This message was deleted.
# kubernetes
s
This message was deleted.
g
Can you share your code?
b
sure 1 sec
Copy code
export class Deployment extends helm.v3.Chart {
    constructor(name: string, args: ingressControllerArgs, opts: ComponentResourceOptions) {
        let annotations: { [key: string]: pulumi.Output<string> | string } = {
            '<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
            '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': pulumi.interpolate`${args.certificate.arn}`,
            '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'websecure',
            '<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>': '3600'
        }
        super(
            `${name}-traefik`,
            {
                chart: 'traefik',
                repo: 'traefik',
                namespace: args.namespace,
                version: '9',
                values: {
                    providers: {
                        kubernetesIngress: {
                            publishedService: {
                                enabled: true
                            }
                        }
                    },
                    ports: {
                        // TODO secure traefik ingress recommended <https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L205>
                        traefik: {
                            expose: true
                        },
                        web: {
                            redirectTo: 'websecure'
                        }
                    },
                    metrics: {
                        datadog: {
                            address: 'datadog-statsd:8125'
                        }
                    },
                    logs: {
                        general: {
                            level: 'INFO',
                            format: 'json'
                        },
                        access: {
                            enabled: true,
                            fields: {
                                headers: {
                                    defaultmode: 'keep'
                                }
                            }
                        }
                    },
                    resources: {
                        limits: {
                            cpu: '256m',
                            memory: '512Mi'
                        },
                        requests: {
                            cpu: '256m',
                            memory: '512Mi'
                        }
                    },
                    // TODO potentially secure further with middlewares. Currently the API is exposed to anyone in sourceRange (VPN, NATs)
                    additionalArguments: [
                        '--api',
                        '--api.insecure'
                    ],
                    service: {
                        annotations: annotations,
                        loadBalancerSourceRanges: args.whitelist
                    },
                    //------------------------------ADDING THIS--------------------------------------
                    affinity: {
                        podAntiAffinity: {
                            requiredDuringSchedulingIgnoredDuringExecution: [
                                {
                                    labelSelector: {
                                        matchExpressions: [
                                            {
                                                key: 'app',
                                                operator: 'In',
                                                values: [`${name}-traefik`]
                                            }
                                        ]
                                    },
                                    topologyKey: '<http://failure-domain.beta.kubernetes.io/zone|failure-domain.beta.kubernetes.io/zone>'
                                }
                            ]
                        }
                    },
                    podDisruptionBudget: {
                        enabled: true,
                        minAvailable: 2
                    },
                    //-------------------------------------------------------------------------------
                    replicas: 3
                },
                transformations: [
                    (manifest: any) => {
                        if (manifest.kind === 'Service')
                            manifest.metadata['namespace'] = args.namespace
                    }
                ]
            },
            opts
        )
        new kube.networking.v1beta1.Ingress(
            'dashboard',
            {
                metadata: {
                    namespace: args.namespace
                },
                spec: {
                    rules: [
                        {
                            host: `my-secret-host.${args.env}.<http://top-secret-host.com|top-secret-host.com>`,
                            http: {
                                paths: [
                                    {
                                        backend: {
                                            serviceName: 'my-secret-service',
                                            servicePort: 9000
                                        }
                                    }
                                ]
                            }
                        }
                    ]
                }
            },
            { parent: this }
        )
    }
}
message has been deleted
All deployed fine. however the affinity and even replicas is not picked up as a
diff
I'm sure if I deleted and deployed with the above code it would work
testing on another helmchart
so on a different helm chart
external-dns
seemed to notice the diff
looking into it more
@gentle-diamond-70147 ignore this for now. I think I need to prod around more. feels like it does work on a lot of cases. Will get back to you if I have more definitive issue. Thank you for time. 🙏 LMK if I should delete comment
g
Feel free to leave it. 🙂
There should be nothing "special" or different for updated values to get picked up.
b
thx again for time
👍 1
yeah, 100% the values were incorrect. no bug on pulumi. Typo from me.