pulumi-community #kubernetes

kubernetes

few-apartment-82932

06/01/2020, 2:14 PM

Similarly, I'm having bugs (on osX, latest pulumi) with a simple example like this https://github.com/pulumi/examples/tree/master/kubernetes-ts-configmap-rollout First, there are a few small bugs (missing a

selector

in the code, and the README shows

svc/frontend

for the port forwarding which does not exist there), but even deploying locally on minikube I can't access the nginx forward there

abundant-airplane-93796

06/04/2020, 1:20 AM

Anyone run into issues with

pulumi preview

giving different behavior to

pulumi up

when using GKE? I'm finding that

preview

fails to properly use

gcloud

to authenticate with the cluster, causing the preview to not see any existing kubernetes resources.

up

on the other hand works as expected

famous-jelly-72366

06/04/2020, 7:53 AM

Is there a way to add helm repos from pulumi? Feels a bit awkward that pulumi handles everything else, but I still have to go to the terminal to do

helm repo add ...

dazzling-sundown-39670

06/04/2020, 1:09 PM

Is it possible to override files inside helm charts? 🤔 I'm trying to use chart

bitnami/phpmyadmin

but the maximum upload size is too low for me and they don't offer a way to set it. So I would like to override the config file with a different one

miniature-rose-15269

06/04/2020, 8:11 PM

not sure if this is the correct channel vs gcp but with the Istio addon on GKE, how can I get the external IP of the ingress gateway? It’s automatically created by GCP so I don’t have the resource in Pulumi to be able to output the load balancer IP. Any ideas?

bitter-dentist-28132

06/05/2020, 2:23 AM

been a while since using pulumi on this repo, and now it doesn't work. i keep getting

configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

. any idea why this might be the case? i'm explicitly getting the kubeconfig and providing it as the

provider

, so it's not like some sort of ambient credential problem.

jolly-bear-34819

06/05/2020, 10:47 AM

I'm deploying a nginx-ingress helm chart on AKS to provision a private loadbalancer.

new k8s.helm.v3.Chart(name, {
    chart: "nginx-ingress",
    version: "1.36.3",
    fetchOpts: {
        repo: "<https://kubernetes-charts.storage.googleapis.com>",
    },
    values: {
        controller: {
            service: {
                loadBalancerIP: props.backendIpAddress,
                annotations: {
                    "<http://service.beta.kubernetes.io/azure-load-balancer-internal|service.beta.kubernetes.io/azure-load-balancer-internal>": "true"
                }
            },
        }
    },
})

In my case the cluster gets recreated and the Kubernetes provider tries to deploy the helm chart on the new cluster with the same IP address. Because the IP address is still allocated by the old loadbalancer, it will fail. Do you got any ideas on how to delete the old service/loadbalancer before the new one gets created?

famous-jelly-72366

06/05/2020, 2:54 PM

helm chart transformations can come in pretty handy, using it to get around apiVersion deprecation warnings when using cert-manager on k8s 1.18

👍 2

busy-soccer-65968

06/05/2020, 7:10 PM

following this https://www.pulumi.com/docs/guides/crosswalk/kubernetes/apps/#create-a-deployment-with-a-secret. I have noticed if I add

metadeta.name

to my secret. Then my deployment diff shows

[secret]

and does a delete-replace instead of simply updated the deployment spec. If I do not include

metadata.name

in my secret and update the

stringData

then the deployent does an update instead of delete replace. It also, does not show the

[secret]

diff. Is this expect?

quiet-state-42882

06/07/2020, 6:04 AM

I seem to be experiencing issues in deploying a helm chart. The issues are as follows: * resource drone-drone was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: 'drone-drone' timed out waiting to be Ready * Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods Am I missing something in the configuration? Or would this suggest a misconfiguration in the helm chart?

famous-jelly-72366

06/09/2020, 2:02 PM

anyone also getting warning from cert-manager crds about

<http://apiextensions.k8s.io/v1beta1/CustomResourceDefinition|apiextensions.k8s.io/v1beta1/CustomResourceDefinition>

being deprecated? I tried doing a helm chart transform to fix this, but seems like the cert-manager webhook doesn't work with the updated v1 :S

famous-jelly-72366

06/10/2020, 9:51 AM

Is it expected behavior that upgrading an AKS cluster will replace all resources ???

bland-lamp-16797

06/10/2020, 3:11 PM

is there a way to install helm with pulumi and still having it when i type

helm list

bland-lamp-16797

06/10/2020, 3:12 PM

or to simply change

<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: pulumi

somehow

bland-lamp-16797

06/10/2020, 3:18 PM

label validation error: key "app.kubernetes.io/managed-by" must equal "Helm": current value is "pulumi";

bland-lamp-16797

06/10/2020, 3:21 PM

also, after upgrading GCP cluster, I'm getting this error when trying to run helm

error: apiVersion "extensions/v1beta1/Deployment" was removed in Kubernetes 1.16. Use "apps/v1/Deployment" instead.

full-dress-10026

06/10/2020, 4:52 PM

I'm switching from

new aws.eks.NodeGroup()

eksCluster.createNodeGroup

and noticing that

createNodeGroup

does not include the

nodeRoleArn

property in the args object. How would I provide an IAM role arn to a node group created with the

createNodeGroup

method?

