https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • g

    gorgeous-egg-16927

    03/03/2020, 5:21 PM
    message has been deleted
    👍 4
  • c

    chilly-waiter-18319

    03/05/2020, 4:32 PM
    are you able to pass around a kube provider to multiple classes/ subclasses? for some reason if I implement a class for an app, the app will deploy fine. But if I try to make a class that houses several apps together, the provider fails with a message saying it failed to parse, even though it looks exactly the same in console.log
  • s

    some-spring-67797

    03/05/2020, 8:00 PM
    Is there an equivelant to `replace --force`` when running pulumi up? I cancelled the pulumi up process midway when I realized I had bug in my deployment. Now anytime I attempt to deploy on the stack I get the following error:
    These resources are in an unknown state because the Pulumi CLI was interrupted while
    waiting for changes to these resources to complete
    Does anyone know of a way to recover from this? I deployed about 100 deployments in a loop so trying to avoid manually taking down each pod.
    g
    • 2
    • 2
  • d

    damp-painter-36857

    03/08/2020, 9:52 AM
    hey - quick question. I'm working with kubernetes in typescript. I want to add an annotation to a pre-existing Namespace (the
    default
    namespace, to be specific), but if I fetch it with
    ns = Namespace.get(...)
    and then try to modify
    ns.metadata.annotations
    then Pulumi bombs out claiming the property is read-only. Any ideas for a workaround? I've tried defining it as plain old YAML and using
    ConfigFile
    but that fails too.
  • p

    polite-motherboard-78438

    03/08/2020, 12:08 PM
    hello. it´s possible to create a Custom Resource without using the YAML resource or an Helm chart? In my case I need to create a ClusterIssuer for cert-manager. The solution I was using with terraform was to create a custom Helm chart. Wondering if there is a better way with Pulumi. Note: I dont want to use the yaml resource because there are some properties I have to load from config and replace in the resource
    Untitled
    d
    b
    • 3
    • 8
  • b

    brave-ambulance-98491

    03/09/2020, 2:29 PM
    I'm working on bootstrapping a cluster, and I noticed that when I create a
    kubernetes.Provider
    with an inline
    kubeconfig
    string, the string (with cluster access tokens) isn't being treated as a secret. Is there any way to mark this as a secret, so that the cluster's cleartext root credentials aren't available in diffs and the state store?
    g
    • 2
    • 2
  • w

    worried-city-86458

    03/11/2020, 12:07 AM
    https://github.com/aws/containers-roadmap/issues/380#issuecomment-597351516 Better late than never
  • g

    gorgeous-elephant-23271

    03/11/2020, 9:47 PM
    Hi there, does @pulumi/kubernetesx have a future? Seems like it hasn't been updated in a while?
    w
    • 2
    • 2
  • q

    quiet-morning-24895

    03/11/2020, 11:21 PM
    👋 Pulumi newbie here. I'm working on getting Cloudwatch/statsd/fluentd working from some preexisting k8s yaml files at https://github.com/aws-samples/amazon-cloudwatch-container-insights/blob/k8s/1.1.0/k8s-deployment-manifest-templates/deployment-mode/daemonset/combination/combination.yaml One issue I keep running into are errors like:
    kubernetes:core:ConfigMap (eks-cluster-nodeAccess):
      error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
    I believe this has something to do with my
    ConfigGroup
    and/or
    provider
    parameter. Can anyone shed some light on this?
    g
    • 2
    • 15
  • b

    brainy-garden-89849

    03/12/2020, 1:38 AM
    Hello all 👋 - also a newbie to Pulumi. I was able to use it to create an Azure AKS Kubernetes cluster, and also set the kubernetesVersion and update the cluster with pulumi up, but I wasn't able to see how I can set the default nodepool version, which I believe is set independently and e.g. has an azure CLI command to upgrade, but I would like to do this declaratively if at all possible? Thanks.
  • b

