Has anyone been able to convert the yaml transformation state

map[string]interface{}

into actual Kubernetes objects in go?

Can you “rate limit” deploys on k8s, or define retries/dependencies? I have a simple chart for a pull secret before 5 others. and just this one failed due some overload. All the rest deployed perfectly apart from one image that cannot be pulled.

+  kubernetes:core/v1:Secret beta/ghcr-pull-secret creating error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
141
 +  kubernetes:core/v1:Secret beta/ghcr-pull-secret **creating failed** error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable

could someone help me with crd2pulumi

is there a way to connect pulumi to kubernetes with service connection?

Hi there, I’m setting up k8s on AWS EKS and examples work fine, however I need to specify v1.6 or v1.7 - I could not find how to do this? Is it via the kubernetes plugin

Anyone have a preferred CI/CD setup with pulumi/kubernetes? We have an infra repo that has infrequent changes and another service repo that is made up of a couple images and several k8s definitions. Looking for something lightweight on the setup/management as we're light on devops time atm (hiring, posted in #jobs if interested). Currently looking at github actions, codefresh, and argo. Would like to setup auto semantic versioning update of deployment images as part of the process. Would also like to tie promoting to production to release tags. For the service repo it would ideally look like: Pulumi preview and unit tests on PR, master auto deploys to testing env on update, integration tests run on testing env on update, and then promote to other environments. Github actions is probably the lightest/easiest of the options to get going but have ran in to resource / performance issues with it in the past

I'm working on Cluster API automation with Pulumi and struggling with one particular implementation. ClusterResourceSets require standard Kubernetes YAML to be encapsulated in a Secret or Config Map. Is it possible, during runtime, to get the YAML for a Pulumi Kubernetes object?

Rendering to YAML with a provider won't work for this use-case

Something like `pulumi.interpolate`${helmChart.toYaml()}`` would be very useful

Is there support for contains engines other than docker?

hey peeps... I can't find this in a search (here or on the web) with an answer to my problem. I have 2 pulumi applications that run and install a business app into kubernetes. Both of these apps go into the same k8s namespace. I would like to be able to run either app first, have it create the namespace, and the other will be able to find it and use it.

var namespace = new k8s.core.v1.Namespace(defaultNamespaceName, {
    metadata: {
        name: defaultNamespaceName,
    }
}, { provider: config.k8sProvider, import: "releasesplatform" });

This does not work. Possibly I have the import id incorrect?

var namespace = new k8s.core.v1.Namespace(defaultNamespaceName, {
    metadata: {
        name: defaultNamespaceName,
    }
}, { provider: config.k8sProvider, id: "releasesplatform" });

Does not work. again, perhaps an Id problem?

var namespace = k8s.core.v1.Namespace.get(defaultNamespaceName, defaultNamespace);
if (namespace == null) {
   // create namespace
}

Doesn't seem to work to get the existing resource either. My code always tries to create. I'm not sure what

get

returns if nothing exists though. Intellisense says it should be a

namespace

typed object, but might be a promise which would not be null. Anyway, wondering if anyone else has solved this problem of creating a k8s namespace in one app, and trying to find it in another.

Is there a better starting point for

pulumi/query

than this? https://www.pulumi.com/docs/guides/crosswalk/kubernetes/#pulumi-query Taking you to a github repo with zero examples or guidance on how to actually use the module is a terrible experience.

I hadnt touched Pulumi for a while as our infra didn't change. Now im facing a weird issue, the 'traefik' helm chart im using cannot be fetched from

<https://kubernetes-charts.storage.googleapis.com/>

- did anything change recently?

failed to pull chart: looks like "<https://kubernetes-charts.storage.googleapis.com/>" is not a valid chart repository or cannot be reached: failed to fetch <https://kubernetes-charts.storage.googleapis.com/index.yaml> : 403 Forbidden"

I also get

Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.

in the browser. So what is the right place to get the traefik ingress controller helm chart now? Edit: Josh was kind enough to link me this article https://helm.sh/blog/new-location-stable-incubator-charts/

I am trying to migrate to https://helm.traefik.io/traefik but im getting _Duplicate resource URN _ errors .... Just the wrong helm chart used, I didn't follow the migration guide from the link above ^^

We are seeing some really strange behavior deploying our apps. The manifest we are deploying, using the resources from pulumi, has a couple of secrets defined and are mapped as environment variables in the deployment resource. Every now and then one secret is not included in the deployment manifest, running the exact same pulumi script one (or sometimes it require multiple retries) will render a different deployment manifest including the secret. We don't have any conditional logic around the secret and it is deployment to the same stack we are talking about here. Anyone that experienced something similar?

is there any way to improve previews for changes like this one?

one env var was added here, but preview doesn't clearly show that

Anyone knows what the best way to deal with

Ingress .status.loadBalancer field was not updated with a hostname/IP address.

is? Running traefik 1.7 on k8s.

probably was asked ton of times, how can I run pulumi (Deployment manifest) without changing the image tag? I have separate CD process where it builds and set the image and in our pulumi configuration we have

k8s.apps.v1.Deployment(

statement for image but not with the tag.

