https://pulumi.com logo
Powered by
Title
b

better-shampoo-48884

04/06/2021, 6:22 AM
For kubernetes-helm stuff - do you need to have the target repository cached locally first? Trying to run this: 
const keyvaultCSI = new k8s.helm.v3.Chart("keyVaultCSI",{
        chart: "csi-secrets-store-provider-azure",
        version: "0.0.17",
        fetchOpts: {
            repo: "<https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts//>"
        },
        values: {
            logFormatJSON: true,            
        }
    },{
        provider: cluster
    })
And getting this as an error: 
pulumi:pulumi:Stack baseline-k8s-dev.k8s.infratesting create error: Unhandled exception: Error: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to pull chart: no cached repo found. (try 'helm repo update'):
Basically following this instruction for installation: https://azure.github.io/secrets-store-csi-driver-provider-azure/getting-started/installation/
once I do this: 
λ helm repo add csi-secrets-store-provider-azure <https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts>
"csi-secrets-store-provider-azure" has been added to your repositories
λ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "csi-secrets-store-provider-azure" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
Then it works fine: 
Previewing update (dev.k8s.infratesting):

 +  pulumi:pulumi:Stack baseline-k8s-dev.k8s.infratesting create
 +  kubernetes:<http://helm.sh/v3:Chart|helm.sh/v3:Chart> keyVaultCSI create
 +  pulumi:pulumi:Stack baseline-k8s-dev.k8s.infratesting create read pulumi:pulumi:StackReference dev.infra.infratesting-reference
 +  pulumi:pulumi:Stack baseline-k8s-dev.k8s.infratesting create read pulumi:pulumi:StackReference dev.infra.infratesting-reference
 +  pulumi:providers:kubernetes clusterProvider create
 +  kubernetes:apps/v1:DaemonSet default/keyVaultCSI-secrets-store-csi-driver create
 +  kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> <http://secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io|secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io> create
 +  kubernetes:<http://storage.k8s.io/v1:CSIDriver|storage.k8s.io/v1:CSIDriver> <http://secrets-store.csi.k8s.io|secrets-store.csi.k8s.io> create
 +  kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRole|rbac.authorization.k8s.io/v1:ClusterRole> secretprovidersyncing-role create
 +  kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRole|rbac.authorization.k8s.io/v1:ClusterRole> secretproviderclasses-role create
 +  kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRoleBinding|rbac.authorization.k8s.io/v1:ClusterRoleBinding> secretprovidersyncing-rolebinding create
 +  kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRoleBinding|rbac.authorization.k8s.io/v1:ClusterRoleBinding> secretproviderclasses-rolebinding create
 +  kubernetes:core/v1:ServiceAccount default/csi-secrets-store-provider-azure create
 +  kubernetes:core/v1:ServiceAccount default/secrets-store-csi-driver create
 +  kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> <http://secretproviderclasses.secrets-store.csi.x-k8s.io|secretproviderclasses.secrets-store.csi.x-k8s.io> create
 +  kubernetes:apps/v1:DaemonSet default/keyVaultCSI-csi-secrets-store-provider-azure create
 +  pulumi:pulumi:Stack baseline-k8s-dev.k8s.infratesting create

Resources:
    + 14 to create
Is it really intended behavior that helm needs to be pre-registered and updated with all the repositories I want to use in pulumi before I begin?
b

billowy-army-68599

04/06/2021, 6:36 AM
no it's not. Having said that, i've never seen a helm chart be served from a github manifest. I see they've checked their tarballs and 
index.yaml
into the repo, but i suspect helm template doesn't support that mechanism
b

better-shampoo-48884

04/06/2021, 6:37 AM
worked fine with the 
helm
command above as you can see 😉
b

billowy-army-68599

04/06/2021, 6:37 AM
generally a chart will be served from a website, I think what's happening here is that the way we invoke helm charts (using 
helm template
) isn't hitting the 
index.yaml
for that site correctly
it does seem to work: 
helm template foo csi-secrets-store-provider-azure --repo <https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts>
can you open an issue for this? It's probably just an edge case we've missed
b

better-shampoo-48884

04/06/2021, 6:38 AM
sure
b

billowy-army-68599

04/06/2021, 6:38 AM
wait hold on, you have an extra slash at the end of your 
repo
"<https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts//>"
can you try remove that and try again?
b

better-shampoo-48884

04/06/2021, 6:58 AM
Tried all permutations of slashes up to 2x / - as per the "remote chart" example here: https://www.pulumi.com/docs/reference/pkg/kubernetes/helm/v3/chart/
The example (to save a click): 
import * as k8s from "@pulumi/kubernetes";

const nginxIngress = new k8s.helm.v3.Chart("nginx-ingress", {
    chart: "nginx-ingress",
    version: "1.24.4",
    fetchOpts:{
        repo: "<https://charts.helm.sh/stable//>",
    },
});
Error-message wise it looks similar to this closed issue: https://github.com/pulumi/pulumi-kubernetes/issues/1505
created https://github.com/pulumi/pulumi-kubernetes/issues/1518 regardless.
4 Views
#kubernetesJoin Slack
Powered by