bright-sandwich-93783
06/29/2021, 7:11 PMmany-address-46260
06/29/2021, 9:25 PMimportant-sandwich-62391
06/29/2021, 11:24 PM+ kubernetes:apps/v1:Deployment: (create)
[urn=urn:pulumi:sandbox-usw2a::app-60-app::kubernetes:apps/v1:Deployment::be-innkeeper-deployment]
[provider=urn:pulumi:sandbox-usw2a::app-60-app::pulumi:providers:kubernetes::k8s::15e3e6ce-24ca-419c-a449-3238c4372aa6]
apiVersion: "apps/v1"
kind : "Deployment"
metadata : {
labels : {
<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: "pulumi"
}
name : "be-innkeeper"
namespace: "default"
}
spec : "[secret]"
bright-sandwich-93783
06/30/2021, 11:53 PMbright-sandwich-93783
06/30/2021, 11:53 PMcorev1.GetServiceAccount
which requires a Pulumi IDdry-motorcycle-32519
07/01/2021, 8:47 AMmany-helicopter-89037
07/01/2021, 6:27 PMwordpress.getResourceProperty("v1/Service", "wpdev-wordpress", "status");
This approach doesn't work when some charts like kube-prometheus truncates the long resource names. For example chart creates two different service names based on pulumi resource name.
new k8s.helm.v3.Chart(
`kube-prometheus-example`,
...
)
new k8s.helm.v3.Chart(
`kube-prometheus-example1`,
...
)
generates following Services..
kube-prometheus-example-kube-alertmanager
kube-prometheus-example1-kub-alertmanager
In such cases I cannot lookup the service its created..worried-city-86458
07/01/2021, 11:31 PMcolossal-battery-24701
07/03/2021, 6:35 AMdependsOn
to the custom resources but that does not help. Is there any example where I see dependent k8s resources being created from different files. Also, I am using typescript. Any help is highly appreciated.curved-doctor-83600
07/04/2021, 2:38 PMbored-monitor-99026
07/06/2021, 6:10 AMPulumi works well with modern “immutable infrastructure” architectures, where bootstrapping and patching are unnecessary. In such cases, configuration management is not needed in the usual sense.hi! how does immutable infra works with persistent storage in k8s? please see this example: i have deployed a statefulset application on k8s, whose pods and persistent volume live on a node(machine). now i am going to do some system update to that machine(node). for “immutable infrastructure”, it will destroy the old one, which will definitely leave my app in error state. i believe ppl who designed "immutable infra" already figured a elegant solution for the above. can someone share your thoughts here? thanks!
bright-sandwich-93783
07/06/2021, 2:04 PMbright-sandwich-93783
07/06/2021, 9:47 PMbored-monitor-99026
07/07/2021, 6:48 AMsome-twilight-56575
07/07/2021, 3:25 PMstale-nail-78326
07/07/2021, 7:00 PMk8s.helm.v3.Chart
values
parameter. I suspect it happens because one of the keys is datasources.yaml
which contains a .
and may be expanded to something the helm chart does not understand.
This YAML works when installing the chart not using Pulumi:
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: "Cinnamon Prometheus"
type: prometheus
access: proxy
url: <http://prometheus-server.default.svc.cluster.local>
editable: true
But it fails when using Pulumi (typescript api):
new k8s.helm.v3.Chart(
"grafana",
{
chart: "grafana",
fetchOpts: {
repo: "<https://grafana.github.io/helm-charts>",
},
values: {
datasources: {
"datasources.yaml": {
apiVersion: 1,
datasources: {
name: "Cinnamon Prometheus",
type: "prometheus",
access: "proxy",
url: "<http://prometheus-server.default.svc.cluster.local>",
editable: true,
},
},
},
},
},
{ provider: clusterProvider },
);
proud-pizza-80589
07/08/2021, 11:53 AMproud-pizza-80589
07/09/2021, 7:01 AMimportant-sandwich-62391
07/09/2021, 2:07 PMbored-table-20691
07/09/2021, 8:47 PM+-kubernetes:core/v1:Secret: (replace)
[id=itay9/odas-secrets-o46s05yb]
[urn=urn:pulumi:tenant-itay9::okera-trial-tenants::kubernetes:core/v1:Secret::odas-secrets]
[provider=urn:pulumi:tenant-itay9::okera-trial-tenants::pulumi:providers:kubernetes::k8s-ssa-provider::b438617b-1a9e-4bd4-94f4-9ab2a01529a2]
~ stringData: {
~ SYSTEM_TOKEN: "[secret]" => "[secret]"
}
In the code, the secret is created like this:
...