Hello, I'm trying to use

pulumi_kubernetes.helm.v3

--

Chart()

specifically. How does one pass in a specific k8s provider?

splunk_connect_for_kubernetes = Chart(
        "splunk-connect-for-kubernetes-chart",
        ChartOpts(
            chart="splunk-connect-for-kubernetes",
            version="1.4.4",
            namespace="splunk",
            fetch_opts=FetchOpts(
                repo="<https://splunk.github.io/splunk-connect-for-kubernetes/>",
            ),
        ),
    )

Hello k8s peeps... I'm not sure how this has happened, but my pulumi script for deploying apps into our cluster (nginx-ingress-controller, fluentd, certmanager, etc) has gotten into a condition where the stack thinks there should be some resources in the cluster that are simply not there and

pulumi refresh

doesn't work to bring the stack into sync with the cluster. The concerning thing is that these resources were removed by the pulumi script, but the script failed in a latter part of the execution (couldn't get ip address property from

ingressController

object), and so the stack is now out of sync with what the script removed, and I can't get the stack back in sync. I cannot

pulumi destroy

the stack since there are things in place that would be very problematic to re-create.

Does anyone here know how to write the pulumi for a `k8s.helm.v3.Chart`to install multiple nginx-ingress-controllers? Basically, I want to run the chart twice, one for an internal load balancer and one for an external load balancer, so I provide unique

ingress-class

values for the separate charts. The problem with the chart is that it installs the clusterrole and clusterrolebinding and I can't figure out how to get the second run to not try to install those.

I want to configure a static (already provisioned) public IP to a traefik ingress. Im using a helm chart to install it. Sadly I can't find the correct way to do this. According to the Azure docs, this can be done for an nginx ingress if I specify

--set controller.service.loadBalancerIP="STATIC_IP" \

during installation. What needs to be set in order to achieve the same result with traefik? Setting loadBalancerIP that way does not seem to achieve the desired effect.

I managed to patch the deployed service and set

spec.loadBalancerIP

after the deployment, but I am trying to do this in the helm chart.

Hey, I want to create a PVC and then use it in my Deployment with Pulumi. My default storage class on EBS has

volumeBindingMode

set to wait for first consumer, meaning the PVC won't create the PV until a pod is created that uses it. Since I'm letting Pulumi dynamically name my PVC, I need to use pvc.metadata.name to fetch the PVC name to use in my Deployment object. ^ That creates a "depends_on" behind the scenes where my Deployment will not be created unless the PVC gets created. The PVC gets blocked on creating (pulumi shows creating... forever) because Pulumi is waiting for the PVC to bind the volume which will never happen. My question is, how does anyone actually use PVC's with Pulumi.

Hey fellas, I just updated to

@pulumi/kubernetes@2.7.8

and I'm now getting errors due to a different format for secret data.

secret.data.apply(data => console.log(data))

is logging a wrapped object that looks something like this:

{
  '4dabf18193072939515e22adb298388d': '1b47061264138c4ac30d75fd1eb44270',
  value: { privateKey: '<base64>' }
}

data

should just be

{ privateKey: '<base64' }

. Is this a bug or perhaps a breaking change? Has anybody else run into this issue?

I am a muppet. The problem is that the annotation I tried to set was .. well, an output. TL DR I need the name of a resource group in my helm chart. It seems that an Output is not supported.

["<http://service.beta.kubernetes.io/azure-load-balancer-resource-group|service.beta.kubernetes.io/azure-load-balancer-resource-group>"] = ipAddress.ResourceGroupName

results in

Annotations:              <http://service.beta.kubernetes.io/azure-load-balancer-resource-group|service.beta.kubernetes.io/azure-load-balancer-resource-group>: map[]

TL DR: how can I use Output<string> or values that are not known beforehand in a helm chart? Would transformations apply here?

I am fuming but not really. Actually this is fine, im having fun 😄 but seriously: https://github.com/pulumi/pulumi-kubernetes/issues/555 https://github.com/pulumi/pulumi-kubernetes/issues/1454 I know, entitled developer expects things to work. I never, even for a second, assumed that pulumi is not handling Helm transparently and it is in fact breaking charts that utilize hooks. And with all the upcoming k8s operator / controllers and CRDs more and more charts seem to be incorporating them. TL DR Pulumi cannot be used for Helm charts unless the chart is quite small and after every upgrade I can verify that no hooks are utilized.