https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • s

    some-king-80791

    08/05/2021, 3:28 PM
    Hi. Does anyone know how to change
    apiVersion
    field for apiextentions.CustomResource? I tried out specifying
    aliases
    option, but it didn't help..
    b
    w
    • 3
    • 14
  • f

    faint-dog-16036

    08/05/2021, 5:57 PM
    I want to do something like: given a kubernetes provider, query for all of the nodes currently in the cluster. Is that possible? I saw
    @pulumi/query-kubernetes
    , but it doesn't seem like I can set a k8s provider or custom kubeconfig using that library.
    s
    • 2
    • 1
  • p

    purple-plumber-90981

    08/06/2021, 1:28 AM
    is there a way to depend on a subresource of a pululmi.helm.v3.Chart for subsequent resources ?
    b
    b
    • 3
    • 20
  • q

    quiet-state-42882

    08/06/2021, 11:55 PM
    Is it possible to save the kubeconfig to a file when running pulumi up?
    b
    w
    • 3
    • 2
  • a

    ancient-megabyte-79588

    08/09/2021, 5:57 PM
    Hello everyone, I'm wondering if anyone has an article or example on provisioning a HorizontalPodAutoscaler via pulumi.
    b
    • 2
    • 3
  • n

    narrow-judge-54785

    08/10/2021, 11:36 AM
    is it possible to check with pulumi when a pod is ready? I have a deployments that depends on another pod's endpoint to be ready before it starts. We use Typescript to configure our pulumi deployments.
    g
    • 2
    • 1
  • m

    microscopic-animal-41955

    08/10/2021, 5:59 PM
    Is it possible to get all of the public IP addresses in a cluster? In other words: given a kubeconfig, can I fetch all the nodes via pulumi?
    g
    b
    • 3
    • 14
  • l

    little-journalist-4778

    08/10/2021, 6:24 PM
    is it possible to use a transformation function with an output? I need to add an annotation with a arn value
    • 1
    • 1
  • c

    cold-coat-35200

    08/13/2021, 11:50 AM
    hi, how can I unset a default object value in helm values? e.g. https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L189 metrics does not have an enable field, but has a default value for Prometheus, the chart handles the case when metrics are not defined, but I can't figure out how to unset in pulumi TS. Tried to set
    metrics: {}
    ,
    metrics: ''
    ,
    metrics: null
    in values, but none of them helps. Transformations did not help either, because it runs after template generation and I don't want to remove the unnecessary fields one by one.
    g
    • 2
    • 4
  • b

    busy-journalist-6936

    08/13/2021, 2:58 PM
    How do you avoid URN duplication when deploying 2 of the same helm charts on a single cluster? THESE are my current
    k8s.helm.v3.chart
    snippets. It seems like I may need to learn how the aliases work due to URN collision as I'm getting the following error:
    Diagnostics:
          kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> (<http://kongplugins.configuration.konghq.com|kongplugins.configuration.konghq.com>):
            error: Duplicate resource URN 'urn:pulumi:KongHybridGatewayOnEKS::Gateway::kubernetes:<http://helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::kongplugins.configuration.konghq.com';|helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::kongplugins.configuration.konghq.com';> try giving it a unique name
    r
    • 2
    • 20
  • r

    ripe-shampoo-80285

    08/15/2021, 10:45 PM
    I'm trying to create a service account for a cluster autoscaler with an annotation using the following pulumi code: saCA, err := corev1.NewServiceAccount(ctx, clusterAutoScalerName, &corev1.ServiceAccountArgs{ Metadata: &metav1.ObjectMetaArgs{ Namespace: pulumi.String("kube-system"), Name: pulumi.String(clusterAutoScalerName), Annotations: pulumi.StringMap{ "eks.amazonaws.com/role-arn": clusterAutoScalerSARole.Arn, }, }, }) However, when I describe the service account, the Annotation is not there: ➜ infra git:(master) ✗ kubectl describe serviceaccount cluster-autoscaler -n kube-system Name: cluster-autoscaler-aws-cluster-autoscaler Namespace: kube-system Labels: app.kubernetes.io/instance=cluster-autoscaler app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=aws-cluster-autoscaler helm.sh/chart=cluster-autoscaler-9.9.2 Annotations: meta.helm.sh/release-name: cluster-autoscaler meta.helm.sh/release-namespace: kube-system Image pull secrets: <none> Mountable secrets: cluster-autoscaler-aws-cluster-autoscaler-token-lvr88 Tokens: cluster-autoscaler-aws-cluster-autoscaler-token-lvr88 Events: <none> Anybody know what might be wrong?
    b
    • 2
    • 6
  • c

