https://pulumi.com logo
#yaml
Title
# yaml
s

straight-arm-50771

10/06/2022, 5:23 PM
Any suggestions on how to best execute a command on every run between two resources? Something like:
Copy code
auth:
    Fn::Invoke:
      Function: command:local:run
      Arguments:
        command: USE_GKE_GCLOUD_AUTH_PLUGIN=True gcloud container clusters get-credentials ${cluster.id} --region us-east4 --project ${pulumi.stack}
      options:
        parent: ${cluster}
Tried shoe-horning it into a resource def, but I don't have a
type
. All of the examples show this sort of thing in the
variables:
section, which wouldn't work between resources that both create the k8s cluster, and those that write to it. I'm familiar with
command:local:Command
, but I need it to run every time
s

salmon-account-74572

10/06/2022, 8:56 PM
I would assume you are trying to build a Kubeconfig for a GKE cluster?
s

straight-arm-50771

10/06/2022, 8:58 PM
yea, I found that only the person who created the cluster had the kubeconfig added. so subsequent updates were unable to be performed
I made a b it of a work-around...set a var that gets the unix time, used that to trigger the commandlocalCommand
s

salmon-account-74572

10/06/2022, 9:03 PM
What I’ve done before is manually build the Kubeconfig using interpolation, like this:
Copy code
clusterKubeconfig: |
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority-data: ${gke-cluster.masterAuth["clusterCaCertificate"]}
        server: https://${gke-cluster.endpoint}
      name: ${gke-cluster.name}
    contexts:
    - context:
        cluster: ${gke-cluster.name}
        user: ${gke-cluster.name}
      name: ${gke-cluster.name}
    current-context: ${gke-cluster.name}
    kind: Config
    preferences: {}
    users:
    - name: ${gke-cluster.name}
      user:
        exec:
          apiVersion: <http://client.authentication.k8s.io/v1beta1|client.authentication.k8s.io/v1beta1>
          command: gke-gcloud-auth-plugin
          provideClusterInfo: true
Here,
gke-cluster
is the name of the cluster created earlier in the YAML program. This seems to work reasonably well, although I don’t know if it would address your particular use case.
s

straight-arm-50771

10/06/2022, 9:08 PM
that interpolation is done as the file is written I presume? I couldn't jam that in as is and have the interpolation occur on reads of kubeconfig?
s

salmon-account-74572

10/06/2022, 9:13 PM
The interpolation happens when the variable is defined, which will happen after all the other resources on which it depends have been created. If you have a situation where you are creating a cluster and then deploying things to that same cluster, then…it should work, but you may have to massage the dependency graph with some explicit dependencies via
dependsOn
. Is that what you’re trying to achieve?
👍 1
s

straight-arm-50771

10/06/2022, 9:17 PM
I'll give it a shot. This would be in instances where the cluster was already created, then other folks come in behind and make adjustments to additional k8s components within the cluster
s

salmon-account-74572

10/06/2022, 9:21 PM
I don’t know any of the details about your use case or anything, but you may also consider splitting the cluster and the things deployed in the cluster into separate stacks, connected by a StackReference. (I also haven’t tried that in YAML, as I generally use Go or TypeScript.) That gives you some additional flexibility in allowing folks to make changes to “additional k8s components within the cluster” while keeping the cluster itself separate. Just something to think about. 🙂
👍 1
e

echoing-dinner-19531

10/07/2022, 4:30 PM
I think an Invoke should run every time, they're not part of the resource lifecycle, but they don't currently have an explicit "depends on", which makes this hard. Something like adding
# {otherResource.id}
to the end of the command string might work (I forget if command.Run is shell based or exec based)