pulumi-community #kubernetes

kubernetes

victorious-engine-64347

06/20/2022, 7:07 AM

Hi everyone. Could you help me for this issue? https://github.com/pulumi/pulumi-kubernetes/issues/2035

adamant-terabyte-3965

06/20/2022, 10:45 PM

Hello again! I've gotten to a point where I have successfully got my EKS cluster provisioned and an ingress controller auto-creating an ALB with after detecting my ingress. I'm using

k8s.helm.v3.Chart()

to deploy the ingress controller, and after the first

pulumi up

everything works correctly. However, whenever I run

pulumi up

again, it looks like Pulumi is trying to replace or update certain parts of the ingress controller. I don't have the preview but the failed update (remember, nothing has changed on my end with regards to the ingress controller, I just updated the image tag for my app deployment) report looks like the attached image. It causes serious problems with my cluster, and eventually I end up destroying my whole stack and rebuilding to get everything working again. Is there a way so that I can deploy that controller via helm chart and not have it try and delete/replace things that haven't been changed? I think the issue is similar to this one: https://github.com/pulumi/pulumi-kubernetes/issues/2035

brief-jelly-98203

06/21/2022, 1:36 PM

anyone has been having problems with Pulumi and Bitnami helm charts? As of today I had a working chart being deployed but now it says that the chart version does not exist in the repository. I ran

helm search repo bitnami/mariadb --versions

and the version is there.

most-lighter-95902

06/21/2022, 4:10 PM

Anyone have any insight on:

most-lighter-95902

06/21/2022, 4:10 PM

error: TypeError: Cannot read properties of undefined (reading 'map')
        at /Users/seungchanlee/Documents/Sidetrek/sidetrek-flyte/node_modules/@pulumi/yaml/yaml.ts:2993:14

most-lighter-95902

06/21/2022, 4:10 PM

This seems to be the problem but still can’t figure out why:

most-lighter-95902

06/21/2022, 4:10 PM

const metricsServer = new k8s.yaml.ConfigGroup('metrics-server', {
      files: '<https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml>',
    }, { provider: cluster.provider })

most-lighter-95902

06/21/2022, 4:11 PM

And weirdly, this file doesn’t even exist:

/Users/seungchanlee/Documents/Sidetrek/sidetrek-flyte/node_modules/@pulumi/yaml/yaml.ts:2993:14

most-lighter-95902

06/21/2022, 4:11 PM

I’ve been struggling with it for a couple days now and would appreciate any help with this

glamorous-australia-21342

06/21/2022, 4:16 PM

Anyone know how to programatically update

roleMappings

after a cluster is created? I'm making some K8s roles with namespaces in them, and I need to update this after the namespaces are already created.

// Create an EKS cluster with the default configuration.
export const cluster = new eks.Cluster(stack,{
  createOidcProvider: true,
  providerCredentialOpts: {
    profileName: aws.config.profile,
  },
  roleMappings: [
    {
      groups: ["system:masters"],
      roleArn: clusterIamAuthRole.role.arn,
      username: "admin"
    },
    {
      groups: [k8sClusterRoleName],
      roleArn: clusterNonManagedIamRole.role.arn,
      username: k8sClusterRoleName
    },
    // {
    //   groups: groupsList.apply(groups => groups),
    //   roleArn: namespaceRestrictedIamRole.role.arn,
    //   username: roleName
    // }
  ]
});

glamorous-australia-21342

06/21/2022, 5:36 PM

How to manage aws-auth configmap with pulumi?

proud-tomato-75820

06/23/2022, 7:59 AM

Hi, can anyone tell me if i’m doing something wrong and point me to some docs? 🙏 Or it’s just not implemented? I’m trying to create service account API token:

const secret = new k8s.core.v1.Secret("example", {
    metadata: {
        name: "example",
        annotations: {
            "<http://kubernetes.io/service-account.name|kubernetes.io/service-account.name>": "default",
        },
    },
    type: "<http://kubernetes.io/service-account-token|kubernetes.io/service-account-token>",
});

which works. But now how do I get the token since data is undefined?

secret.data.apply(v => v["token"]);

