https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • b

    broad-helmet-79436

    01/22/2020, 9:49 AM
    but like, are the APIs mostly set?
    g
    f
    • 3
    • 4
  • m

    many-lock-25065

    01/27/2020, 3:18 PM
    We're using Pulumi to build a Kubernetes cluster on GCP, with the Istio integration enabled (https://cloud.google.com/istio/docs/istio-on-gke/overview). Istio on GKE creates all the necessary k8s resources to run Istio, we do not have a reference to them in Pulumi. In order to setup TLS and configure domains, the docs recommend us to edit the existing resources. We can do this with Pulumi via an import, but (if I've understood correctly) this means we cannot build our setup with a single
    pulumi up
    . Instead, we need one
    pulumi up
    where the
    import
    simply reflects the existing resource, and then another one where we edit the code to change the resource. We've verified this multi-stage flow works, but it feels clunky (currently we have to manually edit the code between the first and second pulumi up). Are there any tricks we can use to combine into a single stage? One thought was that maybe there is a variable that denotes whether or not the resource is already referenced. Then we could run pulumi twice, and use a switch statement to distinguish the two cases. Feels very hacky though.
    w
    • 2
    • 3
  • a

    able-crayon-21563

    01/27/2020, 9:52 PM
    Am trying to install cert-manager using its default manifest:
    const certManagerResources = new k8s.yaml.ConfigFile("cm", { 
        file: `<https://github.com/jetstack/cert-manager/releases/download/v0.13.0/cert-manager.yaml>`
    })
    Am finding that the preview hangs. v1.9.0. Thoughts?
    g
    • 2
    • 1
  • l

    limited-rainbow-51650

    01/28/2020, 9:49 AM
    I’m creating a Kubernetes Secret with Pulumi, and the secret information is added to the Secret in clear text as an annotation. Is this Pulumi who does this??? Code:
    const privatePullCredentials = new kubernetes.core.v1.Secret('dockerprivatepull', {
        type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
        metadata: {
            namespace: namespace.metadata.name
        },
        stringData: {
            ".dockerconfigjson": config
                .requireSecret("docker-hub-token")
                .apply(value => {
                    return JSON.stringify({
                        auths: {
                            "<https://index.docker.io/v1/>": {
                                auth: value
                            }
                        }
                    })
                })
        }
    });
    Output:
    kubectl get secret dockerprivatepull-s2nimzmf --namespace=apps --output=yaml                                             master ● ↓2  10:43:53
    apiVersion: v1
    data:
      .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsiYXV0aCI6ImRlOWM1NTgyLTM4ZTMtNGY1Mi04ZTFhLTk0NzgzNWQ2ZTc5YyJ9fX0=
    kind: Secret
    metadata:
      annotations:
        <http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>: |
          {"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{"<http://pulumi.com/autonamed|pulumi.com/autonamed>":"true"},"labels":{"<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>":"pulumi"},"name":"dockerprivatepull-s2nimzmf","namespace":"apps"},"stringData":{".dockerconfigjson":"{\"auths\":{\"<https://index.docker.io/v1/>\":{\"auth\":\"<clear text secret here!!!>"}}}"},"type":"<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>"}
        <http://pulumi.com/autonamed|pulumi.com/autonamed>: "true"
      creationTimestamp: "2020-01-28T09:43:00Z"
      labels:
        <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: pulumi
      name: dockerprivatepull-s2nimzmf
      namespace: osimis
      resourceVersion: "935549"
      selfLink: /api/v1/namespaces/osimis/secrets/dockerprivatepull-s2nimzmf
      uid: c19731a4-45e9-414a-8a04-fb92ce5f05bd
    type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
    b
    g
    • 3
    • 19
  • l

    limited-rainbow-51650

    01/28/2020, 9:50 AM
    It must be because when I create the Secret via
    kubectl
    , the whole annotation isn’t there (as it should be)
  • p

