https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • g

    glamorous-australia-21342

    11/16/2021, 12:47 AM
    also i'd love to have a separate discussion about caching docker images for EKS in ECR. Via pulumi support I have what I thought would do this, but unfortunately in our CI and locally it seems to building almost everything from scratch. Would like to use cached layers from ECR and speed up CI.
  • p

    purple-plumber-90981

    11/16/2021, 11:01 PM
    is there a neat pulumi way to deploy remote yaml config, ie
    <https://github.com/kubernetes-csi/external-snapshotter/tree/release-4.0/client/config/crd>
    • 1
    • 3
  • s

    square-coat-62279

    11/17/2021, 11:59 AM
    hi all,
    const container: k8stypes.core.v1.Container = {
            readinessProbe: props.deployment.readinessProbe || null,
    while some of my deployments may not have readinessProbe defined, would the code above work?
  • w

    wonderful-twilight-70958

    11/19/2021, 5:52 PM
    https://github.com/pulumi/pulumi-kubernetes-cert-manager/issues/1 This looks closed but still broken for me. Any thoughts on what I might be doing wrong?
    s
    • 2
    • 4
  • m

    miniature-leather-70472

    11/23/2021, 10:06 AM
    Anyone installed Flux V2 using Pulumi? If so, how are you doing it, given the lack of a Helm chart
  • w

    wonderful-twilight-70958

    11/23/2021, 4:20 PM
    I'm getting
    post-step event returned an error: failed to verify snapshot: urn:pulumi:dev::pi-vpc-eks::eks:index:Cluster$kubernetes:<http://storage.k8s.io/v1:StorageClass::gateway-cluster-gp2|storage.k8s.io/v1:StorageClass::gateway-cluster-gp2> refers to unknown provider urn:pulumi:dev::pi-vpc-eks::eks:index:Cluster$pulumi:providers:kubernetes::gateway-cluster-eks-k8s::408665c4-5bbf-4595-a470-4b204f053b35
    a lot recently when destroying an eks cluster that has a storage class specified. It's like there's some dependency not working correctly and it tries to destroy the storageclass after the cluster / provider is already gone?
  • n

    numerous-printer-41511

    11/23/2021, 8:22 PM
    does
    pulumi import
    work with k8s objects?
    w
    • 2
    • 2
  • b

    big-potato-91793

    11/24/2021, 2:40 PM
    Maybe a bad question, when I was changing my pulumi k8s ingress to used the
    v1
    version of the ingress. I look at my ingress in my cluster and it seems that I’m still at the
    v1beta
    ? Something I didn’t do correclty?
  • b

    brainy-appointment-20633

    11/24/2021, 5:09 PM
    Hi guys, Is there a way to implement conditional resource creation in a stack. If we write ts for multiple resources inside stack, I want only 4 out of 6 resources to be created in 1 cluster and all 6 in another cluster, but if i provide stack name and stack path while running pulumi up it is creating all 6 in 2 kubernetes clusters. Please let me know if there is a way to implement this.
    w
    • 2
    • 1
  • m

    miniature-leather-70472

    11/26/2021, 3:08 PM
    Any had any issues with supplying username/password in the RepositoryOpts of the helm release component? When doing this we get a 401 unauthorized error, using the same creds in a curl request works fine
  • m

    most-lighter-95902

    11/27/2021, 3:17 AM
    Getting a strange error when
    pulumi up
    is run twice in a row with `k8s.yaml.ConfigFile`:
  • m

    most-lighter-95902

    11/27/2021, 3:17 AM
    const knativeOperator = new k8s.yaml.ConfigFile(name, {
      file: `<https://github.com/knative/operator/releases/download/knative-v${version}/operator.yaml>`,
    }, { parent: this })
  • m

    most-lighter-95902

    11/27/2021, 3:18 AM
    /Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:127
                const resp = yield debuggable_1.debuggablePromise(new Promise((innerResolve, innerReject) => monitor.invoke(req, (err, innerResponse) => {
                                                                                                                     ^
    
    <ref *1> TypeError: Cannot read properties of null (reading 'invoke')
        at /Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:127:114
        at new Promise (<anonymous>)
        at /Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:127:63
        at Generator.next (<anonymous>)
        at fulfilled (/Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
        at processTicksAndRejections (node:internal/process/task_queues:96:5) {
      promise: Promise { <rejected> [Circular *1] }
    }
    s
    • 2
    • 6
  • m

    most-lighter-95902

    11/27/2021, 3:18 AM
    It looks as though running
    pulumi up
    more than once with
    k8s.yaml.ConfigFile
    is attempting to delete and recreate resources.
    b
    • 2
    • 13
  • m

    most-lighter-95902

    11/27/2021, 3:19 AM
    This behavior doesn’t exist when running
    kubectl
    to apply the yaml file directly:
  • m

    most-lighter-95902

    11/27/2021, 3:19 AM
    kubectl apply -f <https://github.com/knative/operator/releases/download/knative-v1.0.0/operator.yaml>
  • m

    most-lighter-95902

    11/27/2021, 3:19 AM
    Anyone has any idea why this is happening?
  • m

    most-lighter-95902

    11/27/2021, 3:20 AM
    Nothing’s changed in the stack, so shouldn’t it just not do anything?
  • m

    most-lighter-95902

    11/27/2021, 4:38 AM
    I also tried
    ConfigGroup
    but same issue
  • m

    mammoth-honey-6147

    11/29/2021, 5:28 PM
    Got a interesting issue, I'm trying to configure a new
    provider
    instance:
    kubeconfig := toolsCluster.KubeConfig
    		clusterProvider, err := kubernetes.NewProvider(ctx, "tools-cluster", &kubernetes.ProviderArgs{
    			Kubeconfig: kubeconfig,
    		})
    For my resource i append
    pulumi.Provider(clusterProvider)
    to use it but I get:
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://myapiserver>": x509: certificate signed by unknown authority
    However I'm using a Letsencrypt cert (production issuer). So I can, for example, do a
    curl <https://myaipserver>
    without needing to supply
    --insecure
    etc.
    openssl s_client -connect myapiserver:443
    also doesn't reveal any cert issues
    b
    • 2
    • 4
  • w

