I'm trying to workout what I can pass to that, in terms of what is doing the serialization that I need to consider.

Hi, I created a

VPC

using

pulumi_aws

and a

cluster

using

pulumi_eks

, but in the end, I received the error

no nodes available to schedule pods.

Here is the code: https://github.com/omidraha/pulumi_example/blob/main/vpc.py https://github.com/omidraha/pulumi_example/blob/main/iam.py https://github.com/omidraha/pulumi_example/blob/main/cluster.py https://github.com/omidraha/pulumi_example/blob/main/setup.py

$ kubectl get pods -A 
NAMESPACE     NAME                       READY   STATUS    RESTARTS   AGE
kube-system   coredns-6ff9c46cd8-98sck   0/1     Pending   0          24h
kube-system   coredns-6ff9c46cd8-hrj56   0/1     Pending   0          24h
$ kubectl get event -A
NAMESPACE     LAST SEEN   TYPE      REASON             OBJECT                         MESSAGE
kube-system   38s         Warning   FailedScheduling   pod/coredns-6ff9c46cd8-98sck   no nodes available to schedule pods
kube-system   68s         Warning   FailedScheduling   pod/coredns-6ff9c46cd8-hrj56   no nodes available to schedule pods

How to Increase the number of pods limit per Kubernetes Node? I tried

node_user_data

, But it didn't work:

import pulumi_eks as eks

def create_cluster(vpc):
    cluster = eks.Cluster(
        "cluster",
        # other parameters...
        node_user_data="""
          #!/bin/bash
          set -o xtrace
          /etc/eks/bootstrap.sh --apiserver-endpoint '${var.cluster_endpoint}' --b64-cluster-ca '${var.cluster_ca_data}' '${var.cluster_name}' --use-max-pods false --kubelet-extra-args '--max-pods=20'
        """,
    )
    return cluster

Does the helm lookup command work when using helm.v3.Chart? e.g. a chart that has {{- $obj := (lookup "v1" "Secret" "gloo-system" "console").data -}}? Is there a list of supported helm commands in this helm.v3.Chart anywhere?

Something super weird When I update the pulumi-kubernetes plugin to version 4.1.0 (by advancing go.mod/go.sum and imports within the code): 1. On my Mac - it installed the 4.1.0 plugin and also the preview edited the version of the provider in the Pulumi state to 4.1.0 2. On GitHub CI - it installed the plugin specified in the state (even though the code uses

v4

objects! And ran the old provider, also didn’t update the state I had to manually go to the GitHub state of 6 stacks and update the provider version within the state manually! Crazy For some reason GitHub CI prefer’s the state objects but my Mac doesn’t Same Pulumi version (v3.78.1), GitHub CI used pulumi/actions@v3

running into an issue with the linkerd-crds helm chart on an upgrade (using the Release resource). the error message says a label and some annotations are missing, and that the crd can't be adopted by the release, but they are not actually missing. after looking over the pulumi updates, it turns out what actually is going on is a crd was dropped, and now pulumi thinks all the resources have been renamed because the order is now different. does anyone know how to resolve this issue? I've already tried manually deleting the resource that the chart drops to no avail

I want to set up

Fluent Bit

with

Grafana

in

Kubernetes

using

Pulumi

through these two Helm charts: 1. Fluent Bit: https://artifacthub.io/packages/helm/fluent/fluent-bit 2. Grafana: https://artifacthub.io/packages/helm/grafana/grafana Here is an example of my code, but I'm facing pod startup issues due to the configuration: https://github.com/omidraha/pulumi_example/blob/main/log/log.py https://github.com/omidraha/pulumi_example/blob/main/log/setup.py

How do I get Pulumi to not create the EKS VPC CNI plugin with the

@pulumi/eks

package?

