pulumi-community #kubernetes

kubernetes

glamorous-australia-21342

11/16/2021, 12:47 AM

also i'd love to have a separate discussion about caching docker images for EKS in ECR. Via pulumi support I have what I thought would do this, but unfortunately in our CI and locally it seems to building almost everything from scratch. Would like to use cached layers from ECR and speed up CI.

purple-plumber-90981

11/16/2021, 11:01 PM

is there a neat pulumi way to deploy remote yaml config, ie

<https://github.com/kubernetes-csi/external-snapshotter/tree/release-4.0/client/config/crd>

square-coat-62279

11/17/2021, 11:59 AM

hi all,

const container: k8stypes.core.v1.Container = {
        readinessProbe: props.deployment.readinessProbe || null,

while some of my deployments may not have readinessProbe defined, would the code above work?

wonderful-twilight-70958

11/19/2021, 5:52 PM

https://github.com/pulumi/pulumi-kubernetes-cert-manager/issues/1 This looks closed but still broken for me. Any thoughts on what I might be doing wrong?

miniature-leather-70472

11/23/2021, 10:06 AM

Anyone installed Flux V2 using Pulumi? If so, how are you doing it, given the lack of a Helm chart

wonderful-twilight-70958

11/23/2021, 4:20 PM

I'm getting

post-step event returned an error: failed to verify snapshot: urn:pulumi:dev::pi-vpc-eks::eks:index:Cluster$kubernetes:<http://storage.k8s.io/v1:StorageClass::gateway-cluster-gp2|storage.k8s.io/v1:StorageClass::gateway-cluster-gp2> refers to unknown provider urn:pulumi:dev::pi-vpc-eks::eks:index:Cluster$pulumi:providers:kubernetes::gateway-cluster-eks-k8s::408665c4-5bbf-4595-a470-4b204f053b35

a lot recently when destroying an eks cluster that has a storage class specified. It's like there's some dependency not working correctly and it tries to destroy the storageclass after the cluster / provider is already gone?

numerous-printer-41511

11/23/2021, 8:22 PM

does

pulumi import

work with k8s objects?

big-potato-91793

11/24/2021, 2:40 PM

Maybe a bad question, when I was changing my pulumi k8s ingress to used the

v1

version of the ingress. I look at my ingress in my cluster and it seems that I’m still at the

v1beta

? Something I didn’t do correclty?

brainy-appointment-20633

11/24/2021, 5:09 PM

Hi guys, Is there a way to implement conditional resource creation in a stack. If we write ts for multiple resources inside stack, I want only 4 out of 6 resources to be created in 1 cluster and all 6 in another cluster, but if i provide stack name and stack path while running pulumi up it is creating all 6 in 2 kubernetes clusters. Please let me know if there is a way to implement this.

miniature-leather-70472

11/26/2021, 3:08 PM

Any had any issues with supplying username/password in the RepositoryOpts of the helm release component? When doing this we get a 401 unauthorized error, using the same creds in a curl request works fine

most-lighter-95902

11/27/2021, 3:17 AM

Getting a strange error when

pulumi up

is run twice in a row with `k8s.yaml.ConfigFile`:

most-lighter-95902

11/27/2021, 3:17 AM

const knativeOperator = new k8s.yaml.ConfigFile(name, {
  file: `<https://github.com/knative/operator/releases/download/knative-v${version}/operator.yaml>`,
}, { parent: this })

most-lighter-95902

11/27/2021, 3:18 AM

/Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:127
            const resp = yield debuggable_1.debuggablePromise(new Promise((innerResolve, innerReject) => monitor.invoke(req, (err, innerResponse) => {
                                                                                                                 ^

<ref *1> TypeError: Cannot read properties of null (reading 'invoke')
    at /Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:127:114
    at new Promise (<anonymous>)
    at /Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:127:63
    at Generator.next (<anonymous>)
    at fulfilled (/Users/seungchanlee/Documents/create-knative-cluster/node_modules/@pulumi/pulumi/runtime/invoke.js:18:58)
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  promise: Promise { <rejected> [Circular *1] }
}

most-lighter-95902

11/27/2021, 3:18 AM

It looks as though running

pulumi up

more than once with

k8s.yaml.ConfigFile

is attempting to delete and recreate resources.

most-lighter-95902

11/27/2021, 3:19 AM

This behavior doesn’t exist when running

kubectl

to apply the yaml file directly:

most-lighter-95902

11/27/2021, 3:19 AM

kubectl apply -f <https://github.com/knative/operator/releases/download/knative-v1.0.0/operator.yaml>

most-lighter-95902

11/27/2021, 3:19 AM

Anyone has any idea why this is happening?

most-lighter-95902

11/27/2021, 3:20 AM

Nothing’s changed in the stack, so shouldn’t it just not do anything?

most-lighter-95902

11/27/2021, 4:38 AM

I also tried

ConfigGroup

but same issue

mammoth-honey-6147

11/29/2021, 5:28 PM

Got a interesting issue, I'm trying to configure a new

provider

instance:

kubeconfig := toolsCluster.KubeConfig
		clusterProvider, err := kubernetes.NewProvider(ctx, "tools-cluster", &kubernetes.ProviderArgs{
			Kubeconfig: kubeconfig,
		})

