pulumi-community #kubernetes

gorgeous-egg-16927

06/10/2022, 8:44 PM

Hey everyone, happy Friday! I’m excited to announce that we’ve created a design to resolve the longstanding issue about adding patch support to the

pulumi-kubernetes

provider. You can read the detailed proposal and respond with any comments or questions on that issue.

❤️ 4

🎉 3

👍 1

sparse-spring-91820

06/14/2022, 7:08 AM

I created EKS kubernetes cluster and set min and max cluster size but cluster does not autoscale. In this article: https://www.pulumi.com/blog/easily-create-and-manage-aws-eks-kubernetes-clusters-with-pulumi/#:~:text=Launching%20worke[…]0to%20join%20the%20cluster it says that autoscaler is created which is true but it is not doing anything. Do I need to do anything else to enable cluster node autoscaling? Thanks in advance 🙏

Copy code

const cluster = new eks.Cluster('cluster', {
  name: 'eks-cluster',
  vpcId: vpc.id,
  publicSubnetIds: vpc.publicSubnetIds,
  privateSubnetIds: vpc.privateSubnetIds,
  desiredCapacity: 2,
  minSize: 1,
  maxSize: 3
});

glamorous-australia-21342

06/14/2022, 3:25 PM

I'm building a list of kubernetes resources to make easier RBAC permissions (resource - deny, instead of resource- allow all except 1), so I've made the following function, however

jsonObj

isnt blank outside of the

output.apply(...

. What am I doing wrong? If I log it inside the

output.apply(..

it behaves as expected. Some kind of scope thing I am not understanding I believe.

Copy code

export function createRbacJson() {
  // Generate list of valid resources names
  const getK8sApiOutput = new local.Command("get-k8s-api-output", {
    create: `kubectl api-resources --no-headers -o wide`,
  });

  const output = getK8sApiOutput.stdout;

  //output.apply(v => console.log(v))

  let jsonObj: any = {}

  output.apply(row =>
    row.split("\n").forEach(function (row) {
      const splitRow = row.match(/"[^"]*"|\[[^\][]*]|[^\s\][]+/g)
      if (splitRow != null) {
        const resourceName = splitRow[0]
    
        // if resource has a shortname skip it
        var columnModifier = 0
        if (splitRow.length == 6) {
          columnModifier++
        }
    
        const resourceApi = splitRow[1 + columnModifier]
        const namespaced = splitRow[2 + columnModifier]
        const resourceVerbs = splitRow[4 + columnModifier]?.replace(/[\[\]']+/g,'').split(/[ ,]+/)
        const verbs: string[] = []
        resourceVerbs.forEach(verb => {
          verbs.push(verb)
        });
        
        // console.log(resourceName)
        // console.log(resourceApi)
        // console.log(verbs)
        // console.log(namespaced)
        jsonObj[resourceName] = {
          api: resourceApi,
          verbs: verbs,
          namespaced: namespaced
        }

      }
    })
  );
  const jsonObjOutput = pulumi.output(jsonObj)

  return jsonObjOutput.apply(v => console.log(v))
}

Output of

createRbacJson()

Copy code

{}

flat-laptop-90489

06/14/2022, 6:21 PM

If I'm using pulumi-eks, and creating a separate managedNodeGroup - what's the right way to go about triggering a refresh of the instance group nodes when the EKS version is updated? I believe the nodes pull their k8s version from the control plane on startup.

victorious-engine-64347

06/16/2022, 7:16 PM

Hi everyone. I am getting this error. I uploaded my files. Could you guys help me?

Copy code

certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "aws-load-balancer-controller-ca")

ingress.ts iam.ts cluster.ts

magnificent-ambulance-5713

06/17/2022, 3:30 AM

Hello! Happy Friday! What should one do when they encounter this error with a

helm.Release

Copy code

~  kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> airflow **updating failed** [diff: ~values]; error: another operation (install/upgrade/rollback) is in progress

Couldn't find any documentation about it 🤔 For now I've destroyed the whole stack & rebuilt it, which is thankfully possible for now, but not later 😅

nice-secretary-23177

06/17/2022, 12:42 PM

What is the recommended way to deploy Kubernetes manifests from YAML files now? For some context on what I tried: Previously the

kubernetes.yaml

(ie

@pulumi/kubernetes

) module wasn’t working because things weren’t propagating

opts.provider

. So I made a workaround that uses

local.Command

and setting

args.environment.KUBECONFIG

, but now that stopped working too for some reason. It seems to ignore the environment variable (and it tries to use the default kubeconfig file, but luckily I’ve added some guardrails to avoid disasters in case such a bug pops up). I remember seeing that the propagation bug was fixed. So, I tried to convert to use the builtin yaml methods again, but it looks like nothing in the

kubernetes.yaml

module works now, because it complains that

map

can’t be called on undefined in yaml/yaml.ts:2993. These are multi-document yaml files (cert manager and aws lb controller), if it matters?

nice-secretary-23177

06/17/2022, 12:45 PM

I didn’t reach for the kube2pulumi tool yet, since I want to avoid the process of converting-then-manually-editing third party manifests. Although, if that’s the only solution until

kubernetes.yaml

becomes table, then alas, so be it.

fast-florist-41572

06/17/2022, 3:18 PM

https://github.com/pulumi/pulumi-kubernetes/issues/1066

fast-florist-41572

06/17/2022, 3:19 PM

This is still an issue today over 2 years since the update, anybody actually tracking it to get fixed?

