https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
kubernetes
  • v

    victorious-dusk-75271

    09/09/2022, 5:18 AM
    1) state file contains errors: resource urn:pulumi:staging::allrites-infrastructure::custom:resource:eks$custom:resource:AlbIngressController$aws:iam/role:Role::primary-eks-aws-loadbalancer-controller-role dependency urn:pulumi:staging::allrites-infrastructure::custom:resource:eks$custom:resource:AlbIngressController$kubernetes:core/v1:Namespace::primary-eks-alb-namespace refers to missing resource
        2) importing this file could be dangerous; rerun with --force to proceed anyway
  • v

    victorious-dusk-75271

    09/09/2022, 5:19 AM
    even i import then using --force, i cant run up
  • a

    average-pilot-3793

    09/12/2022, 10:08 AM
    hello, is it possible to use the
    coreDns
    aws.eks.Addon
    with fargate in a k8s. https://www.pulumi.com/registry/packages/aws/api-docs/eks/addon/#sts=Create%20a%20Addon%20Resource the documentation provides some level of information but when applying it i run into the following error. the full kubectl describe command output is in the thread. I suspect the label should be updated in the ResourceOptions somehow to
    <http://eks.amazonaws.com/fargate-profile=|eks.amazonaws.com/fargate-profile=><cluster name>
    Events:
      Type     Reason            Age                       From               Message
      ----     ------            ----                      ----               -------
      Warning  FailedScheduling  2m29s (x5494 over 3d21h)  default-scheduler  0/3 nodes are available: 3 node(s) had taint {<http://eks.amazonaws.com/compute-type|eks.amazonaws.com/compute-type>: fargate}, that the pod didn't tolerate.
    b
    • 2
    • 8
  • m

    most-lighter-95902

    09/15/2022, 3:33 PM
    Is there a way to use the
    --from-file
    flag in kubectl for secret creation via Pulumi?
    b
    • 2
    • 7
  • d

    delightful-bear-69098

    09/18/2022, 2:18 PM
    Is there an how to on how to create an use service account token ? It would possible a good tutorial to have using the kubeadmin ui as example.
  • b

    bored-spoon-83710

    09/19/2022, 4:29 PM
    Hello, in my code I have a patch resource (I’ve enabled server side apply) to patch a daemon set which is created by another resource in my code (an EKS addon). For the initial creation of my stack, if I do a
    pulumi up --skip-preview
    it works as intended. However, if I do a
    pulumi up
    I get an error during preview:
    error: Preview failed: resource kube-system/ebs-csi-node was not successfully created by the Kubernetes API server : DaemonSet.apps "ebs-csi-node" is invalid: [spec.template.metadata.labels: Invalid value: map[string]string(nil): `selector` does not match template `labels`, spec.template.spec.containers: Required value]
    Is it a limitation of the provider or did I miss something? Is there a workaround (other than skipping the preview)?
    g
    • 2
    • 2
  • b

    brash-gigabyte-81569

    09/21/2022, 9:49 PM
    Besides creating another kubernete provider, is there a way to set a default namespace when you are applying a bunch of yaml via yaml.NewConfigFile(…) ?
    v
    • 2
    • 4
  • s

    some-continent-7311

    09/29/2022, 7:40 AM
    After upgrading
    @pulumi/pulumi
    and
    @pulumi/kubernetes
    to
    ^3.0.0
    and running
    pulumi up
    I get this warning:
    W0929 13:38:59.750875   65229 gcp.go:119] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.26+; use gcloud instead.
        To learn more, consult <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
    What should I do exactly to get rid of the warning?
    g
    • 2
    • 6
  • d

    damp-honey-93158

    10/05/2022, 2:36 PM
    I’d like to know if its possible to use “create if not exists” semantics for a k8s secret using pulumi, has anyone done that?
    g
    • 2
    • 4
  • d

    damp-honey-93158

    10/06/2022, 7:15 AM
    good morning! recently I've been getting random errors in Helm deployments, and I wondered if anyone else has started to experience this or its just me? On the off chance, here's what I'm seeing: Diagnostics: kubernetes:helm.sh/v3:Release (creditor-testcluster): error: unable to build kubernetes objects from release manifest: resource mapping not found for name: "dapr-operator" namespace: "" from "": no matches for kind "ServiceAccount" in version "v1" ensure CRDs are installed first this is a DAPR based Helm install - and its been working perfectly for months, it started to fail two days ago. The cluster is ephemeral. any ideas appreciated - have a good one.
  • d

