This message was deleted.
# kubernetess
sparse-intern-71089
11/19/2020, 11:04 PMThis message was deleted.
g
gentle-diamond-70147
11/19/2020, 11:12 PMCan you share your code?
b
busy-soccer-65968
11/19/2020, 11:14 PMsure 1 sec
busy-soccer-65968
11/19/2020, 11:23 PM Copy code
export class Deployment extends helm.v3.Chart {
constructor(name: string, args: ingressControllerArgs, opts: ComponentResourceOptions) {
let annotations: { [key: string]: pulumi.Output<string> | string } = {
'<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': pulumi.interpolate`${args.certificate.arn}`,
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'websecure',
'<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>': '3600'
}
super(
`${name}-traefik`,
{
chart: 'traefik',
repo: 'traefik',
namespace: args.namespace,
version: '9',
values: {
providers: {
kubernetesIngress: {
publishedService: {
enabled: true
}
}
},
ports: {
// TODO secure traefik ingress recommended <https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L205>
traefik: {
expose: true
},
web: {
redirectTo: 'websecure'
}
},
metrics: {
datadog: {
address: 'datadog-statsd:8125'
}
},
logs: {
general: {
level: 'INFO',
format: 'json'
},
access: {
enabled: true,
fields: {
headers: {
defaultmode: 'keep'
}
}
}
},
resources: {
limits: {
cpu: '256m',
memory: '512Mi'
},
requests: {
cpu: '256m',
memory: '512Mi'
}
},
// TODO potentially secure further with middlewares. Currently the API is exposed to anyone in sourceRange (VPN, NATs)
additionalArguments: [
'--api',
'--api.insecure'
],
service: {
annotations: annotations,
loadBalancerSourceRanges: args.whitelist
},
//------------------------------ADDING THIS--------------------------------------
affinity: {
podAntiAffinity: {
requiredDuringSchedulingIgnoredDuringExecution: [
{
labelSelector: {
matchExpressions: [
{
key: 'app',
operator: 'In',
values: [`${name}-traefik`]
}
]
},
topologyKey: '<http://failure-domain.beta.kubernetes.io/zone|failure-domain.beta.kubernetes.io/zone>'
}
]
}
},
podDisruptionBudget: {
enabled: true,
minAvailable: 2
},
//-------------------------------------------------------------------------------
replicas: 3
},
transformations: [
(manifest: any) => {
if (manifest.kind === 'Service')
manifest.metadata['namespace'] = args.namespace
}
]
},
opts
)
new kube.networking.v1beta1.Ingress(
'dashboard',
{
metadata: {
namespace: args.namespace
},
spec: {
rules: [
{
host: `my-secret-host.${args.env}.<http://top-secret-host.com|top-secret-host.com>`,
http: {
paths: [
{
backend: {
serviceName: 'my-secret-service',
servicePort: 9000
}
}
]
}
}
]
}
},
{ parent: this }
)
}
}busy-soccer-65968
11/19/2020, 11:23 PMmessage has been deleted
busy-soccer-65968
11/19/2020, 11:24 PMAll deployed fine. however the affinity and even replicas is not picked up as a
diffbusy-soccer-65968
11/19/2020, 11:25 PMI'm sure if I deleted and deployed with the above code it would work
busy-soccer-65968
11/19/2020, 11:28 PMtesting on another helmchart
busy-soccer-65968
11/19/2020, 11:36 PMso on a different helm chart
external-dnsbusy-soccer-65968
11/19/2020, 11:36 PMlooking into it more
busy-soccer-65968
11/19/2020, 11:41 PM@gentle-diamond-70147 ignore this for now. I think I need to prod around more. feels like it does work on a lot of cases. Will get back to you if I have more definitive issue. Thank you for time. 🙏 LMK if I should delete comment
g
gentle-diamond-70147
11/19/2020, 11:42 PMFeel free to leave it. 🙂
gentle-diamond-70147
11/19/2020, 11:42 PMThere should be nothing "special" or different for updated values to get picked up.
b
busy-soccer-65968
11/19/2020, 11:43 PMthx again for time
👍 1
busy-soccer-65968
11/19/2020, 11:59 PMyeah, 100% the values were incorrect. no bug on pulumi. Typo from me.
6 Views