https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • m

    most-lighter-95902

    07/10/2022, 5:39 PM
    Is there a --from-files option with Pulumi Kubernetes Secret resource? I can’t seem to find one in the docs
  • c

    curved-morning-41391

    07/11/2022, 10:17 PM
    Anyone hit this? https://github.com/pulumi/pulumi-kubernetes/issues/1939 I'm wondering what the recommended workaround is, I'm unable to install knative/istio with
    ConfigFile
  • r

    rough-author-69114

    07/12/2022, 8:50 AM
    Hi all. What is best practice to manage admin access to a Kubernetes cluster? I'm creating a cluster with
    pulumi_gcp.container.Cluster
    and then want to deploy Strimzi operator with
    pulumi_kubernetes.helm.v3.Chart
    . The problem I run into is that I don't personally have access to the cluster until I run
    gcloud container clusters get-gredentials <cluster_name> --region <region>
    and generate the configuration, with certificates, for the cluster. I have a few ideas but I feel like I'm missing something that should work better. Idea 1: I can run the command to get the credentials from gcloud with
    pulumi_command.local.Command
    after the creation of the cluster and before the Chart. I don't particularly like this idea because it changes the state of my personal environment. For the time being it is not a problem, but once we start working with multiple clusters and multiple developers it is bound to cause problems. And then I'm out of ideas. I'll start by trying idea 1 but I hope I can get some more information here.
    d
    • 2
    • 9
  • w

    white-chef-55657

    07/14/2022, 1:09 PM
    I’m trying to change some kubelet configuration in EKS, can’t find it in the documentation anyone knows if it’s possible to change
    kubeletExtraConfig
    (https://eksctl.io/usage/customizing-the-kubelet/) with pulumi ?
    s
    • 2
    • 1
  • w

    wet-noon-14291

    07/14/2022, 9:56 PM
    How does
    dependsOn
    work with
    ConfigFile
    ? I have two typescript classes, A and B, that both extends
    ComponentResource
    class. In both A and B I use the
    ConfigFile
    resource. First I create A and when creating B I set that it depends on A, but for some reason it seems like all the resources in A isn't running when B is provisioned... is that by design? Do I need to depend on the actual
    ConfigFile
    that A creates for it to work? I thought A wouldn't be done until everything I create in the constructor of A is done.
    s
    l
    • 3
    • 6
  • a

    adamant-terabyte-3965

    07/15/2022, 4:50 PM
    I'm trying to create two identical environments in different namespaces on the same EKS cluster. What I expected to happen is that Pulumi would detect existing resources that would be shared and only create ones that are needed in the new namespace. That's mostly true except for when I
    pulumi up
    it tries to create all resources, which causes it to error out with the following error:
    kubernetes:core/v1:ServiceAccount (aws-lb-controller-sa):
        error: resource kube-system/lb-serviceaccount was not successfully created by the Kubernetes API server : serviceaccounts "lb-serviceaccount" already exists
    At this point the ServiceAccount for my load balancer exists on the
    kube-system
    namespace, and doesn't need creation in the new namespace. How do I get Pulumi to discover existing resources (in this case, my load balancer ServiceAccount) in a different namespace or at least not try and error out attempting to recreate the existing ServiceAccount? I've tried to run
    pulumi refresh
    on my newly created stack, but it doesn't seem to change anything.
    b
    • 2
    • 5
  • s

    steep-portugal-37539

    07/15/2022, 5:58 PM
    Hey guys 🙂 What is the best practice for the identity of an EKS cluster creator? Should it be the CI role that we use to deploy our infrastructure? Should it be a dedicated role created only for the purpose of creation of the cluster? And then the CI does everything else in terms of deployment of AWS resources as well as k8s resources. Perhaps it should not be the CI role that is the creator as it will be part of system:masters. And for reasons I don’t fully understand, we don’t want to just add users to that if they need admin control. Rather they should be made separate
    clusterAdmins
    . So then perhaps it should be a dedicated role that doesn’t get used for anything else to create the cluster.
  • w

    wet-noon-14291

    07/18/2022, 10:28 PM
    When you create something using the
    Chart
    resource, what is the recommended way to read output values from the resource... like the public ip of a loadbalancer that was created? Is the recommended approach to do an
    apply
    on the
    ready
    property and the loop through the resources?
  • m

    most-lighter-95902

    07/18/2022, 10:56 PM
    Does anyone know how to replicate --from-files option in kubectl with Pulumi Kubernetes Secret resource? I can’t seem to find one in the docs
  • q

    quaint-book-39362

    07/20/2022, 1:39 AM
    what would be the recommended way to run a kubectl command during a pulumi up?
    n
    • 2
    • 2
  • q

