Is there a better starting point for

pulumi/query

than this? https://www.pulumi.com/docs/guides/crosswalk/kubernetes/#pulumi-query Taking you to a github repo with zero examples or guidance on how to actually use the module is a terrible experience.

I hadnt touched Pulumi for a while as our infra didn't change. Now im facing a weird issue, the 'traefik' helm chart im using cannot be fetched from

<https://kubernetes-charts.storage.googleapis.com/>

- did anything change recently?

failed to pull chart: looks like "<https://kubernetes-charts.storage.googleapis.com/>" is not a valid chart repository or cannot be reached: failed to fetch <https://kubernetes-charts.storage.googleapis.com/index.yaml> : 403 Forbidden"

I also get

Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.

in the browser. So what is the right place to get the traefik ingress controller helm chart now? Edit: Josh was kind enough to link me this article https://helm.sh/blog/new-location-stable-incubator-charts/

I am trying to migrate to https://helm.traefik.io/traefik but im getting _Duplicate resource URN _ errors .... Just the wrong helm chart used, I didn't follow the migration guide from the link above ^^

We are seeing some really strange behavior deploying our apps. The manifest we are deploying, using the resources from pulumi, has a couple of secrets defined and are mapped as environment variables in the deployment resource. Every now and then one secret is not included in the deployment manifest, running the exact same pulumi script one (or sometimes it require multiple retries) will render a different deployment manifest including the secret. We don't have any conditional logic around the secret and it is deployment to the same stack we are talking about here. Anyone that experienced something similar?

is there any way to improve previews for changes like this one?

one env var was added here, but preview doesn't clearly show that

Anyone knows what the best way to deal with

Ingress .status.loadBalancer field was not updated with a hostname/IP address.

is? Running traefik 1.7 on k8s.

probably was asked ton of times, how can I run pulumi (Deployment manifest) without changing the image tag? I have separate CD process where it builds and set the image and in our pulumi configuration we have

k8s.apps.v1.Deployment(

statement for image but not with the tag.

Hello, I'm trying to use

pulumi_kubernetes.helm.v3

--

Chart()

specifically. How does one pass in a specific k8s provider?

splunk_connect_for_kubernetes = Chart(
        "splunk-connect-for-kubernetes-chart",
        ChartOpts(
            chart="splunk-connect-for-kubernetes",
            version="1.4.4",
            namespace="splunk",
            fetch_opts=FetchOpts(
                repo="<https://splunk.github.io/splunk-connect-for-kubernetes/>",
            ),
        ),
    )

Hello k8s peeps... I'm not sure how this has happened, but my pulumi script for deploying apps into our cluster (nginx-ingress-controller, fluentd, certmanager, etc) has gotten into a condition where the stack thinks there should be some resources in the cluster that are simply not there and

pulumi refresh

doesn't work to bring the stack into sync with the cluster. The concerning thing is that these resources were removed by the pulumi script, but the script failed in a latter part of the execution (couldn't get ip address property from

ingressController

object), and so the stack is now out of sync with what the script removed, and I can't get the stack back in sync. I cannot

pulumi destroy

the stack since there are things in place that would be very problematic to re-create.

Does anyone here know how to write the pulumi for a `k8s.helm.v3.Chart`to install multiple nginx-ingress-controllers? Basically, I want to run the chart twice, one for an internal load balancer and one for an external load balancer, so I provide unique

ingress-class

values for the separate charts. The problem with the chart is that it installs the clusterrole and clusterrolebinding and I can't figure out how to get the second run to not try to install those.

I want to configure a static (already provisioned) public IP to a traefik ingress. Im using a helm chart to install it. Sadly I can't find the correct way to do this. According to the Azure docs, this can be done for an nginx ingress if I specify

--set controller.service.loadBalancerIP="STATIC_IP" \

during installation. What needs to be set in order to achieve the same result with traefik? Setting loadBalancerIP that way does not seem to achieve the desired effect.

I managed to patch the deployed service and set

spec.loadBalancerIP

after the deployment, but I am trying to do this in the helm chart.