    cold-coat-35200

    08/16/2021, 8:08 AM
    Any idea?
    g
    • 2
    • 1
  • d

    dry-teacher-74595

    08/19/2021, 9:04 PM
    Hey im using EKS to create a cluster, and then creating a namespace and some secrets the general flow look something like this
    const cluster = new aws.eks.Cluster("cluster", {...})
         const namespace = new k8s.core.v1.Namespace("dev-namespace", {...})
        const secret = new k8s.core.v1.Secret("dev-secret", {...})
    this works when im devleoping locally but when my CI pipeline tries to run
    pulumi up
    i get error like this
    error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
    can someone point me to some docs on what this KUBERNETES_MASTER environment variable is? or how to pass the cluster credentials from
    new eks.Cluster()
    to the
    new k8s.Namespace()
    call?
    s
    b
    b
    • 4
    • 7
  • b

    best-summer-38252

    08/19/2021, 11:56 PM
    hello does any one have experience Crossplane that can share a comparison with Pulumi's CRD, Pulumi over HTTP, the Pulumi operator, and what not?
    l
    • 2
    • 5
  • b

    breezy-bear-50708

    08/20/2021, 12:38 PM
    Hi, when using the golang bindings it only seems to create local resource files rather than apply them to my cluster... what am I missing?
    • 1
    • 4
  • d

    dry-teacher-74595

    08/22/2021, 7:55 PM
    i have a eks cluster that is in the state but not on AWS, im trying to delete it in my pulumi state, but when i delete try to delete the cluster with the urn, it gives me an error saying there are dependent resources. when i try to delete the dependent resources it says the urn’s dont exist. the error message look like this
    pulumi state delete urn:pulumi:main::infra::eks:index:Cluster::cluster --force  
    error: This resource can't be safely deleted because the following resources depend on it:
     * "cluster-eksClusterSecurityGroup" (urn:pulumi:main::infra::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-eksClusterSecurityGroup)
     * "cluster-eksRole" (urn:pulumi:main::infra::eks:index:Cluster$eks:index:ServiceRole::cluster-eksRole)
     * "cluster-instanceRole" (urn:pulumi:main::infra::eks:index:Cluster$eks:index:ServiceRole::cluster-instanceRole)
    is the string in brackets the urn? this error message also looks weird to me, the urn is different in the error message?
    ➜  infra git:(main) ✗ pulumi state delete --force  urn:pulumi:main::infra::eks:index:Cluster$kubernetes:<http://storage.k8s.io/v1:StorageClass::cluster-gp2|storage.k8s.io/v1:StorageClass::cluster-gp2>
     warning: This command will edit your stack's state directly. Confirm? Yes
    error: No such resource "urn:pulumi:main::infra::eks:index:Clusterer-gp2" exists in the current state
    s
    b
    • 3
    • 7
  • b

    brainy-lion-38675

    08/23/2021, 2:10 PM
    is it possible to define/update imagePullSecrets for the default service account of a namespace via pulumi?
  • b

    brainy-lion-38675

    08/23/2021, 2:36 PM
    I guess not easily 😕 https://pulumi-community.slack.com/archives/CRFURDVQB/p1625121659309500?thread_ts=1624993877.298900&amp;cid=CRFURDVQB
  • r

    ripe-shampoo-80285

    08/23/2021, 3:57 PM
    In my pulumi Golang code, I create an AWS IAM user & IAM accessKey. I then try to create a k8s secrete from the accessKey. How do I do that? I guess I will need to base64 encode accessKey.ID(), accessKey.serete, accessKey.ID() type of IDOutput. Can it be casted to StringOutput? Has anybody got an example how to do this (any language is fine, but preferably in Golang).
    b
    g
    • 3
    • 4
  • c

    colossal-car-2729

    08/25/2021, 9:51 AM
    Hey, we create a CR for an operator on Kubernetes. The operator then creates other resources which we would like to consume in pulumi with something like “k8s.core.v1.Secret.get()“. Now the issue is Pulumi successfully creates the CR but the Operator needs some time to operate and create the final resources (in this case the secret). Therefore Pulumi tries to get a resource which does not exist and fails. Now the question: The operator updates the CR with a label called status. Is there a way for pulumi to “wait” for a specific label update on a resource so that the “k8s.core.v1.Secret.get()” can depend on it? Or is it possible to retry getting the Secret resource for a specific time?
    g
    • 2
    • 2
  • s

    straight-cartoon-24485

    08/25/2021, 8:55 PM
    Is there a way to diff what the underlying yaml to be applied to a k8s cluster on
    pulumi up
    ? Something like
    pulumi up --diff
    ?
    b
    • 2
    • 5
  • b

    billowy-vr-96461

    08/26/2021, 6:19 PM
    I've noticed that pulumi won't restart my pods when I deploy or update a deployment. Should I expect pulumi to run something like
    kubectl rollout restart...
    or similar? If not, how do you usually go about this?
    s
    • 2
    • 12
  • d

