https://pulumi.com logo
Powered by
Title
b

busy-soccer-65968

11/19/2020, 11:04 PM
~Currently seeing something frusterating with 
helm.v3.Chart
and wondering if i'm missing something. i'm using latest`2.7.2` kubernetes npm package. This is typescript project. The problem is around the 
values
property. Essentially when I deploy the helm chart from scratch. All customized 
values
work as expected. However, when I change any of those values AFTER the initial deploy pulumi doesn't seem to notice any difference. What I've done in the past is simply comment out the helm chart, run pulumi update (to delete it), and redeploy with new values. However, I cannot do this because it is our ingress controller. Other properties 
namespace, version, transformations
all seem to pick up differences. The issue seems to be strictly related to the 
values
property. Is there anyway to have pulumi recognize the change in 
values
without having to manually delete/replace the helm chart? Let me know if I can make this any more clear 🙏 .~
g

gentle-diamond-70147

11/19/2020, 11:12 PM
Can you share your code?
b

busy-soccer-65968

11/19/2020, 11:14 PM
sure 1 sec
export class Deployment extends helm.v3.Chart {
    constructor(name: string, args: ingressControllerArgs, opts: ComponentResourceOptions) {
        let annotations: { [key: string]: pulumi.Output<string> | string } = {
            '<http://service.beta.kubernetes.io/aws-load-balancer-backend-protocol|service.beta.kubernetes.io/aws-load-balancer-backend-protocol>': 'http',
            '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-cert|service.beta.kubernetes.io/aws-load-balancer-ssl-cert>': pulumi.interpolate`${args.certificate.arn}`,
            '<http://service.beta.kubernetes.io/aws-load-balancer-ssl-ports|service.beta.kubernetes.io/aws-load-balancer-ssl-ports>': 'websecure',
            '<http://service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout|service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout>': '3600'
        }
        super(
            `${name}-traefik`,
            {
                chart: 'traefik',
                repo: 'traefik',
                namespace: args.namespace,
                version: '9',
                values: {
                    providers: {
                        kubernetesIngress: {
                            publishedService: {
                                enabled: true
                            }
                        }
                    },
                    ports: {
                        // TODO secure traefik ingress recommended <https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L205>
                        traefik: {
                            expose: true
                        },
                        web: {
                            redirectTo: 'websecure'
                        }
                    },
                    metrics: {
                        datadog: {
                            address: 'datadog-statsd:8125'
                        }
                    },
                    logs: {
                        general: {
                            level: 'INFO',
                            format: 'json'
                        },
                        access: {
                            enabled: true,
                            fields: {
                                headers: {
                                    defaultmode: 'keep'
                                }
                            }
                        }
                    },
                    resources: {
                        limits: {
                            cpu: '256m',
                            memory: '512Mi'
                        },
                        requests: {
                            cpu: '256m',
                            memory: '512Mi'
                        }
                    },
                    // TODO potentially secure further with middlewares. Currently the API is exposed to anyone in sourceRange (VPN, NATs)
                    additionalArguments: [
                        '--api',
                        '--api.insecure'
                    ],
                    service: {
                        annotations: annotations,
                        loadBalancerSourceRanges: args.whitelist
                    },
                    //------------------------------ADDING THIS--------------------------------------
                    affinity: {
                        podAntiAffinity: {
                            requiredDuringSchedulingIgnoredDuringExecution: [
                                {
                                    labelSelector: {
                                        matchExpressions: [
                                            {
                                                key: 'app',
                                                operator: 'In',
                                                values: [`${name}-traefik`]
                                            }
                                        ]
                                    },
                                    topologyKey: '<http://failure-domain.beta.kubernetes.io/zone|failure-domain.beta.kubernetes.io/zone>'
                                }
                            ]
                        }
                    },
                    podDisruptionBudget: {
                        enabled: true,
                        minAvailable: 2
                    },
                    //-------------------------------------------------------------------------------
                    replicas: 3
                },
                transformations: [
                    (manifest: any) => {
                        if (manifest.kind === 'Service')
                            manifest.metadata['namespace'] = args.namespace
                    }
                ]
            },
            opts
        )
        new kube.networking.v1beta1.Ingress(
            'dashboard',
            {
                metadata: {
                    namespace: args.namespace
                },
                spec: {
                    rules: [
                        {
                            host: `my-secret-host.${args.env}.<http://top-secret-host.com|top-secret-host.com>`,
                            http: {
                                paths: [
                                    {
                                        backend: {
                                            serviceName: 'my-secret-service',
                                            servicePort: 9000
                                        }
                                    }
                                ]
                            }
                        }
                    ]
                }
            },
            { parent: this }
        )
    }
}
All deployed fine. however the affinity and even replicas is not picked up as a 
diff
I'm sure if I deleted and deployed with the above code it would work
testing on another helmchart
so on a different helm chart 
external-dns
seemed to notice the diff
looking into it more
@gentle-diamond-70147 ignore this for now. I think I need to prod around more. feels like it does work on a lot of cases. Will get back to you if I have more definitive issue. Thank you for time. 🙏 LMK if I should delete comment
g

gentle-diamond-70147

11/19/2020, 11:42 PM
Feel free to leave it. 🙂
There should be nothing "special" or different for updated values to get picked up.
b

busy-soccer-65968

11/19/2020, 11:43 PM
thx again for time
👍 1
yeah, 100% the values were incorrect. no bug on pulumi. Typo from me.
3 Views
#kubernetesJoin Slack
Powered by