damp-honey-93158
10/07/2022, 9:48 AMproud-pizza-80589
10/11/2022, 11:08 AMpulumi cancel && pulumi refresh --yes --clear-pending-creates
i often have left over stuff if i rerun before the previous run times out.victorious-exabyte-70545
10/12/2022, 8:59 PM+ azure-native:containerservice:ManagedCluster devprivaks creating error: '
'cannot check existence of resource '
"'/subscriptions/*******/resourceGroups/******/providers/Microsoft.ContainerService/managedClusters/*****': "
'status code 400, '
'{"error":{"code":"InvalidApiVersionParameter","message":"The api-version '
"'2021-03-01' is invalid. The supported versions are "
'\'2022-09-01,2022-06-01,2022-05-01,2022-03-01-preview,2022-01-01,2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04\'."}}\n'
orange-psychiatrist-22511
10/13/2022, 10:22 PMignoreChanges
help to some extent, but whenever we need to change a deployment configuration it will reset the number of replicas and/or the image there. So my question is: is there a way of defining a specific field of a kubernetes resource to not be managed by pulumi? If not, what is the "normal" way of using pulumi with kubernetes deployments?delightful-bear-69098
10/15/2022, 9:36 PMdelightful-bear-69098
10/15/2022, 9:36 PMdelightful-bear-69098
10/15/2022, 9:37 PMdelightful-bear-69098
10/15/2022, 9:37 PMbored-baker-95734
10/18/2022, 2:50 PMvictorious-exabyte-70545
10/19/2022, 4:43 PM'(ingress-nginx-private/private-nginx-ingress-controller):\n'
' error: 1 error occurred:\n'
' \t* resource ingress-nginx-private/private-nginx-ingress-controller was '
'successfully created, but the Kubernetes API server reported that it failed '
'to fully initialize or become live: Timeout occurred polling for '
"'private-nginx-ingress-controller'\n"
'\n'
nice-father-44210
10/23/2022, 6:47 PMpulumi-kubernetes
?
I’m trying to find the right combination of arguments to make it work but coming up short.
Appreciate the help, thanks in advance 🙂
ecr_token = aws.ecr.get_authorization_token()
pulumi_kubernetes.helm.v3.Release(
"release",
pulumi_kubernetes.helm.v3.ReleaseArgs(
name = "test",
chart = "my-chart",
version = "0.1.0",
repository_opts = pulumi_kubernetes.helm.v3.RepositoryOptsArgs(
repo = f"oci://{account_id}.dkr.ecr.{region}.<http://amazonaws.com|amazonaws.com>",
username = "AWS",
password = ecr_token.authorization_token,
),
values = {}
),
opts = pulumi.ResourceOptions(provider = my_k8s_provider, )
)
gorgeous-egg-16927
10/24/2022, 5:24 PMv3.22.0
version of pulumi-kubernetes
. With this behavior enabled, you may encounter error messages about resource field conflicts. These errors are related to other controllers changing fields on shared resources. With the previous Client-side diff/apply behavior, these conflicts were not always apparent, but are now caught during preview and update.
These errors are typically something that need to be resolved by the user, and are a legitimate difference that wasn’t detected by our previous Client-Side diff logic.
Your options for resolving these conflicts are:
1. Disable SSA with the enableServerSideApply
provider flag to use the previous behavior for now. This is the fastest way to unblock yourself, but as noted, will miss legitimate conflicts that are only detective with a Server-side diff.
2. Use the ignoreChanges
resource option to selectively ignore changes to fields that another controller may update. Other controllers could be operators, admission controllers, kubectl
, etc.
3. Use the <http://pulumi.com/patchForce|pulumi.com/patchForce>
annotation to explicitly take ownership of the conflicting fields. Note that this might prevent other controllers from updating them.
4. Pin pulumi-kubernetes
to a version previous to v3.22.0
.
Please let us know if you run into problems by filing an issue. Thanks for your patience as we work through this important transition point in the provider!damp-honey-93158
10/26/2022, 1:32 PMsparse-hairdresser-15357
10/26/2022, 7:51 PMerror: Preview failed: 1 error occurred:
* the Kubernetes API server reported that "some-namespace/some-application" failed to fully initialize or become live: use `<http://pulumi.com/patchForce|pulumi.com/patchForce>` to override the conflict: Apply failed with 4 conflicts: conflicts with "pulumi-resource-kubernetes.exe" using apps/v1:
- .spec.strategy.rollingUpdate.maxUnavailable
- .spec.strategy.rollingUpdate.maxUnavailable
- .spec.template.spec.containers[name="some-application"].resources.limits.cpu
conflicts with "rancher" using apps/v1:
- .spec.replicas
And I have no idea what is going on and why this is happening. Easy would be to just do what it says with 'patchForce', but I want to understand why this is happening and if it can be prevented.alert-zebra-27114
10/27/2022, 9:10 AMeager-football-6317
10/27/2022, 9:20 AMnpm update @pulumi/kubernetes
.
