https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • c

    chilly-garage-80867

    09/18/2020, 7:27 PM
    Howdy, I am trting to use python to deploy some istio crds and I get this issue
    Exception: invocation of kubernetes:yaml:decode returned an error: error converting YAML to JSON: yaml: line 128: mapping values are not allowed in this context
    b
    g
    • 3
    • 22
  • b

    brash-waiter-73733

    09/19/2020, 12:34 PM
    Following https://github.com/pulumi/pulumi-kubernetes/issues/1025 I was able to get
    render_yaml_to_directory
    to output YAML files from my Python code. However, I noticed (as documented) that this means I can’t then deploy those resources to the cluster with Pulumi as well. Does anyone have a pattern for doing both? ie. 1. run
    pulumi up
    2. deploy to cluster 3. generate YAML I tried: • Passing
    providers
    and a list of providers, but that didn’t seemed to revert to defaults ❌ • Using a config as a toggle between two providers, but this led to state problems ❌ • Abstracting the resources, and then applying twice in the same script, but Pulumi complains about them having the same name ❌ Appreciate this has a nice
    BETA FEATURE
    warning. I’d be interested if anyone has a pattern for doing the above, or if this might be supported in thee future.
    :param pulumi.Input[str] render_yaml_to_directory: BETA FEATURE - If present, render resource manifests to this directory. In this mode, resources will not
    be created on a Kubernetes cluster, but the rendered manifests will be kept in sync with changes
    to the Pulumi program. This feature is in developer preview, and is disabled by default.
    Note that some computed Outputs such as status fields will not be populated
    since the resources are not created on a Kubernetes cluster. These Output values will remain undefined,
    and may result in an error if they are referenced by other resources. Also note that any secret values
    used in these resources will be rendered in plaintext to the resulting YAML.
    b
    b
    • 3
    • 5
  • s

    salmon-account-74572

    09/21/2020, 7:49 PM
    Apologies for the x-posting; anyone have any pointers for this? https://pulumi-community.slack.com/archives/CCWP5TJ5U/p1600717465002200
    g
    • 2
    • 2
  • s

    salmon-account-74572

    09/21/2020, 8:28 PM
    Is there a way to get Pulumi's
    kustomize
    support to also render YAML to a directory? (It appears as if Pulumi's
    kustomize
    support is acting more like
    kubectl -k
    as opposed to standalone
    kustomize
    .)
    g
    • 2
    • 3
  • b

    bitter-application-91815

    09/23/2020, 8:34 AM
    hey guys
  • b

    bitter-application-91815

    09/23/2020, 8:34 AM
    trying to figure out a nice way to deploy this via pulumi
  • b

    bitter-application-91815

    09/23/2020, 8:34 AM
    kubectl apply -f <https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml>
    kubectl -n kube-system annotate deployment.apps/cluster-autoscaler <http://cluster-autoscaler.kubernetes.io/safe-to-evict=%22false%22|cluster-autoscaler.kubernetes.io/safe-to-evict="false">
  • b

    bitter-application-91815

    09/23/2020, 8:35 AM
    I did it by hand by running those two commands manually but when stressed and the autoscaler kicks in, it fails to autoscale due to permissions so i was looking at your autoscale package it doesn't seem to be similar to just 'run this yaml file' , what do you suggest, should i try to figure out how to use yaml with the yaml package and set the permissions on the node groups, hopefully fixing
  • b

    bitter-application-91815

    09/23/2020, 8:35 AM
    0922 12:44:54.845750       1 aws_manager.go:265] Failed to regenerate ASG cache: cannot autodiscover ASGs: AccessDenied: User: arn:aws:sts::919601712473:assumed-role/staging-f-exec-node-role-7ca4419/i-01b2a7eb09e0d618b is not authorized to perform: autoscaling:DescribeTags
    	status code: 403, request id: 1a3191cd-ffda-4ee8-bdd9-8f3af2b1af93
    F0922 12:44:54.845780       1 aws_cloud_provider.go:382] Failed to create AWS Manager: cannot autodiscover ASGs: AccessDenied: User: arn:aws:sts::919601712473:assumed-role/staging-f-exec-node-role-7ca4419/i-01b2a7eb09e0d618b is not authorized to perform: autoscaling:DescribeTags
    	status code: 403, request id: 1a3191cd-ffda-4ee8-bdd9-8f3af2b1af93
  • b

    bitter-application-91815

    09/23/2020, 8:36 AM
    Also what permissions need to be added where for this to get fixed ? ^
    b
    • 2
    • 9
  • b

    bitter-application-91815

    09/23/2020, 8:36 AM
    is it to the nodegroup(s)
  • b

    bitter-application-91815

    09/23/2020, 1:05 PM
    Anyone know if it's safe to use https://www.pulumi.com/docs/reference/pkg/kubernetes/autoscaling/
    b
    • 2
    • 32
  • b

    bitter-application-91815

    09/23/2020, 1:05 PM
    v2beta2 here ?
  • s

    salmon-account-74572

    09/23/2020, 10:16 PM
    I see in the documentation for
    kustomize
    support that transformations "happen in memory, and are not persisted to disk." Is this still true if the
    RenderYamlToDirectory
    property is set on the Kubernetes provider?
    • 1
    • 1
  • s