    damp-honey-93158

    10/06/2022, 7:16 AM
    also; in lots of these errors I see k8s report that the namespace is empty
  • l

    lively-needle-84406

    10/06/2022, 2:15 PM
    Morning everyone! I am having an issue with applying Istio helm charts into my EKS cluster using Pulumi. Base:
    export const istioBaseChart = new k8s.helm.v3.Release("istio-base", {
        chart: "base",
        version: istioVersion,
        namespace: istioNamespace.metadata.name,
        repositoryOpts: {
            repo: "<https://istio-release.storage.googleapis.com/charts>",
        },
        
    }, {
        dependsOn: [cluster, istioNamespace]
    });
    Istiod:
    export const istiod = new k8s.helm.v3.Chart("istiod", {
        chart: "istiod",
        version: istioVersion,
        namespace: istioNamespace.metadata.name,
        fetchOpts: {
            repo: "<https://istio-release.storage.googleapis.com/charts>",
        },
    }, {
        dependsOn: [cluster, istioNamespace, istioBaseChart]
    });
    The error I am receiving is:
    kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> (istio-base):
        error: could not get server version from Kubernetes: Get "<https://B042EE83435E804CA59AE3C4ACC5C169.sk1.us-west-1.eks.amazonaws.com/version?timeout=32s>": dial tcp: lookup <http://xxxxxxxxxxxxxx.sk1.us-west-1.eks.amazonaws.com|xxxxxxxxxxxxxx.sk1.us-west-1.eks.amazonaws.com> on [xxxx:xxxx:xxx:xxxx::x]:xx: no such host
    To me, this looks like the dependency on the cluster and other resources is not being honored. Any ideas how to ensure the cluster and other resources get created properly before applying these charts?
    b
    • 2
    • 2
  • d

    damp-honey-93158

    10/07/2022, 9:48 AM
    Has anyone found/used a Pulumi API that works with Percona / MySQL?
    b
    • 2
    • 1
  • p

    proud-pizza-80589

    10/11/2022, 11:08 AM
    I know this is not something that should be run in prod, but anyone have a nice way to recover from e.g. “secret x already exists” During dev and using
    pulumi cancel && pulumi refresh --yes --clear-pending-creates
    i often have left over stuff if i rerun before the previous run times out.
  • v

    victorious-exabyte-70545

    10/12/2022, 8:59 PM
    Hi Folks! I am getting this error when trying to create an azure aks cluster with pulumi
    +  azure-native:containerservice:ManagedCluster devprivaks creating error: '
     'cannot check existence of resource '
     "'/subscriptions/*******/resourceGroups/******/providers/Microsoft.ContainerService/managedClusters/*****': "
     'status code 400, '
     '{"error":{"code":"InvalidApiVersionParameter","message":"The api-version '
     "'2021-03-01' is invalid. The supported versions are "
     '\'2022-09-01,2022-06-01,2022-05-01,2022-03-01-preview,2022-01-01,2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04\'."}}\n'
    s
    • 2
    • 27
  • o

    orange-psychiatrist-22511

    10/13/2022, 10:22 PM
    Hi everyone! Quick question that I can't seem to find anything about online, but thought that it'd be a common usecase: I use pulumi to provision deployments in my setup, but after that I want to manage number of replicas and container images outside of pulumi (we have pipelines doing that already). I know
    ignoreChanges
    help to some extent, but whenever we need to change a deployment configuration it will reset the number of replicas and/or the image there. So my question is: is there a way of defining a specific field of a kubernetes resource to not be managed by pulumi? If not, what is the "normal" way of using pulumi with kubernetes deployments?
    • 1
    • 2
  • d

    delightful-bear-69098

    10/15/2022, 9:36 PM
    I found today that it is possible to import a Helm Release into a Pulumi project using something like:
  • d

    delightful-bear-69098

    10/15/2022, 9:36 PM
    pulumi import kubernetes:helm.sh/v3:Release myRelease kong/quickstart-3f0608ad
  • d

