pulumi-community #kubernetes

kubernetes

chilly-garage-80867

09/18/2020, 7:27 PM

Howdy, I am trting to use python to deploy some istio crds and I get this issue

Exception: invocation of kubernetes:yaml:decode returned an error: error converting YAML to JSON: yaml: line 128: mapping values are not allowed in this context

brash-waiter-73733

09/19/2020, 12:34 PM

Following https://github.com/pulumi/pulumi-kubernetes/issues/1025 I was able to get

render_yaml_to_directory

to output YAML files from my Python code. However, I noticed (as documented) that this means I can’t then deploy those resources to the cluster with Pulumi as well. Does anyone have a pattern for doing both? ie. 1. run

pulumi up

2. deploy to cluster 3. generate YAML I tried: • Passing

providers

and a list of providers, but that didn’t seemed to revert to defaults ❌ • Using a config as a toggle between two providers, but this led to state problems ❌ • Abstracting the resources, and then applying twice in the same script, but Pulumi complains about them having the same name ❌ Appreciate this has a nice

BETA FEATURE

warning. I’d be interested if anyone has a pattern for doing the above, or if this might be supported in thee future.

:param pulumi.Input[str] render_yaml_to_directory: BETA FEATURE - If present, render resource manifests to this directory. In this mode, resources will not

be created on a Kubernetes cluster, but the rendered manifests will be kept in sync with changes

to the Pulumi program. This feature is in developer preview, and is disabled by default.

Note that some computed Outputs such as status fields will not be populated

since the resources are not created on a Kubernetes cluster. These Output values will remain undefined,

and may result in an error if they are referenced by other resources. Also note that any secret values

used in these resources will be rendered in plaintext to the resulting YAML.

salmon-account-74572

09/21/2020, 7:49 PM

Apologies for the x-posting; anyone have any pointers for this? https://pulumi-community.slack.com/archives/CCWP5TJ5U/p1600717465002200

salmon-account-74572

09/21/2020, 8:28 PM

Is there a way to get Pulumi's

kustomize

support to also render YAML to a directory? (It appears as if Pulumi's

kustomize

support is acting more like

kubectl -k

as opposed to standalone

kustomize

bitter-application-91815

09/23/2020, 8:34 AM

hey guys

bitter-application-91815

09/23/2020, 8:34 AM

trying to figure out a nice way to deploy this via pulumi

bitter-application-91815

09/23/2020, 8:34 AM

kubectl apply -f <https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-autodiscover.yaml>
kubectl -n kube-system annotate deployment.apps/cluster-autoscaler <http://cluster-autoscaler.kubernetes.io/safe-to-evict=%22false%22|cluster-autoscaler.kubernetes.io/safe-to-evict="false">

bitter-application-91815

09/23/2020, 8:35 AM

I did it by hand by running those two commands manually but when stressed and the autoscaler kicks in, it fails to autoscale due to permissions so i was looking at your autoscale package it doesn't seem to be similar to just 'run this yaml file' , what do you suggest, should i try to figure out how to use yaml with the yaml package and set the permissions on the node groups, hopefully fixing

bitter-application-91815

09/23/2020, 8:35 AM

0922 12:44:54.845750       1 aws_manager.go:265] Failed to regenerate ASG cache: cannot autodiscover ASGs: AccessDenied: User: arn:aws:sts::919601712473:assumed-role/staging-f-exec-node-role-7ca4419/i-01b2a7eb09e0d618b is not authorized to perform: autoscaling:DescribeTags
	status code: 403, request id: 1a3191cd-ffda-4ee8-bdd9-8f3af2b1af93
F0922 12:44:54.845780       1 aws_cloud_provider.go:382] Failed to create AWS Manager: cannot autodiscover ASGs: AccessDenied: User: arn:aws:sts::919601712473:assumed-role/staging-f-exec-node-role-7ca4419/i-01b2a7eb09e0d618b is not authorized to perform: autoscaling:DescribeTags
	status code: 403, request id: 1a3191cd-ffda-4ee8-bdd9-8f3af2b1af93

bitter-application-91815

09/23/2020, 8:36 AM

Also what permissions need to be added where for this to get fixed ? ^

bitter-application-91815

09/23/2020, 8:36 AM

is it to the nodegroup(s)

bitter-application-91815

09/23/2020, 1:05 PM

Anyone know if it's safe to use https://www.pulumi.com/docs/reference/pkg/kubernetes/autoscaling/

bitter-application-91815

09/23/2020, 1:05 PM

v2beta2 here ?

salmon-account-74572

09/23/2020, 10:16 PM

I see in the documentation for

kustomize

support that transformations "happen in memory, and are not persisted to disk." Is this still true if the

RenderYamlToDirectory

property is set on the Kubernetes provider?

