Hi Guys, Does anyone have a sample code for creating AWS EKS service with ingress and https load balancer (with managed SSL certificate)?

Stuck on a small chicken and egg problem. I have a k8s deployment which needs the ip of the loadbalancer service, and the service matches the deployment. so they both depend on each other. When use the annotation to skip await the service, the deployment fails because the ip is not there yet. Any idea how to get around this?

I have a strange error running Pulumi update for my EKS cluster, anybody saw the similar issue before? How do I debug this? eks:index:Cluster (devtest-eks): error: post-step event returned an error: failed to verify snapshot: resource urn😛ulumi:dev::infra::eks:index:Cluster::devtest-eks dependency refers to missing resource

Here devtest-eks is the name of my EKS cluster

Not sure which resource is missing. I did a "pulumi refresh", I'd think it should sync up the state with actual resources provisioned and a pulumi up will fix any missing resources.

is there a way to force an update on a secret? i added 2 string fields to a secret but on pulumi preview/refresh it doesnt detect any changes.

I have problem with

destroy

of my kubernetes resources. I'm using the default config which will use the credentials and it works fine to create the differente resources; deployment, secret, service and ingress. When I run

pulumi destroy

it can't remove any of the resources. The error message isn't the best either:

error: unknown

Doing some verbose logging doesn't show much more info:

I1021 12:15:44.274429   85020 rpc.go:72] Marshaling property for RPC[Provider[kubernetes, 0xc0017b47e0].Delete(urn:pulumi:dev::nextjstemplate.deploy::pkg:elkjop:application$kubernetes:<http://networking.k8s.io/v1beta1:Ingress::nextjstemplate-external-ingress,iac-demoenv/nextjstemplate.external|networking.k8s.io/v1beta1:Ingress::nextjstemplate-external-ingress,iac-demoenv/nextjstemplate.external>)]: loadBalancer={map[]}
I1021 12:15:44.306508   85020 provider_plugin.go:1523] provider received rpc error `Unknown`: `unknown`
I1021 12:15:44.306573   85020 provider_plugin.go:1526] rpc error kind `Unknown` may not be recoverable
I1021 12:15:44.306602   85020 provider_plugin.go:1067] Provider[kubernetes, 0xc0017b47e0].Delete(urn:pulumi:dev::nextjstemplate.deploy::pkg:elkjop:application$kubernetes:<http://networking.k8s.io/v1beta1:Ingress::nextjstemplate-external-ingress,iac-demoenv/nextjstemplate.external|networking.k8s.io/v1beta1:Ingress::nextjstemplate-external-ingress,iac-demoenv/nextjstemplate.external>) failed: unknown
I1021 12:15:44.306646   85020 eventsink.go:86] eventSink::Error(<{%reset%}>unknown<{%reset%}>)
I1021 12:15:44.307571   85020 snapshot.go:390] SnapshotManager: deleteSnapshotMutation.End(..., false)
I1021 12:15:44.507443   85020 snapshot.go:536] SnapshotManager.markOperationComplete(urn:pulumi:dev::nextjstemplate.deploy::kubernetes:core/v1:Secret::acr-auth)
I1021 12:15:44.507504   85020 step_executor.go:327] StepExecutor worker(3): applying step delete on urn:pulumi:dev::nextjstemplate.deploy::pkg:elkjop:application$kubernetes:apps/v1:Deployment::nextjstemplate-deployment (preview false)
I1021 12:15:44.507607   85020 registry.go:148] GetProvider(urn:pulumi:dev::nextjstemplate.deploy::pulumi:providers:kubernetes::default_3_8_1::7bf0f1f3-3288-4c85-8cef-e04d2e927b78)
I1021 12:15:44.507690   85020 provider_plugin.go:1039] Provider[kubernetes, 0xc0017b47e0].Delete(urn:pulumi:dev::nextjstemplate.deploy::pkg:elkjop:application$kubernetes:apps/v1:Deployment::nextjstemplate-deployment,iac-demoenv/nextjstemplate) executing (#props=7)
I1021 12:15:44.507755   85020 rpc.go:72] Marshaling property for RPC[Provider[kubernetes, 0xc0017b47e0].Delete(urn:pulumi:dev::nextjstemplate.deploy::pkg:elkjop:application$kubernetes:apps/v1:Deployment::nextjstemplate-deployment,iac-demoenv/nextjstemplate)]: __initialApiVersion={apps/v1}
I1021 12:15:44.507831   85020 rpc.go:72] Marshaling property for RPC[Provider[kubernetes, 0xc0017b47e0].Delete(urn:pulumi:dev::nextjstemplate.deploy::pkg:elkjop:application$kubernetes:apps/v1:Deployment::nextjstemplate-deployment,iac-demoenv/nextjstemplate)]: __inputs={map[apiVersion:{apps/v1} kind:{Deployment} metadata:{map[annotations:{map[<http://pulumi.com/timeoutSeconds:{120}|pulumi.com/timeoutSeconds:{120}>]} labels:{map[<http://app.kubernetes.io/managed-by:{pulumi}|app.kubernetes.io/managed-by:{pulumi}>]} name:{nextjstemplate} namespace:{iac-demoenv}]} spec:{map[replicas:{2} selector:{map[matchLabels:{map[app:{nextjstemplate}]}]} template:{map[metadata:{map[labels:{map[app:{nextjstemplate}]}]} spec:{map[containers:{[{map[image:{<http://elkdscontainerregistry.azurecr.io/nextjstemplate:66e54ac|elkdscontainerregistry.azurecr.io/nextjstemplate:66e54ac>} name:{nextjstemplate} ports:{[{map[containerPort:{3000} name:{http}]}]} resources:{map[limits:{map[cpu:{700m} memory:{2000Mi}]} requests:{map[cpu:{700m} memory:{1000Mi}]}]}]}]} imagePullSecrets:{[{map[name:{acr-auth}]}]} priorityClassName:{itds-moderate}]}]}]}]}

Any idea what might be wrong?