    delightful-bear-69098

    10/15/2022, 9:37 PM
    My question is what type of Kubernetes resources can I import ?
  • d

    delightful-bear-69098

    10/15/2022, 9:37 PM
    Can I import any type of Kubernetess resource ?
    b
    • 2
    • 2
  • b

    bored-baker-95734

    10/18/2022, 2:50 PM
    Hi Do I get some help over here for pulumi-eks bugs I reported ? https://github.com/pulumi/pulumi-eks/issues/799
    b
    • 2
    • 5
  • v

    victorious-exabyte-70545

    10/19/2022, 4:43 PM
    Hi guys, we had a really strange issue with Pulumi and AKS yesterday. pulumi would throw an error and say that the deployment failed, but the resource was actually created in kuberentes. In other cases, the resource would be acknowledged as created, but pulumi timed out while polling for the resource to be fully initialized. This is less of a problem than pulumi not recording that the resource was created. In that case, retries on the deployment would fail, because the resource already exists. I am thinking it is related to timeouts? https://stackoverflow.com/questions/64638116/change-pulumis-timeout-when-deploying-kubernetes-resources
    '(ingress-nginx-private/private-nginx-ingress-controller):\n'
     '    error: 1 error occurred:\n'
     '    \t* resource ingress-nginx-private/private-nginx-ingress-controller was '
     'successfully created, but the Kubernetes API server reported that it failed '
     'to fully initialize or become live: Timeout occurred polling for '
     "'private-nginx-ingress-controller'\n"
     '\n'
    • 1
    • 1
  • n

    nice-father-44210

    10/23/2022, 6:47 PM
    Is installing a Helm chart from an AWS ECR repo supported in
    pulumi-kubernetes
    ? I’m trying to find the right combination of arguments to make it work but coming up short. Appreciate the help, thanks in advance 🙂
    ecr_token = aws.ecr.get_authorization_token()
    
    pulumi_kubernetes.helm.v3.Release(
        "release",
        pulumi_kubernetes.helm.v3.ReleaseArgs(
            name = "test",
            chart = "my-chart",
            version = "0.1.0",
            repository_opts = pulumi_kubernetes.helm.v3.RepositoryOptsArgs(
                repo = f"oci://{account_id}.dkr.ecr.{region}.<http://amazonaws.com|amazonaws.com>",
                username = "AWS",
                password = ecr_token.authorization_token,
            ),
            values = {}
        ),
        opts = pulumi.ResourceOptions(provider = my_k8s_provider, )
    )
    q
    f
    • 3
    • 8
  • g

    gorgeous-egg-16927

    10/24/2022, 5:24 PM
    As you may have seen in recent announcements, we enabled the Server-side Apply feature by default in the
    v3.22.0
    version of
    pulumi-kubernetes
    . With this behavior enabled, you may encounter error messages about resource field conflicts. These errors are related to other controllers changing fields on shared resources. With the previous Client-side diff/apply behavior, these conflicts were not always apparent, but are now caught during preview and update. These errors are typically something that need to be resolved by the user, and are a legitimate difference that wasn’t detected by our previous Client-Side diff logic. Your options for resolving these conflicts are: 1. Disable SSA with the
    enableServerSideApply
    provider flag to use the previous behavior for now. This is the fastest way to unblock yourself, but as noted, will miss legitimate conflicts that are only detective with a Server-side diff. 2. Use the
    ignoreChanges
    resource option to selectively ignore changes to fields that another controller may update. Other controllers could be operators, admission controllers,
    kubectl
    , etc. 3. Use the
    <http://pulumi.com/patchForce|pulumi.com/patchForce>
    annotation to explicitly take ownership of the conflicting fields. Note that this might prevent other controllers from updating them. 4. Pin
    pulumi-kubernetes
    to a version previous to
    v3.22.0
    . Please let us know if you run into problems by filing an issue. Thanks for your patience as we work through this important transition point in the provider!
    f
    • 2
    • 2
  • d

    damp-honey-93158

    10/26/2022, 1:32 PM
    hello Pulumiers! I've got a helm chart (for DAPR) that is now reporting failures when I "pulumi up" it... has anyone seen this? Diagnostics: kubernetes:helm.sh/v3:Release (invscanner-testtest): error: template: dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml:14:46: executing "dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml" at <index $existingSecret.data "issuer.crt">: error calling index: index of untyped nil
  • s