salmon-account-74572

09/23/2020, 11:00 PM

Anyone have an example of how to add non-existing keys and "sub-values" using a transformation? For example, let's say I have this YAML:

apiVersion: <http://kustomize.config.k8s.io/v1beta1|kustomize.config.k8s.io/v1beta1>
kind: Kustomization
resources:
  - ../../base

and I'd like to add this to that YAML:

patchesJson6902:
  - path: name.json
    target:
      group: <http://infrastructure.cluster.x-k8s.io|infrastructure.cluster.x-k8s.io>
      kind: AWSCluster
      name: base
      version: v1alpha3

Is this possible using a transformation?

fierce-memory-34976

09/24/2020, 2:46 PM

anyone could be able to help with auto scaling? i have a deployment that has one replica and it's targeted with an autoscaler that i set to resource cpu metrics.. after running the whole stack in GCP everything is up only the scaler shows the following status:

message: 'the HPA was unable to compute the replica count: missing request for cpu'

bitter-application-91815

09/24/2020, 8:05 PM

What's the preferred future proof way (as much as anything can be) to deploy apps on to a kubs cluster (eks) ?

bitter-application-91815

09/24/2020, 8:05 PM

using helm right now, is that going to be around going forward ?

witty-vegetable-61961

09/25/2020, 9:48 PM

Hey guys does Pulumi work with microk8s? I use this to run k8s in a hyper-v linux vm.

worried-city-86458

09/29/2020, 3:35 AM

@gorgeous-egg-16927 What's a good way to handle pre-existing resources that I don't want to import to be pulumi managed but that I want to delete to clear the way for pulumi managed resources? Specifically, looking at https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html, which is kind of a mess:

vpc-resource-controller-role

cluster role,

vpc-resource-controller-role-binding

cluster role binding, and

vpc-resource-controller

service account already exist after standing up a new eks cluster, while the

vpc-resource-controller

deployment does not exist, but the cluster role is different from the guide's download link and is missing config map access (so needs modification anyway), ... so I want to delete the lot iff they exist (and not managed by pulumi) and create new ones with consistent

vpc-resource-controller

names throughout, which would leave duplicates for cluster role and cluster role binding and clashes with the service account if I can't delete the pre-existing ones first. 🤔

worried-city-86458

09/30/2020, 5:11 AM

Also, what's a good way to do the webhook-create-signed-cert.sh dance to automate creating a secret for the

vpc-admission-webhook

melodic-printer-39640

09/30/2020, 12:00 PM

hi, i’ve tried to install ingress-controller using this code and it failed: it turns out, admission create job didn’t start. I’ve tried to install it with helm CLI and it went fine, — “admission create” job appeared and completed

const nginxController = new k8s.helm.v3.Chart(`core1-${stack}`, {
  version: "3.3.0",
  chart: "ingress-nginx",
  fetchOpts: {
    repo: "<https://kubernetes.github.io/ingress-nginx>"
  },
  values: {
    controller: {
      admissionWebhooks: {
        enabled: true,
        patch: {
          enabled: true
        }
      },

      service: {
        annotations: {
          "<http://external-dns.alpha.kubernetes.io/hostname|external-dns.alpha.kubernetes.io/hostname>": "<http://mydomain.net|mydomain.net>"
        },
        externalTrafficPolicy: 'Local',
      },

      config: {
        "use-forwarded-headers": 'true'
      }
    }
  }
}, { provider: cluster.provider });

melodic-printer-39640

09/30/2020, 12:00 PM

Is there any way of how to debug what was rendered and sent to k8s?

melodic-printer-39640

09/30/2020, 12:01 PM

I assume Job wasn’t, because it didn’t appear in stack preview

nutritious-flower-51098

09/30/2020, 12:13 PM

are there any plans to start doing three way diff for kubernetes objects?

melodic-printer-39640

09/30/2020, 12:59 PM

ok, so I’ve cloned those charts and played around with it locally — if I remove

"<http://helm.sh/hook|helm.sh/hook>": pre-install,pre-upgrade

from metadata/annotations in Job template than Pulumi creates the Job. It looks like those hooks are not supported porperly: I got this problem while doing clean install

melodic-printer-39640

09/30/2020, 1:52 PM

created an issue: https://github.com/pulumi/pulumi-kubernetes/issues/1335

limited-rainbow-51650

09/30/2020, 3:33 PM

I’m adding two TS

exports

to my Pulumi project from a k8s

Service

resource but only a single output is created:

exports.temporalFrontendEndpoint = temporal_frontendService.spec.externalName;
exports.temporalFrontEndName = temporal_frontendService.metadata.name;

results in:

--outputs:--        
  + temporalFrontEndName: "temporal-frontend-vw2qfr65"

Any idea why the

externalName

is not created as an output?

mammoth-afternoon-82670

09/30/2020, 6:54 PM

Hi everyone, I'm facing some problems with my stack state, and I'm unable to fix.

mammoth-afternoon-82670

09/30/2020, 6:54 PM

I described it here, any lights? https://github.com/pulumi/pulumi-kubernetes/issues/1013#issuecomment-701544909