When changing a name of a dynamic provide, the deployment attempts to replace all resoruces with ' [diff: ~provider]' and fails on the first of them (namespace), is there any workaround?

We've setup our kubernetes cluster following the standard pulumi-kubernetes tutorial, which use

_const_ engineVersion = gcp.container.getEngineVersions().latestMasterVersion

to get the engineVersion. Now we need to add a node pool, but because the

latestMasterVersion

has increased, the

pulumi preview

suggests that the cluster need to be updated because the

minMasterVersion

has increased. Couple of questions here - (i) will pulumi be able to do this without deleting and then re-creating the cluster (ii) in general, is there any way we can know ahead of time whether or not pulumi will destroy and recreate the cluster, versus just updating it in some way?

if i create a deployment with replicas: 0 pulumi sits waiting for something to come alive forever

I’m adding a

livenessProbe

to my setup. Here is a snippet:

livenessProbe: {
    httpGet: {
        path: '/auth',
        port: 80
    },
    initialDelaySeconds: 300,
    timeoutSeconds: 5
}

But when looking at the details of

pulumi up

, I see this:

~ livenessProbe : {
    ~ httpGet: {
      }
  }

The details of the

httpGet

are not displayed. Known issue?

with this diff on a deployment (migrating from kubernetes.apps.v1beta1.Deployment to kubernetes.apps.v1.Deployment)

… I’m seeing the same resource listed to replace twice 😛 is that intentional?

“details” look like this:

posting here instead of in a github issue because I want to understand if this makes sense, or if it’s a bug

In the Pulumi Helm Wordpress example, I read this note: The Tiller server is not required to be installed. Pulumi will expand the Helm Chart and submit the expanded YAML to the cluster. Is this always the case? What if you have Helm charts which depend on this server expansion?

Hello, we are using ConfigGroup with namespace transformation. When we try

pulumi preview

, we will see previous namespace in name. It's bug or wanted behavior? Situation:

export function initPrometheusService(namespace: string) {
    new k8s.yaml.ConfigGroup(
        "prometheus-service-deploy",
        {
            files: [
                join(getPath(), "tinky-winky.yaml"),
                join(getPath(), "dipsy.yaml"),
                join(getPath(), "laa-laa.yaml"),
                join(getPath(), "po.yaml")
            ]
        },
        {
            parent: aks,
            transformations: [
                (obj: any) => {
                    const metadata = obj.props?.metadata;
                    if (!metadata) {
                        return;
                    }
                    metadata.namespace = "evils";
                    return obj;
                }
            ]
        }
    );
}

When previous namespace is telletubies and I want new namespace as evils. I will see name, which namespace as before transformation, (telletubies/RESOURCE_NAME) in preview (or pulumi up - preview part).

is there a way to set the availability zone of an eks cluster? when trying to create a cluster in us-east-1 i get:

Cannot create cluster 'asp-staging-eksCluster-9deaa44' because us-east-1e, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f

Pfff, why are people still writing Helm charts. With some proper magic, one could even generate a Helm chart from your Pulumi code…

Nevertheless,

kubernetes.yaml.ConfigFile

and

kubernetes.helm.v2.Chart

does wonders for the time being.

How are you all deploying

istio

within

k8s

using

pulumi

? Especially with the new recommended way of using

istioctl

over

helm

?

Istio

and

helm

don’t work very well together IMO.

hi community! i have a question about using pulumi config secrets as k8s secrets. if i create a pulumi config secret and i want to use that as a k8s secret (in python via):

secret_key = Secret(
    "my-secret-key",
    data={"secret-key": config.require_secret("mySecretKey")}
)

i see that it doesnt base64 encode the value when i run

pulumi up

and look at the resource manually via

kubectl get secret -oyaml my-secret-key-<hash>

. is this intentional? or am i doing something wrong? my current workaround is to base64 encode the secret before running

pulumi config set --secret mySecret <value>

hi. can anyone help with this, please? can't install any helm charts

would really appreciate some help with that. everything else with pulumi works completely fine. it's just helm charts not working at all and am having to install them manually right now

Hey community, does anyone have any tips for trying to learn kubernetes-python? It's really hard to find examples online / I'm unsure how to test or troubleshoot the code. Right now I'm trying the following: https://github.com/Robinsane/PulumiStart Any help is hugely appreciated!

