is it desirable to include the kind and version in a resource? e.g.

const eventRouterServiceAccount = new k8s.core.v1.ServiceAccount(
    "eventRouterServiceAccount",
    {
      apiVersion: "v1", // << Remove?
      kind: "ServiceAccount", // << Remove?
      metadata: {
        name: "eventRouter",
        namespace: "kube-system",
      },
    }
  );

a) we already know we're creating a

ServiceAccount

, b) we're specifying the version twice

core.v1.

This is from kube2pulumi

Hey all, I have problems using

pulumi_kubernetes

on my mac when trying to `import pulumi_kubernetes`:

ModuleNotFoundError: No module named 'pulumi_kubernetes'

I installed pulumi with

brew install pulumi

and additionally use a conda environment. further information: • pulumi v2.9.0 • see

conda list

output in image attached PS:

pulumi up

with another script where I use only

pulumi

and

pulumi_aws

works fine!

message has been deleted

👋 hello! New pulumi user here. Quick question on

ConfigFile

. I’m trying to deploy some existing k8s yaml objects with Pulumi/Python. I’m creating a

k8s.yaml.ConfigFile

from my file as shown in this tutorial. However, the tutorial then suggests querying the resources inside the ConfigFile by calling `get_resource(type, name)`[0]. but that function doesn’t exist. Is there a way to “query” the resources inside the ConfigFile in Python? [0] Code snippet:

guestbook = k8s.yaml.ConfigFile('guestbook', 'guestbook-all-in-one.yaml')
# Export the private cluster IP address of the frontend.
frontend = guestbook.get_resource('v1/Service', 'frontend')  # <- fails

I think this question, https://pulumi-community.slack.com/archives/CRVK66N5U/p1598526246018200, might belong here. I seems to have some problems with running

pulumi up

when I have some

ConfigFile

resources. I guess it is because I haven't "authenticated" against the cluster locally. How do I use

ConfigFile

without logging in? Do I create

ComponentResourceOptions

where I set the

Provider

? How do I get the provider from a cluster?

👋 Hi! How can I get the Loadbalancer address after creating an Ingress? From the reference, I thought I could do:

pulumi.export('ingress-address', ingress.status.load_balancer.ingress[0].hostname)

However, that fails (turns out that

ingress.status

is

{}

). However, the load balancer’s address shows just fine when running kubectl:

$ kubect get ingress -n test
NAME           HOSTS   ADDRESS                                                                 PORTS   AGE
ingress-main   *       <http://bdcc2d51-test-ingressmain-8b89-1677642024.us-east-2.elb.amazonaws.com|bdcc2d51-test-ingressmain-8b89-1677642024.us-east-2.elb.amazonaws.com>   80      10m

Has anyone figured out how to deploy a helm chart with CRDs to multiple clusters in the same pulumi stack? (https://github.com/pulumi/pulumi-kubernetes/issues/1225#issuecomment-684237439)

message has been deleted

Hello guys. I have a GCP cluster in a "Rapid Release Channel" with the latest version

Master version	
1.17.9-gke.1503

The nature of the "Rapid Channel" is that it auto-upgrades the master version, and then a simple change in pulumi config works fine. Problems arise when you try to upgrade the node versions

panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:smth-integration-1::smth-integration-1::gcp:container/cluster:Cluster::mixed-cluster-1
    goroutine 144 [running]:
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)>
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/go/common/util/contract/failfast.go:23
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assertf(0xc000724300|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assertf(0xc000724300>, 0x3b887dd, 0x48, 0xc0012357a8, 0x1, 0x1)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/go/common/util/contract/assert.go:33 +0x197
    <http://github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Update(0xc0001ea000|github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Update(0xc0001ea000>, 0x41492a0, 0xc001001dd0, 0xc000fd0d20, 0xc0001ea000, 0x3620a01, 0xc00101d500)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v2@v2.7.3/pkg/tfbridge/provider.go:971 +0x81d
    <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler.func1(0x41492a0|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler.func1(0x41492a0>, 0xc001001dd0, 0x39f4e40, 0xc000fd0d20, 0x39f3540, 0x580a850, 0x41492a0, 0xc001001dd0)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/proto/go/provider.pb.go:1920 +0x89
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x41492a0|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x41492a0>, 0xc001000210, 0x39f4e40, 0xc000fd0d20, 0xc000ffe640, 0xc000ffe660, 0x0, 0x0, 0x410c160, 0xc000210aa0)
        /home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x2eb
    <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler(0x3a67500|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler(0x3a67500>, 0xc0001ea000, 0x41492a0, 0xc001000210, 0xc000f5f7a0, 0xc000b594a0, 0x41492a0, 0xc001000210, 0xc0006e7800, 0x3613)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.1-0.20200825190708-910aa96016cd/proto/go/provider.pb.go:1922 +0x14b
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000e3dc0|google.golang.org/grpc.(*Server).processUnaryRPC(0xc0000e3dc0>, 0x4184520, 0xc000702c00, 0xc0013fcd00, 0xc000af1050, 0x57ca978, 0x0, 0x0, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:1171 +0x50a
    <http://google.golang.org/grpc.(*Server).handleStream(0xc0000e3dc0|google.golang.org/grpc.(*Server).handleStream(0xc0000e3dc0>, 0x4184520, 0xc000702c00, 0xc0013fcd00, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:1494 +0xccd
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000adbba0|google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000adbba0>, 0xc0000e3dc0, 0x4184520, 0xc000702c00, 0xc0013fcd00)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:834 +0xa1
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.30.0/server.go:832 +0x204

