victorious-dusk-75271
09/09/2022, 5:18 AM1) state file contains errors: resource urn:pulumi:staging::allrites-infrastructure::custom:resource:eks$custom:resource:AlbIngressController$aws:iam/role:Role::primary-eks-aws-loadbalancer-controller-role dependency urn:pulumi:staging::allrites-infrastructure::custom:resource:eks$custom:resource:AlbIngressController$kubernetes:core/v1:Namespace::primary-eks-alb-namespace refers to missing resource
2) importing this file could be dangerous; rerun with --force to proceed anyway
victorious-dusk-75271
09/09/2022, 5:19 AMaverage-pilot-3793
09/12/2022, 10:08 AMcoreDns
aws.eks.Addon
with fargate in a k8s. https://www.pulumi.com/registry/packages/aws/api-docs/eks/addon/#sts=Create%20a%20Addon%20Resource the documentation provides some level of information but when applying it i run into the following error. the full kubectl describe command output is in the thread. I suspect the label should be updated in the ResourceOptions somehow to <http://eks.amazonaws.com/fargate-profile=|eks.amazonaws.com/fargate-profile=><cluster name>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 2m29s (x5494 over 3d21h) default-scheduler 0/3 nodes are available: 3 node(s) had taint {<http://eks.amazonaws.com/compute-type|eks.amazonaws.com/compute-type>: fargate}, that the pod didn't tolerate.
most-lighter-95902
09/15/2022, 3:33 PM--from-file
flag in kubectl for secret creation via Pulumi?delightful-bear-69098
09/18/2022, 2:18 PMbored-spoon-83710
09/19/2022, 4:29 PMpulumi up --skip-preview
it works as intended. However, if I do a pulumi up
I get an error during preview:
error: Preview failed: resource kube-system/ebs-csi-node was not successfully created by the Kubernetes API server : DaemonSet.apps "ebs-csi-node" is invalid: [spec.template.metadata.labels: Invalid value: map[string]string(nil): `selector` does not match template `labels`, spec.template.spec.containers: Required value]
Is it a limitation of the provider or did I miss something? Is there a workaround (other than skipping the preview)?brash-gigabyte-81569
09/21/2022, 9:49 PMsome-continent-7311
09/29/2022, 7:40 AM@pulumi/pulumi
and @pulumi/kubernetes
to ^3.0.0
and running pulumi up
I get this warning:
W0929 13:38:59.750875 65229 gcp.go:119] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.26+; use gcloud instead.
To learn more, consult <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
What should I do exactly to get rid of the warning?damp-honey-93158
10/05/2022, 2:36 PMdamp-honey-93158
10/06/2022, 7:15 AMdamp-honey-93158
10/06/2022, 7:16 AMlively-needle-84406
10/06/2022, 2:15 PMexport const istioBaseChart = new k8s.helm.v3.Release("istio-base", {
chart: "base",
version: istioVersion,
namespace: istioNamespace.metadata.name,
repositoryOpts: {
repo: "<https://istio-release.storage.googleapis.com/charts>",
},
}, {
dependsOn: [cluster, istioNamespace]
});
Istiod:
export const istiod = new k8s.helm.v3.Chart("istiod", {
chart: "istiod",
version: istioVersion,
namespace: istioNamespace.metadata.name,
fetchOpts: {
repo: "<https://istio-release.storage.googleapis.com/charts>",
},
}, {
dependsOn: [cluster, istioNamespace, istioBaseChart]
});
The error I am receiving is:
kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> (istio-base):
error: could not get server version from Kubernetes: Get "<https://B042EE83435E804CA59AE3C4ACC5C169.sk1.us-west-1.eks.amazonaws.com/version?timeout=32s>": dial tcp: lookup <http://xxxxxxxxxxxxxx.sk1.us-west-1.eks.amazonaws.com|xxxxxxxxxxxxxx.sk1.us-west-1.eks.amazonaws.com> on [xxxx:xxxx:xxx:xxxx::x]:xx: no such host
To me, this looks like the dependency on the cluster and other resources is not being honored. Any ideas how to ensure the cluster and other resources get created properly before applying these charts?damp-honey-93158
10/07/2022, 9:48 AMproud-pizza-80589
10/11/2022, 11:08 AMpulumi cancel && pulumi refresh --yes --clear-pending-creates
i often have left over stuff if i rerun before the previous run times out.victorious-exabyte-70545
10/12/2022, 8:59 PM+ azure-native:containerservice:ManagedCluster devprivaks creating error: '
'cannot check existence of resource '
"'/subscriptions/*******/resourceGroups/******/providers/Microsoft.ContainerService/managedClusters/*****': "
'status code 400, '
'{"error":{"code":"InvalidApiVersionParameter","message":"The api-version '
"'2021-03-01' is invalid. The supported versions are "
'\'2022-09-01,2022-06-01,2022-05-01,2022-03-01-preview,2022-01-01,2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04\'."}}\n'
orange-psychiatrist-22511
10/13/2022, 10:22 PMignoreChanges
help to some extent, but whenever we need to change a deployment configuration it will reset the number of replicas and/or the image there. So my question is: is there a way of defining a specific field of a kubernetes resource to not be managed by pulumi? If not, what is the "normal" way of using pulumi with kubernetes deployments?delightful-bear-69098
10/15/2022, 9:36 PMdelightful-bear-69098
10/15/2022, 9:36 PMdelightful-bear-69098
10/15/2022, 9:37 PMdelightful-bear-69098
10/15/2022, 9:37 PMbored-baker-95734
10/18/2022, 2:50 PMvictorious-exabyte-70545
10/19/2022, 4:43 PM'(ingress-nginx-private/private-nginx-ingress-controller):\n'
' error: 1 error occurred:\n'
' \t* resource ingress-nginx-private/private-nginx-ingress-controller was '
'successfully created, but the Kubernetes API server reported that it failed '
'to fully initialize or become live: Timeout occurred polling for '
"'private-nginx-ingress-controller'\n"
'\n'
nice-father-44210
10/23/2022, 6:47 PMpulumi-kubernetes
?