For my resource i append

pulumi.Provider(clusterProvider)

to use it but I get:

error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://myapiserver>": x509: certificate signed by unknown authority

However I'm using a Letsencrypt cert (production issuer). So I can, for example, do a

curl <https://myaipserver>

without needing to supply

--insecure

etc.

openssl s_client -connect myapiserver:443

also doesn't reveal any cert issues

white-train-9300

12/01/2021, 6:51 PM

We’re having an issue with stack.refresh() and K8s credentials not updating. Our Pulumi-based deployments read the K8s credentials from disk and put them into the k8s.Provider before doing stack.refresh(). However, it seems to be using the old credentials in the K8s Provider’s backend state, rather than the current credentials which we just read into the provider. This causes it to fail whenever the K8s credentials expire or change. Is this expected? How can we force it to update the Provider’s creds?

strong-window-52645

12/01/2021, 9:30 PM

Hi all - had a question about Deployment objects being marked as secret: We're seeing something similar to this problem: https://github.com/pulumi/pulumi-kubernetes/issues/1576 -- But the entire Deployment.Spec is marked as secret, so any diffs are more or less useless. There is no secret data (esp at the Spec level), but there are secret references (similar to the linked issue). Is this being worked on? The workaround is apparently to

unsecret()

, but I"m not even sure what should be wrapped, as the entire Deployment.Spec is marked as secret??

strong-window-52645

12/01/2021, 11:11 PM

One other note that makes this hard to track down - some manifests also have this problem - but have no env var secret refs (so different than the linked issue)

wonderful-twilight-70958

12/01/2021, 11:33 PM

Is there anyway with

crd2pulumi

to have more control over the package.json for example? I'm trying to automate CRD generation and pushing a public npm package. Right now I don't see any way of editing that pre-defined package.json, other than programmatically editing post generation?

cuddly-football-51817

12/03/2021, 1:10 AM

Greetings everyone, I am new to pulumi. I have been trying to deploy aks cluster with ingress chart using C#. How will be able to pass the helm chart value file and --create-namespace argument?

elegant-window-55250

12/06/2021, 6:01 PM

Hello 👋 I'm having issues with this:

configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }

This happened after doing some refactoring (deleting >25 resources) in our cluster. Now, I'm not sure how I'm going to continue forward. I can confirm with the same credentials, I can access the cluster using

kubectl

. I can also see the resources that Pulumi is trying to delete. There's also no other changes than naming of resources. Can someone point me in the right/a direction?

sparse-spring-91820

12/06/2021, 11:12 PM

I know that issue is not related to Pulumi itself but maybe someone faced the same issue and know solution. I am trying to create ingress-nginx controller for each namespace (dev, staging, prod) and I got errors saying that

"nginx-ingress-nginx-admission" already exists

etc. I added:

values: {
    controller: {
      ingressClassResource: {
        name,
        enabled: true,
        default: false,
        controllerValue: `<http://k8s.io/${currentStack}-ingress-nginx|k8s.io/${currentStack}-ingress-nginx>`
      },
  ...

config as described in docs: https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/ . Also I added

ingressClassName: name,

to the Ingress rule but still doesn't work. Does anyone know solution? Thanks 🙌

wonderful-twilight-70958

12/07/2021, 1:44 AM

kube2pulumi not working atm? Saying can't open output file?

wonderful-twilight-70958

12/07/2021, 2:08 PM

Also getting this error from Github when trying to download the binary release for kube2pulumi:

<Error>
<Code>ServerBusy</Code>
<Message>Egress is over the account limit. RequestId:7acd46a7-b01e-006c-1c73-ebc9f2000000 Time:2021-12-07T14:08:08.9796530Z</Message>
</Error>

big-potato-91793

12/08/2021, 7:53 PM

Question for k8s folks at Pulumi. We have hit a weird bug with our loadbalancer controller. We were wondering if pulumi is waiting on the finalizer to completed the deleting of a resource?

Title

big-potato-91793

12/08/2021, 7:53 PM

Question for k8s folks at Pulumi. We have hit a weird bug with our loadbalancer controller. We were wondering if pulumi is waiting on the finalizer to completed the deleting of a resource?

quiet-wolf-18467

12/08/2021, 8:18 PM

Pulumi speaks to the API server and the API server won't return the response until the finalizers have passed

So if there's a finalizer, you’ll definitely be waiting

big-potato-91793

12/08/2021, 8:30 PM

Perfect! That is what I wanted to hear!

billowy-army-68599

12/08/2021, 10:00 PM

@big-potato-91793 is this the aws load balancer controller? it's notorious for having issues with rule clean up on finalizer

big-potato-91793

12/08/2021, 10:01 PM

Yes 😞

billowy-army-68599

12/08/2021, 10:02 PM

what exactly are you deleting when you run the delete? the ingress rule?

these are the related issues 😞 https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+finalizer

big-potato-91793

12/08/2021, 10:04 PM

We have big cluster and multiples peoples can do stuff on it. We reproduced the error with helm. That create to put the controller in a stuck mode 😁

View count: 5