I have argo events and argo workflows installed in EKS, but pulumi doesn't provide any interface for creating argo customer resources, such as workflows, event sources, sensors and triggers etc. I know pulumi provide a tool called crd2pulumi to generates APIs based on any customer defined resources YAML files. Just wondering if anybody has tried that with argo events/argo workflows CRDs. Any knowledge sharing will be appreciated!

Is there a way to get an object not created by Pulumi in code?, I'm trying to get the token for an SA created via Pulumi (the secret is automatically created by kubernetes), but the method (Go code) requires a Pulumi ID, I can provde some code samples if required

Anybody encountered this issue with "pulumi destroy"? Diagnostics: pulumipulumiStack (infra-devops): error: update failed awseksCluster (devops-eks-eksCluster): error: post-step event returned an error: failed to save snapshot: [403] The provided update token has expired.

How can I recover from this?

It says: Once you have confirmed the status of the interrupted operations, you can repair your stack using 'pulumi stack export' to export your stack to a file. For each operation that succeeded, remove that operation from the "pending_operations" section of the file. Once this is complete, use 'pulumi stack import' to import the repaired stack.

How do I know which operation succeed? Do I just check each resources in the AWS console? Cannot pulumi do that automatically?

Okay, answer my own question. I checked the aws console and the pending resources are gone. So, just removed from the pending_operations section and import. It recovered. Still it might make senses for pulumi to automatically detect that and still not sure how got the update token has expired in the first place.

Anybody used argo workflows and argo events here?

I’m trying to follow the EKS tutorial https://www.pulumi.com/docs/guides/crosswalk/aws/eks/ and running into this error right out of they gate when I try to provision the cluster. Isn’t it supposed to install into the default VPC? What am I missing?

(venv) a  devops git:(master) ✗ pulumi up
Previewing update (dev):
     Type                                   Name                                Plan       Info
     pulumi:pulumi:Stack                    devops-dev                        4 errors
 +   └─ eks:index:Cluster                   test-cluster                        create
 +      ├─ eks:index:ServiceRole            test-cluster-eksRole                create
 +      │  ├─ aws:iam:Role                  test-cluster-eksRole-role           create
 +      │  ├─ aws:iam:RolePolicyAttachment  test-cluster-eksRole-90eb1c99       create
 +      │  └─ aws:iam:RolePolicyAttachment  test-cluster-eksRole-4b490823       create
 +      ├─ eks:index:ServiceRole            test-cluster-instanceRole           create
 +      │  ├─ aws:iam:Role                  test-cluster-instanceRole-role      create
 +      │  ├─ aws:iam:RolePolicyAttachment  test-cluster-instanceRole-03516f97  create
 +      │  ├─ aws:iam:RolePolicyAttachment  test-cluster-instanceRole-e1b295bd  create
 +      │  └─ aws:iam:RolePolicyAttachment  test-cluster-instanceRole-3eb088f2  create
 +      ├─ eks:index:RandomSuffix           test-cluster-cfnStackName           create
 +      └─ aws:iam:InstanceProfile          test-cluster-instanceProfile        create

Diagnostics:
  pulumi:pulumi:Stack (devops-dev):
    error: Error: invocation of aws:ec2/getVpc:getVpc returned an error: invoking aws:ec2/getVpc:getVpc: 1 error occurred:
        * no matching VPC found
          
# ...... Long stacktace continues

I used Pulumi to create an EKS cluster in another AWS account using an assumed role. But

pulumi up

failed when trying to create kubernetes objects afterward, as part of the same stack. How can I access the EKS cluster I just created?

Hi folks, i’m seeking to understand a pulumi behaviour. I deploy both the “aws efs csi driver” and “aws load balancer controller” via helm (pulumi wrapped helm) and every time i “pulumi up” these resources get replaced/updated regardless of the fact the code is unchanged…. all thoughts and learning welcome, code snippets in thread

is there a pulumi equivalent means of getting the output of

helm template --debug

to generate the template final state yaml before deploying ?

So I'm using a utility to convert a

tls.PrivateKey

pem

into

openssh

format and throwing it into a k8s secret using

stringData

The issue is that pulumi thinks the secret changes every single update (despite it remaining stable), and so it recreates the secret every time. Anyone run into this?

Okay, first pulumi experience, I have EKS building with my index.ts, I wanted to also deploy a helm chart as part of my base platform IaC. Can

k8s.helm.v3.Chart

inherit the credentials for the cluster it built? How do I go from building the cluster to also deploying stuff to it? if I manually pull the kubeconfig (future will be oidc) and re-run

pulumi up

everything deploys fine. index.ts LINK

I recently started getting this error, haven't updated anything; not the cluster nor any dependecies:

getting credentials: exec plugin is configured to use API version <http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>, plugin returned version <http://client.authentication.k8s.io/v1beta1|client.authentication.k8s.io/v1beta1>

. Can it be pulumi related?

Using digital ocean I keep getting the following error when attempting

pulumi up

: 404 could not find version. Any thoughts on what might be causing this? Would it be pulumi or digital ocean?

Hoping someone has some ideas, trying to deploy EKS using python based off some of the examples provided in the pulumi docs. Running into an issue when manually creating a nodegroup.

