echoing-fall-59017
12/14/2023, 1:45 PMPulumi
project. First step is previewing the changes when a pr is created. When that pr is merged I use Pulumi
up in order to deploy the changes, with workload identity service account I created specifically in GCP.
name: Pulumi CI
on:
pull_request:
paths-ignore:
- 'services/foo-**'
jobs:
preview:
name: Preview
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
strategy:
matrix:
stack-name: [gcp-staging]
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- id: gcp-auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
# token_format: access_token
# workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_POOL_ID }}
workload_identity_provider: projects/ID/locations/global/workloadIdentityPools/pulumi/providers/pulumi-ci
service_account: pulumi-ci-sa@${{ secrets.GCP_PROJECT }}.iam.gserviceaccount.com
# access_token_lifetime: 300s
- uses: simenandre/setup-gke-gcloud-auth-plugin@v1
- run: pip install -r clusters/pulumi/requirements.txt
- uses: pulumi/actions@v4
with:
command: preview
cloud-url: <gs://pulumi-backend/>
work-dir: clusters/pulumi/
comment-on-pr: true
stack-name: ${{ matrix.stack-name }}
env:
GOOGLE_OAUTH_ACCESS_TOKEN: ${{ steps.gcp-auth.outputs.access_token }}
# PULUMI_ACCESS_TOKEN: "nosecret"
PULUMI_CONFIG_PASSPHRASE: ""
PULUMI_BACKEND_URL: <gs://pulumi-backend/>
The environment is Kubernetes
based, an operating cluster which i deployed via my local machine on GCP.
When I run pulumi preview/update
from my machine, there are no apparent issues.
I've encountered an issue with the preview step, it fails with this error message regarding the `ingress-nginx-controller`:
kubernetes:core/v1:Service (ingress_nginx_controller):
error: Preview failed: 2 errors occurred:
* Resource 'ingress-nginx-controller' was created but failed to initialize
* Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods
Any leads on what can be the reason?echoing-fall-59017
12/17/2023, 6:54 AM