I started seeing these warnings on all of our

apps/v1

resources some time ago:

warning: ignoring user-specified value for internal annotation "<http://pulumi.com/autonamed|pulumi.com/autonamed>"

I thought it was because our Pulumi versions were out of date, but updated now (and ran

pulumi up

on the new update), but still seeing the warnings. We are not setting the

<http://pulumi.com/autonamed|pulumi.com/autonamed>

annotation, and we're using auto-naming everywhere. Here's an example of one of the apps with warnings:

const provider = new k8s.Provider('dm-k8s-provider', {
  kubeconfig,
});

const labels = {
  app: 'dm-cron',
  'scrape-metrics': String(true),
};

export const cronApp = new k8s.apps.v1.Deployment('dm-cron-app', {
  metadata: { labels },
  spec: {
    strategy: { type: 'Recreate' },
    replicas: 1,
    selector: { matchLabels: labels },
    template: {
      metadata: { labels },
      spec: {
        nodeSelector: {
          '<http://cloud.google.com/gke-nodepool|cloud.google.com/gke-nodepool>': nodePools.misc.name,
        },
        serviceAccountName: dmAppServiceAccountName,
        imagePullSecrets,
        containers: [ {
          name: 'dm-cron-app-container',
          image: image.imageName,
          env: environmentVariables,
          command: [ 'yarn', 'workspace', 'cron', 'start' ],
          ports: [ dmMetricsPort ],
        } ],
      },
    },
  },
}, {
  provider,
});

Using Pulumi CLI v3.78.1,

@pulumi/pulumi

v3.78.1,

@pulumi/kubernetes

v4.1.1

Hello guys! Is there some initiative to get Pulumi Crosswalk for Kubernetes up to date? I just found this resource and although I love the idea, it doesn't seem to have much credibility as on the very first page I'm reading, there's multiple recommendations to deprecated features. https://www.pulumi.com/docs/clouds/kubernetes/guides/control-plane/#:~:text=Instead%20of%20using,podSecuri[…]nfig%3A%20%7B%20enabled%3A%20true%20%7D Both Octant and PodSecurityPolicies are deprecated as seen on clicking on those links. 🤔

Hello, Is there any plan to make

crd2pulumi

generate the code that uses Kubernetes provider v4?

Every time I run pulumi up my cluster is being recreated on gke. This code is attempting to create an autopilot cluster (which it does). On subsequent runs of "pulumi up" it says that I'm removing the dns config. Could someone help me debug my kubeconfig?

Looking for ideas from the experts. I have a moderately complicated Pulumi script that works very well -- this is on AWS -- deploys S3, EKS, ACM certs, RDS, multiple k8s deployment and services, and Cloudflare records. The only problem is I have to run the process in phases -- if I try to run it straight through, there are errors relating to Output types. I understand the issue generally and have used

apply

and

Output.all

effectively in several places. But I can't figure out how to make a later step depend on a status of EKS itself, or a k8s deployment or service. I've tried things like:

## note -- depl
something_else(opts=pulumi.ResourceOptions(depends_on=app_depl)

## or

## note -- svc
something_else(opts=pulumi.ResourceOptions(depends_on=app_svc)

## or

app_hostname = app_svc.status.load_balancer.ingress[0].hostname
...
something_else(opts=pulumi.ResourceOptions(depends_on=app_hostname)

These all fail with either inappropiate use of Output type, or the value isn't available at the time that line is executed. I've even tried using

apply

at each dot of the "svc.status.load_balancer.ingress" nested dictionary all to no avail. What's the recommended way to base a

depends_on

on a resource that has an evolving status, like a k8s deployment or service? I'm confused and stuck. Any suggestions would be appreciated.

Anyone had helm-git (or other helm plugins) working with Pulumi? Unsure if it's hanging, or just being slow

kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> (dp-chiron-app-fission):
    error: plugin "helm-git" exited with error

Well, at least I know it's trying to use it 🙂

Is there a way to see what the actual error is?

I need to run a cache purge on cloudflare after a deployment rollout is completed. I was previously doing this with a home-grown (4 year old)

rolloutStatus

typescript fn but it is no longer working. I see the pulumi addition of

local.Command

, but it appears it only executes shell commands. Is there a dependency helper I can use that will allow me to procedurally run some code after a deployment rollout is finished? I’m happy to provide my old code, but I’m hoping there is something easier using

dependsOn

or

Output

resolution.

