How are people dealing with existing/managed resources? We have a GKE cluster and want to modify some of the resources GKE creates, like the

standard

StorageClass

. Haven't been able to find a good, automated way to do this.

import

requires the resource fields match exactly so it's not particularly helpful without lots of manual work. Currently we're using a dynamic provider to patch the resource but it's pretty flaky.

Is there a way to get a fixed Secret name from Pulumi rather than a name with a hash value appended to the end of the name I specify?

const dockerSecret = new Secret('docker-hub-credentials',
  {
    data: {
      'username': docker_username, // Base64-encoded value
      'password': docker_password  // Base64-encoded value
    }
  },
  {
    provider: k3sProvider
  }
)

In the above example, the secret created is docker-hub-credentials-m4vtegxw. In other, non-Pulumi programs, I have to remember to update the referenced secret name to the full Pulumi-generated name value. I’d expected to be able to set a name property that would be analogous to setting a

name

property on an S3 Bucket to fix the name.

If anyone have an idea what’s happening here… https://pulumi-community.slack.com/archives/C84L4E3N1/p1648488781552619

I have an issues with helm release. it seems it doesnt detect changes in the chart directory. while

helm upgrade

does.

Handling Partial Failures/Timeouts With Kubernetes and Pending Operations Just got my first prod kubernetes deployment out the door. 🎉 Now I'm running into a situation and not sure if it's easily resolved. If I deploy to a new environment and run into it failing, things can get into a stuck state. For example, Ingress timed out. Now it isn't able to proceed because it tries to recreate the ingress that was already created, but not marked as healthy. I've adjusted things to have a longer timeout, but that doesn't fix the possible failure I'd still deal with in the future. • I can't access the cluster to try and import and I don't see any import options with kubernetes object • Only thing I can see is to run a destroy on stack and redeploy but that's not ideal since everything is up except for pulumi knowing the ingress was successfully created. Impacts the downtime. • Right now I had to ask the admin to delete the ingress manually and that won't fly in any future deployments. How do I handle this? In this scenario the state track is actually causing a problem for me. Also since state tracking is involved it's causing others to question the approach since kubectl apply and such don't do state tracking. I want to avoid having to shelve this work but have to figure out some way to handle this myself in the future. Would appreciate any guidance on how I can stablize this with the limited access I have.

Hello, has there been any thought into having Kubernetes as the backing state store? It would be nice if I didn't need another source of truth for my k8s objects

Hello, I have been trying to deploy Argo-CD via Pulumi. Seems due to CRD issue, its not possible to directly deploy it. However i was trying to use the argocd-autopilot to bootstrap my rest of the cluster. I am planning to run the argocd-autopilot via kubernetes job where i can pass the kubeconfig as well as git PAT token to the job to bootstrap the argocd and the cluster. However i am wandering if there is any way i can run another kubernetes job when i am destroy the stack which does removes the argo apps and cleans up the cluster?

Hi, I'm trying to deploy CSI Store chart https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ But I do get this warning - this issue mentioned is closed however I cannot deploy the chart successfully

warning: This resource contains Helm hooks that are not currently supported by Pulumi. The resource will be created, but any hooks will not be executed. Hooks support is tracked at <https://github.com/pulumi/pulumi-kubernetes/issues/555> -- This warning can be disabled by setting the PULUMI_K8S_SUPPRESS_HELM_HOOK_WARNINGS environment variable

kubernetes  resource  3.18.0   77 MB   n/a        22 minutes ago

Just created a cluster with Pulumi’s

eks

package and it doesn’t seem to install the latest Kubernetes version?

EKS now has v1.22 available for Kubernetes but Pulumi’s

eks

package doesn’t seem to find it on new install?

Should I specify the version explicitly?

You should always specify the version explicitly

Hey all, just joined the chat. Currently the kubernetes provider seems to be chugging pretty hard when it comes to large CRDs (Deploying argocd hangs forever). Any recommendations? I’ve filed an issue in the relevant repo. Are there any mitigations atm?

