oh maybe it’s because it’s alongside the provider ...
# kubernetesg
gorgeous-lunch-7514
01/08/2024, 4:55 PMoh maybe it’s because it’s alongside the provider args actually
d
dry-keyboard-94795
01/08/2024, 5:39 PMYes, you need to have it in resource args instead of the opts object
dry-keyboard-94795
01/08/2024, 5:40 PMI think you also mutate the object directly instead of returning too
g
gorgeous-lunch-7514
01/08/2024, 5:42 PMyeah, it’s working now but now I’m chasing a phantom I can’t see
I want to allow the image updates tbh so ignoring them i don’t mind
I can’t see
teleport-kube-agent-updater Copy code
Apply failed with 1 conflict: conflict with "teleport-kube-agent-updater" using apps/v1: .spec.template.spec.containers[name="teleport"].imaged
dry-keyboard-94795
01/08/2024, 5:55 PMIt doesn't show at all in transformations, ie with just a transformer that only logs without conditionals?
g
gorgeous-lunch-7514
01/08/2024, 5:57 PMyeah not at all w/o conditionals
d
dry-keyboard-94795
01/08/2024, 5:57 PMOh, 'teleport-kube-agent-updater' will be the name of something already in k8s that manages the image for you. It sounds like a server-side apply conflict
dry-keyboard-94795
01/08/2024, 5:57 PMWhich suggests the image isn't being ignored by pulumi
dry-keyboard-94795
01/08/2024, 5:58 PMCan you post the updated transformations code please
g
gorgeous-lunch-7514
01/08/2024, 5:58 PMgive me a mo’
gorgeous-lunch-7514
01/08/2024, 5:58 PM Copy code
const teleport = new k8s.helm.v3.Chart(
teleportAppName,
{
chart: "teleport-kube-agent",
version: "13.4.14",
namespace: config.clusterSvcsNamespaceName,
fetchOpts: {
repo: "<https://charts.releases.teleport.dev>",
},
values: {
roles: "kube,db",
authToken: "xxxx",
proxyAddr: "xxxxx.teleport.sh:443",
kubeClusterName: config.stackName,
labels: {
"teleport.internal/resource-id": "xxxxx",
},
enterprise: true,
updater: {
enabled: true,
releaseChannel: "stable/cloud",
},
highAvailability: {
replicaCount: 2,
podDisruptionBudget: {
enabled: true,
minAvailable: 1,
},
},
awsDatabases: [{
types: ["rds"],
regions: ["eu-west-2"],
tags: {
"*": "*",
},
}],
annotations: {
serviceAccount: {
"<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>": config.oidcProviderRoleArn,
},
},
},
transformations: [
(obj: any) => {
if (
(obj.type === "Deployment" && obj.metadata.name === "teleport-agent-updater") ||
(obj.kind === "StatefulSet" && obj.metadata.name === "teleport-agent")) {
console.log(`Ignoring changes to ${obj.type} ${obj.metadata.name}`);
return {
props: obj.props,
opts: pulumi.mergeOptions(obj.kind, { ignoreChanges: ['spec.template.spec.containers[*].image'] }),
};
}
console.log(obj);
return undefined;
},
],
},
{
provider: provider,
ignoreChanges: ["spec.template.spec.containers[*].image"],
}
);gorgeous-lunch-7514
01/08/2024, 5:59 PMthe opts arg ignore was just a stab in the dark
d
dry-keyboard-94795
01/08/2024, 6:00 PMI think it should be
obj.kind == 'Deployment'.typeg
gorgeous-lunch-7514
01/08/2024, 6:00 PMit’s
typed
dry-keyboard-94795
01/08/2024, 6:00 PMYou also need to mutate opts directly. This is how transformers are called:
https://github.com/pulumi/pulumi-kubernetes/blob/8f44f6df6f5ed2476f776cd3d1b3775fad198852/sdk/nodejs/yaml/yaml.ts#L3361
dry-keyboard-94795
01/08/2024, 6:01 PMSo
optsg
gorgeous-lunch-7514
01/08/2024, 6:04 PMI’ll wipe my tears and try
d
dry-keyboard-94795
01/08/2024, 6:04 PMThere's an example in the docs for modifying the alias, which you can follow for modifying `ignoreChanges`: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations
g
gorgeous-lunch-7514
01/08/2024, 6:06 PMoh you’re right I have a typo!
gorgeous-lunch-7514
01/08/2024, 6:06 PMalso
4 Views