    brave-ambulance-98491

    03/14/2020, 11:24 PM
    should i be worried about a goroutine panic that seems to be related to my kubeconfig, but doesn't actually seem to affect the correctness of my program ... ?
    panic: interface conversion: interface {} is resource.PropertyMap, not string
        goroutine 28 [running]:
        <http://github.com/pulumi/pulumi/pkg/resource.PropertyValue.StringValue(...)|github.com/pulumi/pulumi/pkg/resource.PropertyValue.StringValue(...)>
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi@v1.6.1/pkg/resource/properties.go:359
        <http://github.com/pulumi/pulumi-kubernetes/pkg/provider.parseKubeconfigPropertyValue(0x2386280|github.com/pulumi/pulumi-kubernetes/pkg/provider.parseKubeconfigPropertyValue(0x2386280>, 0xc0001fea50, 0x2475423, 0xa, 0xc0001b2508)
        	/home/travis/gopath/src/github.com/pulumi/pulumi-kubernetes/pkg/provider/util.go:85 +0x169
        <http://github.com/pulumi/pulumi-kubernetes/pkg/provider.(*kubeProvider).DiffConfig(0xc000014000|github.com/pulumi/pulumi-kubernetes/pkg/provider.(*kubeProvider).DiffConfig(0xc000014000>, 0x26e1260, 0xc0001fe9f0, 0xc0001380e0, 0xc000014000, 0x2275301, 0xc00031a0c0)
        	/home/travis/gopath/src/github.com/pulumi/pulumi-kubernetes/pkg/provider/provider.go:278 +0x61b
        <http://github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler.func1(0x26e1260|github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler.func1(0x26e1260>, 0xc0001fe9f0, 0x23a5e80, 0xc0001380e0, 0x23c0a00, 0x33070c0, 0x26e1260, 0xc0001fe9f0)
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi@v1.6.1/sdk/proto/go/provider.pb.go:1504 +0x86
        <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x26e1260|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x26e1260>, 0xc000577200, 0x23a5e80, 0xc0001380e0, 0xc00000cb20, 0xc00000cb40, 0x0, 0x0, 0x26a05e0, 0xc0000cf7b0)
        	/home/travis/gopath/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20171105060200-01f8541d5372/go/otgrpc/server.go:61 +0x36e
        <http://github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler(0x2402f60|github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler(0x2402f60>, 0xc000014000, 0x26e1260, 0xc000577200, 0xc0000de3c0, 0xc0004d2040, 0x26e1260, 0xc000577200, 0xc000331300, 0x101f)
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi@v1.6.1/sdk/proto/go/provider.pb.go:1506 +0x14b
        <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc00034e300|google.golang.org/grpc.(*Server).processUnaryRPC(0xc00034e300>, 0x26fdc00, 0xc00045b500, 0xc00015a200, 0xc000436180, 0x32d3258, 0x0, 0x0, 0x0)
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:998 +0x46a
        <http://google.golang.org/grpc.(*Server).handleStream(0xc00034e300|google.golang.org/grpc.(*Server).handleStream(0xc00034e300>, 0x26fdc00, 0xc00045b500, 0xc00015a200, 0x0)
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:1278 +0xd97
        <http://google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00039bd30|google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00039bd30>, 0xc00034e300, 0x26fdc00, 0xc00045b500, 0xc00015a200)
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:717 +0xbb
        created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:715 +0xa1
    w
    s
    • 3
    • 22
  • f

    fast-dinner-32080

    03/17/2020, 4:16 PM
    Is there a way to query a custom resource in dotnet? I want to import an existing custom resource object but I am unable to find information on how to do this.
  • b

    brave-ambulance-98491

    03/17/2020, 9:24 PM
    is there any support in pulumi EKS (crosswalk or standard) for upgrading clusters (https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)? 1.15 support was just launched, and upgrading the
    pulumi.eks.Cluster
    version wants me to tear down everything, which is really not ideal.
    b
    • 2
    • 23
  • e

    enough-greece-61665

    03/18/2020, 1:31 AM
    Hi everyone, I'm curious to know if anyone has been able to successfully install
    prometheus-operator
    in their k8s cluster (https://github.com/helm/charts/tree/master/stable/prometheus-operator) I found an issue related to this chart (https://github.com/pulumi/pulumi-kubernetes/issues/824) which helped alleviate some of the issues but I'm still stuck with some errors...
    s
    • 2
    • 1
  • e

    enough-greece-61665

    03/18/2020, 3:36 AM
    Nvm, it's resolved now
  • b

    billowy-army-68599

    03/18/2020, 4:39 AM
    @enough-greece-61665 would you mind sharing what your problem and solution was?
    e
    • 2
    • 4
  • b

    billowy-army-68599

    03/18/2020, 7:32 PM
    is there an example anywhere of transformations on helm/ConfigFile resources using python?
    • 1
    • 1
  • g

    gorgeous-animal-95046

    03/19/2020, 4:51 PM
    is it possible to add annotations to a pod when using
    kubernetesx
    ? I can't seem to find the right magic
    b
    • 2
    • 3
  • b