🤔

few-pillow-1133

06/23/2022, 3:40 PM

Below issue seems to still be there

initialize discovery client: exec plugin: invalid apiVersion "<http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>

stacks: pulumi/pulumi:3.35.0

victorious-exabyte-70545

06/23/2022, 6:23 PM

Hi guys, I just got this error when updating my ingress controller:

kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> (ingress-nginx-helm):
    error: uninstall: Release not loaded: ingress-nginx-helm-zy7cpt64: release: not found

few-pillow-1133

06/23/2022, 8:37 PM

Any ideas why we're getting with pulumi_eks v0.41.0? ``warning: provider config warning: Argument is deprecated`

victorious-exabyte-70545

06/23/2022, 9:33 PM

Another question about ingress controllers. I am trying to assign a private ip to an internal loadbalancer that will be used with nginx ingress controller. Problem is the specified ip address is being ignored.

loud-carpenter-77875

06/24/2022, 11:16 AM

i am very new to pulumi and want to try pulumi-kubernets expriment tried with quickproject and end up with this issue not sure how i can solve this [3:43 PM] pulumi😛ulumi:Stack (quickproject-dev): Traceback (most recent call last): File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 49, in run_pulumi_func func() File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 126, in <lambda> await run_pulumi_func(lambda: Stack(func)) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 143, in init super().__init__("pulumi😛ulumi:Stack", name, None, None) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/resource.py", line 1117, in init Resource.__init__(self, t, name, False, props, opts, remote, False) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/resource.py", line 941, in init register_resource( File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/resource.py", line 486, in register_resource log.debug( File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/log.py", line 45, in debug _log(engine, engine_pb2.DEBUG, msg, resource, stream_id, ephemeral) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/log.py", line 144, in _log engine.Log(req) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/grpc/_channel.py", line 946, in call return _end_unary_response_blocking(state, call, False, None) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking raise _InactiveRpcError(state) grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "failed to connect to all addresses" debug_error_string = "{"created":"@1656093959.919937667","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3260,"referenced_errors":[{"created":"@1656093959.919937322","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":167,"grpc_status":14}]}" > During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/jagrat/.pulumi/bin/pulumi-language-python-exec", line 107, in <module> loop.run_until_complete(coro) File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 126, in run_in_stack await run_pulumi_func(lambda: Stack(func)) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func await wait_for_rpcs() File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/runtime/stack.py", line 58, in wait_for_rpcs log.debug("Waiting for outstanding RPCs to complete") File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/log.py", line 45, in debug _log(engine, engine_pb2.DEBUG, msg, resource, stream_id, ephemeral) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/log.py", line 144, in _log engine.Log(req) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/grpc/_channel.py", line 946, in call return _end_unary_response_blocking(state, call, False, None) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking raise _InactiveRpcError(state) grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "failed to connect to all addresses" debug_error_string = "{"created":"@1656093959.920037994","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3260,"referenced_errors":[{"created":"@1656093959.920037724","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":167,"grpc_status":14}]}" > During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/jagrat/.pulumi/bin/pulumi-language-python-exec", line 112, in <module> pulumi.log.error("Program failed with an unhandled exception:") File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/log.py", line 109, in error _log(engine, engine_pb2.ERROR, msg, resource, stream_id, ephemeral) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/pulumi/log.py", line 144, in _log engine.Log(req) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/grpc/_channel.py", line 946, in call return _end_unary_response_blocking(state, call, False, None) File "/home/jagrat/quickstart/venv/lib/python3.8/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking raise _InactiveRpcError(state) grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "failed to connect to all addresses" debug_error_string = "{"created":"@1656093959.920126045","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3260,"referenced_errors":[{"created":"@1656093959.920125791","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":167,"grpc_status":14}]}" > error: an unhandled error occurred: Program exited with non-zero exit code: 1

hallowed-intern-40532

06/26/2022, 10:12 AM

Hi guys, I have the following code that is working with Pulumi 3.29.1 and earlier but it does not work with 3.30 and later. I create EKS cluster using Pulumi.Eks dotnet package. Then I create kubernetes provider I use to get access to the cluster In 3.30+ pulumi versions pulumi tries to replace kubernetes provider and it leads to replacement of all cluster resources that was deployed using the provider