Hey, I want to create a PVC and then use it in my Deployment with Pulumi. My default storage class on EBS has

volumeBindingMode

set to wait for first consumer, meaning the PVC won't create the PV until a pod is created that uses it. Since I'm letting Pulumi dynamically name my PVC, I need to use pvc.metadata.name to fetch the PVC name to use in my Deployment object. ^ That creates a "depends_on" behind the scenes where my Deployment will not be created unless the PVC gets created. The PVC gets blocked on creating (pulumi shows creating... forever) because Pulumi is waiting for the PVC to bind the volume which will never happen. My question is, how does anyone actually use PVC's with Pulumi.

Hey fellas, I just updated to

@pulumi/kubernetes@2.7.8

and I'm now getting errors due to a different format for secret data.

secret.data.apply(data => console.log(data))

is logging a wrapped object that looks something like this:

{
  '4dabf18193072939515e22adb298388d': '1b47061264138c4ac30d75fd1eb44270',
  value: { privateKey: '<base64>' }
}

data

should just be

{ privateKey: '<base64' }

. Is this a bug or perhaps a breaking change? Has anybody else run into this issue?

I am a muppet. The problem is that the annotation I tried to set was .. well, an output. TL DR I need the name of a resource group in my helm chart. It seems that an Output is not supported.

["<http://service.beta.kubernetes.io/azure-load-balancer-resource-group|service.beta.kubernetes.io/azure-load-balancer-resource-group>"] = ipAddress.ResourceGroupName

results in

Annotations:              <http://service.beta.kubernetes.io/azure-load-balancer-resource-group|service.beta.kubernetes.io/azure-load-balancer-resource-group>: map[]

TL DR: how can I use Output<string> or values that are not known beforehand in a helm chart? Would transformations apply here?

I am fuming but not really. Actually this is fine, im having fun 😄 but seriously: https://github.com/pulumi/pulumi-kubernetes/issues/555 https://github.com/pulumi/pulumi-kubernetes/issues/1454 I know, entitled developer expects things to work. I never, even for a second, assumed that pulumi is not handling Helm transparently and it is in fact breaking charts that utilize hooks. And with all the upcoming k8s operator / controllers and CRDs more and more charts seem to be incorporating them. TL DR Pulumi cannot be used for Helm charts unless the chart is quite small and after every upgrade I can verify that no hooks are utilized.

Howdy!

Is there a way to query for existing resources outside of my Pulumi stack/

I feel like I’ve seen this somewhere, but I can’t seem to piece together the right search terms.

We have a persistent set of infrastructure that is shared amongst some deploys and I’d like to be able to look up the server names (etc.) instead of hard-coding them

Next question: Can you render Helm charts locally without applying them?

like with the

renderYamlToDirectory

for a Kubernetes provider

Hi all, I opened a PR for initContainer support in kubernetesx. How do I go about getting it merged? https://github.com/pulumi/pulumi-kubernetesx/pull/63

Hey guys. Is there any way to skip an installation of some object in a helm chart using transformations? For instance, I want to avoid installing everything that includes the substring "test". I tried

del obj

but it doesn't work.

def remove_test_objects(obj):
    # if obj["kind"] == "Pod" and 'test' in obj["metadata"]["name"]:
    if 'test' in obj["metadata"]["name"]:
        del obj

Hey, I am getting error of duplicate resource

kubernetes:core/v1:ConfigMap redis-configuration create replacement [diff: ~metadata]; error: Duplicate resource URN 'urn:pulumi:staging::kubernetes-deployment::kubernetes:core/v1:ConfigMap::redis-configuration'; try giving it a uniqu
e name

Why URN doesn’t have namespace in it? Is it a bug ?

hi, how do people here cope with cluster only reachable via a proxy/bastion connection?

Does anyone have any insight as to why my custom

IngressRoute

type (TypeScript) is throwing

TypeError: types_1.IngressRoute is not a constructor

?

Can the ambient configuration be disabled? I'm thinking, perhaps I can turn

pulumi config set kubernetes:context my-context

into a required variable(?) re: https://www.pulumi.com/docs/intro/cloud-providers/kubernetes/setup/#kubernetes-configuration My goal is to avoid running pulumi against the wrong cluster (I need to switch between two live clusters often...) Is there perhaps another defensible way to configure pulumi?