Since I have switched to a private GKE cluster the Pulumi Pr Pulumi Community #google-cloud

Since I have switched to a private GKE cluster the...

red-area-47037

10/07/2020, 11:04 AM

Since I have switched to a private GKE cluster the Pulumi Preview seems to be broken 😞 Pulumi Preview basically shows that the Cluster will be updated:

Copy code

~   ├─ gcp:container:Cluster                                      staging-k8s                                         update      [diff: ~privateClusterConfig]

and all Kubernetes resources will be replaced:

Copy code

... 
     ├─ kubernetes:yaml:ConfigFile                                  argocdsecret
 +-  │  └─ kubernetes:core/v1:Secret                                infra/ops-playground                                replace     [diff: ~data,metadata,provider]
     ├─ kubernetes:yaml:ConfigFile                                  letsencrypt_staging
 +-  │  └─ kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer>              infra/letsencrypt-staging                           replace     [diff: ~metadata,provider]
     ├─ kubernetes:yaml:ConfigFile                                  letsencrypt_prod
 +-  │  └─ kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer>              infra/letsencrypt-prod                              replace     [diff: ~metadata,provider]
 +-  ├─ kubernetes:core/v1:Namespace                                m2                                                  replace     [diff: ~metadata,provider]
     ├─ kubernetes:<http://helm.sh/v2:Chart|helm.sh/v2:Chart>                                 cert-manager
...

Still when running Pulumi, only the privateClusterConfig gets updated and the Kubernetes resources are not "touched":

Copy code

...
 ~   ├─ gcp:container:Cluster                                                staging-k8s                                  updated     [diff: ~privateClusterConfig]
...
Resources:
    ~ 1 updated
    117 unchanged

Does anyone have a tip on how to fix it?

green-school-95910

10/07/2020, 11:47 AM

Pulumi preview show the worst case scenario. A change in the cluster may cause a change in the k8s Provider, changing the Provider means Pulumi don't know if any of the resources that are created from it will be available, they might not be and would need to be replaced with a new one. There is probably a missing value in your

privateClusterConfig

that is being filled with a default value by the API and being cleared by Pulumi every time. Check the docs to see if something is missing.

red-area-47037

10/07/2020, 12:02 PM

you again 😉 thx so much for the help and the pointers 😉

red-area-47037

10/07/2020, 12:12 PM

Hmmm this is the detailed output from Pulumi:

red-area-47037

10/07/2020, 12:13 PM

and this how privateClusterConfig is specified in Pulumi:

Copy code

privateClusterConfig: { enablePrivateEndpoint: false, enablePrivateNodes: true, masterGlobalAccessConfig: {enabled: false}, masterIpv4CidrBlock: config.clusterMasterIpv4CidrBlock },

red-area-47037

10/07/2020, 12:37 PM

based on the output I would have thought I havent specified enabled...

green-school-95910

10/07/2020, 2:01 PM

Ok, this is a particularity of the GKE api, this whole block is removed when it is disabled, since it is the default. So Pulumi is trying to add it again, it is the opposite of what I said. You can either not add it on your config or explicitly tell Pulumi to ignore it.

green-school-95910

10/07/2020, 2:03 PM

I'm not sure if Pulumi can ignore just the

masterGlobalAccessConfig

or if it can just ignore root attributes (

privateClusterConfig

in this case)

5 Views

Open in Slack

Previous Next