    dry-teacher-74595

    08/26/2021, 10:48 PM
    i created a eks cluster with pulumi and everything works so far, but when i try to connect to the cluster with
    eksctl
    it says no cluster found, even tho the region is correct. have anyone had similar issues before?
  • d

    dry-teacher-74595

    08/26/2021, 11:29 PM
    also just trying to understand whats going on, when i go to the aws console, under the eks cluster theres no node groups even tho i created one with pulumi. is that expected? what was the artifact that was actually created?
  • e

    eager-hydrogen-72542

    08/27/2021, 12:36 PM
    Has anyone run into this issue on AKS? https://github.com/pulumi/pulumi-kubernetes/issues/1690
  • c

    colossal-car-2729

    08/27/2021, 2:13 PM
    is it possible to use https://github.com/pulumi/pulumi-query-kubernetes with a kuberentes provider, so that it doesnt depend on the local $KUBECONFIG?
  • a

    alert-mechanic-59024

    08/29/2021, 11:54 AM
    Hey guys. Anyone got a working example of Linode Lke provider configuration for me? Trying to set this up in python, but need a little more information regarding what the object looks like.
  • p

    proud-pizza-80589

    08/30/2021, 9:27 AM
    Is it possible to change a resource deployed in another stack? Like from a stack reference? In this case i want to modify the tcp ports configmap of nginx controller
  • d

    dry-teacher-74595

    08/31/2021, 7:47 PM
    hi, having a problem here with nodes not being able to communicate with the dns service on another node. wondering if it’s the security group policy thats causing the problem. I used eks.Cluster to create my cluster and eks.NodeGroup to create a nodeGroup for the cluster. is it looks like a security group is created automatically when i do that. do i need to do anything else? to elaborate a bit more, my problem is pods running on nodes without the dns service cannot reach the dns service at all.
    b
    • 2
    • 9
  • r

    rapid-soccer-18092

    09/01/2021, 6:29 AM
    Hi. I am having issues installing the 
    cert-manager
     Helm chart and setting up a LetsEncrypt cluster issuer using Pulumi in our Azure Kubernetes cluster. We are using Kubernetes version 1.21.2 and cert-manager. 1.5.3. When running
    pulumi up
    I get the following error:
    kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer> (cert-manager-letsencrypt):
        error: creation of resource cert-manager/letsencrypt failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "ClusterIssuer" in version "<http://cert-manager.io/v1|cert-manager.io/v1>"
        error: update failedaToolsCertManager                 cert-manager
    When running 
    pulumi up
     again it succeeds and the letsencrypt ClusterIssuer is correctly created. I don't want to have to run 
    pulumi up
     consecutive times to reach a successful deployment. Can anyone see what the issue is here?
    b
    s
    • 3
    • 7
Powered by Linen
Title
r

rapid-soccer-18092

09/01/2021, 6:29 AM
Hi. I am having issues installing the 
cert-manager
 Helm chart and setting up a LetsEncrypt cluster issuer using Pulumi in our Azure Kubernetes cluster. We are using Kubernetes version 1.21.2 and cert-manager. 1.5.3. When running
pulumi up
I get the following error:
kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer> (cert-manager-letsencrypt):
    error: creation of resource cert-manager/letsencrypt failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "ClusterIssuer" in version "<http://cert-manager.io/v1|cert-manager.io/v1>"
    error: update failedaToolsCertManager                 cert-manager
When running 
pulumi up
 again it succeeds and the letsencrypt ClusterIssuer is correctly created. I don't want to have to run 
pulumi up
 consecutive times to reach a successful deployment. Can anyone see what the issue is here?
See my StackOverflow post for the stack code https://stackoverflow.com/questions/69008739/creation-of-resource-cert-manager-letsencrypt-failed-because-the-kubernetes-api
b

bored-table-20691

09/01/2021, 6:31 AM
There’s some prior chats about certmanager specifically and the dependency piece
r

rapid-soccer-18092

09/01/2021, 6:54 AM
So from what I can it has something to do with child dependencies of the chart not being ready
b

bored-table-20691

09/01/2021, 6:55 AM
I believe so, that was always the conclusion. I don’t know much about the C# SDK specifically, but it may expose the list of all child resources and you can wait on that specifically, as opposed to the HelmChart resource itself.
r

rapid-soccer-18092

09/01/2021, 8:09 AM
I'm really struggling to figure out the SDK API to do this ... will post my updates
s

steep-toddler-94095

09/01/2021, 3:41 PM
in the ClusterIssuer I have (in TypeScript)
dependsOn: chart.resources.apply((m) => Object.values(m))
b

bored-table-20691

09/01/2021, 5:10 PM
I believe Go also exposes all the
Resources
View count: 6