I’m trying to find the right combination of arguments to make it work but coming up short.
Appreciate the help, thanks in advance 🙂
ecr_token = aws.ecr.get_authorization_token()
pulumi_kubernetes.helm.v3.Release(
"release",
pulumi_kubernetes.helm.v3.ReleaseArgs(
name = "test",
chart = "my-chart",
version = "0.1.0",
repository_opts = pulumi_kubernetes.helm.v3.RepositoryOptsArgs(
repo = f"oci://{account_id}.dkr.ecr.{region}.<http://amazonaws.com|amazonaws.com>",
username = "AWS",
password = ecr_token.authorization_token,
),
values = {}
),
opts = pulumi.ResourceOptions(provider = my_k8s_provider, )
)
gorgeous-egg-16927
10/24/2022, 5:24 PMv3.22.0
version of pulumi-kubernetes
. With this behavior enabled, you may encounter error messages about resource field conflicts. These errors are related to other controllers changing fields on shared resources. With the previous Client-side diff/apply behavior, these conflicts were not always apparent, but are now caught during preview and update.
These errors are typically something that need to be resolved by the user, and are a legitimate difference that wasn’t detected by our previous Client-Side diff logic.
Your options for resolving these conflicts are:
1. Disable SSA with the enableServerSideApply
provider flag to use the previous behavior for now. This is the fastest way to unblock yourself, but as noted, will miss legitimate conflicts that are only detective with a Server-side diff.
2. Use the ignoreChanges
resource option to selectively ignore changes to fields that another controller may update. Other controllers could be operators, admission controllers, kubectl
, etc.
3. Use the <http://pulumi.com/patchForce|pulumi.com/patchForce>
annotation to explicitly take ownership of the conflicting fields. Note that this might prevent other controllers from updating them.
4. Pin pulumi-kubernetes
to a version previous to v3.22.0
.
Please let us know if you run into problems by filing an issue. Thanks for your patience as we work through this important transition point in the provider!damp-honey-93158
10/26/2022, 1:32 PMsparse-hairdresser-15357
10/26/2022, 7:51 PMerror: Preview failed: 1 error occurred:
* the Kubernetes API server reported that "some-namespace/some-application" failed to fully initialize or become live: use `<http://pulumi.com/patchForce|pulumi.com/patchForce>` to override the conflict: Apply failed with 4 conflicts: conflicts with "pulumi-resource-kubernetes.exe" using apps/v1:
- .spec.strategy.rollingUpdate.maxUnavailable
- .spec.strategy.rollingUpdate.maxUnavailable
- .spec.template.spec.containers[name="some-application"].resources.limits.cpu
conflicts with "rancher" using apps/v1:
- .spec.replicas
And I have no idea what is going on and why this is happening. Easy would be to just do what it says with 'patchForce', but I want to understand why this is happening and if it can be prevented.alert-zebra-27114
10/27/2022, 9:10 AMeager-football-6317
10/27/2022, 9:20 AMnpm update @pulumi/kubernetes
.
If you have set the flag enableServerSideApply: false
in order to work around problems, the new release will respect that.millions-train-91139
10/27/2022, 3:46 PMKubeconfig
even a part of the state.
If it’s the file content - than it may contain secrets.
If Kubeconfig
is a path to a local file - then it may not (and probably won’t) exist later on (CI/CD, different developers).
I also saw that pulumi up
overrides this parameter, so it make even less sense to me.
What is interesting thought, and the reason I’m interested in this parameter from the first place is the fact that pulumi refresh
fails since it is not being overridden in that scenario and tries to find that file locally - with a horrible undescriptive message
warning: configured Kubernetes cluster is unreachable: failed to parse kubeconfig data in `kubernetes:config:kubeconfig`- couldn't get version/kind; json parse error: json: cannot unmarshal string into Go value of type struct { APIVersion string "json:\"apiVersion,omitempty\""; Kind string "json:\"kind,omitempty\"" }
error: Preview failed: failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource
flat-insurance-25294
11/01/2022, 8:01 AMflat-insurance-25294
11/01/2022, 8:01 AMbillowy-army-68599
11/01/2022, 1:33 PM