Is it possible to render kubernetes YAML with Pulumi?

seems so

interestingly enough I've found that using Pulumi for the deployments themselves is often less than ideal, as it handles some of the state updates wrong or fails to do cleanup appropriately in failure scenarios, figured rednering to yaml and using a different deployment tool would work better

I was wondering if anyone has any methods for graceful rollbacks of failed Kubernetes deployments. If we update one of our deployment images to a new version and it doesn't roll out successfully we would prefer if that change was just automatically rolled back to the previous good state. Is the current solution just to do a revert commit and apply again?

Hi is there a way to copy a secret from one namespace to another using Pulumi?

Is this project still active https://github.com/pulumi/pulumi-kubernetesx? Does anyone know any similar project for python or timeline around it’s support if not available right away?

Anyone ever used Teleport, or similar, to connect to private clusters? I'm thinking about trying to make a dynamic provider (custom resource/gate) to establish a session with the cluster after its creation, but before I start loading up helm charts.

Anyone out there using pulumi-eks for cluster + node management? I'm having a heck of a time: • Using eks.NodeGroup, specifically the bit about the "cluster" argument (would love an example of how to use an eks.Cluster) • Setting minimal security group ingress on management or worker nodes Would love some pointers or examples

Is there a way to run a command in a pod deployed via a HelmRelease? A vendor's software we use only supports initial configuration through running their CLI inside the freshly deployed pod. Otherwise we have to man-in-the-loop do the initial user configuration by hand... which means pulumi orchestrate the remaining configuration of the software.

Hi Team, how can I add pulumi in a pre-existing kubernetes hook that I have? Basically, I want to run

pulumi up

through a hook

Hi all and @steep-sunset-89396 , bit of specifc one. I'm using python + aws_native provider and EKS to define a cluster. Looking to upgrade the version on the cluster by defining the

version='v1.22'

. However, my pulumi preview isn't working as it wants to re-create a number of resources including the k8s provider. Is it possible to specify the

version

after creating the cluster?

Hey y'all, crossposting this thread from #getting-started here: https://pulumi-community.slack.com/archives/C01PF3E1B8V/p1650599095566589 Long story short: the example on https://www.pulumi.com/registry/packages/kubernetes/api-docs/apps/v1/statefulset/#create-a-statefulset-with-auto-naming results in the statefulset never being created because of a circular dependency. Pulumi starts by creating the service, but the statefulset's

spec.serviceName

is

nginxService.metadata.name

, so the statefulset waits for the service to become ready. The service never becomes ready though, because it's waiting for pods matching it's selector to be created. These pods would be created by the statefulset, but Pulumi is not creating the statefulset until the service is ready

Hi, Based on https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22, apiextensions.k8s.io/v1beta1 API version of CustomResourceDefinition is no longer served as of v1.22. However, it seems the sdk/module up is still using the deprecated component making cni deployment in v1.22 to break. Any idea when a fix would be made available? sdk: 3.30.0 pulumi>=3.0.0,<4.0.0 pulumi-eks>=0.37.1

Weird problem with helm charts, I have clusters running, using it for months, and i need to update something (no changes to the charts , e.g. ingress-nginx) and it now wants to delete all my charts (not replace them)

and i see a lot of these changes

Hello - I'm doing a POC to use Pulumi and running into a problem with

pulumi-kubernetes

and

kustomize

(python). I'm getting an error when trying to retrieve a kustomize directory from Github. The Github Repo is private, and SSO is configured. The code works if the repo is public. Here is my code:

image_tag = "main-xxxxx-xxxxxxx"
crds = k8s.kustomize.Directory(
    "some-crds",
    directory=f"<https://github.com/some-org/some-repo/tree/{image_tag}/config/crd>"
)

Here is the error:

Exception: invoke of kubernetes:kustomize:directory failed: invocation of kubernetes:kustomize:directory returned an error: failed to retrieve specified kustomize directory: "<https://github.com/some-org/some-repo/tree/main-xxxxx-xxxxxxx/config/crd>": failed to get git ref: authentication required

Wasn't sure if it was strictly necessary, but as part of troubleshooting I installed

pulumi-github

, created a new token and made sure to authorize it. I then set the token using the following:

pulumi config set github:token XXXXXXXXXXXXXX --secret

I found a github issue, but it's unclear whether using kustomize and targetting a private repo is unsupported, or if there is a bug. Has anybody gotten the above scenario to work?