    breezy-hamburger-69619

    03/19/2020, 4:56 PM
    Cross-posting for folks who may have missed it. We’re hosting a public Hackathon right now over in #hackathon-03-19-2020. If you’re working on any interesting k8s projects and want to share, hop in and tell us about it!
  • b

    billions-scientist-31826

    03/20/2020, 1:24 PM
    What is the right way to create a nodegroup with
    @pulumi/eks
    ? I created my first cluster using the
    createNodeGroup
    method. That worked, but I can't set
    _ignoreChanges: [_"desiredCapacity"_]_
    . I tried using the
    new NodeGroup()
    that takes the
    pulumi.ComponentResourceOptions
    where I can set ignoreChanges, but my pods can't resolve DNS. I also saw there are
    createNodeGroup()
    and
    createManagedNodeGroup()
    functions too. So, 2 questions: • Which is the recommended way? • Why when using
    new NodeGroup()
    that my pods in that nodegroup can't resolve DNS?
    g
    b
    • 3
    • 3
  • b

    breezy-hamburger-69619

    03/20/2020, 5:47 PM
    Cross posting - https://pulumi-community.slack.com/archives/C84L4E3N1/p1584726406205000
  • i

    incalculable-engineer-92975

    03/20/2020, 6:03 PM
    Any way to specify timeouts when creating resources in k8s? My NLB takes a loooooong time to initialize. It gets created, but it times out waiting for it to be ready.
    g
    s
    • 3
    • 2
  • b

    billowy-army-68599

    03/23/2020, 8:20 PM
    is it possible to use to get a resource that isn't defined in Pulumi, or do I need to use the standard k8s api ?
    g
    • 2
    • 7
  • c

    crooked-helicopter-55521

    03/25/2020, 4:05 PM
    Hey y'all, I've got a question about creating a
    PriorityClass
    . I'm trying to do the following (on GCP):
    const schedulingPriorities = new k8s.scheduling.v1.PriorityClassList("scheduler-priorities", {
        items: [
            new k8s.scheduling.v1.PriorityClass("selector-spread-priority", {
                value: 10,
                metadata: {namespace: "default"}
            })
        ]
    });
    but it fails with the error:
    resource scheduler-priorities-5ynfh088 was not successfully created by the Kubernetes API server : failed to determine if the following GVK is namespaced: <http://scheduling.k8s.io/v1|scheduling.k8s.io/v1>, Kind=PriorityClassList
    Anyone know what's going wrong there? Seems like the PriorityClassList doesn't take a namespace of its own
    g
    b
    • 3
    • 10
  • g

    gorgeous-egg-16927

    03/25/2020, 8:12 PM
    message has been deleted
    🎉 2
    👍 2
  • f

    famous-bear-66383

    03/26/2020, 11:54 AM
    Hello folks ! I need to verify TLS certs in my pods and for that I mount a large file downloaded from https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates and added as ConfigMap to
    /etc/ssl/certs/
    . When I want to automated with pulumi like so
    const cacertificates = new k8s.yaml.ConfigFile("ca-certificates", {
            file: "ca-certificates.yaml",
        }
    );
    While ca-certificates.yaml is larg file about 271 KB containing
    GlobalSign Root CA
    . It works only if I use
    kubectl create
    . Reding about related issues like in here https://github.com/argoproj/argo-cd/issues/820 . It seems like Pulumi is also using
    kubectl apply
    to manage resources which leads to failure in my case.
    resource default/ca-certificates was not successfully created by the Kubernetes API server : ConfigMap "ca-certificates" is invalid: metadata.annotations: Too long: must have at most 262144 characters
    . Any hints/workaround this problem ? Appreciated : )
  • b

    brave-ambulance-98491

    03/26/2020, 3:37 PM
    So, I have a database migration
    Job
    that I want to guarantee completes before the rest of my stack runs. I feel like the two Pulumi ways to do this are: 1) add a
    dependsOn
    to the rest of the items in the stack, or 2) put the rest of the stack in an `apply`d function off of one of the job's outputs. The first option is a lot of busywork & passing arguments around - but when I did the second, it now produces alarming previews that imply all my Kubernetes objects will be deleted & recreated with each deploy. I think what I'm looking for doesn't exist: Something like a function on
    Resource
    that looks like:
    myResource.andThen(() => { /* stuff that happens only after the resource is created */ });
    Does such a function already exist? Is there a pattern to achieve this other than plumbing
    dependsOn
    down the call stack?
    g
    b
    • 3
    • 9
  • b

