Has anyone found/used a Pulumi API that works with Percona / MySQL?

I know this is not something that should be run in prod, but anyone have a nice way to recover from e.g. “secret x already exists” During dev and using

pulumi cancel && pulumi refresh --yes --clear-pending-creates

i often have left over stuff if i rerun before the previous run times out.

Hi Folks! I am getting this error when trying to create an azure aks cluster with pulumi

+  azure-native:containerservice:ManagedCluster devprivaks creating error: '
 'cannot check existence of resource '
 "'/subscriptions/*******/resourceGroups/******/providers/Microsoft.ContainerService/managedClusters/*****': "
 'status code 400, '
 '{"error":{"code":"InvalidApiVersionParameter","message":"The api-version '
 "'2021-03-01' is invalid. The supported versions are "
 '\'2022-09-01,2022-06-01,2022-05-01,2022-03-01-preview,2022-01-01,2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04\'."}}\n'

Hi everyone! Quick question that I can't seem to find anything about online, but thought that it'd be a common usecase: I use pulumi to provision deployments in my setup, but after that I want to manage number of replicas and container images outside of pulumi (we have pipelines doing that already). I know

ignoreChanges

help to some extent, but whenever we need to change a deployment configuration it will reset the number of replicas and/or the image there. So my question is: is there a way of defining a specific field of a kubernetes resource to not be managed by pulumi? If not, what is the "normal" way of using pulumi with kubernetes deployments?

I found today that it is possible to import a Helm Release into a Pulumi project using something like:

pulumi import kubernetes:helm.sh/v3:Release myRelease kong/quickstart-3f0608ad

My question is what type of Kubernetes resources can I import ?

Can I import any type of Kubernetess resource ?

Hi Do I get some help over here for pulumi-eks bugs I reported ? https://github.com/pulumi/pulumi-eks/issues/799

Hi guys, we had a really strange issue with Pulumi and AKS yesterday. pulumi would throw an error and say that the deployment failed, but the resource was actually created in kuberentes. In other cases, the resource would be acknowledged as created, but pulumi timed out while polling for the resource to be fully initialized. This is less of a problem than pulumi not recording that the resource was created. In that case, retries on the deployment would fail, because the resource already exists. I am thinking it is related to timeouts? https://stackoverflow.com/questions/64638116/change-pulumis-timeout-when-deploying-kubernetes-resources

'(ingress-nginx-private/private-nginx-ingress-controller):\n'
 '    error: 1 error occurred:\n'
 '    \t* resource ingress-nginx-private/private-nginx-ingress-controller was '
 'successfully created, but the Kubernetes API server reported that it failed '
 'to fully initialize or become live: Timeout occurred polling for '
 "'private-nginx-ingress-controller'\n"
 '\n'

Is installing a Helm chart from an AWS ECR repo supported in

pulumi-kubernetes

? I’m trying to find the right combination of arguments to make it work but coming up short. Appreciate the help, thanks in advance 🙂

ecr_token = aws.ecr.get_authorization_token()

pulumi_kubernetes.helm.v3.Release(
    "release",
    pulumi_kubernetes.helm.v3.ReleaseArgs(
        name = "test",
        chart = "my-chart",
        version = "0.1.0",
        repository_opts = pulumi_kubernetes.helm.v3.RepositoryOptsArgs(
            repo = f"oci://{account_id}.dkr.ecr.{region}.<http://amazonaws.com|amazonaws.com>",
            username = "AWS",
            password = ecr_token.authorization_token,
        ),
        values = {}
    ),
    opts = pulumi.ResourceOptions(provider = my_k8s_provider, )
)

As you may have seen in recent announcements, we enabled the Server-side Apply feature by default in the

v3.22.0

version of

pulumi-kubernetes

. With this behavior enabled, you may encounter error messages about resource field conflicts. These errors are related to other controllers changing fields on shared resources. With the previous Client-side diff/apply behavior, these conflicts were not always apparent, but are now caught during preview and update. These errors are typically something that need to be resolved by the user, and are a legitimate difference that wasn’t detected by our previous Client-Side diff logic. Your options for resolving these conflicts are: 1. Disable SSA with the

enableServerSideApply

provider flag to use the previous behavior for now. This is the fastest way to unblock yourself, but as noted, will miss legitimate conflicts that are only detective with a Server-side diff. 2. Use the

ignoreChanges

resource option to selectively ignore changes to fields that another controller may update. Other controllers could be operators, admission controllers,

kubectl

, etc. 3. Use the

<http://pulumi.com/patchForce|pulumi.com/patchForce>

annotation to explicitly take ownership of the conflicting fields. Note that this might prevent other controllers from updating them. 4. Pin

pulumi-kubernetes

to a version previous to

v3.22.0

. Please let us know if you run into problems by filing an issue. Thanks for your patience as we work through this important transition point in the provider!

