Getting an error and trying to find why

I am getting an error

No matching service found for ingress rule: "freepbx.taskrouter.dev.internal/" -> ""

and can't understand why the service name is empty, the service is present and everything works fine besides this pulumi check which leads to a failed deployment

and here what's weird: changing 

apiVersion: extensions/v1beta1

 to 

apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>

  in the ingress definition seemed to solve the issue

looks like the format for path specifications changed between apiversions and now only the new one is supported so ingresses with the old apiversions lead to broken deployments

is there any way to disable pulumi checks for k8s resources being ready before considering a deployment successful?

if the configmap already exists inside the cluster (azure addons), can I somehow edit it using pulumi? Thanks

error: resource kube-system/coredns-custom was not successfully created by the Kubernetes API server : configmaps "coredns-custom" already exists

is there a way to replace a resource inside kubernetes using pulumi? (same behavior as you do with

kubectl apply -f

If resource exists, replace it or create. Thanks

i have a custom clusterrole and clusterrolebinding and would like to assign these permissions to an eks `Cluster`'s

roleMappings[*].groups

property somehow. Neither the name of the clusterrole or binding work here (something like

system:masters

does work though). Anyone know how i can achieve this?

I was able to create a watcher for resources created by

operator (statefulset)

and when

service

resource has been created, I am trying to get it using something like this:

const kc = new k8sClient.KubeConfig();
const watcher = config.servicesK8s.cluster.kubeconfig
  .apply(kubeConfig => kc.loadFromString(kubeConfig))
  .apply(() => new k8sClient.Watch(kc));

export let serviceName = watcher.apply(w => waitFor(w, 'elastic-es-http'));

export const service = pulumi
  .all([namespace.metadata.name, serviceName])
  .apply(([ns, name]) =>
    k8s.core.v1.Service.get('elastic-svc', `${ns}/${name}`, {
      parent: namespace,
      dependsOn: [elasticsearch]
    })
  );

hey guys, i'm trying to figure out how to add users to my EKS cluster so as anyone of my team can deploy apps, doing anything admin on the cluster. Following the Identity docs, I have created an admin iAM role with the permissions suggested through pulumi. I then have created a RBAC role on the cluster plus a clusterbinding. From here i'm lost, how do i associate the admin iAM role with the RBAC role, and then how does one (who isn't me, because i'm defacto admin on the cluster as i created it) query the cluster using kubectl. It feels unclear to me as to how the Kubs RBAC role can associate with the iAM role

is the Operator supposed to be used for this sort of stuff

I was wondering how you guys deal with persistent storage (e.g. StorageClasses, PersistentVolumeClaims, PersistentVolumes) using pulumi. Because of the way pulumi generates the names by adding random strings as postfix, I fear data loss when resources are replaced. Some Helm-Charts (e.g. Elastic Cloud on Kubernetes, Kube-Prometheus-Stack) offer the option of specifying a volumeClaimTemplate. I consider to create a StorageClass and a PV with a fixed name (no auto-naming) before installing these Helm-Charts and then bind them via the volumeClaimTemplate. That way I can define the reclaim policy as 'Retain' and replaced resources will hopefully always be bound to the same PV. Is that a good idea?

@gorgeous-egg-16927 I was trying to upgrade

pulumi-kubernetes

to a more up-to-date version. But my stack wasn’t able to refresh if I didn’t have the old plugin version existing on the machine (I’m running in container so I only have the recent plugin version) Other pulumi provider have this behaviour and I was wondering if this is a bug

Diagnostics:
  pulumi:providers:kubernetes (default_2_6_1):
    error: no resource plugin 'kubernetes-v2.6.1' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource kubernetes v2.6.1`

(I was upgrading from 2.6.1 to 2.6.3)

Hi all, I'm trying to wrap an app from kustomize (would have the same problem with basic Kube import as well) as a library, so I'm not loading in the directory/manifests in the directory where the main is running.

func New(ctx *pulumi.Context, options ...pulumi.ResourceOption) error {
	_, err := kustomize.NewDirectory(ctx, "vault", kustomize.DirectoryArgs{
		Directory: pulumi.String("./kustomize"),
	})
	return err
}

It appears that local directories are always relative to the main.go, not the library. I think my only option here is to do a full import into Pulumi, right?

Is there a common way to use pulumi to update a pod on k8s in a build flow. So i have an app, it tags a new version and builds a new container, but then i need to get that version into pulumi. I could do an env variable for the version, or use the config and set it from the commandline. And what if i wanted to use “latest”. I can put the pull policy on always (slow for restarts) but is there a way to script a pod scale down up or pod deletion to trigger the pull and restart?