    salmon-account-74572

    09/23/2020, 11:00 PM
    Anyone have an example of how to add non-existing keys and "sub-values" using a transformation? For example, let's say I have this YAML:
    apiVersion: <http://kustomize.config.k8s.io/v1beta1|kustomize.config.k8s.io/v1beta1>
    kind: Kustomization
    resources:
      - ../../base
    and I'd like to add this to that YAML:
    patchesJson6902:
      - path: name.json
        target:
          group: <http://infrastructure.cluster.x-k8s.io|infrastructure.cluster.x-k8s.io>
          kind: AWSCluster
          name: base
          version: v1alpha3
    Is this possible using a transformation?
  • f

    fierce-memory-34976

    09/24/2020, 2:46 PM
    anyone could be able to help with auto scaling? i have a deployment that has one replica and it's targeted with an autoscaler that i set to resource cpu metrics.. after running the whole stack in GCP everything is up only the scaler shows the following status:
    message: 'the HPA was unable to compute the replica count: missing request for cpu'
    • 1
    • 1
  • b

    bitter-application-91815

    09/24/2020, 8:05 PM
    What's the preferred future proof way (as much as anything can be) to deploy apps on to a kubs cluster (eks) ?
  • b

    bitter-application-91815

    09/24/2020, 8:05 PM
    using helm right now, is that going to be around going forward ?
    l
    w
    b
    • 4
    • 6
  • w

    witty-vegetable-61961

    09/25/2020, 9:48 PM
    Hey guys does Pulumi work with microk8s? I use this to run k8s in a hyper-v linux vm.
    r
    • 2
    • 1
  • w

    worried-city-86458

    09/29/2020, 3:35 AM
    @gorgeous-egg-16927 What's a good way to handle pre-existing resources that I don't want to import to be pulumi managed but that I want to delete to clear the way for pulumi managed resources? Specifically, looking at https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html, which is kind of a mess:
    vpc-resource-controller-role
    cluster role,
    vpc-resource-controller-role-binding
    cluster role binding, and
    vpc-resource-controller
    service account already exist after standing up a new eks cluster, while the
    vpc-resource-controller
    deployment does not exist, but the cluster role is different from the guide's download link and is missing config map access (so needs modification anyway), ... so I want to delete the lot iff they exist (and not managed by pulumi) and create new ones with consistent
    vpc-resource-controller
    names throughout, which would leave duplicates for cluster role and cluster role binding and clashes with the service account if I can't delete the pre-existing ones first. 🤔
    c
    g
    • 3
    • 9
  • w

    worried-city-86458

    09/30/2020, 5:11 AM
    Also, what's a good way to do the webhook-create-signed-cert.sh dance to automate creating a secret for the
    vpc-admission-webhook
    ?
    g
    b
    • 3
    • 22
  • m

    melodic-printer-39640

    09/30/2020, 12:00 PM
    hi, i’ve tried to install ingress-controller using this code and it failed: it turns out, admission create job didn’t start. I’ve tried to install it with helm CLI and it went fine, — “admission create” job appeared and completed
    const nginxController = new k8s.helm.v3.Chart(`core1-${stack}`, {
      version: "3.3.0",
      chart: "ingress-nginx",
      fetchOpts: {
        repo: "<https://kubernetes.github.io/ingress-nginx>"
      },
      values: {
        controller: {
          admissionWebhooks: {
            enabled: true,
            patch: {
              enabled: true
            }
          },
    
          service: {
            annotations: {
              "<http://external-dns.alpha.kubernetes.io/hostname|external-dns.alpha.kubernetes.io/hostname>": "<http://mydomain.net|mydomain.net>"
            },
            externalTrafficPolicy: 'Local',
          },
    
          config: {
            "use-forwarded-headers": 'true'
          }
        }
      }
    }, { provider: cluster.provider });
  • m

    melodic-printer-39640

    09/30/2020, 12:00 PM
    Is there any way of how to debug what was rendered and sent to k8s?
  • m

    melodic-printer-39640

    09/30/2020, 12:01 PM
    I assume Job wasn’t, because it didn’t appear in stack preview
  • n

    nutritious-flower-51098

    09/30/2020, 12:13 PM
    are there any plans to start doing three way diff for kubernetes objects?
  • m

    melodic-printer-39640

    09/30/2020, 12:59 PM
    ok, so I’ve cloned those charts and played around with it locally — if I remove
    "<http://helm.sh/hook|helm.sh/hook>": pre-install,pre-upgrade
    from metadata/annotations in Job template than Pulumi creates the Job. It looks like those hooks are not supported porperly: I got this problem while doing clean install
  • m

    melodic-printer-39640

    09/30/2020, 1:52 PM
    created an issue: https://github.com/pulumi/pulumi-kubernetes/issues/1335
  • l

    limited-rainbow-51650

    09/30/2020, 3:33 PM
    I’m adding two TS
    exports
    to my Pulumi project from a k8s
    Service
    resource but only a single output is created:
    exports.temporalFrontendEndpoint = temporal_frontendService.spec.externalName;
    exports.temporalFrontEndName = temporal_frontendService.metadata.name;
    results in:
    --outputs:--        
      + temporalFrontEndName: "temporal-frontend-vw2qfr65"
    Any idea why the
    externalName
    is not created as an output?
    b
    • 2
    • 3
  • m

    mammoth-afternoon-82670

    09/30/2020, 6:54 PM
    Hi everyone, I'm facing some problems with my stack state, and I'm unable to fix.
  • m

    mammoth-afternoon-82670

    09/30/2020, 6:54 PM
    I described it here, any lights? https://github.com/pulumi/pulumi-kubernetes/issues/1013#issuecomment-701544909
Powered by Linen
Title
m

mammoth-afternoon-82670

09/30/2020, 6:54 PM
I described it here, any lights? https://github.com/pulumi/pulumi-kubernetes/issues/1013#issuecomment-701544909
View count: 4