Dealing with a GCP bug, which prevents me from deleting a Namespace timely. Is there a way to trigger a deletion, but don't wait for it? The end-goal would be have it marked correctly as "terminating", with the expectation that the cluster will delete once the stuck finalizers are cleared

I allow myself to forward this here https://pulumi-community.slack.com/archives/CCWP5TJ5U/p1693855727508509 because it fit more with the channel topic.

anybody else having issues managing more than one Kubernetes cluster under one Pulumi stack? Primarily as a result of ConfigFile and helm Chart giving

try giving it a unique name

Does

pulumi_eks

support creating a fully private EKS cluster (no public api access) with storage classes? Running into a strange issue:

eks:index:VpcCni (staging-eks-vpc-cni):
    error: Command failed: kubectl apply -f /tmp/tmp-37930G3QLEJ0E0vMu.tmp
    Unable to connect to the server: net/http: TLS handshake timeout

  kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (staging-eks-gp2):
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://A5F09297FEECD3B9C32CA.gr7.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s>": net/http: TLS handshake timeout

  kubernetes:core/v1:ConfigMap (staging-eks-nodeAccess):
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://A5F09297FEECD3B9C32CA.gr7.ca-central-1.eks.amazonaws.com/openapi/v2?timeout=32s>": net/http: TLS handshake timeout

Resources:
    21 unchanged

Duration: 7m42s

Hi, I'd like to ask how do you solve deploying k8s deployment with image tagged

latest

. I've got running deployment and newer image, but for pulumi there is no change? How to "redeploy" deployment to download latest latest image.

Hi all, does anyone here have any experience with dealing with differences between the Kubeconfigs between local and CI? The context for me is that Teleport's local k8s connections use

tsh

as the credential exec command and interacts with a user session (I check this is already logged in before running pulumi) while in CI we have to use

tbot

to interact with a short lived identity (machine id) generated by

tbot

via OIDC (in Github Actions). The provider seems to handle changes to Kubeconfig fine as long as the cluster info does not change however there is a condition where the provider is trying actions against existing resources before the Kubeconfig input has settled (via an output that yields a different value if you in CI or not) and this can cause it to completely fail when you switch between local and CI. Changing the path is the prime case where this happens because the provider saves the local system path which does not exist on other systems. I have managed to get this to a point where it works (providing the contents instead) but we end up with errors like the following when switching between local and CI:

# on CI after local up:
If browser window does not open automatically, open it by clicking on the link:
     <http://127.0.0.1:38621/0f9740eb-81b8-4bd3-80e3-010159fec870>

# on local after CI up:
ERROR: no such file or directory
ERROR: no such file or directory

all because the provider does not wait for its inputs. Is this a bug?

I'm having a little of a issue in my head with the k8s provider. If I create the k8s cluster AND the helm resources in the same pulumi stack, it works fine. However, if I need to, somehow (not sure if this is possible) change the kubeconfig that I've built from the output, all the helm resources result in a replace. As I understand it, the kubeconfig includes the certificate data. So if that has to change, the provider is new, and therefore will cause all the helm releases to redeploy. That feels... wrong?

If I do a helm release with pulumi, is there a way to see all the other resources that it created? Like I want to iterate through all the deployments in the release. Alternatively, is there a way to query the running cluster for the deployments using a search? I don't know, before hand, how many deployments it will create, so I'm thinking I can query to get that.

Hello everyone, i’m having issue to setup a pretty standard kubernetes cluster in EKS regarding dns resolution. I’ve followed multiple guide and troubleshoot guide and spent many hours torturing my head around this. My pod(s) running in a worker node other than a default one i create during the step of creating the cluster can’t resolve dns. The “default worker” host the default deployment of 2 replicas of coredns. Targetted deployment on this “default” worker node makes my deployment successfull. The issue is likely related to network communication between different worker nodes and CoreDNS. Did i missed anything ? It seems like a very basic setup that i wanna run.

Has anyone else successfully deployed ARC runners for Github actions using Pulumi? This is my first time trying to figure out how to deploy CRDs in Pulumi and I would love a reference point to start from.

Hi, I have a yaml config resource that is detecting it's being updated but when i request details for the change it says there are no changes. How do I prevent this resource from being updated unnecessarily?

why does pulumi write to k8s state without also writing to its own state?