busy-soccer-65968
11/19/2020, 11:04 PMhelm.v3.Chart
and wondering if i'm missing something. i'm using latest`2.7.2` kubernetes npm package. This is typescript project.
The problem is around the values
property.
Essentially when I deploy the helm chart from scratch. All customized values
work as expected. However, when I change any of those values AFTER the initial deploy pulumi doesn't seem to notice any difference. What I've done in the past is simply comment out the helm chart, run pulumi update (to delete it), and redeploy with new values. However, I cannot do this because it is our ingress controller.
Other properties namespace, version, transformations
all seem to pick up differences. The issue seems to be strictly related to the values
property.
Is there anyway to have pulumi recognize the change in values
without having to manually delete/replace the helm chart? Let me know if I can make this any more clear 🙏 .~gentle-diamond-70147
11/19/2020, 11:12 PMbusy-soccer-65968
11/19/2020, 11:14 PMexport class Deployment extends helm.v3.Chart {
constructor(name: string, args: ingressControllerArgs, opts: ComponentResourceOptions) {
let annotations: { [key: string]: pulumi.Output<string> | string } = {
'<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': pulumi.interpolate`${args.certificate.arn}`,
'<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'websecure',
'<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>': '3600'
}
super(
`${name}-traefik`,
{
chart: 'traefik',
repo: 'traefik',
namespace: args.namespace,
version: '9',
values: {
providers: {
kubernetesIngress: {
publishedService: {
enabled: true
}
}
},
ports: {
// TODO secure traefik ingress recommended <https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L205>
traefik: {
expose: true
},
web: {
redirectTo: 'websecure'
}
},
metrics: {
datadog: {
address: 'datadog-statsd:8125'
}
},
logs: {
general: {
level: 'INFO',
format: 'json'
},
access: {
enabled: true,
fields: {
headers: {
defaultmode: 'keep'
}
}
}
},
resources: {
limits: {
cpu: '256m',
memory: '512Mi'
},
requests: {
cpu: '256m',
memory: '512Mi'
}
},
// TODO potentially secure further with middlewares. Currently the API is exposed to anyone in sourceRange (VPN, NATs)
additionalArguments: [
'--api',
'--api.insecure'
],
service: {
annotations: annotations,
loadBalancerSourceRanges: args.whitelist
},
//------------------------------ADDING THIS--------------------------------------
affinity: {
podAntiAffinity: {
requiredDuringSchedulingIgnoredDuringExecution: [
{
labelSelector: {
matchExpressions: [
{
key: 'app',
operator: 'In',
values: [`${name}-traefik`]
}
]
},
topologyKey: '<http://failure-domain.beta.kubernetes.io/zone|failure-domain.beta.kubernetes.io/zone>'
}
]
}
},
podDisruptionBudget: {
enabled: true,
minAvailable: 2
},
//-------------------------------------------------------------------------------
replicas: 3
},
transformations: [
(manifest: any) => {
if (manifest.kind === 'Service')
manifest.metadata['namespace'] = args.namespace
}
]
},
opts
)
new kube.networking.v1beta1.Ingress(
'dashboard',
{
metadata: {
namespace: args.namespace
},
spec: {
rules: [
{
host: `my-secret-host.${args.env}.<http://top-secret-host.com|top-secret-host.com>`,
http: {
paths: [
{
backend: {
serviceName: 'my-secret-service',
servicePort: 9000
}
}
]
}
}
]
}
},
{ parent: this }
)
}
}
diff
external-dns
seemed to notice the diffgentle-diamond-70147
11/19/2020, 11:42 PMbusy-soccer-65968
11/19/2020, 11:43 PM