var eks = new Cluster($"{clusterName}", new ClusterArgs
        {
            Name = $"{clusterName}",
            Version = config.Require("eks_version"),
            VpcId = VpcId,
            PrivateSubnetIds = PrivateSubnetIds,
            PublicSubnetIds = PublicSubnetIds,
            EndpointPrivateAccess = true,
            EndpointPublicAccess = true,
            NodeAssociatePublicIpAddress = false,
            NodeRootVolumeType = "gp3",
            StorageClasses = "gp3",
            SkipDefaultNodeGroup = true,
            ServiceRole = clusterRole,
            InstanceRole = instanceRole,
            EnabledClusterLogTypes =
            {
                "api",
                "audit",
                "authenticator",
                "controllerManager",
                "scheduler"
            },
            EncryptionConfigKeyArn = eksKmsKey.Arn,
            ProviderCredentialOpts = new KubeconfigOptionsArgs { ProfileName = $"{awsProfile}", 
                RoleArn = adminRoleArn }, 
            UseDefaultVpcCni = true,
            InstanceType = config.Require("main_instance_type"),
            CreateOidcProvider = true,
            KubernetesServiceIpAddressRange = config.Require("k8s_service_cidr_block"),
            PublicAccessCidrs = config.RequireObject<List<string>>("k8s_public_access_cidr_block")
        });

var eksProvider = new k8s.Provider("eksProvider", new k8s.ProviderArgs
{
    KubeConfig = eks.GetKubeconfig()
});

steep-portugal-37539

06/27/2022, 11:09 PM

Hi everyone 🙂 I can’t manage to update my EKS cluster’s kubeconfig after upgrading to v 1.22. No matter what i do:

Diagnostics:
  kubernetes:core/v1:ConfigMap (tezos-aws-tutorial-nodeAccess):
    error: failed to initialize discovery client: exec plugin: invalid apiVersion "<http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>"

I’ve updated the k8s version on AWS, and pulumi refreshed. I’ve also updated my pulumi packages to the latest versions as well as aws-cli and kubectl. (Although it seems kubectl 1.24 is broken so i went back down to 1.22) I’ve also manually modified my stacks state. I changed

"apiVersion": "<http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>"

to use

v1beta1

and changed the EKS provider version to

"version": "0.41.0"

No matter what i do pulumi gives me the error, and

pulumi stack output kubeconfig --show-secrets -j

shows the old kubeconfig version using

alpha

steep-portugal-37539

06/27/2022, 11:09 PM

any help would be much appreciated. Thanks 🙂

steep-portugal-37539

06/27/2022, 11:10 PM

oh i’ve also ran the

aws update-kubeconfig

command. Doesn’t seem to help me

most-mouse-38002

06/28/2022, 11:33 AM

Is there any way of performing the equivalent of

kubectl annotate namespace default foo=bar

without using

local.Command

and

kubectl

? I have looked for a way of fetching an existing namespace, but they apparently have to have been created by Pulumi. There is also no way of editing kubernetes native resources (such as namespaces) that I could find. Any help would be welcomed! 🙂 (adding link to the docs of what I am trying to achieve with Pulumi which we have been using terraform for so far).

happy-raincoat-89168

06/30/2022, 6:10 PM

Is it possible to apply a string containing yaml directly into k8s? I can do

k8s.yaml.ConfigFile

to read from a file and apply, but if possible I’d like to skip the file and just use text that I specify in my code

freezing-quill-32178

07/01/2022, 8:50 AM

Hello all,

Diagnostics:
  pulumi:pulumi:Stack (usermanagement-svc-deploy-usermanagement-svc-dev):
    W0701 10:41:26.074241   57840 gcp.go:120] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
    To learn more, consult <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>

I’m getting this warning because the GKE cluster kubeconfig is created and exported as output while back, it there a way to force Pulumi to regenerate it with the new GKE Auth plugin? I’ve setup locally the new auth plugin and kubectl is working fine,

USE_GKE_GCLOUD_AUTH_PLUGIN

is set as well but it is only for local kubectl/terminal usage. Any idea what has to be done on Pulumi side in order not to break GKE connection to the cluster while updating/migrating to K8s v1.25?

