Hi Everyone I am trying to create an AWS IAM user via the ku Pulumi Community #pulumi-kubernetes-operator

Hi Everyone, I am trying to create an AWS IAM user...

calm-truck-9326

10/24/2024, 11:53 AM

Hi Everyone, I am trying to create an AWS IAM user via the kubernetes operator using Stack & Program but the controller is not able to find the program resource even though it exists in the same namespace. I had installed the kubernetes operator via Helm Then I had created: • Stack resource

Copy code

apiVersion: <http://pulumi.com/v1|pulumi.com/v1>
kind: Stack
metadata:
  name: iam-user-stack
  namespace: pulumi-operator-poc
spec:
  stack: poc
  programRef:
    name: iam-user-program
  backend: <s3://pulumi-operator-poc>
  envRefs:
    AWS_ACCESS_KEY_ID:
      type: Literal
      literal:
         value: <aws-key-id>
    AWS_SECRET_ACCESS_KEY:
      type: Literal
      literal:
        value: <aws-access-key>
    AWS_REGION:
      type: Literal
      literal:
        value: "us-west-2"
    PULUMI_CONFIG_PASSPHRASE:
      type: Literal
      literal:
        value: ""
  config:
    aws:region: us-west-2  # Specify the AWS region
  resyncFrequencySeconds: 90  # Optional: Set how often to resync the stack

• Program resource

Copy code

apiVersion: <http://pulumi.com/v1|pulumi.com/v1>
kind: Program
metadata:
  name: iam-user-program
  namespace: pulumi-operator-poc
program:
  resources:
    pulumi-operator-poc-user:
      type: aws:iam:User
      properties:
        forceDestroy: false
        name: pulumi-operator-poc-user
        tags:
          Purpose: testuser
          Delete: Yes
  outputs:
    arn: ${pulumi-operator-poc-user.arn}

and here is the error that I am receiving:

Copy code

2024-10-24T11:11:32.640Z    ERROR    Reconciler error    {"controller": "program-controller", "controllerGroup": "<http://pulumi.com|pulumi.com>", "controllerKind": "Program", "Program": {"name":"iam-user-program","namespace":"pulumi-operator-poc"}, "namespace": "pulumi-operator-poc", "name": "iam-user-program", "reconcileID": "7fb78cb8-a81a-43f5-b2c5-9f907d64e112", "error": "<http://programs.pulumi.com|programs.pulumi.com> \"iam-user-program\" not found"}
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:324
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:261
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:222
2024-10-24T11:11:32.773Z    ERROR    Failed to setup Pulumi workspace    {"controller": "stack-controller", "namespace": "pulumi-operator-poc", "name": "iam-user-stack", "reconcileID": "e3cb6ef2-e600-4f64-b44a-1af104512d8c", "revision": "870526732", "error": "expected a non-empty string in .status.artifact.url"}
<http://github.com/pulumi/pulumi-kubernetes-operator/v2/operator/internal/controller/pulumi.(*StackReconciler).Reconcile|github.com/pulumi/pulumi-kubernetes-operator/v2/operator/internal/controller/pulumi.(*StackReconciler).Reconcile>
/go/operator/internal/controller/pulumi/stack_controller.go:712
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:114
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:311
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:261
<http://sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2|sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2>
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:222

Any ideas how I can fix this?

hallowed-photographer-31251

10/25/2024, 6:21 PM

hi anish, can you try putting your stack and program in a different namespace from the operator? the v2 beta doesn’t current support a single-namespace deployment https://github.com/pulumi/pulumi-kubernetes-operator/issues/690

damp-airline-38442

10/25/2024, 6:56 PM

@calm-truck-9326 thanks for the report. I suspect that the error message is a red herring, because it looks like a transient due to how the program object was created after the stack object. I would bet that the system did proceed to create a workspace, but it failed to come up because you didn't assign a service account to the stack. Could you create a service account as outlined in this blog post? Also, please post the status block information of the

Stack

object and the

Workspace

object.

kubectl get stack -n pulumi-operator-poc -oyaml

kubectl get workspace -n pulumi-operator-poc -oyaml

3 Views

Open in Slack

Previous Next