

bitter-application-91815

09/23/2020, 8:35 AM

Copy code

0922 12:44:54.845750       1 aws_manager.go:265] Failed to regenerate ASG cache: cannot autodiscover ASGs: AccessDenied: User: arn:aws:sts::919601712473:assumed-role/staging-f-exec-node-role-7ca4419/i-01b2a7eb09e0d618b is not authorized to perform: autoscaling:DescribeTags
	status code: 403, request id: 1a3191cd-ffda-4ee8-bdd9-8f3af2b1af93
F0922 12:44:54.845780       1 aws_cloud_provider.go:382] Failed to create AWS Manager: cannot autodiscover ASGs: AccessDenied: User: arn:aws:sts::919601712473:assumed-role/staging-f-exec-node-role-7ca4419/i-01b2a7eb09e0d618b is not authorized to perform: autoscaling:DescribeTags
	status code: 403, request id: 1a3191cd-ffda-4ee8-bdd9-8f3af2b1af93

bitter-application-91815

09/23/2020, 8:36 AM

Also what permissions need to be added where for this to get fixed ? ^

bitter-application-91815

09/23/2020, 8:36 AM

is it to the nodegroup(s)