Diagnostics:
  pulumi:pulumi:Stack (eks-test-dev):
    error: Program failed with an unhandled exception:
    error: Traceback (most recent call last):
      File "/Users/username/Documents/Projects/infrastracture/eks-test/venv/lib/python3.9/site-packages/pulumi/runtime/resource.py", line 519, in do_rpc_call
        return monitor.RegisterResource(req)
      File "/Users/username/Documents/Projects/infrastracture/eks-test/venv/lib/python3.9/site-packages/grpc/_channel.py", line 946, in __call__
        return _end_unary_response_blocking(state, call, False, None)
      File "/Users/username/Documents/Projects/infrastracture/eks-test/venv/lib/python3.9/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking
        raise _InactiveRpcError(state)
    grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
    	status = StatusCode.UNKNOWN
    	details = "'dependsOn' was passed a value that was not a Resource."
    	debug_error_string = "{"created":"@1628011197.637119000","description":"Error received from peer ipv4:127.0.0.1:62720","file":"src/core/lib/surface/call.cc","file_line":1070,"grpc_message":"'dependsOn' was passed a value that was not a Resource.","grpc_status":2}"

Hi everyone! When I setup a eks cluster with pulumi in aws I get

"Container runtime not ready: cni not initialized".

This can be solved by running

export kubever=$(kubectl version | base64 | tr -d '\n')

and

kubectl apply -f "<https://cloud.weave.works/k8s/net?k8s-version=$kubever>"

. This obviously requires manual input which doesnt work for a automatic cicd pipeline, so Id love to do it in the declaration of the cluster with pulumi. I could hand in a recreation of the used .yaml file as

ClusterRole

and

ClusterRoleBinding

, but that would lead to very large, hardly readable codeblock and would require manual changes when the kubernetes version changes. Which leads me to my question: Is there a better way to handle the network initialization?

Hi. Does anyone know how to change

apiVersion

field for apiextentions.CustomResource? I tried out specifying

aliases

option, but it didn't help..

I want to do something like: given a kubernetes provider, query for all of the nodes currently in the cluster. Is that possible? I saw

@pulumi/query-kubernetes

, but it doesn't seem like I can set a k8s provider or custom kubeconfig using that library.

is there a way to depend on a subresource of a pululmi.helm.v3.Chart for subsequent resources ?

Is it possible to save the kubeconfig to a file when running pulumi up?

Hello everyone, I'm wondering if anyone has an article or example on provisioning a HorizontalPodAutoscaler via pulumi.

is it possible to check with pulumi when a pod is ready? I have a deployments that depends on another pod's endpoint to be ready before it starts. We use Typescript to configure our pulumi deployments.

Is it possible to get all of the public IP addresses in a cluster? In other words: given a kubeconfig, can I fetch all the nodes via pulumi?

is it possible to use a transformation function with an output? I need to add an annotation with a arn value

hi, how can I unset a default object value in helm values? e.g. https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L189 metrics does not have an enable field, but has a default value for Prometheus, the chart handles the case when metrics are not defined, but I can't figure out how to unset in pulumi TS. Tried to set

metrics: {}

,

metrics: ''

,

metrics: null

in values, but none of them helps. Transformations did not help either, because it runs after template generation and I don't want to remove the unnecessary fields one by one.

How do you avoid URN duplication when deploying 2 of the same helm charts on a single cluster? THESE are my current

k8s.helm.v3.chart

snippets. It seems like I may need to learn how the aliases work due to URN collision as I'm getting the following error:

Diagnostics:
      kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> (<http://kongplugins.configuration.konghq.com|kongplugins.configuration.konghq.com>):
        error: Duplicate resource URN 'urn:pulumi:KongHybridGatewayOnEKS::Gateway::kubernetes:<http://helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::kongplugins.configuration.konghq.com';|helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::kongplugins.configuration.konghq.com';> try giving it a unique name

I'm trying to create a service account for a cluster autoscaler with an annotation using the following pulumi code: saCA, err := corev1.NewServiceAccount(ctx, clusterAutoScalerName, &corev1.ServiceAccountArgs{ Metadata: &metav1.ObjectMetaArgs{ Namespace: pulumi.String("kube-system"), Name: pulumi.String(clusterAutoScalerName), Annotations: pulumi.StringMap{ "eks.amazonaws.com/role-arn": clusterAutoScalerSARole.Arn, }, }, }) However, when I describe the service account, the Annotation is not there: ➜ infra git:(master) ✗ kubectl describe serviceaccount cluster-autoscaler -n kube-system Name: cluster-autoscaler-aws-cluster-autoscaler Namespace: kube-system Labels: app.kubernetes.io/instance=cluster-autoscaler app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=aws-cluster-autoscaler helm.sh/chart=cluster-autoscaler-9.9.2 Annotations: meta.helm.sh/release-name: cluster-autoscaler meta.helm.sh/release-namespace: kube-system Image pull secrets: <none> Mountable secrets: cluster-autoscaler-aws-cluster-autoscaler-token-lvr88 Tokens: cluster-autoscaler-aws-cluster-autoscaler-token-lvr88 Events: <none> Anybody know what might be wrong?

Any idea?