full-dress-10026

06/10/2020, 5:19 PM

Wait, I think I have thoroughly confused myself. What is the proper way to create a managed node group in Pulumi? There appears to be many ways and it is unclear which blog posts are out of date.

famous-jelly-72366

06/11/2020, 11:28 AM

how are people handling deploying apps to k8s? do the pulumi code for the app live in the apps repo (as a separate stack) ? and then CI uses this to deploy to k8s, handling e.g. different branches etc.

miniature-rose-15269

06/11/2020, 2:22 PM

is it possible to wait for a cert-manager certificate secret to have the cert keys filled in? how would one go about it?

limited-rainbow-51650

06/11/2020, 2:28 PM

Pulumi can render YAML from code (https://www.pulumi.com/blog/kubernetes-yaml-generation/) but can it also do the reverse? I give it YAML and it gives me some Typescript on which I can continue working?

famous-jelly-72366

06/12/2020, 12:22 PM

when using helm charts with CRDs (e.g. cert-manager) it looks like those resources' urn aren't properly prefixed. At least I'm getting errors when trying to bring up a second cluster also using cert-manager claiin that the urns are not unique :S

kubernetes:<http://apiextensions.k8s.io:CustomResourceDefinition|apiextensions.k8s.io:CustomResourceDefinition> (<http://certificaterequests.cert-manager.io|certificaterequests.cert-manager.io>):
    error: Duplicate resource URN 'urn:pulumi:k8s::tms-pulumi::kubernetes:<http://helm.sh/v2:Chart$kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefino/v1beta1:CustomResourceDefinition::certificaterequests.cert-manager.io';|helm.sh/v2:Chart$kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefino/v1beta1:CustomResourceDefinition::certificaterequests.cert-manager.io';> try giving it a unique name

limited-rainbow-51650

06/12/2020, 2:57 PM

In a Pod spec, how should I convert a command with an input pipe like below into the TS counterpart?

command:
  - bash
  - -ec
  - |
      # Execute entrypoint as usual after obtaining ZOO_SERVER_ID based on POD hostname
      HOSTNAME=`hostname -s`
      if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then
        ORD=${BASH_REMATCH[2]}
        export ZOO_SERVER_ID=$((ORD+1))
      else
        echo "Failed to get index from hostname $HOST"
        exit 1
      fi
      exec /entrypoint.sh /run.sh

salmon-ghost-86211

06/12/2020, 3:48 PM

How would I enable group metrics collection for a K8s node group autoscaling group in AWS? Group metrics are not collected by default and when I check the Monitoring tab on the ASG it has a link

Enable Group Metrics Collection

. I want it enabled when it is created. I am using the

eks

APIs and calling

eks.Cluster

and then

cluster.createNodeGroup

. I have been able to retrieve from the nodeGroup properties the actual ASG name, but I am not sure how to either update an ASG to have the metrics enabled or to enable metrics on nodeGroup creation.

gorgeous-elephant-23271

06/13/2020, 9:33 PM

Hi, if I delete an entire k8s cluster and have other stacks that depend on it, is there a clean way to delete that stack entirely? It looks like with

pulumi state delete <urn>

I need to recurse through each resource and delete leaves first

gorgeous-elephant-23271

06/13/2020, 9:42 PM

running

pulumi stack rm <stack> --force

works, but feels a little ugly as I'm recreating the entire thing

calm-farmer-19058

06/18/2020, 7:42 PM

Hey all, have been getting my aws-typescript stacks setup and running in github actions, the stack is trying to create a kubernetes deployment. Kubernetes authentication is failing on eks get-token as defined in the kubeconfig, pulumi is not using the aws-region defined in the stack config so fails to connect to the cluster. By adding AWS_DEFAULT_REGION environment variable then everything is fine, this seems like a bug or am I missing something?

hundreds-portugal-17080

06/18/2020, 10:20 PM

Hello, When I teardown, some of the load balancers created from helm charts is not cleaning up. It is not happening every time and highly inconsistent. Please advice.

busy-soccer-65968

06/19/2020, 9:58 PM

https://pulumi-community.slack.com/archives/C84L4E3N1/p1592603831244400

salmon-ghost-86211

06/22/2020, 3:59 PM

Bumping this since I still need an answer https://pulumi-community.slack.com/archives/CRFURDVQB/p1591976889392000

Title

salmon-ghost-86211

06/22/2020, 3:59 PM

Bumping this since I still need an answer https://pulumi-community.slack.com/archives/CRFURDVQB/p1591976889392000

gorgeous-egg-16927

06/22/2020, 4:03 PM

@breezy-hamburger-69619?

breezy-hamburger-69619

06/22/2020, 4:45 PM

ASG group metrics is currently not exposed as a configurable option in the node group template body. Would you mind opening a new issue in

pulumi/eks

to capture your needs? Seems that exposing the MetricsCollection as an option for the ASG should do the trick.

salmon-ghost-86211

06/23/2020, 1:43 PM

Thank you @breezy-hamburger-69619. I have created https://github.com/pulumi/pulumi-eks/issues/400

View count: 5