Hi

Hi I am exploring pulumi interface for our openshift platform .. the configMap seemed to have worked well, but the pod wasn't launched and the 'pulumi up' operation crashed. It appears when the volume mounts are specified, the VolumeAttachment didn't happen which was the cause of crash. I understand there could be many sources, maybe that is why it was not generated. But any suggestions on how this is to be provided ? Patching the program doesn't seem to be a good idea .. thanks for your inputs ...

I was using python language for these operations

Also I would like to check if anyone has tried gitlab integration and share their experiences .. thanks

any pointers to gitlab integration will be useful

Does anyone know how to access the Status of a CustomResource in Pulumi?

I’m using Knative and trying to obtain the external URL generated (in Status) once a knative service is created using Pulumi’s CustomResource

I’m wondering about something to improve our CI build and deploy speeds. Rigth now we are building a bunch of docker images (outside of pulumi) and tagging them with both the branch name and the sha of the git repo. By using registry caching in buildx this is as optimal as it can be. But we can also only build the containers that are changed, which is much faster, but then i have a deployment (with pulumi) problem. I now pass in an env var with the current SHA and use that throughout the deploy, updating the deployments on k8s. Using the branch name this would not do anything since the cluster already has the image. So i’m looking for a way to get the latest sha in the github container registry for a branch tagged container in pulumi to use that instead of the git sha. Using the docker provider’s getRegistryImage i thought i was going to get there, but i can’t get it to be authenticated to ghcr. Ahs anyone done something like this before?

I’m currently working on fetching pulumi

secret

from stack, and generating kubernetes manifest from it (e.g. environment variable). But it doesn’t seem to be replaced into string value. I’m aware of that the return value of

require_secret

is

Output[T]

but having some passthrough

apply(lambda val: val)

doesn’t work. I think the main problem is that

secret

object is not a direct argument of subsequent resource. Any kind of piece of advice would be very appreciated

Hi Guys, I’m using a

azure-native.containerservice

lib to create AKS cluster and I also would like deploy k8s RBAC objects with

kubernetes

lib. I have something like:

# Creating AKS
const cluster = new containerservice.ManagedCluster(...)

# Getting a kubectlconfig
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
  return containerservice.listManagedClusterUserCredentials({
      resourceGroupName: rgName,
      resourceName: clusterName,
  });
});
const encoded = creds.kubeconfigs[0].value;
const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());

# Creating provider
const aksProvider = new k8s.Provider("aks", {
  kubeconfig: kubeconfig
})

# And deploying a role
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...})

When run it locally with

pulumi up

I got auth request:

To sign in, use a web browser to open the page <https://microsoft.com/devicelogin>".

Am I missing something?

Hi everyone! I currently have Kubernetes setup in a stack (call it kubernetes stack) and i need to reference the provider in kubernetes stack from another stack (call the second stack meta-stack). Also to add, I don't want to export

cluster.KubeConfig

as I don't want its value to be printed to the command line. I just need to make the provider in

meta-stack

call from

kubernetes stack

Hi all, I am trying to add EC2 root volume encryption for EKS nodes created by eks.ManagedNodeGroup. The below does not work. Perhaps someone here knows the trick? https://www.pulumi.com/registry/packages/eks/api-doc Thanks for your help.

cluster:eks.Cluster = eks.Cluster(f"{cluster_name}-cluster",
        name=cluster_name,
        ....
        node_group_options=eks.ClusterNodeGroupOptionsArgs(
            cloud_formation_tags={
                "Name": "EKS Worker Node"
            },
            encrypt_root_block_device=True,
        ),
        ...
    )   

    eks.ManagedNodeGroup(f"{cluster_name}-node-group-" + str(i),
            cluster=cluster.core,
            node_group_name=f"{cluster_name}-managed-node-group-" + str(i),
            ....
        ))

Hi all, What is the best way to patch an existing deployment with pulumi? for example, I want to 'translate' the following

kubectl

command to python-pulumi:

coredns

:

kubectl patch deployment coredns \
    -n kube-system \
    --type json \
    -p='[{"op": "remove", "path": "/spec/template/metadata/annotations/eks.amazonaws.com~1compute-type"}]'

thanks!

Hi all, please how can I added a new node to an existing cluster using the Pulumi typescript library

I am having a really strange issue trying to create eks. The code used to work well, but now failed with a weird dependency refers to missing resource issue:

This can happen for different resource creations:

This is when I retry "pulumi up"

It is kind of strange why it try to create a new aws provider (default_4_9_1), I think it should already have a aws provider "default".

Here is the code snippet for creating the EKS. Really not much to it and it worked before. Maybe an issue in newer version of pulumi release?