best-appointment-51810

07/01/2022, 6:35 PM

Hello I’m was able to create a cluster linode k8s cluster but now I’m getting this error when I try to use the kubeconfig on the next steps:

error: configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }

best-appointment-51810

07/01/2022, 6:35 PM

This is the code that creates the cluster:

const procCluster = new linode.LkeCluster(label(date), {
    k8sVersion: "1.23",
    label: date,
    pools: [{
        count: 3,
        // <https://api.linode.com/v4/linode/types>
        type: "g6-standard-2",
    }],
    region: "us-central",
    tags: ["prod"],
});

best-appointment-51810

07/01/2022, 6:36 PM

and where I try to use the kubctl on the provider:

const lkeProvider = new k8s.Provider("date", {
    kubeconfig: procCluster.kubeconfig
})

cool-wall-66940

07/03/2022, 1:08 PM

Hi everyone, I am trying to install the ingress-nginx controller with pulumi on DigitalOcean and I got stuck. Maybe somebody had a similar issue and can help me out. 1. I create the k8s cluster 2. I use Release to install the nginx ingress controller because I am waiting for the load balancer to get an external IP 3. Pulumi stops when I try to get the IP address of the service ingress-nginx-controller I used the example I found on the documentation page: https://www.pulumi.com/blog/full-access-to-helm-features-through-new-helm-release-resource-for-kubernetes/ Here is my code:

# Generate the cluster itself
k8s_cluster = KubernetesCluster(
    resource_name=K8S_CLUSTER_NAME,
    name=K8S_CLUSTER_NAME,
    region=K8S_REGION,
    version=K8S_VERSION,
    node_pool=KubernetesClusterNodePoolArgs(
        name=K8S_NODE_POOL_NAME,
        node_count=K8S_NODE_COUNT,
        size=K8S_NODE_SIZE,
    ),
    ha=K8S_HIGH_AVAILABILITY_PLANE,
)

# Get provider for Kubernetes cluster
k8s_provider = Provider(
    resource_name=K8S_CLUSTER_NAME,
    kubeconfig=k8s_cluster.kube_configs[0].raw_config,
    opts=pulumi.ResourceOptions(parent=k8s_cluster),
)

# Install nginx ingress controller with Helm chart and wait for it so load balancer gets IP address
release_args = ReleaseArgs(
    name="ingress-nginx",
    chart="ingress-nginx",
    repository_opts=RepositoryOptsArgs(
        repo="<https://kubernetes.github.io/ingress-nginx>"
    ),
    values=INGRESS_CONTROLLER_HELM_VALUES,
    skip_await=False,
)
# noinspection PyArgumentList
release = Release(
    resource_name="ingress-nginx",
    name="ingress-nginx",
    args=release_args,
    opts=ResourceOptions(
        provider=k8s_provider
    ),
    timeout=1000,
    skip_await=False,
)


status = release.status
# srv = Service.get(id=release.name, resource_name="ingress-nginx-controller")

srv = Service.get(
    f"{release.status.name}-controller",
    Output.concat(release.status.name, "-controller")
)

pulumi.export("externalIPs", srv.spec.external_ips)
pulumi.export("status", status)

I will attach the error screenshot with the image where it actually created the ingress-nginx-controller service. Error message:

Diagnostics:
  pulumi:pulumi:Stack (k8s_init-dev):
    error: update failed
 
  kubernetes:core/v1:Service (Calling __str__ on an Output[T] is not supported.

To get the value of an Output[T] as an Output[str] consider:
1. o.apply(lambda v => f"prefix{v}suffix")

See <https://pulumi.io/help/outputs> for more details.
This function may throw in a future version of Pulumi.-controller):
    error: resource 'ingress-nginx-controller' does not exist

I hope somebody can help me out and guide me. Thanks a lot! Best regards, Refik

most-lighter-95902

07/04/2022, 12:01 AM

Hi, a quick question regarding Pulumi’s Helm Release resource usage

most-lighter-95902

07/04/2022, 12:02 AM

I’m currently using

valueYamlFiles

and

values

together where the

valueYamlFiles

yaml is referencing some values from

values

object using this kind of syntax:

Title

most-lighter-95902

07/04/2022, 12:02 AM

I’m currently using

valueYamlFiles

and

values

together where the

valueYamlFiles

yaml is referencing some values from

values

object using this kind of syntax:

View count: 4