bored-river-53178
02/13/2020, 12:08 PMmany-lock-25065
02/13/2020, 5:14 PM_const_ engineVersion = gcp.container.getEngineVersions().latestMasterVersion
to get the engineVersion. Now we need to add a node pool, but because the latestMasterVersion
has increased, the pulumi preview
suggests that the cluster need to be updated because the minMasterVersion
has increased.
Couple of questions here - (i) will pulumi be able to do this without deleting and then re-creating the cluster (ii) in general, is there any way we can know ahead of time whether or not pulumi will destroy and recreate the cluster, versus just updating it in some way?better-rainbow-14549
02/14/2020, 2:41 PMlimited-rainbow-51650
02/17/2020, 11:17 AMlivenessProbe
to my setup. Here is a snippet:
livenessProbe: {
httpGet: {
path: '/auth',
port: 80
},
initialDelaySeconds: 300,
timeoutSeconds: 5
}
But when looking at the details of pulumi up
, I see this:
~ livenessProbe : {
~ httpGet: {
}
}
The details of the httpGet
are not displayed. Known issue?broad-helmet-79436
02/17/2020, 4:23 PMbroad-helmet-79436
02/17/2020, 4:23 PMbroad-helmet-79436
02/17/2020, 4:24 PMbroad-helmet-79436
02/17/2020, 4:24 PMlimited-rainbow-51650
02/18/2020, 3:38 PMlimited-rainbow-51650
02/18/2020, 3:39 PMcreamy-forest-42826
02/19/2020, 7:35 AMpulumi preview
, we will see previous namespace in name. It's bug or wanted behavior?
Situation:
export function initPrometheusService(namespace: string) {
new k8s.yaml.ConfigGroup(
"prometheus-service-deploy",
{
files: [
join(getPath(), "tinky-winky.yaml"),
join(getPath(), "dipsy.yaml"),
join(getPath(), "laa-laa.yaml"),
join(getPath(), "po.yaml")
]
},
{
parent: aks,
transformations: [
(obj: any) => {
const metadata = obj.props?.metadata;
if (!metadata) {
return;
}
metadata.namespace = "evils";
return obj;
}
]
}
);
}
When previous namespace is telletubies and I want new namespace as evils. I will see name, which namespace as before transformation, (telletubies/RESOURCE_NAME) in preview (or pulumi up - preview part).bitter-dentist-28132
02/19/2020, 4:15 PMCannot create cluster 'asp-staging-eksCluster-9deaa44' because us-east-1e, the targeted availability zone, does not currently have sufficient capacity to support the cluster. Retry and choose from these availability zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f
limited-rainbow-51650
02/19/2020, 8:18 PMlimited-rainbow-51650
02/19/2020, 8:19 PMkubernetes.yaml.ConfigFile
and kubernetes.helm.v2.Chart
does wonders for the time being.chilly-photographer-60932
02/19/2020, 11:58 PMistio
within k8s
using pulumi
? Especially with the new recommended way of using istioctl
over helm
? Istio
and helm
don’t work very well together IMO.ambitious-fireman-71676
02/20/2020, 9:29 PMsecret_key = Secret(
"my-secret-key",
data={"secret-key": config.require_secret("mySecretKey")}
)
i see that it doesnt base64 encode the value when i run pulumi up
and look at the resource manually via kubectl get secret -oyaml my-secret-key-<hash>
. is this intentional? or am i doing something wrong? my current workaround is to base64 encode the secret before running pulumi config set --secret mySecret <value>
quaint-book-39362
02/22/2020, 4:14 AMquaint-book-39362
02/22/2020, 4:14 AMquaint-book-39362
02/22/2020, 8:30 PMfaint-vase-19563
02/23/2020, 10:23 AMhundreds-portugal-17080
02/24/2020, 2:25 AMlimited-rainbow-51650
02/24/2020, 1:51 PMchart.getResource("v1/Service, mynamespace.metadata.name, "my-service")
in my code to get access to the service resource, but this doesn’t seem to work because the namespace needs to be a string
, not an Output
. How can I get the string the pulumi way? I tried with mynamespace.metadata.name.apply(value => +value)
but that didn’t work.plain-businessperson-30883
02/24/2020, 4:11 PMrules
of the ClusterRole and roleRef
and subjects
of the ClusterRoleBinding), so it failed to import. I could workaround the issue by exporting and importing the resources with kubectl
. The only difference I noticed it that now the resource had the <http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>
annotation.