I use:

pulumi version ==> v2.9.2

Python Modules:
pulumi==2.9.2
pulumi-gcp==3.21.1
pulumi-kubernetes==2.5.0
pulumi-postgresql==2.3.0
pulumi-random==2.3.1

Hello, I'm trying to run a few unit tests on a k8s cluster. For instance, I'd like to check that a deployment name is well formed. The problem I have (golang) is that the method

Deployment.Metadata.Name()

returns a

pulumi.StringPtrOutput

and I don't have a clue about how to get a string back... I guess it's pretty obvious but I can't see how to fix that...

Hello! I have an interesting problem: I want to set labels to the existing default NS - what is the best way to do it? How can I import and update existing resource?

Hello! Someone managed to create ingress basic auth secret with Pulumi TypeScript? I am keeping getting invalid password

This is what I tried:

new Secret("<>>", {
    metadata: {
        name: "<>",
        namespace: "default"
    },
    stringData: {
        auth: password.result.apply(p => {
            let hash = crypto.createHash('md5');
            hash.update(p);
            return hash.digest('base64')
        }).apply(p => `<>:${p}`)
    }
})

I tried md5, sha512 and bcrypt - all failed

Hi guys! What is the best way to install istio with pulumi? I'm generate manifest and then put it to gitrepo and run using k8s.yaml.ConfigFile like this

const istio = new k8s.yaml.ConfigFile("istio-1.7.yaml", {
    file: "istio/istio-1.7.yaml",
}, {dependsOn: istioSystemNamespace, providers: {kubernetes: k8sProvider}, customTimeouts: {create: "10m"}});

But may be there is more beautiful way to install ?

I’m having some issues trying installing argocd helm chart, and there’s not much information to debug. Definition I have is:

const argocd = new kubernetes.helm.v3.Chart("argo", {
    repo: "argo",
    chart: "argo-cd",
    fetchOpts: {
        repo: "<https://argoproj.github.io/argo-helm>",
    },

    namespace: argoNamespace.metadata.name,
}, {
    provider: kubernetesProvider,
    dependsOn: [argoNamespace]
})

How can I implement a Pulumi ResourceTransformation callback function in a type-safe manner to modify the container spec for a

StatefulSet

? This is what I have so far:

attachPostgreSQLConfiguration(args: pulumi.ResourceTransformationArgs): pulumi.ResourceTransformationResult | undefined {
        let props: pulumi.Input<kubernetes.types.input.apps.v1.StatefulSet> = args.props;
        let env : kubernetes.types.input.core.v1.EnvVar[] = props.spec.template.spec.containers[0].env;
        env = env.concat([
            {
                name: 'ORTHANC__POSTGRESQL__ENABLE_SSL',
                value: 'true'
            }
        ]);
        <http://pulumi.log.info|pulumi.log.info>(`In psql plugin transformation: ${util.inspect(env)}`)
        props.spec.template.spec.containers[0].env = env
        return { props: props, opts: args.opts }
    }

But I get a TypeScript error on

props.spec

saying

Object is possibly 'undefined'

followed by

error TS2339: Property 'template' does not exist on type 'Input<StatefulSetSpec>'

I'm looking for a way to run a single job when I do

pulumi up

. I read somewhere that I should do a CronJob without a schedule but the typescript didn't like that. Any other suggestions?

