hihi I'm trying to migrate over to SSA before the new k8s update. I added the

enableServerSideApply: true

flag to my provider and then ran

pulumi preview

and I got this error:

kubernetes:<http://elasticsearch.k8s.elastic.co/v1:Elasticsearch|elasticsearch.k8s.elastic.co/v1:Elasticsearch> (family):
    error: error reading from server: EOF

Seems like it's not working with ECK (which I installed via

k8s.yaml.ConfigGroup

All of our service images are created and hosed in ghcr.io (GitHub Container Registry)… I cannot figure out how to use Pulumi to create the registry secret to enable the download of these images (currently EKS, but plans for Digital Ocean and Google Cloud)… Any help is appreciated. 1. I have the code code create the EKS cluster… 2. I have the code to install the NGinX proxy 3. I have the code to apply the ‘services’ YAML files… Between 1 and 2, I need to install this registry secret so that the YAML files will pull from ghcr.io successfully.

Does helm.v3.Release not support transformations like charts do?

Getting some weird error

Exception: Cannot read properties of null (reading 'data')
    error: TypeError: Cannot read properties of null (reading 'data')
        at /root/.pulumi/plugins/resource-eks-v0.41.2/node_modules/@pulumi/cluster.ts:580:103
        at /root/.pulumi/plugins/resource-eks-v0.41.2/node_modules/@pulumi/output.ts:383:31
        at Generator.next (<anonymous>)
        at /root/.pulumi/plugins/resource-eks-v0.41.2/node_modules/@pulumi/pulumi/output.js:21:71
        at new Promise (<anonymous>)
        at __awaiter (/root/.pulumi/plugins/resource-eks-v0.41.2/node_modules/@pulumi/pulumi/output.js:17:12)
        at applyHelperAsync (/root/.pulumi/plugins/resource-eks-v0.41.2/node_modules/@pulumi/pulumi/output.js:229:12)
        at /root/.pulumi/plugins/resource-eks-v0.41.2/node_modules/@pulumi/output.ts:302:65
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
    error: an unhandled error occurred: Program exited with non-zero exit code: 1

hey chat

whats the right way to pass nested value to helm.v3.Release? i am trying to pass

serviceAccount.create: false

but its not picking up https://github.com/aws/eks-charts/tree/master/stable/aws-load-balancer-controller i have tried both { serviceAccount: { create: false }} and 'serviceAccount.create': false

Hello, I’m trying to deploy the same chart in two different clusters (in the same Pulumi project), but I’m having issue with naming: I can’t use the same Pulumi logical name for my two chart resources (else Pulumi complains about duplicate resource URN) and I didn’t find a way to override the release name used when templating the chart. Is it a deliberate choice to not let the user modify the release name (maybe I just didn’t see how to do it) or is it a missing feature which could be implemented (potentially by me when I’ve time)?

Hi, is there any example on how to generate a

k8s.Provider

for an existing EKS cluster? I would like to be able to do something like

eks.getClusterOutput({...}).provider

, as I would be able to if I had just created with

new eks.Cluster({...}).provider

. Failing that, at least how I can generate the

kubeconfig

file text from

eks.getClusterOutput().something

.

Hi there team 👋 I'm trying to pulumify some k8s config and hit a bit of a bump in the road when trying to convert the k8s yaml to pulumi using kube2pulumi.

unable to run program: Error: unknown resource type 'kubernetes:<http://garo.tietoevry.com/v1alpha1:GithubActionRunner|garo.tietoevry.com/v1alpha1:GithubActionRunner>'

  on pcl-087019550.pp line 0:
   1: resource "github_actions_runner_operatorRunner_poolGithubActionRunner" "kubernetes:<http://garo.tietoevry.com/v1alpha1:GithubActionRunner|garo.tietoevry.com/v1alpha1:GithubActionRunner>" {

unknown resource type 'kubernetes:<http://garo.tietoevry.com/v1alpha1:GithubActionRunner|garo.tietoevry.com/v1alpha1:GithubActionRunner>'

Is there anything i can do locally to get the program to recognise the resource type? I'm installing the CRDs etc using helm, but need to deploy the actual deployment separately

Does Pulumi currently not support StatefulSets with the OnDelete update strategy? My observations: 1. When updating a StatefulSet using the OnDelete strategy, Pulumi will (erroneously?) wait on

Waiting for StatefulSet update to roll out (0/n Pods ready)

2. If you do update the pods yourself while Pulumi is waiting, Pulumi will continue to wait on

Waiting for StatefulSet update to roll out (n/n Pods ready)

, and eventually error and time out because

.status.currentRevision

was not updated to

.status.updatedRevision

:

Diagnostics:
  kubernetes:apps/v1:StatefulSet (interactions-app):
    error: 3 errors occurred:
        * the Kubernetes API server reported that "default/interactions-app-b2ecafa3" failed to fully initialize or become live: 'interactions-app-b2ecafa3' timed out waiting to be Ready
        * 32 out of 32 replicas succeeded readiness checks
        * StatefulSet controller failed to advance from revision "interactions-app-b2ecafa3-646dcff454" to revision "interactions-app-b2ecafa3-569b7cb476"

Relevant issue? https://github.com/pulumi/pulumi-kubernetes/issues/1066

How do you provide

scheme

in in spec? typescript is complaining about it

apiVersion: elbv2.k8s.aws/v1beta1
kind: IngressClassParams
metadata:
  name: awesome-class
spec:
  scheme: internal
  ipAddressType: dualstack
  tags:
  - key: org
    value: my-org

hey peeps, im installing a helm chart to install an operator and all the CRDs i need, and then im using the pulumi k8s.

CustomResource

to try and deploy an instance of the resource which is configured on the cluster with the helm chart. I've got pulumi creating it, and it all looks good but no pods are actually being deployed, if i manually run

kubectl apply -f

on the yaml file, then it works fine but not when ive converted it to a JS object format, cant help but thinking the

CustomResource

might not be what im after?

Hello, I’m trying to develop on the Pulumi Kubernetes resource provider to add two features I’d like to have in Helm Chart resource. First, I’d like to have autodiscovery of Kubernetes version and API versions. For this, I’ve modified the provider code and didn’t have to touch the SDKs. I wanted to do a release of my modified provider so that I can use it kind of transparently in my projects. I added a plugin download URL in the schema to point to the GitHub releases of my forked repository and ran make build. First issue, the newly generated sdk/go/kubernetes/helm/v3/pulumiUtilities.go file didn’t contain the right package, helm, but v3. Is there a way to override this? I then used GoReleaser to create a prerelease of my provider (after enabling prerelease publishing and removing blobs publishing in GoReleaser config). Last step, I added a replace line in the go.mod file of my test project (replace github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.21.0 => github.com/yann-soubeyrand/pulumi-kubernetes/sdk/v3 v3.22.0-ys.1) and did a pulumi preview. It did not work, pulumi didn’t download my modified provider. I then force replaced the v3.21.0 tag in my repository to point to my commit and did a release again, adapting my replace line (replace github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.21.0 => github.com/yann-soubeyrand/pulumi-kubernetes/sdk/v3 v3.21.0) and this time pulumi preview worked (it downloaded my plugin and the result was the expected one). I’d like to know if this is the right way to proceed (it seems not)? Second, I’d like to be able to customize the release name used during chart templating. For this, I don’t need to modify the provider since everything is already there, I just have to modify the SDKs. I’ve modified the schema and the Go templates and it seems to work as expected for Go project. But, if I understand correctly, I have to manually modify all the other SDKs, right? What about the Java SDK which doesn’t seem to have templates?

Is there some way to tag

k8s.helm.v3.Release

so that pulumi skips uninstall on a stack destroy, where the cluster itself will be taken down?

How do you solve this issue? because of this pulumi fails

warning: Refreshed resource is in an unhealthy state:
    * Resource 'allrites-frontend' was created but failed to initialize
    * Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods

looking for help using server-side apply to create a deploymentpatch that adds a toleration to the podtemplatespec. does anyone have a good example of this?

Hello again! Is there some way to wait until a

k8s.core.v1.Servic

type LoadBalancer has got its external ip assigned? Edit: found it!

const externalIP = service.status.loadBalancer.ingress;

It will be an array though.

Has anybody here used Karpenter instead of ClusterAutoscaler(CA) for EKS cluster node scaling? Currently we use CA with an on-demand managed node group. We are thinking about add new type node instance. With CA, we will need to add additional managed node group. Looks like this is completely unnecessary with Karpenter. So, how do we migrate from CA to Karpenter with a smooth transition? Could we have both CA & Karpenter deployed? Here is my plan, 1) deploy Karpenter; 2) scale current managed node group down to 0 instance which will force all existing pod to be moved to nodes that are managed by Karpenter provisioner I assume. 3) Finally we will decommission the managed group & undeploy CA. Will the above plan work? Is there better ways to do this? Thanks in advance for any tips.

Hi all, we recently rotated our AKS certificate and now can no longer access kubernetes with the pulumi k8provider. The certificate (kubeconfig) works with lens and our deployment agents in DevOps pipelines. Any ideas on what the issue is?