I am using eks and version 1.14 and helm charts are based of 1.14. Have been seen these warnings when performing pulumi up. Am I doing something wrong?

I have a pulumi Kubernetes namespace. I deploy a Helm chart via Pulumi and afterwards want access to one of the resources. I use

chart.getResource("v1/Service, mynamespace.metadata.name, "my-service")

in my code to get access to the service resource, but this doesn’t seem to work because the namespace needs to be a

string

, not an

Output

. How can I get the string the pulumi way? I tried with

mynamespace.metadata.name.apply(value => +value)

but that didn’t work.

Hello! Yesterday I was trying to import some resources from my k8s clusters (Service Account, ClusterRole and ClusterRoleBinding) but I ran into some issues, where the import command could not find the resource definitions (

rules

of the ClusterRole and

roleRef

and

subjects

of the ClusterRoleBinding), so it failed to import. I could workaround the issue by exporting and importing the resources with

kubectl

. The only difference I noticed it that now the resource had the

<http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>

annotation. Is it the expected behavior? It seems odd to me to depend on an specific tool annotation for doing the import? (I understand that is an official tool, but it does not mean it is the only tool that creates resources in the cluster). I see that the support for this annotation was added on version `0.25.1`: https://github.com/pulumi/pulumi-kubernetes/blob/master/CHANGELOG.md#0251-july-2-2019 Maybe the issue is in the logic of "parsing the live inputs"? https://github.com/pulumi/pulumi-kubernetes/blob/9ea9de0398c48c79abb9ce68004a8a551b98ad7e/pkg/provider/provider.go#L2237 @microscopic-florist-22719 @white-balloon-205 @gentle-diamond-70147

im curious if anyone else has seen this aside from me. i’m trying to use a remote yaml in a resource using the python sdk

from pulumi_kubernetes.yaml import ConfigFile

cert_manager_resources = ConfigFile('cert-manager',
    file_id='<https://github.com/jetstack/cert-manager/releases/download/v0.13.1/cert-manager.yaml>')

but when i run

pulumi preview

i get an exception:

Exception: Exception deserializing response!

I have created a Kubernetes Ingress using the following code.

import * as k8s from "@pulumi/kubernetes";

const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...

An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like

import * as aws from "@pulumi/aws";

const httpListener = new aws.lb.Listener("httpListener", {

but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL. Should this be solved with the

Listener

object or maybe

Ingress

or

IngressList

?

got a strange issue where a service doesn't exist on a cluster, but it's in the state and

pulumi refresh

won't clear it. when it comes to update i just get:

error: update of resource nightly/nginx failed because the Kubernetes API server reported that it failed to fully initialize or become live: services "nginx" not found

are transformations unable to set

obj.metadata.annotations

? I'm trying to set the annotations of the aws cluster autoscaler as per https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html#ca-deploy, but it seems those annotations never make it to the actual created deployment object. i'm loading from a

yaml.ConfigFile

fwiw

NO! A warning about an unreachable K8s cluster should not remove the resource from the Pulumi state!

Diagnostics:
  kubernetes:apps:Deployment (ingress-gloo-qq119b7f/discovery):
     warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get https://<mycluster>.<http://azmk8s.io:443/openapi/v2?timeout=32s|azmk8s.io:443/openapi/v2?timeout=32s>: net/http: TLS handshake timeout
... 15 more times
...
Resources:
    - 15 deleted
    69 unchanged

Nothing of that Helm chart deployment is actually deleted!

Can you guys give me some tips on how to deploy a kubernetes cluster using rancher2? I'm looking at the rancher2 documentation (https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/rancher2/), but I don't how to start.