https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • b

    bored-river-53178

    02/13/2020, 12:08 PM
    When changing a name of a dynamic provide, the deployment attempts to replace all resoruces with ' [diff: ~provider]' and fails on the first of them (namespace), is there any workaround?
    • 1
    • 4
  • m

    many-lock-25065

    02/13/2020, 5:14 PM
    We've setup our kubernetes cluster following the standard pulumi-kubernetes tutorial, which use
    _const_ engineVersion = gcp.container.getEngineVersions().latestMasterVersion
    to get the engineVersion. Now we need to add a node pool, but because the
    latestMasterVersion
    has increased, the
    pulumi preview
    suggests that the cluster need to be updated because the
    minMasterVersion
    has increased. Couple of questions here - (i) will pulumi be able to do this without deleting and then re-creating the cluster (ii) in general, is there any way we can know ahead of time whether or not pulumi will destroy and recreate the cluster, versus just updating it in some way?
    g
    • 2
    • 2
  • b

    better-rainbow-14549

    02/14/2020, 2:41 PM
    if i create a deployment with replicas: 0 pulumi sits waiting for something to come alive forever
    g
    • 2
    • 2
  • l

    limited-rainbow-51650

    02/17/2020, 11:17 AM
    I’m adding a
    livenessProbe
    to my setup. Here is a snippet:
    livenessProbe: {
        httpGet: {
            path: '/auth',
            port: 80
        },
        initialDelaySeconds: 300,
        timeoutSeconds: 5
    }
    But when looking at the details of
    pulumi up
    , I see this:
    ~ livenessProbe : {
        ~ httpGet: {
          }
      }
    The details of the
    httpGet
    are not displayed. Known issue?
    w
    s
    • 3
    • 7
  • b

    broad-helmet-79436

    02/17/2020, 4:23 PM
    with this diff on a deployment (migrating from kubernetes.apps.v1beta1.Deployment to kubernetes.apps.v1.Deployment)
  • b

    broad-helmet-79436

    02/17/2020, 4:23 PM
    … I’m seeing the same resource listed to replace twice 😛 is that intentional?
  • b

    broad-helmet-79436

    02/17/2020, 4:24 PM
    “details” look like this:
  • b

    broad-helmet-79436

    02/17/2020, 4:24 PM
    posting here instead of in a github issue because I want to understand if this makes sense, or if it’s a bug
    w
    • 2
    • 3
  • l

    limited-rainbow-51650

    02/18/2020, 3:38 PM
    In the Pulumi Helm Wordpress example, I read this note: The Tiller server is not required to be installed. Pulumi will expand the Helm Chart and submit the expanded YAML to the cluster. Is this always the case? What if you have Helm charts which depend on this server expansion?
    g
    • 2
    • 3
  • l

    limited-rainbow-51650

    02/18/2020, 3:39 PM
    https://www.pulumi.com/docs/tutorials/kubernetes/wordpress-chart/
  • c

    creamy-forest-42826

    02/19/2020, 7:35 AM
    Hello, we are using ConfigGroup with namespace transformation. When we try
    pulumi preview
    , we will see previous namespace in name. It's bug or wanted behavior? Situation:
    export function initPrometheusService(namespace: string) {
        new k8s.yaml.ConfigGroup(
            "prometheus-service-deploy",
            {
                files: [
                    join(getPath(), "tinky-winky.yaml"),
                    join(getPath(), "dipsy.yaml"),
                    join(getPath(), "laa-laa.yaml"),
                    join(getPath(), "po.yaml")
                ]
            },
            {
                parent: aks,
                transformations: [
                    (obj: any) => {
                        const metadata = obj.props?.metadata;
                        if (!metadata) {
                            return;
                        }
                        metadata.namespace = "evils";
                        return obj;
                    }
                ]
            }
        );
    }
    When previous namespace is telletubies and I want new namespace as evils. I will see name, which namespace as before transformation, (telletubies/RESOURCE_NAME) in preview (or pulumi up - preview part).
    g
    • 2
    • 5
  • b

    bitter-dentist-28132

    02/19/2020, 4:15 PM
    is there a way to set the availability zone of an eks cluster? when trying to create a cluster in us-east-1 i get:
    Cannot create cluster 'asp-staging-eksCluster-9deaa44' because us-east-1e, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f
    g
    b
    • 3
    • 6
  • l

