Hey im using EKS to create a cluster, and then creating a namespace and some secrets the general flow look something like this

const cluster = new aws.eks.Cluster("cluster", {...})
     const namespace = new k8s.core.v1.Namespace("dev-namespace", {...})
    const secret = new k8s.core.v1.Secret("dev-secret", {...})

this works when im devleoping locally but when my CI pipeline tries to run

pulumi up

i get error like this

error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable

can someone point me to some docs on what this KUBERNETES_MASTER environment variable is? or how to pass the cluster credentials from

new eks.Cluster()

to the

new k8s.Namespace()

call?

hello does any one have experience Crossplane that can share a comparison with Pulumi's CRD, Pulumi over HTTP, the Pulumi operator, and what not?

Hi, when using the golang bindings it only seems to create local resource files rather than apply them to my cluster... what am I missing?

i have a eks cluster that is in the state but not on AWS, im trying to delete it in my pulumi state, but when i delete try to delete the cluster with the urn, it gives me an error saying there are dependent resources. when i try to delete the dependent resources it says the urn’s dont exist. the error message look like this

pulumi state delete urn:pulumi:main::infra::eks:index:Cluster::cluster --force  
error: This resource can't be safely deleted because the following resources depend on it:
 * "cluster-eksClusterSecurityGroup" (urn:pulumi:main::infra::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-eksClusterSecurityGroup)
 * "cluster-eksRole" (urn:pulumi:main::infra::eks:index:Cluster$eks:index:ServiceRole::cluster-eksRole)
 * "cluster-instanceRole" (urn:pulumi:main::infra::eks:index:Cluster$eks:index:ServiceRole::cluster-instanceRole)

is the string in brackets the urn? this error message also looks weird to me, the urn is different in the error message?

➜  infra git:(main) ✗ pulumi state delete --force  urn:pulumi:main::infra::eks:index:Cluster$kubernetes:<http://storage.k8s.io/v1:StorageClass::cluster-gp2|storage.k8s.io/v1:StorageClass::cluster-gp2>
 warning: This command will edit your stack's state directly. Confirm? Yes
error: No such resource "urn:pulumi:main::infra::eks:index:Clusterer-gp2" exists in the current state

is it possible to define/update imagePullSecrets for the default service account of a namespace via pulumi?

I guess not easily 😕 https://pulumi-community.slack.com/archives/CRFURDVQB/p1625121659309500?thread_ts=1624993877.298900&cid=CRFURDVQB

In my pulumi Golang code, I create an AWS IAM user & IAM accessKey. I then try to create a k8s secrete from the accessKey. How do I do that? I guess I will need to base64 encode accessKey.ID(), accessKey.serete, accessKey.ID() type of IDOutput. Can it be casted to StringOutput? Has anybody got an example how to do this (any language is fine, but preferably in Golang).

Hey, we create a CR for an operator on Kubernetes. The operator then creates other resources which we would like to consume in pulumi with something like “k8s.core.v1.Secret.get()“. Now the issue is Pulumi successfully creates the CR but the Operator needs some time to operate and create the final resources (in this case the secret). Therefore Pulumi tries to get a resource which does not exist and fails. Now the question: The operator updates the CR with a label called status. Is there a way for pulumi to “wait” for a specific label update on a resource so that the “k8s.core.v1.Secret.get()” can depend on it? Or is it possible to retry getting the Secret resource for a specific time?

Is there a way to diff what the underlying yaml to be applied to a k8s cluster on

pulumi up

? Something like

pulumi up --diff

?

I've noticed that pulumi won't restart my pods when I deploy or update a deployment. Should I expect pulumi to run something like

kubectl rollout restart...

or similar? If not, how do you usually go about this?

i created a eks cluster with pulumi and everything works so far, but when i try to connect to the cluster with

eksctl

it says no cluster found, even tho the region is correct. have anyone had similar issues before?

also just trying to understand whats going on, when i go to the aws console, under the eks cluster theres no node groups even tho i created one with pulumi. is that expected? what was the artifact that was actually created?

Has anyone run into this issue on AKS? https://github.com/pulumi/pulumi-kubernetes/issues/1690

is it possible to use https://github.com/pulumi/pulumi-query-kubernetes with a kuberentes provider, so that it doesnt depend on the local $KUBECONFIG?

Hey guys. Anyone got a working example of Linode Lke provider configuration for me? Trying to set this up in python, but need a little more information regarding what the object looks like.

Is it possible to change a resource deployed in another stack? Like from a stack reference? In this case i want to modify the tcp ports configmap of nginx controller

hi, having a problem here with nodes not being able to communicate with the dns service on another node. wondering if it’s the security group policy thats causing the problem. I used eks.Cluster to create my cluster and eks.NodeGroup to create a nodeGroup for the cluster. is it looks like a security group is created automatically when i do that. do i need to do anything else? to elaborate a bit more, my problem is pods running on nodes without the dns service cannot reach the dns service at all.