hello Pulumiers! I've got a helm chart (for DAPR) that is now reporting failures when I "pulumi up" it... has anyone seen this? Diagnostics: kubernetes:helm.sh/v3:Release (invscanner-testtest): error: template: dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml1446: executing "dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml" at <index $existingSecret.data "issuer.crt">: error calling index: index of untyped nil

Hello, we are running Pulumi (.NET) via a Jenkins pipeline, and we created a container for this purpose. Recently we updated the Pulumi version inside that container from 3.39.1 running on .NET Core 3.1, to version 3.43.1 running on .NET 6, and now we are seeing a lot of failures:

error: Preview failed: 1 error occurred:
	* the Kubernetes API server reported that "some-namespace/some-application" failed to fully initialize or become live: use `<http://pulumi.com/patchForce|pulumi.com/patchForce>` to override the conflict: Apply failed with 4 conflicts: conflicts with "pulumi-resource-kubernetes.exe" using apps/v1:
- .spec.strategy.rollingUpdate.maxUnavailable
- .spec.strategy.rollingUpdate.maxUnavailable
- .spec.template.spec.containers[name="some-application"].resources.limits.cpu
conflicts with "rancher" using apps/v1:
- .spec.replicas

And I have no idea what is going on and why this is happening. Easy would be to just do what it says with 'patchForce', but I want to understand why this is happening and if it can be prevented.

Howdy all, We have a product with many micro-services based on AWS and EKS, where everything is managed with a set of layered Pulumu stacks. This has many advantages and we are pretty happy with it. As part of this, we also deploy services in AWS and Kubernetes via Pulumi. This allows us to create any needed additional infrastructure - like Cognito User Pools, queues, databases, logs, etc - in the stack before the service itself is deployed/installed using a Helm Chart. But... sometimes the Helm chart installation fails and we don't really see much in terms of feed back. We can figure out the problems by re-deploying and then monitoring the objects in Kubernetes, but that is not exactly a good process for the developers. So are there any known way to get more feed-back from the Helm chart installation? Like the logs from the various containers and PODs? As the depoyment fails - and thus pulumi up fails - I cannot see how I can run any additional code to retrieve the wanted information.

Hi folks, In the Kubernetes provider v3.22.0, server-side apply was made the default (see earlier). This exposed surprising errors, and caused problematic interactions with other tooling, such as Helm, that are not straight-forward to work around. Therefore, we’ve rolled back that change — server-side apply is back to being opt-in in v3.22.1. Update to that version of the Pulumi Kubernetes SDK using e.g.,

npm update @pulumi/kubernetes

. If you have set the flag

enableServerSideApply: false

in order to work around problems, the new release will respect that.

Hey all, I came by a super weird behavior in the pulumi-kubernetes provider Why is the

Kubeconfig

even a part of the state. If it’s the file content - than it may contain secrets. If

Kubeconfig

is a path to a local file - then it may not (and probably won’t) exist later on (CI/CD, different developers). I also saw that

pulumi up

overrides this parameter, so it make even less sense to me. What is interesting thought, and the reason I’m interested in this parameter from the first place is the fact that

pulumi refresh

fails since it is not being overridden in that scenario and tries to find that file locally - with a horrible undescriptive message

warning: configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }
    error: Preview failed: failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource

Does Pulimi let us generate YAML files for local K8? We define all our Deployments and Services in TypeScript, but for running locally for dev, we’re duplicating them. It would be great if you could generate .YAML manifest files for deploying to local k8.

does pulumi policy pack not work with the k8s resources (its working in this manner with any aws resource im testing)

const k8Services = args.resources.filter(r => r.isType(k8s.core.v1.Service));
        if (k8Services.length !== 3) {
            reportViolation(`Expected three kubernetes services but found ${k8Services.length}`);
            return;
        }
        console.log(k8Services[0])
        console.log(k8Services[0].asType(k8s.core.v1.Service))

The match works for finding 3 of them and prints the policyResource output in the first log. The second log after i try to cast it, just prints