Has anyone run into this error when deploying a Helm V3 release with a chart stored in an OCI registry?

failed to pull chart: looks like "<oci://myregistry.azurecr.io/helm/mychart>" is not a valid chart repository or cannot be reached: object required

did some light searching and didn’t see anything so forgive me if this was asked and answered: Can you use a helm chart from a git repository or does it have to be a chart repository?

Hi all 👋, not sure if this is the right channel for this but it is k8s related so I might ask here. I am trying to troubleshoot an issue I am having with running preview and apply against our eks cluster. Upgrade is in the works but I need to be able to apply some changes that will be used in projects downstream that appear to be working. The issue is similar if not the same as this (I am not the author of the issue). I have noticed that pulumi wants a much later version of the kubernetes provider than the versions of the npm packages we have installed and I think the issue may stem from installing a later package that upgrades

client-go

to

>1.23.x

. I guess the question is, how does pulumi decide which resource plugin version it requires?

Hey everyone, I was wondering if any can help me with my little issue here: I am working with Pulumi to deploy AKS clusters on azure with Dapr integration. My next step is where I am struggling. I want to use the Dapr Pub/Sub service, which of course requires some sort of message broker. I am using redis for this. My redis deployment is working fine, I did a fast deployment by using the docker image and just throwing it in the cluster like this (in C#):

{

ApiVersion = "apps/v1",

Kind = "Deployment",

Metadata = new ObjectMetaArgs

{

Name = "redis-deployment",

Labels =

{

{ "app", "redis" },

},

},

Spec = new DeploymentSpecArgs

{

Replicas = 1,

Selector = new LabelSelectorArgs

{

MatchLabels =

{

{ "app", "redis" },

},

},

Template = new PodTemplateSpecArgs

{

Metadata = new ObjectMetaArgs

{

Labels =

{

{ "app", "redis" },

},

Annotations =

{

{ "<http://dapr.io/enabled|dapr.io/enabled>", "true" },

{ "<http://dapr.io/app-id|dapr.io/app-id>", "redis" },

{ "<http://dapr.io/app-port|dapr.io/app-port>", "6379" },

{ "<http://dapr.io/enable-api-logging|dapr.io/enable-api-logging>", "true" }

},

},

Spec = new PodSpecArgs

{

Containers =

{

new ContainerArgs

{

Name = "redis-message-broker",

Image = "<http://registry.hub.docker.com/library/redis:latest|registry.hub.docker.com/library/redis:latest>",

ImagePullPolicy = "Always",

},

},

},

},

},

}, new CustomResourceOptions()

{

Parent = this

});

How do I get the Redis secret key out of this deployment? The other problem is, that I don't know how to translate the dapr component yaml file into Pulumi resources. The Pulumi converter throws an error saying it is not able to convert. The yaml file looks like this:

apiVersion: <http://dapr.io/v1alpha1|dapr.io/v1alpha1>
kind: Component
metadata:
  name: pubsub
  namespace: default
spec:
  type: pubsub.redis
  version: v1
  metadata:
  - name: redisHost
    value: <REPLACE WITH HOSTNAME FROM ABOVE - for Redis on Kubernetes it is redis-master.default.svc.cluster.local:6379>
  - name: redisPassword
    secretKeyRef:
      name: redis
      key: redis-password
 # uncomment below for connecting to redis cache instances over TLS (ex - Azure Redis Cache)
  # - name: enableTLS
  #   value: true

source: https://docs.dapr.io/getting-started/tutorials/configure-state-pubsub/#next-steps Did anyone of you deploy the Dapr Pub/Sub with Redis already?

hi, does anyone know how to get coredns to work on tainted nodes? right now its only deploying pods to untainted nodes

My problem is right now DNS does not work from the tainted node. i am not really sure why

does anyone know how to enable serverside apply with

@pulumi/eks

?

is there anyway to make pulumi to update/patch deployment pod image instead of deleting everything?

iagnostics: kubernetes:apps/v1:Deployment (gitlab-runner): error: resource prd126/gitlab-runner-8cyi9fr7 was not successfully created by the Kubernetes API server : Could not create watcher for PersistentVolumeClaims objects associated with Deployment "gitlab-runner-8cyi9fr7": Get "https://k8s.nonprod9.us-east-1.tktm.io:443/api/v1/namespaces/prd126/persistentvolumeclaims?watch=true": unexpected EOF Any idea of what can cause this?

kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> (primary-eks-fluent-bit):
    warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://xxx/openapi/v2?timeout=32s>": dial tcp: lookup xxxxxxx on 172.22.160.1:53: read udp 172.22.161.178:34533->172.22.160.1:53: i/o timeout
    error: Preview failed: failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource

does anyone know how to remove those? removing those causes problem with dependency and take a lot of time to fix IaC