https://pulumi.com logo
#kubernetes
Title
# kubernetes
b

busy-soccer-65968

11/19/2020, 11:04 PM
~Currently seeing something frusterating with
helm.v3.Chart
and wondering if i'm missing something. i'm using latest`2.7.2` kubernetes npm package. This is typescript project. The problem is around the
values
property. Essentially when I deploy the helm chart from scratch. All customized
values
work as expected. However, when I change any of those values AFTER the initial deploy pulumi doesn't seem to notice any difference. What I've done in the past is simply comment out the helm chart, run pulumi update (to delete it), and redeploy with new values. However, I cannot do this because it is our ingress controller. Other properties
namespace, version, transformations
all seem to pick up differences. The issue seems to be strictly related to the
values
property. Is there anyway to have pulumi recognize the change in
values
without having to manually delete/replace the helm chart? Let me know if I can make this any more clear 🙏 .~
g

gentle-diamond-70147

11/19/2020, 11:12 PM
Can you share your code?
b

busy-soccer-65968

11/19/2020, 11:14 PM
sure 1 sec
Copy code
export class Deployment extends helm.v3.Chart {
    constructor(name: string, args: ingressControllerArgs, opts: ComponentResourceOptions) {
        let annotations: { [key: string]: pulumi.Output<string> | string } = {
            '<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
            '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': pulumi.interpolate`${args.certificate.arn}`,
            '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'websecure',
            '<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>': '3600'
        }
        super(
            `${name}-traefik`,
            {
                chart: 'traefik',
                repo: 'traefik',
                namespace: args.namespace,
                version: '9',
                values: {
                    providers: {
                        kubernetesIngress: {
                            publishedService: {
                                enabled: true
                            }
                        }
                    },
                    ports: {
                        // TODO secure traefik ingress recommended <https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L205>
                        traefik: {
                            expose: true
                        },
                        web: {
                            redirectTo: 'websecure'
                        }
                    },
                    metrics: {
                        datadog: {
                            address: 'datadog-statsd:8125'
                        }
                    },
                    logs: {
                        general: {
                            level: 'INFO',
                            format: 'json'
                        },
                        access: {
                            enabled: true,
                            fields: {
                                headers: {
                                    defaultmode: 'keep'
                                }
                            }
                        }
                    },
                    resources: {
                        limits: {
                            cpu: '256m',
                            memory: '512Mi'
                        },
                        requests: {
                            cpu: '256m',
                            memory: '512Mi'
                        }
                    },
                    // TODO potentially secure further with middlewares. Currently the API is exposed to anyone in sourceRange (VPN, NATs)
                    additionalArguments: [
                        '--api',
                        '--api.insecure'
                    ],
                    service: {
                        annotations: annotations,
                        loadBalancerSourceRanges: args.whitelist
                    },
                    //------------------------------ADDING THIS--------------------------------------
                    affinity: {
                        podAntiAffinity: {
                            requiredDuringSchedulingIgnoredDuringExecution: [
                                {
                                    labelSelector: {
                                        matchExpressions: [
                                            {
                                                key: 'app',
                                                operator: 'In',
                                                values: [`${name}-traefik`]
                                            }
                                        ]
                                    },
                                    topologyKey: '<http://failure-domain.beta.kubernetes.io/zone|failure-domain.beta.kubernetes.io/zone>'
                                }
                            ]
                        }
                    },
                    podDisruptionBudget: {
                        enabled: true,
                        minAvailable: 2
                    },
                    //-------------------------------------------------------------------------------
                    replicas: 3
                },
                transformations: [
                    (manifest: any) => {
                        if (manifest.kind === 'Service')
                            manifest.metadata['namespace'] = args.namespace
                    }
                ]
            },
            opts
        )
        new kube.networking.v1beta1.Ingress(
            'dashboard',
            {
                metadata: {
                    namespace: args.namespace
                },
                spec: {
                    rules: [
                        {
                            host: `my-secret-host.${args.env}.<http://top-secret-host.com|top-secret-host.com>`,
                            http: {
                                paths: [
                                    {
                                        backend: {
                                            serviceName: 'my-secret-service',
                                            servicePort: 9000
                                        }
                                    }
                                ]
                            }
                        }
                    ]
                }
            },
            { parent: this }
        )
    }
}
All deployed fine. however the affinity and even replicas is not picked up as a
diff
I'm sure if I deleted and deployed with the above code it would work
testing on another helmchart
so on a different helm chart
external-dns
seemed to notice the diff
looking into it more
@gentle-diamond-70147 ignore this for now. I think I need to prod around more. feels like it does work on a lot of cases. Will get back to you if I have more definitive issue. Thank you for time. 🙏 LMK if I should delete comment
g

gentle-diamond-70147

11/19/2020, 11:42 PM
Feel free to leave it. 🙂
There should be nothing "special" or different for updated values to get picked up.
b

busy-soccer-65968

11/19/2020, 11:43 PM
thx again for time
👍 1
yeah, 100% the values were incorrect. no bug on pulumi. Typo from me.
3 Views