I'm working on bootstrapping a cluster, and I noticed that when I create a

kubernetes.Provider

with an inline

kubeconfig

string, the string (with cluster access tokens) isn't being treated as a secret. Is there any way to mark this as a secret, so that the cluster's cleartext root credentials aren't available in diffs and the state store?

https://github.com/aws/containers-roadmap/issues/380#issuecomment-597351516 Better late than never

Hi there, does @pulumi/kubernetesx have a future? Seems like it hasn't been updated in a while?

👋 Pulumi newbie here. I'm working on getting Cloudwatch/statsd/fluentd working from some preexisting k8s yaml files at https://github.com/aws-samples/amazon-cloudwatch-container-insights/blob/k8s/1.1.0/k8s-deployment-manifest-templates/deployment-mode/daemonset/combination/combination.yaml One issue I keep running into are errors like:

kubernetes:core:ConfigMap (eks-cluster-nodeAccess):
  error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

I believe this has something to do with my

ConfigGroup

and/or

provider

parameter. Can anyone shed some light on this?

Hello all 👋 - also a newbie to Pulumi. I was able to use it to create an Azure AKS Kubernetes cluster, and also set the kubernetesVersion and update the cluster with pulumi up, but I wasn't able to see how I can set the default nodepool version, which I believe is set independently and e.g. has an azure CLI command to upgrade, but I would like to do this declaratively if at all possible? Thanks.

should i be worried about a goroutine panic that seems to be related to my kubeconfig, but doesn't actually seem to affect the correctness of my program ... ?

panic: interface conversion: interface {} is resource.PropertyMap, not string
    goroutine 28 [running]:
    <http://github.com/pulumi/pulumi/pkg/resource.PropertyValue.StringValue(...)|github.com/pulumi/pulumi/pkg/resource.PropertyValue.StringValue(...)>
    	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi@v1.6.1/pkg/resource/properties.go:359
    <http://github.com/pulumi/pulumi-kubernetes/pkg/provider.parseKubeconfigPropertyValue(0x2386280|github.com/pulumi/pulumi-kubernetes/pkg/provider.parseKubeconfigPropertyValue(0x2386280>, 0xc0001fea50, 0x2475423, 0xa, 0xc0001b2508)
    	/home/travis/gopath/src/github.com/pulumi/pulumi-kubernetes/pkg/provider/util.go:85 +0x169
    <http://github.com/pulumi/pulumi-kubernetes/pkg/provider.(*kubeProvider).DiffConfig(0xc000014000|github.com/pulumi/pulumi-kubernetes/pkg/provider.(*kubeProvider).DiffConfig(0xc000014000>, 0x26e1260, 0xc0001fe9f0, 0xc0001380e0, 0xc000014000, 0x2275301, 0xc00031a0c0)
    	/home/travis/gopath/src/github.com/pulumi/pulumi-kubernetes/pkg/provider/provider.go:278 +0x61b
    <http://github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler.func1(0x26e1260|github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler.func1(0x26e1260>, 0xc0001fe9f0, 0x23a5e80, 0xc0001380e0, 0x23c0a00, 0x33070c0, 0x26e1260, 0xc0001fe9f0)
    	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi@v1.6.1/sdk/proto/go/provider.pb.go:1504 +0x86
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x26e1260|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x26e1260>, 0xc000577200, 0x23a5e80, 0xc0001380e0, 0xc00000cb20, 0xc00000cb40, 0x0, 0x0, 0x26a05e0, 0xc0000cf7b0)
    	/home/travis/gopath/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20171105060200-01f8541d5372/go/otgrpc/server.go:61 +0x36e
    <http://github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler(0x2402f60|github.com/pulumi/pulumi/sdk/proto/go._ResourceProvider_DiffConfig_Handler(0x2402f60>, 0xc000014000, 0x26e1260, 0xc000577200, 0xc0000de3c0, 0xc0004d2040, 0x26e1260, 0xc000577200, 0xc000331300, 0x101f)
    	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi@v1.6.1/sdk/proto/go/provider.pb.go:1506 +0x14b
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc00034e300|google.golang.org/grpc.(*Server).processUnaryRPC(0xc00034e300>, 0x26fdc00, 0xc00045b500, 0xc00015a200, 0xc000436180, 0x32d3258, 0x0, 0x0, 0x0)
    	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:998 +0x46a
    <http://google.golang.org/grpc.(*Server).handleStream(0xc00034e300|google.golang.org/grpc.(*Server).handleStream(0xc00034e300>, 0x26fdc00, 0xc00045b500, 0xc00015a200, 0x0)
    	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:1278 +0xd97
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00039bd30|google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00039bd30>, 0xc00034e300, 0x26fdc00, 0xc00045b500, 0xc00015a200)
    	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:717 +0xbb
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
    	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.21.1/server.go:715 +0xa1

Is there a way to query a custom resource in dotnet? I want to import an existing custom resource object but I am unable to find information on how to do this.

is there any support in pulumi EKS (crosswalk or standard) for upgrading clusters (https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html)? 1.15 support was just launched, and upgrading the

pulumi.eks.Cluster

version wants me to tear down everything, which is really not ideal.

Hi everyone, I'm curious to know if anyone has been able to successfully install

prometheus-operator

in their k8s cluster (https://github.com/helm/charts/tree/master/stable/prometheus-operator) I found an issue related to this chart (https://github.com/pulumi/pulumi-kubernetes/issues/824) which helped alleviate some of the issues but I'm still stuck with some errors...