    quaint-book-39362

    07/20/2022, 1:39 AM
    for example, to query current image name for a deployment
  • n

    narrow-translator-93508

    07/21/2022, 6:45 PM
    Do you know if it is possible to use
    Pulumi TLS
    self signed certificate for generating a
    Kubernetes TLS secret
    ?
  • b

    busy-island-31180

    07/21/2022, 11:04 PM
    Does anyone know how to do a
    ApplyT
    (in Go) on a type like
    Deployment
    where each individual field is an
    Output
    type, but without using
    All
    and having to specify every field?
  • p

    polite-napkin-90098

    07/22/2022, 6:57 PM
    I'm trying to get the cluster name for a Provider I'm using to provision resources with. I could export it from the other stack which makes the kluster from where I export the kubeconfig from which I made the Provider, but I feel I should be able to get it from the Provider and thus need 1 fewer export/import. https://www.pulumi.com/registry/packages/kubernetes/api-docs/provider/#cluster_nodejs clearly shows a cluster property as one of the inputs for the Provider function and further down the page it says: "All input properties are implicitly available as output properties." But when I do:
    const monProvider = new k8s.Provider("monprov", {
            kubeconfig: kubeConfig,
    });
    pulumi.log.warn(`${monProvider.cluster}`);
    I get
    index.ts(184,32): error TS2339: Property 'cluster' does not exist on type 'Provider'.
    what am I doing wrong?
    b
    • 2
    • 3
  • l

    late-xylophone-81727

    07/25/2022, 11:26 AM
    Hi guys Currently we use Pulumi for the deployment directly to the K8S clusters. But we need a more regulated flow and condsider to use the yaml output and decouple the "generate" process (pulumi up) and the deployment itself completly. That would mean that we would use i.e. ArgoCD as the deployment agent on the clusters, triggerd by the changes from the Pulumi Yaml Output. But I think we found there an issue, both, Argo and Pulumi are using the annotation
    last-applied-configuration
    . So Pulumi will see for every up changes which does not exist. Is it possible to not produce this field at all? I know about the
    ignoreChanges
    property (https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/) but this produces/writes the field anyway, just skips the diff. Any ideas? Or did I missed something in the docs? Thank you.
    s
    • 2
    • 1
  • s

    straight-crowd-1391

    07/25/2022, 11:28 PM
    I’m having difficulty finding the information so here goes. I’m trying to create a Database (instance, user, password) and a Kubernetes Secret from my Pulumi Config:
    $ pulumi config set --secret pulumi-product-k8s-minikube:db_user_password letmein
    
    const user = new postgresql.Role("product_admin_user", {
        createDatabase: true,
        login: true,
        name: "product_admin_user",
        password: config.requireSecret("db_user_password")
    });
    
    const productSecretMap = new k8s.core.v1.Secret("product-api-secrets", {
        metadata: {
            namespace: productNamespace.metadata.name
        },
        data: {
            database_password: config.requireSecret("db_user_password").apply(val => val)
        }
    });
    Problem is, the k8s Secret needs the base64 encoded value that, I think, is being retrieved as the salt encoded value from the config. What exactly is the standard practice here (aside from using a secret manager) to transfer the database password from the config to both the Database Role and Kubernetes Secret? I figured I could store 2 password values (one base64, the other in the salt encoded) but it doesn’t feel right.
    b
    • 2
    • 3
  • f

    freezing-yacht-63937

    07/27/2022, 11:21 AM
    Hello, when i deploy traefikv2 helm chart the service namespace is set to default even though i set
    namespace: traefikNamespace.metadata.name,
    and
    transformations: [
        (obj: any, opts: pulumi.CustomResourceOptions) => { 
            if (obj.kind === "Service") {
                obj.metadata.namespace == traefikNamespace.metadata.name
            }
        }
    ],
    But work when i set
    kubectl config set-context --current --namespace=NAMESPACE
    Should i create an own k8s provider with correct namespace, or I am doing something wrong?
    s
    • 2
    • 2
  • l

    limited-rainbow-51650

    07/28/2022, 7:53 AM
    message has been deleted
    🙌 2
    f
    • 2
    • 1
  • r

    red-salesclerk-85731

    07/28/2022, 2:03 PM
    I discovered a breaking typo (probably there are more) in a key in
    kubernetes-ingress-nginx
    https://github.com/pulumi/pulumi-kubernetes-ingress-nginx/blob/master/schema.json 1. Do I understand correctly these schemas are handcrafted? 2. Is simply creating a PR with the suggested changes enough? 3. (How) can I rebuild the component locally, I don’t have any go experience or worked with these generated components, so any guide is helpful.
    b
    • 2
    • 2
  • r