If you have set the flag enableServerSideApply: false
in order to work around problems, the new release will respect that.millions-train-91139
10/27/2022, 3:46 PMKubeconfig
even a part of the state.
If it’s the file content - than it may contain secrets.
If Kubeconfig
is a path to a local file - then it may not (and probably won’t) exist later on (CI/CD, different developers).
I also saw that pulumi up
overrides this parameter, so it make even less sense to me.
What is interesting thought, and the reason I’m interested in this parameter from the first place is the fact that pulumi refresh
fails since it is not being overridden in that scenario and tries to find that file locally - with a horrible undescriptive message
warning: configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }
error: Preview failed: failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource
flat-insurance-25294
11/01/2022, 8:01 AMboundless-engineer-23836
11/01/2022, 3:55 PMconst k8Services = args.resources.filter(r => r.isType(k8s.core.v1.Service));
if (k8Services.length !== 3) {
reportViolation(`Expected three kubernetes services but found ${k8Services.length}`);
return;
}
console.log(k8Services[0])
console.log(k8Services[0].asType(k8s.core.v1.Service))
The match works for finding 3 of them and prints the policyResource output in the first log. The second log after i try to cast it, just prints {}
ambitious-agent-35343
11/02/2022, 10:16 AMblue-shampoo-62911
11/02/2022, 4:47 PMpulumi up
to delete some resources.
Here is the output of pulumi preview
Type Name Plan Info
pulumi:pulumi:Stack our-product-stuff
~ ├─ kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> linkerd-crds update [diff: -resourceNames]
~ ├─ kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> linkerd-control-plane update [diff: -resourceNames]
~ └─ kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> linkerd-multicluster update [diff: -resourceNames]
Where should we start searching and debugging this problem? All others of us don’t have the problem.
Thank you in advancemillions-train-91139
11/03/2022, 2:50 PMkubeconfig
is an option for the kubernetes
provider?
It makes no sense.
The string can be the kubeconfig contents or the kubeconfig local path.
If it’s contents - it may contain login secrets, so we shouldn’t save it as a resource option
If it’s a local path - then it will not be found on pulumi refresh
on a different machine
Today pulumi refresh
is completely broken with kubernetes
white-chef-55657
11/04/2022, 6:34 AMYou are already configuring your production environment using K8s manifests, helm charts or kustomize files, why aren’t you rolling out that exact environment to your devs?is there a similar concept that works well with Pulumi deployments? did anyone here ever set up a dev environment based on their Pulumi deployment in a way that supports rapid development with something like https://gefyra.dev/ ?
billions-xylophone-85957
11/04/2022, 1:35 PM,get()
?brash-hairdresser-60389
11/04/2022, 3:52 PMgorgeous-minister-41131
11/04/2022, 4:36 PM*
-
error: failed to initialize discovery client: exec plugin: invalid apiVersion "<http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>"
I anticipate this is related to the kubectl client. For reference I'm using
kubectl version --client=true
Client Version: <http://version.Info|version.Info>{Major:"1", Minor:"23", GitVersion:"v1.23.7", GitCommit:"42c05a547468804b2053ecf60a3bd15560362fc2", GitTreeState:"clean", BuildDate:"2022-05-24T12:30:55Z", GoVersion:"go1.17.10", Compiler:"gc", Platform:"darwin/arm64"
lively-needle-84406
11/07/2022, 7:21 PMbitter-carpenter-93554
11/08/2022, 12:03 AMleaseDurationSeconds
for pulumi-kubernetes-operator-lock
?
# kubectl get <http://leases.coordination.k8s.io|leases.coordination.k8s.io> pulumi-kubernetes-operator-lock -o yaml -n pulumi
apiVersion: <http://coordination.k8s.io/v1|coordination.k8s.io/v1>
kind: Lease
metadata:
...
spec:
acquireTime: "2022-11-07T22:33:44.000000Z"
holderIdentity: pulumi-kubernetes-operator-6677a05e-76c89475c9-pxhjj_921c1d24-8976-4c65-974c-f261dda2bf9c
leaseDurationSeconds: 15
leaseTransitions: 100
renewTime: "2022-11-07T22:41:56.961841Z"
brash-gigabyte-81569
11/08/2022, 9:06 PMlimited-rain-96205
11/10/2022, 8:05 AM