StringData: pulumi.StringMap{
...,
"SYSTEM_TOKEN": systemToken,
and systemToken
is defined like this:
systemToken := pulumi.All(jwtKey.PrivateKeyPem).ApplyT(
func(args []interface{}) (string, error) {
...
},
).(pulumi.StringOutput)
This would all make sense if there was an update in systemToken
, but there isn’t - that’s not one of the resources that Pulumi is saying requires an update.
Any idea why this might be the case? How do I debug something like this?important-sandwich-62391
07/12/2021, 6:15 PMENABLE_POD_ENI
environment variable? Any ideas on how to best do this with Pulumi?
The AWS documentation says to run ”
kubectl set env daemonset aws-node -n kube-system ENABLE_POD_ENI=true
worried-city-86458
07/13/2021, 3:51 AMworried-city-86458
07/13/2021, 5:11 PMDiagnostics:
pulumi:pulumi:Stack (k8s-dev):
could not get token: RequestError: send request failed
caused by: Post <https://sts.amazonaws.com/>: dial tcp: lookup <http://sts.amazonaws.com|sts.amazonaws.com> on 192.168.65.5:53: no such host
could not get token: RequestError: send request failed
caused by: Post <https://sts.amazonaws.com/>: dial tcp: lookup <http://sts.amazonaws.com|sts.amazonaws.com> on 192.168.65.5:53: no such host
error: update failed
kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> (appmesh-system/appmesh-controller-selfsigned-issuer):
error: Delete "https://[REDACTED].<http://gr7.us-west-2.eks.amazonaws.com/apis/cert-manager.io/v1alpha2/namespaces/appmesh-system/issuers/appmesh-controller-selfsigned-issuer|gr7.us-west-2.eks.amazonaws.com/apis/cert-manager.io/v1alpha2/namespaces/appmesh-system/issuers/appmesh-controller-selfsigned-issuer>": getting credentials: exec: executable
aws-iam-authenticator failed with exit code 1
error: post-step event returned an error: failed to save snapshot: performing HTTP request: Patch "<https://api.pulumi.com/api/stacks/pharos/k8s/dev/update/27f96f11-ba00-4a38-b812-1a87d668ec8b/checkpoint>": dial tcp: lookup
<http://api.pulumi.com|api.pulumi.com> on 192.168.65.5:53: no such host
Resources:
- 199 deleted
Duration: 2h44m7s
During the hang I checked resources and the aws appmesh controller and cert manager controllers had already been deleted.
I didn't think it would matter since I didn't see any finalizers or owner refs associated with the <http://cert-manager.io/v1/Issuer|cert-manager.io/v1/Issuer>
resource being deleted, but maybe I'm missing something?
Looks like this is due to https://github.com/pulumi/pulumi-kubernetes/issues/861better-shampoo-48884
07/14/2021, 10:48 AMerror: Duplicate resource URN 'urn:pulumi:prod.k8s.devsecops::baseline-k8s::app:k8s:foundation$kubernetes:<http://helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition::{uniquevar}-kongconsumers.configuration.konghq.com';|helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition::{uniquevar}-kongconsumers.configuration.konghq.com';> try giving it a unique name
where {uniquevar} is an alphanumeric stringbetter-shampoo-48884
07/14/2021, 10:49 AMlemon-monkey-228
07/14/2021, 2:29 PMpulumi refresh
as I hadn’t used this repo/stack in a while and it seems to have untracked all of my k8s resourceslemon-monkey-228
07/14/2021, 2:29 PMpulumi preview
/ pulumi up
, it’s trying to create them from freshlemon-monkey-228
07/14/2021, 2:29 PMbland-cat-29878
07/16/2021, 1:07 PMproud-pizza-80589
07/18/2021, 1:55 PM