    limited-rainbow-51650

    02/19/2020, 8:18 PM
    Pfff, why are people still writing Helm charts. With some proper magic, one could even generate a Helm chart from your Pulumi code…
  • l

    limited-rainbow-51650

    02/19/2020, 8:19 PM
    Nevertheless,
    kubernetes.yaml.ConfigFile
    and
    kubernetes.helm.v2.Chart
    does wonders for the time being.
    🎉 4
  • c

    chilly-photographer-60932

    02/19/2020, 11:58 PM
    How are you all deploying
    istio
    within
    k8s
    using
    pulumi
    ? Especially with the new recommended way of using
    istioctl
    over
    helm
    ?
    Istio
    and
    helm
    don’t work very well together IMO.
    m
    g
    • 3
    • 9
  • a

    ambitious-fireman-71676

    02/20/2020, 9:29 PM
    hi community! i have a question about using pulumi config secrets as k8s secrets. if i create a pulumi config secret and i want to use that as a k8s secret (in python via):
    secret_key = Secret(
        "my-secret-key",
        data={"secret-key": config.require_secret("mySecretKey")}
    )
    i see that it doesnt base64 encode the value when i run
    pulumi up
    and look at the resource manually via
    kubectl get secret -oyaml my-secret-key-<hash>
    . is this intentional? or am i doing something wrong? my current workaround is to base64 encode the secret before running
    pulumi config set --secret mySecret <value>
    g
    • 2
    • 2
  • q

    quaint-book-39362

    02/22/2020, 4:14 AM
    hi. can anyone help with this, please? can't install any helm charts
  • q

    quaint-book-39362

    02/22/2020, 4:14 AM
    https://github.com/pulumi/pulumi-kubernetes/issues/993
  • q

    quaint-book-39362

    02/22/2020, 8:30 PM
    would really appreciate some help with that. everything else with pulumi works completely fine. it's just helm charts not working at all and am having to install them manually right now
    w
    • 2
    • 9
  • f

    faint-vase-19563

    02/23/2020, 10:23 AM
    Hey community, does anyone have any tips for trying to learn kubernetes-python? It's really hard to find examples online / I'm unsure how to test or troubleshoot the code. Right now I'm trying the following: https://github.com/Robinsane/PulumiStart Any help is hugely appreciated!
  • h

    hundreds-portugal-17080

    02/24/2020, 2:25 AM
    I am using eks and version 1.14 and helm charts are based of 1.14. Have been seen these warnings when performing pulumi up. Am I doing something wrong?
    Untitled
    g
    • 2
    • 2
  • l

    limited-rainbow-51650

    02/24/2020, 1:51 PM
    I have a pulumi Kubernetes namespace. I deploy a Helm chart via Pulumi and afterwards want access to one of the resources. I use
    chart.getResource("v1/Service, mynamespace.metadata.name, "my-service")
    in my code to get access to the service resource, but this doesn’t seem to work because the namespace needs to be a
    string
    , not an
    Output
    . How can I get the string the pulumi way? I tried with
    mynamespace.metadata.name.apply(value => +value)
    but that didn’t work.
    b
    • 2
    • 1
  • p

    plain-businessperson-30883

    02/24/2020, 4:11 PM
    Hello! Yesterday I was trying to import some resources from my k8s clusters (Service Account, ClusterRole and ClusterRoleBinding) but I ran into some issues, where the import command could not find the resource definitions (
    rules
    of the ClusterRole and
    roleRef
    and
    subjects
    of the ClusterRoleBinding), so it failed to import. I could workaround the issue by exporting and importing the resources with
    kubectl
    . The only difference I noticed it that now the resource had the
    <http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>
    annotation. Is it the expected behavior? It seems odd to me to depend on an specific tool annotation for doing the import? (I understand that is an official tool, but it does not mean it is the only tool that creates resources in the cluster). I see that the support for this annotation was added on version `0.25.1`: https://github.com/pulumi/pulumi-kubernetes/blob/master/CHANGELOG.md#0251-july-2-2019 Maybe the issue is in the logic of "parsing the live inputs"? https://github.com/pulumi/pulumi-kubernetes/blob/9ea9de0398c48c79abb9ce68004a8a551b98ad7e/pkg/provider/provider.go#L2237 @microscopic-florist-22719 @white-balloon-205 @gentle-diamond-70147
    g
    • 2
    • 2
  • a