I’m trying to install a helm v3 chart with a custom kubeconfig:

p, err := providers.NewProvider(ctx, "kubernetes", &providers.ProviderArgs{
    Kubeconfig: pulumi.StringPtr(k.kubeConfig),
})
if err != nil {
    return errors.Wrap(err, "failed to create k8s provider")
}

_, err = helmv3.NewChart(ctx, "my-chart", helmv3.ChartArgs{
    Path:      pulumi.String(filepath.Join(chartsPath, "my-chart")),
    Namespace: pulumi.String("some-ns"),
}, pulumi.Provider(p))

if err != nil {
    return errors.Wrap(err, "failed to deploy chart")
}

I’m receiving this error:

failed to deploy k8s stack: failed to update stack: code: 0
, stdout: Updating (yarin/test-aws/k8s_us-west-2):
  pulumi:pulumi:Stack: (same)
      [urn=urn:pulumi:yarin/test-aws/k8s_us-west-2::test-aws::pulumi:pulumi:Stack::test-aws-yarin/test-aws/k8s_us-west-2]
          + pulumi:providers:kubernetes: (create)
                  [urn=urn:pulumi:yarin/test-aws/k8s_us-west-2::test-aws::pulumi:providers:kubernetes::kubernetes]
                          kubeconfig: \"CENSORED\"
                          + 1 created
                              1 unchanged
                              Duration: 5s
                              , stderr: engine: 127.0.0.1:57240resmon: 127.0.0.1:57252error: expected '::' in provider reference ''
                              : failed to run update: failed to run inline program and shutdown gracefully: rpc error: code = Unavailable desc = transport is closing"

So I’m not sure what:

expected '::' in provider reference ''

supposed to mean

Hi everyone, we recently moved

crd2pulumi

, a CLI tool that generates typed CustomResources based on a k8s CRD, to a stand-alone repo at

pulumi/crd2pulumi.

You can download the latest release here, which now supports Python and C#. Please reach out to me if you run into any bugs!

Does anyone have any advice on which prometheus deployment method to use? Per prometheus-operator, there are many options(Prometheus Operator vs. kube-prometheus vs. community helm chart) Which one to use?

Hi, Is there an option for a custom provider to refresh before preview/delete when getting the token through the data?

How can I find on what

pulumi

is hanging/waiting during a

preview

(or the preview part of

up

)? This started happening since I deployed

cert-manager

v0.16.1 on a k8s 1.15 cluster.

Is it planned to actually support helm releases? Currently when I have an interrupted helm deployment (process was killed) we are left with resources in the kubernetes that we have to manually deploy in order to run pulumi again. If the helm integration used proper helm releases it would be able to “upgrade” a failed release. There was some discussion about it in https://github.com/pulumi/pulumi-kubernetes/issues/1092 But I didn’t see any resolution about this matter. @gorgeous-egg-16927

Hi I'm trying to get the clusterIp of the guestbook example https://www.pulumi.com/docs/guides/adopting/from_kubernetes/ but I'm not getting any output of the line export const privateIp = frontend.spec.clusterIP; and if I try console.log(privateIp); I get OutputImpl { __pulumiOutput: true, resources: [Function], allResources: [Function], isKnown: Promise { <pending> }, isSecret: Promise { <pending> }, promise: [Function], toString: [Function], toJSON: [Function] } what could be the reason that I can't get the output of ip address?

Hi there, Is there a proper pulumi way to restart a specific service during an update ? (I typically have to restart the pgpool service after adding a user to the config)

What's the best way to grab a service created by an operator as a pulumi resource? ie. I'm Installing the Istio operator via Pulumi, and then applying the CR so it sets up Istio. I then want to grab the

istio-ingressgateway

service as a resource so that I can extract the value of some annotations to use in some later resources

Hi, I would like ask you for advice. I am now dealing with the creation of several pods and as input to them I need to smuggle the IP addresses of all these pods. It is some possible way? I tried following code, but services waiting on "Finding Pods to direct traffic to" and I cannot resolve

pulumi.all(...).apply(...)

for (let i = 0; i < args.containerConf.replicas; i++) {
            const service = new k8s.core.v1.Service(
                `zooservice-${i}`,
                {
                    metadata: {
                        name: `zooservice-${i}`,
                        labels: {
                            app: ZookeeperApp,
                        },
                    },
                    spec: {
                        ports: [
                            { port: 2181, name: "client" },
                            { port: 2888, name: "server" },
                            { port: 3888, name: "leader-election" },
                        ],
                    },
                },
                {
                    parent: this,
                }
            );
            this.zkServices.push(service);
        }

        const inputIPs = this.getZookeeperServicesIPs();
        pulumi.all(inputIPs).apply((servicesIPs) => {
            servicesIPs.forEach((ip) => {
                console.log(ip);
            });
            for (let i = 0; i < args.containerConf.replicas; i++) {
                const zookeeper = new Zookeeper(
                    `zookeeper-${i}`,
                    {
                        containerConf: args.containerConf,
                        imagePullSecrets: args.imagePullSecrets,
                        serviceIPs: servicesIPs,
                    },
                    {
                        parent: this,
                    }
                );
                this.zookeepers.push(zookeeper);
            }
        });

PS: I cannot use DNS names.