This message was deleted.
# kubernetes
s
This message was deleted.
b
....and I spoke too quickly. there is actually a diff of just a few characters every single time. oh well 😕
b
That is so incredibly awesome - thanks! My chart expects me to pass those certs as variables to overload the helm behavior though.. so I made a nice reusable component out of that tls cert generation stuff 😃 Only issue now is some odd complaints about templating when I add the certs to the values:
Copy code
akv2k8sValues.env_injector.certificate.custom = {
            enabled: true,
            server: {
                tls: {
                    crt: tlsCert.crt.certPem,
                    key: tlsCert.key.privateKeyPem
                }
            },
            ca: {
                crt: tlsCert.caCert.certPem
            }
        }
with
Copy code
const SPVakv2k8s = new k8s.helm.v3.Chart("akv2k8s",{
        chart: "akv2k8s",
        version: "2.0.10",
        namespace: akv2k8sNamespace.metadata.name,
        fetchOpts: {
            repo: helmRepos.spv.url
        },
        values: akv2k8sValues
    },{
        provider: cluster
    })
results in...
Copy code
Error: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to create chart from template: YAML parse error on akv2k8s/templates/env-injector-apiservice.yaml: error converting YAML to JSON: yaml: line 15: could not find expected ':'
Which makes me wonder.. how much json -> yaml -> json -> yaml is actually going on here :D
b
helm's values.yaml takes a string so you'll need to inject values into the helm chart using an
apply()
b
thanks 🙂 tried that- but I really think I need a full-on tutorial on the .apply(x => x) loop and how it actually works under the hood. I keep hitting the same hurdle of not understanding how the Output<T> transforms and when.
Copy code
if (akv2k8sValues?.env_injector?.certificate?.custom) {
        akv2k8sValues.env_injector.certificate = {
            useCertManager: false,
            custom: {
                enabled: true,
                server: {
                    tls: {
                        crt: tlsCert.crt.certPem.apply(x => x),
                        key: tlsCert.key.privateKeyPem.apply(x => x)
                    }
                },
                ca: {
                    crt: tlsCert.caCert.certPem.apply(x => x)
                }
            }        
        }
    }
Basically - this produces the exact same error.
Man.. I'm giving up for now.. This actually passed - but likely with the crappy string values rather than the correct values since the actual deployment failed (still in the process of burning down my deployment). The top combination of interpolate + apply was then referenced with yet another apply earlier - with still no joy. There seems to be no way to get those keys to be real strings before helm does its magic.
Copy code
//let serverCrt = pulumi.interpolate`${tlsCert.crt.certPem.apply(x => x)}`
    let serverKey = "xzc";
    let caCrt = "czx";
    let serverCrt = "vcx";
    tlsCert.crt.certPem.apply(pem => {
        serverCrt = pem;
        return true
    })
    tlsCert.key.privateKeyPem.apply(key => {
        serverKey = key;
        return true
    })
    tlsCert.caCert.certPem.apply(pem => {
        caCrt = pem;
        return true
    })   
    if (akv2k8sValues?.env_injector?.certificate?.custom) {
        akv2k8sValues.env_injector.certificate = {
            useCertManager: false,
            custom: {
                enabled: true,
                server: {
                    tls: {
                        crt: serverCrt,
                        key: serverKey
                    }
                },
                ca: {
                    crt: caCrt
                }
            }        
        }
    }
Going full shotgun mode on this.. still failing at the same place..
Copy code
let akv2k8sValues = yaml.load(fs.readFileSync("./components/chart-values/akv2k8s-production.yml")) as any

    let tlsCrt = tlsCert.crt.certPem.apply(tlsCrt => {
        let curObj = akv2k8sValues;
        akv2k8sValues.env_injector.certificate = {
            useCertManager: false,
            custom: {
                enabled: true,
                server: {
                    tls: {
                        crt: tlsCert.crt.certPem.apply(x => x),
                        key: "toBeFilled"
                    }
                },
                ca: {
                    crt: "toBeFilled"
                }
            }        
        }
        return akv2k8sValues;
    })

    let tlsKey = pulumi.all([tlsCrt, tlsCert.key.privateKeyPem]).apply(([objValue, key]) => {
        objValue.env_injector.certificate.custom.server.tls.key = key;
        return objValue;
    })

    let finalAkv2k8sValues = pulumi.all([tlsKey, tlsCert.caCert.certPem]).apply(([objValue, cert]) => {
        objValue.env_injector.certificate.custom.ca.crt = cert;
        return objValue;
    })
    
    
    const SPVakv2k8s = new k8s.helm.v3.Chart("akv2k8s",{
        chart: "akv2k8s",
        version: "2.0.10",
        namespace: akv2k8sNamespace.metadata.name,
        fetchOpts: {
            repo: helmRepos.spv.url
        },
        values: finalAkv2k8sValues.apply(x => x)
    },{
        provider: cluster,
        dependsOn: [tlsCert.crt, tlsCert.key, tlsCert.caCert]
    })