    sparse-hairdresser-15357

    10/26/2022, 7:51 PM
    Hello, we are running Pulumi (.NET) via a Jenkins pipeline, and we created a container for this purpose. Recently we updated the Pulumi version inside that container from 3.39.1 running on .NET Core 3.1, to version 3.43.1 running on .NET 6, and now we are seeing a lot of failures:
    error: Preview failed: 1 error occurred:
    	* the Kubernetes API server reported that "some-namespace/some-application" failed to fully initialize or become live: use `<http://pulumi.com/patchForce|pulumi.com/patchForce>` to override the conflict: Apply failed with 4 conflicts: conflicts with "pulumi-resource-kubernetes.exe" using apps/v1:
    - .spec.strategy.rollingUpdate.maxUnavailable
    - .spec.strategy.rollingUpdate.maxUnavailable
    - .spec.template.spec.containers[name="some-application"].resources.limits.cpu
    conflicts with "rancher" using apps/v1:
    - .spec.replicas
    And I have no idea what is going on and why this is happening. Easy would be to just do what it says with 'patchForce', but I want to understand why this is happening and if it can be prevented.
  • a

    alert-zebra-27114

    10/27/2022, 9:10 AM
    Howdy all, We have a product with many micro-services based on AWS and EKS, where everything is managed with a set of layered Pulumu stacks. This has many advantages and we are pretty happy with it. As part of this, we also deploy services in AWS and Kubernetes via Pulumi. This allows us to create any needed additional infrastructure - like Cognito User Pools, queues, databases, logs, etc - in the stack before the service itself is deployed/installed using a Helm Chart. But... sometimes the Helm chart installation fails and we don't really see much in terms of feed back. We can figure out the problems by re-deploying and then monitoring the objects in Kubernetes, but that is not exactly a good process for the developers. So are there any known way to get more feed-back from the Helm chart installation? Like the logs from the various containers and PODs? As the depoyment fails - and thus pulumi up fails - I cannot see how I can run any additional code to retrieve the wanted information.
  • e

    eager-football-6317

    10/27/2022, 9:20 AM
    Hi folks, In the Kubernetes provider v3.22.0, server-side apply was made the default (see earlier). This exposed surprising errors, and caused problematic interactions with other tooling, such as Helm, that are not straight-forward to work around. Therefore, we’ve rolled back that change — server-side apply is back to being opt-in in v3.22.1. Update to that version of the Pulumi Kubernetes SDK using e.g.,
    npm update @pulumi/kubernetes
    . If you have set the flag
    enableServerSideApply: false
    in order to work around problems, the new release will respect that.
    s
    • 2
    • 2
  • m

    millions-train-91139

    10/27/2022, 3:46 PM
    Hey all, I came by a super weird behavior in the pulumi-kubernetes provider Why is the
    Kubeconfig
    even a part of the state. If it’s the file content - than it may contain secrets. If
    Kubeconfig
    is a path to a local file - then it may not (and probably won’t) exist later on (CI/CD, different developers). I also saw that
    pulumi up
    overrides this parameter, so it make even less sense to me. What is interesting thought, and the reason I’m interested in this parameter from the first place is the fact that
    pulumi refresh
    fails since it is not being overridden in that scenario and tries to find that file locally - with a horrible undescriptive message
    warning: configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }
        error: Preview failed: failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource
    • 1
    • 2
  • f

    flat-insurance-25294

    11/01/2022, 8:01 AM
    Does Pulimi let us generate YAML files for local K8? We define all our Deployments and Services in TypeScript, but for running locally for dev, we’re duplicating them. It would be great if you could generate .YAML manifest files for deploying to local k8.
    b
    • 2
    • 1
Powered by Linen
Title
f

flat-insurance-25294

11/01/2022, 8:01 AM
Does Pulimi let us generate YAML files for local K8? We define all our Deployments and Services in TypeScript, but for running locally for dev, we’re duplicating them. It would be great if you could generate .YAML manifest files for deploying to local k8.
b

billowy-army-68599

11/01/2022, 1:33 PM
yes, use this: https://www.pulumi.com/blog/kubernetes-yaml-generation/
View count: 9