Hi. I am having issues installing the 

cert-manager

 Helm chart and setting up a LetsEncrypt cluster issuer using Pulumi in our Azure Kubernetes cluster. We are using Kubernetes version 1.21.2 and cert-manager. 1.5.3. When running

pulumi up

I get the following error:

kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer> (cert-manager-letsencrypt):
    error: creation of resource cert-manager/letsencrypt failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind "ClusterIssuer" in version "<http://cert-manager.io/v1|cert-manager.io/v1>"
    error: update failedaToolsCertManager                 cert-manager

When running 

pulumi up

 again it succeeds and the letsencrypt ClusterIssuer is correctly created. I don't want to have to run 

pulumi up

 consecutive times to reach a successful deployment. Can anyone see what the issue is here?

Hi. Is it possible to use

render_yaml_to_directory

without it affecting the state of my k8s cluster?

I have a bug in my pulumi code where a k8s custom resource (argo events sensor) was created without explicitly specifying a provider. Basically in this case it will use whatever the current k8s context as the provider. This leads to corruption (accidentally overwritten) in our production k8s cluster when we meant to deploy to a test cluster. Now, when I try to fix with explicit k8sprovider using "pulumi up", it try to replace the resource, but I got this error: error: resource xxxxx was not successfully created by the Kubernetes API server : xxxxxxx already exists I guess this happened because the replacement is try to create a new one first, and delete the old one. This of course will not work. What is best way to recover from this situation? Should pulumi be smart enough to detect that the explicitly specified k8s provider is the same as the default one used before and just simply ignore this?

Sharing this here in case it gets more traction 🙂

I’m using eks.Cluster to deploy a k8s cluster. I’d like to use calico vxlan for ipam, which means I need to delete the aws-node daemonset and then apply the calico-vxlan manifests prior to building the first nodegroup. is there a way to deploy the eks infra up to that point, ensure the daemonset doesn’t exist, and then subsequently deploy the remaining aspects of my stack? (ideally all during a single pulumi up invocation)

hey guys, is there a way to make pulumi skip crd installation when installing a helm chart?, edit: guess I could use transformations to do it. edit2: nevermind, there’s a parameter called_`skip_crd_rendering`_ in the

ChartOpts

initializer. 😄

Anyone know how to do the equivalent of

--set-file

on a k8s.helm.v3.Chart? Regular

--set

is done through

ChartOpts.values

, but its unclear to me how to supply a file as value. Am trying to get an install of Linkerd via Helm going, by porting https://linkerd.io/2.10/tasks/install-helm/ to Pulumi code

Anyone ever did storageclasses with volume expansion enabled and scaling a PVC? Pulumi does replacements instead of updates when i change the request size.

Hey everyone, how can I get the namespace property back from a helm chart deployment? https://www.pulumi.com/docs/reference/pkg/kubernetes/helm/v3/chart/#outputs claims that all input properties are ouputs, but there's no

redis.namespace

property. I want to retrieve it from the helm chart output as I need to ensure the secret retrieval for

redisPassword

happens after the helm chart has deployed.

const redis = new k8s.helm.v3.Chart("tyk-redis", {
        fetchOpts:{
            repo: "<https://charts.bitnami.com/bitnami>",
        },
        repo: "bitnami",
        chart: "redis",
        namespace: tykFargateProfile.selectors.apply(selectors => selectors[0].namespace)
    });

    const redisPassword = k8s.core.v1.Secret.get("redisPassword", `${/*namespace here*/}/tyk-redis`).data.apply(data => data["redis-password"]);

hey, how do you update coredns-custom with pulumi?

@gorgeous-egg-16927 would it be possible to get a review on https://github.com/pulumi/pulumi-kubernetes/pull/1706/ ?

So, I have a race condition present in one of my Pulumi programs, and I'm trying to figure out if there's a way to solve this problem. Basically, I have a

Deployment

that uses a

ConfigMap

, and also snags the

name

property of the

ConfigMap

for injecting as an environment variable. The abbreviated code is:

const myConfigMap = new k8s.core.v1.ConfigMap(...);
const deployment = new k8s.apps.v1.Deployment(
  "my-deployment",
  {
    spec: {
      template: {
        spec: {
          containers: [
            {
              name: "example",
              env: [
                {
                  name: "CONFIG_MAP_NAME",
                  value: myConfigMap.metadata.name,
                },
              ],
            },
          ],
        },
      },
    },
  },
);

My problem is that when I'm running an update, Pulumi does: 1. Create new

myConfigMap

. 2. Delete old

myConfigMap

. 3. Run update on

deployment

, including changes to point to new

myConfigMap

. This leaves a period of time between step 2 ending and step 3 ending where the injected name in my old version of

deployment

no longer points to a valid

ConfigMap

in our namespace. What I want to have Pulumi do is reverse steps 2 & 3: 1. Create new

myConfigMap

. 2. Run update on

deployment

, including changes to point to new

myConfigMap

. 3. Delete old

myConfigMap

. Is there a way to do this in Pulumi (have cleanup / deletion happen conditional on other resource updates completing)?

I'm using a pulumi ts codebase to deploy a helm chart that I've been running directly via helm cmds for a while. Pulumi successfully deploys the helm charts and all functions and health indicators perform as desired. I appear to be running into a superficial issue where pulumi believes the ingress objects are orphaned with no associated service backends however the ingress and services are functioning correctly to provide my api and webui components perfectly. REPO: https://github.com/usrbinkat/pulumi-kongee-on-k8s Bug / in flight troubleshooting details: https://github.com/usrbinkat/pulumi-kongee-on-k8s/issues/1