    purple-coat-77714

    01/28/2020, 5:11 PM
    Hi all, I’ve been trying to share a generated kubeconfig practically copied from https://github.com/pulumi/examples/blob/master/gcp-ts-gke/cluster.ts between stacks. Following the https://www.pulumi.com/docs/intro/concepts/organizing-stacks-projects/#inter-stack-dependencies guide gets me the right kubeconfig variable in another stack. Only when I try to connect to the same cluster from the other stack I get the following error:
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get https://<DIFFERENT_IP_THAN_CLUSTER>/openapi/v2?timeout=32s: dial tcp <DIFFERENT_IP_THAN_CLUSTER>:443: i/o timeout
    . It seems like I’m missing a step, did anyone encounter this before?
    g
    • 2
    • 5
  • m

    millions-judge-24978

    01/28/2020, 11:33 PM
    Did @pulumi/eks
    0.18.19
    release inadvertently?
    b
    • 2
    • 15
  • b

    bitter-dentist-28132

    01/29/2020, 6:10 PM
    is there a way to get a clusterip service's internal ip, or can you only get the ip of a loadbalancer service?
    g
    • 2
    • 3
  • a

    able-crayon-21563

    01/29/2020, 9:37 PM
    Is it possible to obtain the value of an externally-managed
    Secret
    resource, to be used as a
    pulumi.Input<>
    in my program? (without using stack references)
    g
    • 2
    • 10
  • h

    hundreds-receptionist-31352

    01/30/2020, 12:14 PM
    Hi there! , somebody know how to add annotations using helm + k8s , I'm using nginx-ingress chart , and I need to add these:
  • h

    hundreds-receptionist-31352

    01/30/2020, 12:14 PM
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "True" service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-type: nlb
  • b

    better-rainbow-14549

    01/30/2020, 12:28 PM
    you can use a transformation on the chart
  • b

    better-rainbow-14549

    01/30/2020, 12:29 PM
    https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/helm/v2/#ChartOpts-transformations
  • h

    hundreds-receptionist-31352

    01/30/2020, 12:32 PM
    Thanks Oliverh , Do you have some example to follow?
  • b

    better-rainbow-14549

    01/30/2020, 12:34 PM
    i was just trying to find one but couldnt sorry
  • b

    better-rainbow-14549

    01/30/2020, 12:35 PM
    ah: https://github.com/pulumi/pulumi-kubernetes/issues/217#issuecomment-459105809
  • h

    hundreds-receptionist-31352

    01/30/2020, 12:38 PM
    thanks I will try
  • h

    hundreds-receptionist-31352

    01/30/2020, 3:30 PM
    very complicated , I just found another solution
  • h

    hundreds-receptionist-31352

    01/30/2020, 3:30 PM
    values : { controller: { service: { annotations: { "service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled": "True", "service.beta.kubernetes.io/aws-load-balancer-internal": "true", "service.beta.kubernetes.io/aws-load-balancer-type": "nlb" } } } }
  • h

    hundreds-receptionist-31352

    01/30/2020, 3:30 PM
    just if someone needs
  • b

    breezy-photographer-54783

    01/30/2020, 5:57 PM
    are there any k8s friendly pulumi DevOps engineers looking for a remote gig?
  • g

    gorgeous-egg-16927

    02/04/2020, 6:29 PM
    message has been deleted
  • h

    hundreds-restaurant-18469

    02/09/2020, 7:40 PM
    Any idea when the next release will ship? Really looking forward to the YAML rendering for the k8s resources PR that just got merged 2 days ago. https://github.com/pulumi/pulumi-kubernetes/pull/936
    g
    b
    • 3
    • 9
  • a

    adamant-intern-63433

    02/09/2020, 8:57 PM
    How is a change on a resource that comes with helm chart version update determined as replace or update?
    i
    • 2
    • 5
  • l

    limited-rainbow-51650

    02/10/2020, 1:46 PM
    This should be working code from @gorgeous-egg-16927. But when I create a secret using a Docker Hub Personal Access Token as the Pulumi secret
    docker-hub-token
    and refer to it from my deployment, I get an error:
    Failed to pull image "<my private image name here>": illegal base64 data at input byte 8
    Am I still missing something?
    • 1
    • 2
  • g

