broad-helmet-79436
02/17/2020, 4:23 PMbroad-helmet-79436
02/17/2020, 4:23 PMbroad-helmet-79436
02/17/2020, 4:24 PMbroad-helmet-79436
02/17/2020, 4:24 PMlimited-rainbow-51650
02/18/2020, 3:38 PMlimited-rainbow-51650
02/18/2020, 3:39 PMcreamy-forest-42826
02/19/2020, 7:35 AMpulumi preview
, we will see previous namespace in name. It's bug or wanted behavior?
Situation:
export function initPrometheusService(namespace: string) {
new k8s.yaml.ConfigGroup(
"prometheus-service-deploy",
{
files: [
join(getPath(), "tinky-winky.yaml"),
join(getPath(), "dipsy.yaml"),
join(getPath(), "laa-laa.yaml"),
join(getPath(), "po.yaml")
]
},
{
parent: aks,
transformations: [
(obj: any) => {
const metadata = obj.props?.metadata;
if (!metadata) {
return;
}
metadata.namespace = "evils";
return obj;
}
]
}
);
}
When previous namespace is telletubies and I want new namespace as evils. I will see name, which namespace as before transformation, (telletubies/RESOURCE_NAME) in preview (or pulumi up - preview part).bitter-dentist-28132
02/19/2020, 4:15 PMCannot create cluster 'asp-staging-eksCluster-9deaa44' because us-east-1e, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f
limited-rainbow-51650
02/19/2020, 8:18 PMlimited-rainbow-51650
02/19/2020, 8:19 PMkubernetes.yaml.ConfigFile
and kubernetes.helm.v2.Chart
does wonders for the time being.chilly-photographer-60932
02/19/2020, 11:58 PMistio
within k8s
using pulumi
? Especially with the new recommended way of using istioctl
over helm
? Istio
and helm
don’t work very well together IMO.ambitious-fireman-71676
02/20/2020, 9:29 PMsecret_key = Secret(
"my-secret-key",
data={"secret-key": config.require_secret("mySecretKey")}
)
i see that it doesnt base64 encode the value when i run pulumi up
and look at the resource manually via kubectl get secret -oyaml my-secret-key-<hash>
. is this intentional? or am i doing something wrong? my current workaround is to base64 encode the secret before running pulumi config set --secret mySecret <value>
quaint-book-39362
02/22/2020, 4:14 AMquaint-book-39362
02/22/2020, 4:14 AMquaint-book-39362
02/22/2020, 8:30 PMfaint-vase-19563
02/23/2020, 10:23 AMhundreds-portugal-17080
02/24/2020, 2:25 AMlimited-rainbow-51650
02/24/2020, 1:51 PMchart.getResource("v1/Service, mynamespace.metadata.name, "my-service")
in my code to get access to the service resource, but this doesn’t seem to work because the namespace needs to be a string
, not an Output
. How can I get the string the pulumi way? I tried with mynamespace.metadata.name.apply(value => +value)
but that didn’t work.plain-businessperson-30883
02/24/2020, 4:11 PMrules
of the ClusterRole and roleRef
and subjects
of the ClusterRoleBinding), so it failed to import. I could workaround the issue by exporting and importing the resources with kubectl
. The only difference I noticed it that now the resource had the <http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>
annotation.
Is it the expected behavior? It seems odd to me to depend on an specific tool annotation for doing the import? (I understand that is an official tool, but it does not mean it is the only tool that creates resources in the cluster).
I see that the support for this annotation was added on version `0.25.1`: https://github.com/pulumi/pulumi-kubernetes/blob/master/CHANGELOG.md#0251-july-2-2019
Maybe the issue is in the logic of "parsing the live inputs"? https://github.com/pulumi/pulumi-kubernetes/blob/9ea9de0398c48c79abb9ce68004a8a551b98ad7e/pkg/provider/provider.go#L2237
@microscopic-florist-22719 @white-balloon-205 @gentle-diamond-70147ambitious-fireman-71676
02/25/2020, 2:18 AMfrom pulumi_kubernetes.yaml import ConfigFile
cert_manager_resources = ConfigFile('cert-manager',
file_id='<https://github.com/jetstack/cert-manager/releases/download/v0.13.1/cert-manager.yaml>')
but when i run pulumi preview
i get an exception:
Exception: Exception deserializing response!
salmon-ghost-86211
02/25/2020, 1:17 PMimport * as k8s from "@pulumi/kubernetes";
const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...
An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like
import * as aws from "@pulumi/aws";
const httpListener = new aws.lb.Listener("httpListener", {
but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL.
Should this be solved with the Listener
object or maybe Ingress
or IngressList
?better-rainbow-14549
02/26/2020, 4:53 PMpulumi refresh
won't clear it. when it comes to update i just get:
error: update of resource nightly/nginx failed because the Kubernetes API server reported that it failed to fully initialize or become live: services "nginx" not found
bitter-dentist-28132
02/27/2020, 5:51 PMobj.metadata.annotations
? I'm trying to set the annotations of the aws cluster autoscaler as per https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html#ca-deploy, but it seems those annotations never make it to the actual created deployment object. i'm loading from a yaml.ConfigFile
fwiwlimited-rainbow-51650
03/02/2020, 4:34 PMDiagnostics:
kubernetes:apps:Deployment (ingress-gloo-qq119b7f/discovery):
warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get https://<mycluster>.<http://azmk8s.io:443/openapi/v2?timeout=32s|azmk8s.io:443/openapi/v2?timeout=32s>: net/http: TLS handshake timeout
... 15 more times
...
Resources:
- 15 deleted
69 unchanged
Nothing of that Helm chart deployment is actually deleted!abundant-smartphone-52752
03/02/2020, 7:44 PMbetter-rainbow-14549
03/03/2020, 10:51 AMexport class Certificate extends kubernetes.apiextensions.CustomResource {
constructor(
name: string,
namespace: pulumi.Input<string>,
domains: pulumi.Input<string>[],
issuer: CertificateIssuer,
secretName: pulumi.Input<string> = name
) {
super(
name,
{
apiVersion: "<http://certmanager.k8s.io/v1alpha1|certmanager.k8s.io/v1alpha1>",
kind: "Certificate",
metadata: {
name: name,
namespace: namespace
},
spec: {
secretName: secretName,
dnsNames: domains,
acme: {
config: issuer.configuration.map(x => ({
...x,
domains: domains
}))
},
issuerRef: {
name: issuer.name,
kind: issuer.kind
}
}
},
{
provider: issuer.provider
}
);
}
}
chilly-waiter-18319
03/05/2020, 4:32 PMsome-spring-67797
03/05/2020, 8:00 PMThese resources are in an unknown state because the Pulumi CLI was interrupted while
waiting for changes to these resources to complete
Does anyone know of a way to recover from this?
I deployed about 100 deployments in a loop so trying to avoid manually taking down each pod.damp-painter-36857
03/08/2020, 9:52 AMdefault
namespace, to be specific), but if I fetch it with ns = Namespace.get(...)
and then try to modify ns.metadata.annotations
then Pulumi bombs out claiming the property is read-only. Any ideas for a workaround? I've tried defining it as plain old YAML and using ConfigFile
but that fails too.polite-motherboard-78438
03/08/2020, 12:08 PM