Am trying to install cert-manager using its default manifest:

const certManagerResources = new k8s.yaml.ConfigFile("cm", { 
    file: `<https://github.com/jetstack/cert-manager/releases/download/v0.13.0/cert-manager.yaml>`
})

Am finding that the preview hangs. v1.9.0. Thoughts?

I’m creating a Kubernetes Secret with Pulumi, and the secret information is added to the Secret in clear text as an annotation. Is this Pulumi who does this??? Code:

const privatePullCredentials = new kubernetes.core.v1.Secret('dockerprivatepull', {
    type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
    metadata: {
        namespace: namespace.metadata.name
    },
    stringData: {
        ".dockerconfigjson": config
            .requireSecret("docker-hub-token")
            .apply(value => {
                return JSON.stringify({
                    auths: {
                        "<https://index.docker.io/v1/>": {
                            auth: value
                        }
                    }
                })
            })
    }
});

Output:

kubectl get secret dockerprivatepull-s2nimzmf --namespace=apps --output=yaml                                             master ● ↓2  10:43:53
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsiYXV0aCI6ImRlOWM1NTgyLTM4ZTMtNGY1Mi04ZTFhLTk0NzgzNWQ2ZTc5YyJ9fX0=
kind: Secret
metadata:
  annotations:
    <http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>: |
      {"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"<http://pulumi.com/autonamed|pulumi.com/autonamed>":"true"},"labels":{"<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>":"pulumi"},"name":"dockerprivatepull-s2nimzmf","namespace":"apps"},"stringData":{".dockerconfigjson":"{\"auths\":{\"<https://index.docker.io/v1/>\":{\"auth\":\"<clear text secret here!!!>"}}}"},"type":"<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>"}
    <http://pulumi.com/autonamed|pulumi.com/autonamed>: "true"
  creationTimestamp: "2020-01-28T09:43:00Z"
  labels:
    <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: pulumi
  name: dockerprivatepull-s2nimzmf
  namespace: osimis
  resourceVersion: "935549"
  selfLink: /api/v1/namespaces/osimis/secrets/dockerprivatepull-s2nimzmf
  uid: c19731a4-45e9-414a-8a04-fb92ce5f05bd
type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>

It must be because when I create the Secret via

kubectl

, the whole annotation isn’t there (as it should be)

Hi all, I’ve been trying to share a generated kubeconfig practically copied from https://github.com/pulumi/examples/blob/master/gcp-ts-gke/cluster.ts between stacks. Following the https://www.pulumi.com/docs/intro/concepts/organizing-stacks-projects/#inter-stack-dependencies guide gets me the right kubeconfig variable in another stack. Only when I try to connect to the same cluster from the other stack I get the following error:

error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get https://<DIFFERENT_IP_THAN_CLUSTER>/openapi/v2?timeout=32s: dial tcp <DIFFERENT_IP_THAN_CLUSTER>:443: i/o timeout

. It seems like I’m missing a step, did anyone encounter this before?

Did @pulumi/eks

0.18.19

release inadvertently?

is there a way to get a clusterip service's internal ip, or can you only get the ip of a loadbalancer service?

Is it possible to obtain the value of an externally-managed

Secret

resource, to be used as a

pulumi.Input<>

in my program? (without using stack references)

Hi there! , somebody know how to add annotations using helm + k8s , I'm using nginx-ingress chart , and I need to add these:

service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "True" service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-type: nlb

you can use a transformation on the chart

Thanks Oliverh , Do you have some example to follow?

i was just trying to find one but couldnt sorry

ah: https://github.com/pulumi/pulumi-kubernetes/issues/217#issuecomment-459105809

thanks I will try

very complicated , I just found another solution

values : { controller: { service: { annotations: { "service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled": "True", "service.beta.kubernetes.io/aws-load-balancer-internal": "true", "service.beta.kubernetes.io/aws-load-balancer-type": "nlb" } } } }

just if someone needs

are there any k8s friendly pulumi DevOps engineers looking for a remote gig?

Any idea when the next release will ship? Really looking forward to the YAML rendering for the k8s resources PR that just got merged 2 days ago. https://github.com/pulumi/pulumi-kubernetes/pull/936

How is a change on a resource that comes with helm chart version update determined as replace or update?

This should be working code from @gorgeous-egg-16927. But when I create a secret using a Docker Hub Personal Access Token as the Pulumi secret

docker-hub-token

and refer to it from my deployment, I get an error:

Failed to pull image "<my private image name here>": illegal base64 data at input byte 8

Am I still missing something?

Hello, I’m having a problem where K8s resources are being needlessly replaced during an update. Pulumi 0.10.1. Ideas? The output suggests that the

k8s.Provider

that I supply to those resources is being flagged as changing. For example:

├─ kubernetes:core:Namespace           foobar        replace     [diff: ~provider]

Seems the provider urn is changing:

[provider: urn:pulumi:proto::example::pulumi:providers:kubernetes::cluster-proto::35fb4c9f-c17e-4685-9459-ad432be24927 => urn:pulumi:proto::example::pulumi:providers:kubernetes::cluster-proto::f0e50e3c-7584-479a-bf2f-484379ca4f24]

To be clear, the program flow is to create a GKE cluster, synthesize a kubeconfig, create a

Provider

based on it, and then create a

Namespace

with

{provider: ...}

.

Hello, I have a eks cluster with helm charts creating statefulsets. I need help in 2 things regarding aws tags: 1. How can I add aws tags for resources creating by pulumi? This also includes ebs volumes created by pulumi. 2. Also, is there any way to add aws tags for statefulsets? Stateful sets are managed by us. When I add tags to eks.Cluster. I can see it adding to only ec2.

Another question: Is there any way to instruct in pulumi to also remove PV's created by statefulset? if not, do you recommend us to delete the statefulset, pv using kubectl and then execute pulumi destroy?

Hello, I am sorry to report that the “invoke” fix in 1.5.3 is regressing the use of

provider

in the

ConfigFile

. It seems to use the ambient kube provider.

When changing a name of a dynamic provide, the deployment attempts to replace all resoruces with ' [diff: ~provider]' and fails on the first of them (namespace), is there any workaround?

We've setup our kubernetes cluster following the standard pulumi-kubernetes tutorial, which use

_const_ engineVersion = gcp.container.getEngineVersions().latestMasterVersion

to get the engineVersion. Now we need to add a node pool, but because the

latestMasterVersion

has increased, the

pulumi preview

suggests that the cluster need to be updated because the

minMasterVersion

has increased. Couple of questions here - (i) will pulumi be able to do this without deleting and then re-creating the cluster (ii) in general, is there any way we can know ahead of time whether or not pulumi will destroy and recreate the cluster, versus just updating it in some way?

if i create a deployment with replicas: 0 pulumi sits waiting for something to come alive forever

I’m adding a

livenessProbe

to my setup. Here is a snippet:

livenessProbe: {
    httpGet: {
        path: '/auth',
        port: 80
    },
    initialDelaySeconds: 300,
    timeoutSeconds: 5
}

But when looking at the details of

pulumi up

, I see this:

~ livenessProbe : {
    ~ httpGet: {
      }
  }

The details of the

httpGet

are not displayed. Known issue?