Hi, we use Pulumi to also deploy a few charts to our Kubernetes cluster. So far that worked well, but to day when updating the certmanager Helm-Chart from version 2.3.4 to 3.0.0 we ran into a problem (although on other system the update worked without a problem.

kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> (<http://certificates.cert-manager.io|certificates.cert-manager.io>):
    error: 1 error occurred:
    	* the Kubernetes API server reported that "<http://certificates.cert-manager.io|certificates.cert-manager.io>" failed to fully initialize or become live:  "" is invalid: patch: Invalid value: ......." : cannot convert int64 to float64

If i deploy a helm chart using k8s.helm.v3.Chart, is there any way to recover the config i passed in after deploying? Either out of the chart or from the stack or something?

if anyone (will) have problems with helm repo

<http://kubernetes-charts.storage.googleapis.com|kubernetes-charts.storage.googleapis.com>

check this blog post: https://helm.sh/blog/new-location-stable-incubator-charts/

I think this is currently not possible but I want to be sure 100%, not sure if I missing something. Is there a way to

monkey patch

kubernetes resources that were not created with Pulumi? My use case is: Adding the environment variable

AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=true

for DaemonSet

aws-node

inside an AWS EKS Cluster (Step 3 in custom-networking AWS Documentation https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html)

Has anyone been able to convert the yaml transformation state

map[string]interface{}

into actual Kubernetes objects in go?

Can you “rate limit” deploys on k8s, or define retries/dependencies? I have a simple chart for a pull secret before 5 others. and just this one failed due some overload. All the rest deployed perfectly apart from one image that cannot be pulled.

+  kubernetes:core/v1:Secret beta/ghcr-pull-secret creating error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
141
 +  kubernetes:core/v1:Secret beta/ghcr-pull-secret **creating failed** error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable

could someone help me with crd2pulumi

is there a way to connect pulumi to kubernetes with service connection?

Hi there, I’m setting up k8s on AWS EKS and examples work fine, however I need to specify v1.6 or v1.7 - I could not find how to do this? Is it via the kubernetes plugin

Anyone have a preferred CI/CD setup with pulumi/kubernetes? We have an infra repo that has infrequent changes and another service repo that is made up of a couple images and several k8s definitions. Looking for something lightweight on the setup/management as we're light on devops time atm (hiring, posted in #jobs if interested). Currently looking at github actions, codefresh, and argo. Would like to setup auto semantic versioning update of deployment images as part of the process. Would also like to tie promoting to production to release tags. For the service repo it would ideally look like: Pulumi preview and unit tests on PR, master auto deploys to testing env on update, integration tests run on testing env on update, and then promote to other environments. Github actions is probably the lightest/easiest of the options to get going but have ran in to resource / performance issues with it in the past

I'm working on Cluster API automation with Pulumi and struggling with one particular implementation. ClusterResourceSets require standard Kubernetes YAML to be encapsulated in a Secret or Config Map. Is it possible, during runtime, to get the YAML for a Pulumi Kubernetes object?

Rendering to YAML with a provider won't work for this use-case

Something like `pulumi.interpolate`${helmChart.toYaml()}`` would be very useful

Is there support for contains engines other than docker?

hey peeps... I can't find this in a search (here or on the web) with an answer to my problem. I have 2 pulumi applications that run and install a business app into kubernetes. Both of these apps go into the same k8s namespace. I would like to be able to run either app first, have it create the namespace, and the other will be able to find it and use it.

var namespace = new k8s.core.v1.Namespace(defaultNamespaceName, {
    metadata: {
        name: defaultNamespaceName,
    }
}, { provider: config.k8sProvider, import: "releasesplatform" });

This does not work. Possibly I have the import id incorrect?

var namespace = new k8s.core.v1.Namespace(defaultNamespaceName, {
    metadata: {
        name: defaultNamespaceName,
    }
}, { provider: config.k8sProvider, id: "releasesplatform" });

Does not work. again, perhaps an Id problem?

var namespace = k8s.core.v1.Namespace.get(defaultNamespaceName, defaultNamespace);
if (namespace == null) {
   // create namespace
}

Doesn't seem to work to get the existing resource either. My code always tries to create. I'm not sure what

get

returns if nothing exists though. Intellisense says it should be a

namespace

typed object, but might be a promise which would not be null. Anyway, wondering if anyone else has solved this problem of creating a k8s namespace in one app, and trying to find it in another.