most-lighter-95902

06/19/2022, 12:00 AM

Hi getting this weird error when I’m trying to create an EKS cluster:

most-lighter-95902

06/19/2022, 12:00 AM

Copy code

error: TypeError: Cannot read properties of undefined (reading 'map')
        at /Users/seungchanlee/Documents/Sidetrek/sidetrek-flyte/node_modules/@pulumi/yaml/yaml.ts:2993:14
        at processTicksAndRejections (node:internal/process/task_queues:96:5)

most-lighter-95902

06/19/2022, 12:01 AM

Here are the package versions:

most-lighter-95902

06/19/2022, 12:01 AM

Copy code

"@pulumi/aws": "^5.0.0",
"@pulumi/awsx": "^0.40.0",
"@pulumi/eks": "^0.40.0",
"@pulumi/kubernetes": "^3.19.3",
"@pulumi/pulumi": "^3.22.0",

most-lighter-95902

06/19/2022, 1:07 AM

This seems to be culprit but not quite sure why since it worked previously:

most-lighter-95902

06/19/2022, 1:08 AM

Copy code

const metricsServer = new k8s.yaml.ConfigGroup('metrics-server', {
      files: '<https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml>',
    }, { provider: cluster.provider })

most-lighter-95902

06/19/2022, 1:18 AM

No package version change seems to have any effect

most-lighter-95902

06/19/2022, 1:25 AM

And weirdly, this file doesn’t even exist:

/Users/seungchanlee/Documents/Sidetrek/sidetrek-flyte/node_modules/@pulumi/yaml/yaml.ts:2993:14

victorious-engine-64347

06/20/2022, 7:07 AM

Hi everyone. Could you help me for this issue? https://github.com/pulumi/pulumi-kubernetes/issues/2035

adamant-terabyte-3965

06/20/2022, 10:45 PM

Hello again! I've gotten to a point where I have successfully got my EKS cluster provisioned and an ingress controller auto-creating an ALB with after detecting my ingress. I'm using

k8s.helm.v3.Chart()

to deploy the ingress controller, and after the first

pulumi up

everything works correctly. However, whenever I run

pulumi up

again, it looks like Pulumi is trying to replace or update certain parts of the ingress controller. I don't have the preview but the failed update (remember, nothing has changed on my end with regards to the ingress controller, I just updated the image tag for my app deployment) report looks like the attached image. It causes serious problems with my cluster, and eventually I end up destroying my whole stack and rebuilding to get everything working again. Is there a way so that I can deploy that controller via helm chart and not have it try and delete/replace things that haven't been changed? I think the issue is similar to this one: https://github.com/pulumi/pulumi-kubernetes/issues/2035

brief-jelly-98203

06/21/2022, 1:36 PM

anyone has been having problems with Pulumi and Bitnami helm charts? As of today I had a working chart being deployed but now it says that the chart version does not exist in the repository. I ran

helm search repo bitnami/mariadb --versions

and the version is there.

most-lighter-95902

06/21/2022, 4:10 PM

Anyone have any insight on:

most-lighter-95902

06/21/2022, 4:10 PM

Copy code

error: TypeError: Cannot read properties of undefined (reading 'map')
        at /Users/seungchanlee/Documents/Sidetrek/sidetrek-flyte/node_modules/@pulumi/yaml/yaml.ts:2993:14

most-lighter-95902

06/21/2022, 4:10 PM

This seems to be the problem but still can’t figure out why:

most-lighter-95902

06/21/2022, 4:10 PM

Copy code

const metricsServer = new k8s.yaml.ConfigGroup('metrics-server', {
      files: '<https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml>',
    }, { provider: cluster.provider })

most-lighter-95902

06/21/2022, 4:11 PM

And weirdly, this file doesn’t even exist:

/Users/seungchanlee/Documents/Sidetrek/sidetrek-flyte/node_modules/@pulumi/yaml/yaml.ts:2993:14

most-lighter-95902

06/21/2022, 4:11 PM

I’ve been struggling with it for a couple days now and would appreciate any help with this

glamorous-australia-21342

06/21/2022, 4:16 PM

Anyone know how to programatically update

roleMappings

after a cluster is created? I'm making some K8s roles with namespaces in them, and I need to update this after the namespaces are already created.

Copy code

// Create an EKS cluster with the default configuration.
export const cluster = new eks.Cluster(stack,{
  createOidcProvider: true,
  providerCredentialOpts: {
    profileName: aws.config.profile,
  },
  roleMappings: [
    {
      groups: ["system:masters"],
      roleArn: clusterIamAuthRole.role.arn,
      username: "admin"
    },
    {
      groups: [k8sClusterRoleName],
      roleArn: clusterNonManagedIamRole.role.arn,
      username: k8sClusterRoleName
    },
    // {
    //   groups: groupsList.apply(groups => groups),
    //   roleArn: namespaceRestrictedIamRole.role.arn,
    //   username: roleName
    // }
  ]
});

glamorous-australia-21342

06/21/2022, 5:36 PM

How to manage aws-auth configmap with pulumi?

proud-tomato-75820

06/23/2022, 7:59 AM

Hi, can anyone tell me if i’m doing something wrong and point me to some docs? 🙏 Or it’s just not implemented? I’m trying to create service account API token:

Copy code

const secret = new k8s.core.v1.Secret("example", {
    metadata: {
        name: "example",
        annotations: {
            "<http://kubernetes.io/service-account.name|kubernetes.io/service-account.name>": "default",
        },
    },
    type: "<http://kubernetes.io/service-account-token|kubernetes.io/service-account-token>",
});

which works. But now how do I get the token since data is undefined?

secret.data.apply(v => v["token"]);

🤔