{}

I am oddly receiving this error when trying to deploy a helm chart. But as can be seen the versioning is not correct:

Hello, in our team we are using Pulumi and we encountered a strange behaviour. One new team mate cloned the code from the repository, has all the same versions as us, the same state file (stored in S3 bucket) etc, but Pulumi prompts on

pulumi up

to delete some resources. Here is the output of

pulumi preview

Type                              Name                   Plan       Info
     pulumi:pulumi:Stack               our-product-stuff
 ~   ├─ kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release>  linkerd-crds           update     [diff: -resourceNames]
 ~   ├─ kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release>  linkerd-control-plane  update     [diff: -resourceNames]
 ~   └─ kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release>  linkerd-multicluster   update     [diff: -resourceNames]

Where should we start searching and debugging this problem? All others of us don’t have the problem. Thank you in advance

Hey, asking again. Anyone knows why

kubeconfig

is an option for the

kubernetes

provider? It makes no sense. The string can be the kubeconfig contents or the kubeconfig local path. If it’s contents - it may contain login secrets, so we shouldn’t save it as a resource option If it’s a local path - then it will not be found on

pulumi refresh

on a different machine Today

pulumi refresh

is completely broken with

kubernetes

starting look at ways to replicate my prod env on dev machines, found https://unikube.io/ which says

You are already configuring your production environment using K8s manifests, helm charts or kustomize files, why aren’t you rolling out that exact environment to your devs?

is there a similar concept that works well with Pulumi deployments? did anyone here ever set up a dev environment based on their Pulumi deployment in a way that supports rapid development with something like https://gefyra.dev/ ?

what is the best way to check/wait for some k8s resource readiness that's created out-of-band for Pulumi? e.g. a CRD that's installed by some operator? • installing CRDs with a ConfigGroup is not an option if the CRD source isn't available • installing CRDs with Helm is also not an option since that removes the ability to upgrade CRDs. • write some async/retry logic around

,get()

?

Hello everyone, how is possible to import in code kubernetes resources? how can I know the resource ID for K8s resources? the documentation on this is very bad sorry to say.

Hello! I'm seeing this error when trying to use only the render to Yaml provider. I am explicitly passing the provider into the resource, and I have disabled the default providers for

*

-

error: failed to initialize discovery client: exec plugin: invalid apiVersion "<http://client.authentication.k8s.io/v1alpha1|client.authentication.k8s.io/v1alpha1>"

I anticipate this is related to the kubectl client. For reference I'm using

kubectl version --client=true
Client Version: <http://version.Info|version.Info>{Major:"1", Minor:"23", GitVersion:"v1.23.7", GitCommit:"42c05a547468804b2053ecf60a3bd15560362fc2", GitTreeState:"clean", BuildDate:"2022-05-24T12:30:55Z", GoVersion:"go1.17.10", Compiler:"gc", Platform:"darwin/arm64"

Hey all, I have a question about Pulumi nodejs runtimes. If I want to run a NodeJS function to retrieve some data and save some helm chart files to a directory, is there a way to have a Kubernetes Helm Chart wait on those files/directories to be created before applying them to a Kubernetes cluster? i.e. I have helm charts, not in a remote repository, that I want to retrieve/unzip/apply via Kubernetes Helm Chart resource. What is the best way to do this with Pulumi? (I have the logic to retrieve and unzip the necessary files)

Hi! Does anyone know how to increase

leaseDurationSeconds

for

pulumi-kubernetes-operator-lock

?

# kubectl get <http://leases.coordination.k8s.io|leases.coordination.k8s.io> pulumi-kubernetes-operator-lock -o yaml -n pulumi
apiVersion: <http://coordination.k8s.io/v1|coordination.k8s.io/v1>
kind: Lease
metadata:
  ...
spec:
  acquireTime: "2022-11-07T22:33:44.000000Z"
  holderIdentity: pulumi-kubernetes-operator-6677a05e-76c89475c9-pxhjj_921c1d24-8976-4c65-974c-f261dda2bf9c
  leaseDurationSeconds: 15
  leaseTransitions: 100
  renewTime: "2022-11-07T22:41:56.961841Z"

Anyone using karpenter and successfully configured Pulumi to get the nodes created by karpenter to clear before deleting the standard node group?

Does the Kubernetes provider use kubectl, or does it talk to the k8s apiserver directly? If it uses kubectl, does it use the one installed on the host, or one embedded in the provider package?