    breezy-gold-44713

    03/26/2020, 6:48 PM
    Greetings! I may be missing the obvious, but is there a mechanism when selecting my pulumi stack that it can set the kubectl config context and namespace? Or an easy way to create some hooks to do that for me?
    b
    b
    • 3
    • 20
  • c

    crooked-helicopter-55521

    03/26/2020, 8:05 PM
    I've got a configmap I've made by hand and am trying to figure out how to reproduce it with the
    core.v1.ConfigMap
    object. Having a bit of trouble, curious if anyone has any ideas (threading the details)
    b
    • 2
    • 6
  • b

    brave-ambulance-98491

    03/29/2020, 10:00 PM
    I'm seeing my
    Deployment
    resources show up as "replace" when I update
    ConfigMap
    values. Ideally, these should just "update" in that case. Is this a known issue?
    b
    g
    o
    • 4
    • 12
Powered by Linen
Title
b

brave-ambulance-98491

03/29/2020, 10:00 PM
I'm seeing my
Deployment
resources show up as "replace" when I update
ConfigMap
values. Ideally, these should just "update" in that case. Is this a known issue?
b

better-rainbow-14549

03/30/2020, 8:32 AM
i think this is intended behaviour (possibly related to autonaming?). a new resource is created and once it's finished deploying and successfully starts up the services get updated to point at it and the old one is deleted.
b

brave-ambulance-98491

03/30/2020, 3:57 PM
This breaks things like pod disruptions budgets, specifically for
Deployment
, so I don't love it.
g

gorgeous-egg-16927

03/30/2020, 4:43 PM
Pulumi does this because Pods don’t pick up changed ConfigMap values by default; it only happens when the Pod restarts. This behavior catches a lot of users off guard, so we made replacement the default. That said, I’m interested to hear more details if this is causing problems for you. Can you file an issue on the pulumi-kubernetes repo?
b

brave-ambulance-98491

03/30/2020, 4:44 PM
You want to do this, not a replacement: https://kubernetes.io/docs/tutorials/kubernetes-basics/update/update-intro/
g

gorgeous-egg-16927

03/30/2020, 4:57 PM
Actually, I realized that I was mistaken in my earlier response. We don’t replace the Deployment by default, just update it (same as a rolling update with kubectl). Confirmed this locally, so your original issue is something else going on.
b

brave-ambulance-98491

03/30/2020, 4:59 PM
Awesome, thank you for looking at this! I'll see if I can find a repro. It may only be an issue for items that have a static
ConfigMap
name, where the
Deployment
spec isn't changing at all. Also, did the preview show a
replace
or an
update
for the
Deployment
for you?
g

gorgeous-egg-16927

03/30/2020, 4:59 PM
It showed an
update
It could very well have to do with static names
b

brave-ambulance-98491

03/30/2020, 5:07 PM
Thanks! I'll file a bug on this if I get a repro case.
👍 1
o

orange-policeman-59119

05/20/2020, 1:53 AM
I'm seeing the same issue (v1beta1 Deployment is being "replaced" instead of "updated"), I think this is causing a disruption for a deployment I'm monitoring right now:
# many lines removed
~ spec      : {
    ~ template: {
        ~ spec    : {
            ~ containers                   : [
                ~ [0]: {
                        ~ env            : [
                        # many lines removed
                        ~ [14]: {
                                ~ name     : "ENV_VAR_A" => "SOME_NEW_ENV_VAR"
                                - value    : "env-var-a-value"
                                + valueFrom: {
                                    + secretKeyRef: {
                                        + key : "a-key"
                                        + name: "on-a-secret-resource"
                                    }
                                }
                            }
                        + [15]: {
                                + name : "ENV_VAR_A"
                                + value: "env-var-a-value"
                            }
Is the reason why because: • A new env var was introduced into a higher position • This shifted all the other env vars "down" • And during that shift, the secretKeyRef was added/removed? If so I think that's a defect, we already add an annotation to our pod spec with the hash of the secret key data so that when the secret updates, our pods do too
Like so:
~ template: {
                metadata: {
                    annotations: {
                        checksum/secrets: "[secret]"
                    }
b

brave-ambulance-98491

05/20/2020, 4:55 PM
@orange-policeman-59119 - Are you specifying a name when you create the
ConfigMap
(not having Pulumi generate a name for you)? My suspicion was that this was what triggered this bug.
View count: 6