    white-train-9300

    12/01/2021, 6:51 PM
    We’re having an issue with stack.refresh() and K8s credentials not updating. Our Pulumi-based deployments read the K8s credentials from disk and put them into the k8s.Provider before doing stack.refresh(). However, it seems to be using the old credentials in the K8s Provider’s backend state, rather than the current credentials which we just read into the provider. This causes it to fail whenever the K8s credentials expire or change. Is this expected? How can we force it to update the Provider’s creds?
    b
    • 2
    • 9
  • s

    strong-window-52645

    12/01/2021, 9:30 PM
    Hi all - had a question about Deployment objects being marked as secret: We're seeing something similar to this problem: https://github.com/pulumi/pulumi-kubernetes/issues/1576 -- But the entire Deployment.Spec is marked as secret, so any diffs are more or less useless. There is no secret data (esp at the Spec level), but there are secret references (similar to the linked issue). Is this being worked on? The workaround is apparently to
    unsecret()
    , but I"m not even sure what should be wrapped, as the entire Deployment.Spec is marked as secret??
    g
    • 2
    • 1
  • s

    strong-window-52645

    12/01/2021, 11:11 PM
    One other note that makes this hard to track down - some manifests also have this problem - but have no env var secret refs (so different than the linked issue)
  • w

    wonderful-twilight-70958

    12/01/2021, 11:33 PM
    Is there anyway with
    crd2pulumi
    to have more control over the package.json for example? I'm trying to automate CRD generation and pushing a public npm package. Right now I don't see any way of editing that pre-defined package.json, other than programmatically editing post generation?
    q
    • 2
    • 3
  • c

    cuddly-football-51817

    12/03/2021, 1:10 AM
    Greetings everyone, I am new to pulumi. I have been trying to deploy aks cluster with ingress chart using C#. How will be able to pass the helm chart value file and --create-namespace argument?
    q
    • 2
    • 1
  • e

    elegant-window-55250

    12/06/2021, 6:01 PM
    Hello 👋 I'm having issues with this:
    configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }
    This happened after doing some refactoring (deleting >25 resources) in our cluster. Now, I'm not sure how I'm going to continue forward. I can confirm with the same credentials, I can access the cluster using
    kubectl
    . I can also see the resources that Pulumi is trying to delete. There's also no other changes than naming of resources. Can someone point me in the right/a direction?
    b
    • 2
    • 11
  • s

    sparse-spring-91820

    12/06/2021, 11:12 PM
    I know that issue is not related to Pulumi itself but maybe someone faced the same issue and know solution. I am trying to create ingress-nginx controller for each namespace (dev, staging, prod) and I got errors saying that
    "nginx-ingress-nginx-admission" already exists
    etc. I added:
    values: {
        controller: {
          ingressClassResource: {
            name,
            enabled: true,
            default: false,
            controllerValue: `<http://k8s.io/${currentStack}-ingress-nginx|k8s.io/${currentStack}-ingress-nginx>`
          },
      ...
    config as described in docs: https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/ . Also I added
    ingressClassName: name,
    to the Ingress rule but still doesn't work. Does anyone know solution? Thanks 🙌
    b
    • 2
    • 8
  • w

    wonderful-twilight-70958

    12/07/2021, 1:44 AM
    kube2pulumi not working atm? Saying can't open output file?
    b
    • 2
    • 2
  • w

    wonderful-twilight-70958

    12/07/2021, 2:08 PM
    Also getting this error from Github when trying to download the binary release for kube2pulumi:
    <Error>
    <Code>ServerBusy</Code>
    <Message>Egress is over the account limit. RequestId:7acd46a7-b01e-006c-1c73-ebc9f2000000 Time:2021-12-07T14:08:08.9796530Z</Message>
    </Error>
    b
    c
    • 3
    • 3
  • b

    big-potato-91793

    12/08/2021, 7:53 PM
    Question for k8s folks at Pulumi. We have hit a weird bug with our loadbalancer controller. We were wondering if pulumi is waiting on the finalizer to completed the deleting of a resource?
    q
    b
    • 3
    • 8
Powered by Linen
Title
b

big-potato-91793

12/08/2021, 7:53 PM
Question for k8s folks at Pulumi. We have hit a weird bug with our loadbalancer controller. We were wondering if pulumi is waiting on the finalizer to completed the deleting of a resource?
q

quiet-wolf-18467

12/08/2021, 8:18 PM
Pulumi speaks to the API server and the API server won't return the response until the finalizers have passed
So if there's a finalizer, you’ll definitely be waiting
b

big-potato-91793

12/08/2021, 8:30 PM
Perfect! That is what I wanted to hear!
b

billowy-army-68599

12/08/2021, 10:00 PM
@big-potato-91793 is this the aws load balancer controller? it's notorious for having issues with rule clean up on finalizer
b

big-potato-91793

12/08/2021, 10:01 PM
Yes 😞
b

billowy-army-68599

12/08/2021, 10:02 PM
what exactly are you deleting when you run the delete? the ingress rule?
these are the related issues 😞 https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+finalizer
b

big-potato-91793

12/08/2021, 10:04 PM
We have big cluster and multiples peoples can do stuff on it. We reproduced the error with helm. That create to put the controller in a stuck mode 😁
View count: 5