Nvm, it's resolved now

@enough-greece-61665 would you mind sharing what your problem and solution was?

is there an example anywhere of transformations on helm/ConfigFile resources using python?

is it possible to add annotations to a pod when using

kubernetesx

? I can't seem to find the right magic

Cross-posting for folks who may have missed it. We’re hosting a public Hackathon right now over in #hackathon-03-19-2020. If you’re working on any interesting k8s projects and want to share, hop in and tell us about it!

What is the right way to create a nodegroup with

@pulumi/eks

? I created my first cluster using the

createNodeGroup

method. That worked, but I can't set

_ignoreChanges: [_"desiredCapacity"_]_

. I tried using the

new NodeGroup()

that takes the

pulumi.ComponentResourceOptions

where I can set ignoreChanges, but my pods can't resolve DNS. I also saw there are

createNodeGroup()

and

createManagedNodeGroup()

functions too. So, 2 questions: • Which is the recommended way? • Why when using

new NodeGroup()

that my pods in that nodegroup can't resolve DNS?

Cross posting - https://pulumi-community.slack.com/archives/C84L4E3N1/p1584726406205000

Any way to specify timeouts when creating resources in k8s? My NLB takes a loooooong time to initialize. It gets created, but it times out waiting for it to be ready.

is it possible to use to get a resource that isn't defined in Pulumi, or do I need to use the standard k8s api ?

Hey y'all, I've got a question about creating a

PriorityClass

. I'm trying to do the following (on GCP):

const schedulingPriorities = new k8s.scheduling.v1.PriorityClassList("scheduler-priorities", {
    items: [
        new k8s.scheduling.v1.PriorityClass("selector-spread-priority", {
            value: 10,
            metadata: {namespace: "default"}
        })
    ]
});

but it fails with the error:

resource scheduler-priorities-5ynfh088 was not successfully created by the Kubernetes API server : failed to determine if the following GVK is namespaced: <http://scheduling.k8s.io/v1|scheduling.k8s.io/v1>, Kind=PriorityClassList

Anyone know what's going wrong there? Seems like the PriorityClassList doesn't take a namespace of its own

Hello folks ! I need to verify TLS certs in my pods and for that I mount a large file downloaded from https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates and added as ConfigMap to

/etc/ssl/certs/

. When I want to automated with pulumi like so

const cacertificates = new k8s.yaml.ConfigFile("ca-certificates", {
        file: "ca-certificates.yaml",
    }
);

While ca-certificates.yaml is larg file about 271 KB containing

GlobalSign Root CA

. It works only if I use

kubectl create

. Reding about related issues like in here https://github.com/argoproj/argo-cd/issues/820 . It seems like Pulumi is also using

kubectl apply

to manage resources which leads to failure in my case.

resource default/ca-certificates was not successfully created by the Kubernetes API server : ConfigMap "ca-certificates" is invalid: metadata.annotations: Too long: must have at most 262144 characters

. Any hints/workaround this problem ? Appreciated : )

So, I have a database migration

Job

that I want to guarantee completes before the rest of my stack runs. I feel like the two Pulumi ways to do this are: 1) add a

dependsOn

to the rest of the items in the stack, or 2) put the rest of the stack in an `apply`d function off of one of the job's outputs. The first option is a lot of busywork & passing arguments around - but when I did the second, it now produces alarming previews that imply all my Kubernetes objects will be deleted & recreated with each deploy. I think what I'm looking for doesn't exist: Something like a function on

Resource

that looks like:

myResource.andThen(() => { /* stuff that happens only after the resource is created */ });

Does such a function already exist? Is there a pattern to achieve this other than plumbing

dependsOn

down the call stack?

Greetings! I may be missing the obvious, but is there a mechanism when selecting my pulumi stack that it can set the kubectl config context and namespace? Or an easy way to create some hooks to do that for me?

I've got a configmap I've made by hand and am trying to figure out how to reproduce it with the

core.v1.ConfigMap

object. Having a bit of trouble, curious if anyone has any ideas (threading the details)

I'm seeing my

Deployment

resources show up as "replace" when I update

ConfigMap

values. Ideally, these should just "update" in that case. Is this a known issue?

Hello community ! Quick question: I’d like to add labels to

default namespace

eg. istio injection label. How can I do that ?

Is it expected that I have to ignore a bunch of properties so pulumi kubernetes doesn't always think it needs updated. A bunch of metadata like last-applied-configuration, creationTimestamp, labels.app.kubernetes.io/managed-by, resourceVersion, etc. and default properties are set when objects are created and now pulumi thinks they need replaces/updated each time i run up. I enabled "enableDryRun" on the kubernetes provider and refreshed but that doesn't seem to change anything.

Hi, question on spinning up eks with some helm charts. When I perform pulumi up, does pulumi up implementation waits for all pods to be running or failed or certain pod state before it exits? In other words, How does pulumi up command knows when to say it has completed its command execution.

I am running pulumi with the kubernetes provider manually set but I also manually updated my KUBECONFIG to a bad value. Now when I run it I get this warning "warning: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided" Why does it care about my env variable and/or file if I am manually setting the provider and setting the kubeconfig. I have found a few times it tries to load the env var or file when I do not want it too so I am manually setting it too a bogus value to make sure it doesn't mess with my current local context.

You should be able to do this by setting the

import

option on the ConfigMap. Here’s a similar thread from yesterday: https://pulumi-community.slack.com/archives/CRFURDVQB/p1585595632038300?thread_ts=1585556994.029200&cid=CRFURDVQB

Rancher just released the new version 2.4.0 but I am unable to upgrade to it due to the helm fecth extracting two directories. Seems like the logic to get the templates/values expects the untar to only have a single directory extracted and not two. I logged an issue earlier here https://github.com/pulumi/pulumi-kubernetes/issues/1046 but now I cannot upgrade rancher which is something we need to start testing. I am using dotnet but I am guessing the other sdks also have the same issue.