https://pulumi.com logo
#kubernetes
Title
# kubernetes
e

echoing-fall-59017

12/14/2023, 1:45 PM
Hello guys, I've been trying to write a CI/CD flow for my
Pulumi
project. First step is previewing the changes when a pr is created. When that pr is merged I use
Pulumi
up in order to deploy the changes, with workload identity service account I created specifically in GCP.
Copy code
name: Pulumi CI
on:
  pull_request:
    paths-ignore:
      - 'services/foo-**'
jobs:
  preview:
    name: Preview
    permissions:
      contents: 'read'
      id-token: 'write'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        stack-name: [gcp-staging]
    steps:
      - uses: actions/checkout@v3
        with:
          persist-credentials: false
          fetch-depth: 0
      - uses: actions/setup-python@v5
        with:
          python-version: 3.11

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-2

      - id: gcp-auth
        name: Authenticate with Google Cloud
        uses: google-github-actions/auth@v2
        with:
          # token_format: access_token
          # workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_POOL_ID }}
          workload_identity_provider: projects/ID/locations/global/workloadIdentityPools/pulumi/providers/pulumi-ci
          service_account: pulumi-ci-sa@${{ secrets.GCP_PROJECT }}.iam.gserviceaccount.com
          # access_token_lifetime: 300s

      - uses: simenandre/setup-gke-gcloud-auth-plugin@v1
      - run: pip install -r clusters/pulumi/requirements.txt
      - uses: pulumi/actions@v4
        with:
          command: preview
          cloud-url: <gs://pulumi-backend/>
          work-dir: clusters/pulumi/
          comment-on-pr: true
          stack-name: ${{ matrix.stack-name }}
        env:
          GOOGLE_OAUTH_ACCESS_TOKEN: ${{ steps.gcp-auth.outputs.access_token }}
          # PULUMI_ACCESS_TOKEN: "nosecret"
          PULUMI_CONFIG_PASSPHRASE: ""
          PULUMI_BACKEND_URL: <gs://pulumi-backend/>
The environment is
Kubernetes
based, an operating cluster which i deployed via my local machine on GCP. When I run
pulumi preview/update
from my machine, there are no apparent issues. I've encountered an issue with the preview step, it fails with this error message regarding the `ingress-nginx-controller`:
Copy code
kubernetes:core/v1:Service (ingress_nginx_controller):
  error: Preview failed: 2 errors occurred:
   	* Resource 'ingress-nginx-controller' was created but failed to initialize
   	* Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods
Any leads on what can be the reason?
Anyone?