    ambitious-fireman-71676

    02/25/2020, 2:18 AM
    im curious if anyone else has seen this aside from me. i’m trying to use a remote yaml in a resource using the python sdk
    from pulumi_kubernetes.yaml import ConfigFile
    
    cert_manager_resources = ConfigFile('cert-manager',
        file_id='<https://github.com/jetstack/cert-manager/releases/download/v0.13.1/cert-manager.yaml>')
    but when i run
    pulumi preview
    i get an exception:
    Exception: Exception deserializing response!
    g
    • 2
    • 9
  • s

    salmon-ghost-86211

    02/25/2020, 1:17 PM
    I have created a Kubernetes Ingress using the following code.
    import * as k8s from "@pulumi/kubernetes";
    
    const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...
    An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like
    import * as aws from "@pulumi/aws";
    
    const httpListener = new aws.lb.Listener("httpListener", {
    but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL. Should this be solved with the
    Listener
    object or maybe
    Ingress
    or
    IngressList
    ?
  • b

    better-rainbow-14549

    02/26/2020, 4:53 PM
    got a strange issue where a service doesn't exist on a cluster, but it's in the state and
    pulumi refresh
    won't clear it. when it comes to update i just get:
    error: update of resource nightly/nginx failed because the Kubernetes API server reported that it failed to fully initialize or become live: services "nginx" not found
  • b

    bitter-dentist-28132

    02/27/2020, 5:51 PM
    are transformations unable to set
    obj.metadata.annotations
    ? I'm trying to set the annotations of the aws cluster autoscaler as per https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html#ca-deploy, but it seems those annotations never make it to the actual created deployment object. i'm loading from a
    yaml.ConfigFile
    fwiw
    w
    • 2
    • 3
  • l

    limited-rainbow-51650

    03/02/2020, 4:34 PM
    NO! A warning about an unreachable K8s cluster should not remove the resource from the Pulumi state!
    Diagnostics:
      kubernetes:apps:Deployment (ingress-gloo-qq119b7f/discovery):
         warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get https://<mycluster>.<http://azmk8s.io:443/openapi/v2?timeout=32s|azmk8s.io:443/openapi/v2?timeout=32s>: net/http: TLS handshake timeout
    ... 15 more times
    ...
    Resources:
        - 15 deleted
        69 unchanged
    Nothing of that Helm chart deployment is actually deleted!
    g
    • 2
    • 21
  • a

    abundant-smartphone-52752

    03/02/2020, 7:44 PM
    Can you guys give me some tips on how to deploy a kubernetes cluster using rancher2? I'm looking at the rancher2 documentation (https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/rancher2/), but I don't how to start.
  • h

    handsome-cat-98152

    03/03/2020, 10:42 AM
    message has been deleted
    b
    • 2
    • 3
Powered by Linen
Title
h

handsome-cat-98152

03/03/2020, 10:42 AM
message has been deleted
b

better-rainbow-14549

03/03/2020, 10:51 AM
export class Certificate extends kubernetes.apiextensions.CustomResource {
    constructor(
        name: string,
        namespace: pulumi.Input<string>,
        domains: pulumi.Input<string>[],
        issuer: CertificateIssuer,
        secretName: pulumi.Input<string> = name
    ) {
        super(
            name,
            {
                apiVersion: "<http://certmanager.k8s.io/v1alpha1|certmanager.k8s.io/v1alpha1>",
                kind: "Certificate",
                metadata: {
                    name: name,
                    namespace: namespace
                },
                spec: {
                    secretName: secretName,
                    dnsNames: domains,
                    acme: {
                        config: issuer.configuration.map(x => ({
                            ...x,
                            domains: domains
                        }))
                    },
                    issuerRef: {
                        name: issuer.name,
                        kind: issuer.kind
                    }
                }
            },
            {
                provider: issuer.provider
            }
        );
    }
}
👍 1
i've done that and it works
h

handsome-cat-98152

03/03/2020, 12:26 PM
thank you very much, that was really insightful!
👍 1
View count: 6