Is it the expected behavior? It seems odd to me to depend on an specific tool annotation for doing the import? (I understand that is an official tool, but it does not mean it is the only tool that creates resources in the cluster).
I see that the support for this annotation was added on version `0.25.1`: https://github.com/pulumi/pulumi-kubernetes/blob/master/CHANGELOG.md#0251-july-2-2019
Maybe the issue is in the logic of "parsing the live inputs"? https://github.com/pulumi/pulumi-kubernetes/blob/9ea9de0398c48c79abb9ce68004a8a551b98ad7e/pkg/provider/provider.go#L2237
@microscopic-florist-22719 @white-balloon-205 @gentle-diamond-70147ambitious-fireman-71676
02/25/2020, 2:18 AMfrom pulumi_kubernetes.yaml import ConfigFile
cert_manager_resources = ConfigFile('cert-manager',
file_id='<https://github.com/jetstack/cert-manager/releases/download/v0.13.1/cert-manager.yaml>')
but when i run pulumi preview
i get an exception:
Exception: Exception deserializing response!
salmon-ghost-86211
02/25/2020, 1:17 PMimport * as k8s from "@pulumi/kubernetes";
const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...
An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like
import * as aws from "@pulumi/aws";
const httpListener = new aws.lb.Listener("httpListener", {
but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL.
Should this be solved with the Listener
object or maybe Ingress
or IngressList
?better-rainbow-14549
02/26/2020, 4:53 PMpulumi refresh
won't clear it. when it comes to update i just get:
error: update of resource nightly/nginx failed because the Kubernetes API server reported that it failed to fully initialize or become live: services "nginx" not found
bitter-dentist-28132
02/27/2020, 5:51 PMobj.metadata.annotations
? I'm trying to set the annotations of the aws cluster autoscaler as per https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html#ca-deploy, but it seems those annotations never make it to the actual created deployment object. i'm loading from a yaml.ConfigFile
fwiwlimited-rainbow-51650
03/02/2020, 4:34 PMDiagnostics:
kubernetes:apps:Deployment (ingress-gloo-qq119b7f/discovery):
warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get https://<mycluster>.<http://azmk8s.io:443/openapi/v2?timeout=32s|azmk8s.io:443/openapi/v2?timeout=32s>: net/http: TLS handshake timeout
... 15 more times
...
Resources:
- 15 deleted
69 unchanged
Nothing of that Helm chart deployment is actually deleted!abundant-smartphone-52752
03/02/2020, 7:44 PMhandsome-cat-98152
03/03/2020, 10:42 AMhandsome-cat-98152
03/03/2020, 10:42 AMbetter-rainbow-14549
03/03/2020, 10:51 AMexport class Certificate extends kubernetes.apiextensions.CustomResource {
constructor(
name: string,
namespace: pulumi.Input<string>,
domains: pulumi.Input<string>[],
issuer: CertificateIssuer,
secretName: pulumi.Input<string> = name
) {
super(
name,
{
apiVersion: "<http://certmanager.k8s.io/v1alpha1|certmanager.k8s.io/v1alpha1>",
kind: "Certificate",
metadata: {
name: name,
namespace: namespace
},
spec: {
secretName: secretName,
dnsNames: domains,
acme: {
config: issuer.configuration.map(x => ({
...x,
domains: domains
}))
},
issuerRef: {
name: issuer.name,
kind: issuer.kind
}
}
},
{
provider: issuer.provider
}
);
}
}
handsome-cat-98152
03/03/2020, 12:26 PM