    gorgeous-egg-16927

    02/10/2020, 4:18 PM
    message has been deleted
    👍 4
  • a

    able-crayon-21563

    02/11/2020, 1:56 AM
    Hello, I’m having a problem where K8s resources are being needlessly replaced during an update. Pulumi 0.10.1. Ideas? The output suggests that the
    k8s.Provider
    that I supply to those resources is being flagged as changing. For example:
    ├─ kubernetes:core:Namespace           foobar        replace     [diff: ~provider]
    Seems the provider urn is changing:
    [provider: urn:pulumi:proto::example::pulumi:providers:kubernetes::cluster-proto::35fb4c9f-c17e-4685-9459-ad432be24927 => urn:pulumi:proto::example::pulumi:providers:kubernetes::cluster-proto::f0e50e3c-7584-479a-bf2f-484379ca4f24]
    To be clear, the program flow is to create a GKE cluster, synthesize a kubeconfig, create a
    Provider
    based on it, and then create a
    Namespace
    with
    {provider: ...}
    .
    g
    • 2
    • 6
  • h

    hundreds-portugal-17080

    02/12/2020, 6:33 AM
    Hello, I have a eks cluster with helm charts creating statefulsets. I need help in 2 things regarding aws tags: 1. How can I add aws tags for resources creating by pulumi? This also includes ebs volumes created by pulumi. 2. Also, is there any way to add aws tags for statefulsets? Stateful sets are managed by us. When I add tags to eks.Cluster. I can see it adding to only ec2.
    g
    b
    • 3
    • 3
  • h

    hundreds-portugal-17080

    02/12/2020, 6:44 AM
    Another question: Is there any way to instruct in pulumi to also remove PV's created by statefulset? if not, do you recommend us to delete the statefulset, pv using kubectl and then execute pulumi destroy?
    g
    • 2
    • 2
  • a

    able-crayon-21563

    02/12/2020, 5:25 PM
    Hello, I am sorry to report that the “invoke” fix in 1.5.3 is regressing the use of
    provider
    in the
    ConfigFile
    . It seems to use the ambient kube provider.
    g
    • 2
    • 11
Powered by Linen
Title
a

able-crayon-21563

02/12/2020, 5:25 PM
Hello, I am sorry to report that the “invoke” fix in 1.5.3 is regressing the use of
provider
in the
ConfigFile
. It seems to use the ambient kube provider.
I bet that this example would demonstrate the issue: https://github.com/pulumi/kubernetes-guides/blob/91f57c393fd9e5c14c74c7d087e3b08a8d919bae/gcp/03-cluster-configuration/index.ts If one were to add a
ConfigFile
to the mix.
g

gorgeous-egg-16927

02/12/2020, 5:58 PM
Hi Eron, I responded on the issue. I wasn’t able to reproduce this behavior. Can you open an issue with more details on your setup?
a

able-crayon-21563

02/12/2020, 5:59 PM
Can you post your example? then I can compare.
One complication in my program is, I use a
pulumi.ComponentResource
to wrap the
ConfigFile
. i.e.
provider
is set on the
ComponentResource
, and the
ConfigFile
simply uses
parent
. Could that be it?
g

gorgeous-egg-16927

02/12/2020, 6:02 PM
https://gist.github.com/lblackstone/ba195626add2551f98ea6bfd346550fc
Yeah, could be specific to ComponentResource
a

able-crayon-21563

02/12/2020, 6:04 PM
To make your example fit, the guestbook would be wrapped in a ComponentResouce.
g

gorgeous-egg-16927

02/12/2020, 6:10 PM
Testing this now:
export class TestComponentResource extends pulumi.ComponentResource {
    constructor(name: string,
                opts: pulumi.ComponentResourceOptions = {}) {
        super("test:kubernetes-ts:TestComponentResource", name, {}, opts);

        new k8s.yaml.ConfigFile("guestbook",
            {file: "guestbook.yaml"}, {parent: this}
        );
    }
}

new TestComponentResource("test", {provider: gkeCluster.provider});
That worked for me as well
a

able-crayon-21563

02/12/2020, 6:16 PM
OK, thanks very much for investigating, I’ll try to make a repro based on your script. One error I noticed in mine is that I didn’t have the
parent
set on the provider; I had
dependsOn
.
g

gorgeous-egg-16927

02/12/2020, 6:17 PM
Sounds good, thanks
View count: 5