    red-salesclerk-85731

    07/28/2022, 2:35 PM
    What is the benefit of
    kubernetes-ingress-nginx
    if the types are all wrong?
  • w

    worried-city-86458

    07/29/2022, 4:06 AM
    @gorgeous-egg-16927 I updated pulumi-kubernetes from 3.19.4 to 3.20.2 and enabled server side apply but now I'm seeing all the crds updating metadata on every update, similar to this issue that was fixed before ssa was available. 🤔
    g
    • 2
    • 4
  • b

    big-potato-91793

    08/03/2022, 5:53 PM
    Does anyone get an error when trying to move from ingress v1beta to v1? It make the
    pulumi up
    fail and after it works the second time
  • b

    brief-helicopter-28120

    08/04/2022, 9:35 AM
    Hello, I'm trying to use
    k8s.yaml.ConfigFile
    to deploy CRDs into my EKS cluster (typescript) and I run into issues. Btw I'm new to typescript and as well to pulumi. So please kindly bare with me 🙏 Code:
    import * as k8s from "@pulumi/kubernetes";
    import * as eks from "@pulumi/eks";
    
    
    export default {
        install_crds(cluster: eks.Cluster){
            new k8s.yaml.ConfigFile("argocd_namespace", {
                file: "kubernetes_cluster_components/namespaces/argocd-namespace.yaml",
            }, {providers: { "kubernetes": cluster.provider }});
        }
    };
    Error:
    pulumi:pulumi:Stack  k8s-moralis-aws-dev-argo-test  running.    error: an unhandled error occurred: Program exited with non-zero exit code: -1
    I0804 09:23:53.878138   22054 deployment_executor.go:162] deploymentExecutor.Execute(...): exiting provider canceller
         Type                 Name                           Plan     Info
         pulumi:pulumi:Stack  k8s-moralis-aws-dev-argo-test           1 error; 39 messages
    
    Diagnostics:
      pulumi:pulumi:Stack (k8s-moralis-aws-dev-argo-test):
        Cloud Provider: aws Stack: aws-dev-argo-test
    
        error: an unhandled error occurred: Program exited with non-zero exit code: -1
    The error message is not very descriptive, hence difficult to troubleshoot. Can someone please help me here 🙏
    s
    • 2
    • 2
  • a

    ambitious-father-68746

    08/05/2022, 1:03 AM
    Hi, I've been using Pulumi for a number of years now, but only recently started using the Kubernetes provider. Is there a way to get information from a Kubernetes cluster, for example getting a list of services? Other providers have functions for this, but not Kubernetes. I'm not sure how that would work here. Thank you.
    g
    • 2
    • 1
  • a

    ambitious-agent-35343

    08/05/2022, 3:35 PM
    Hi there. Anyone who knows what to add as to link private repo's from ArgoCD instantiated with Pulumi?
    f
    • 2
    • 4
  • c

    curved-morning-41391

    08/10/2022, 6:55 PM
    Hey has anyone installed istio/knative with pulumi? Having trouble getting it to line up
    b
    • 2
    • 3
  • c

    calm-iron-40008

    08/10/2022, 9:18 PM
    I followed the tutorials and slowly build deployments into my EKS cluster… Now I want to deploy the entire stack on a blank slate AWS account… But,
    pulumi up
    fails because the cluster is not available… The deployments, services, pods, etc. do NOT wait for the EKS cluster to be available..
    configured Kubernetes cluster is unreachable: unable to load schema information from the API server:…
    What do I need to do for pushbutton deployment of my apps? (failover, DR, geo-redundancy, etc.)
    s
    c
    +2
    • 5
    • 10
  • p

    prehistoric-printer-15534

    08/12/2022, 10:39 AM
    hey all! for some reason, when i use the k8s provider in YAML-only mode (with the Go SDK), it takes about a second or two per resource. Funky, i mean, it's only generating YAMLs, right? I'm using an empty stack always, so that my entire cluster is always saved to the output. Thanks!
  • d

    delightful-bear-69098

    08/12/2022, 11:29 AM
    Hi I converted the quickstart k8s java example into Kotlin/JVM and I would like to share where: https://github.com/luistrigueiros/quickstart-pulumi-k8s-kotlin
  • d

    delightful-bear-69098

    08/14/2022, 5:54 PM
    https://luistrigueiros.medium.com/exploring-pulumi-for-k8s-with-kotlin-f4480aebec5f
Powered by Linen
Title
d

delightful-bear-69098

08/14/2022, 5:54 PM
https://luistrigueiros.medium.com/exploring-pulumi-for-k8s-with-kotlin-f4480aebec5f
View count: 4