This message was deleted Pulumi Community #kubernetes

Join Slack

This message was deleted.

# kubernetes

sparse-intern-71089

04/20/2021, 9:51 AM

This message was deleted.

limited-rainbow-51650

04/20/2021, 11:26 AM

What makes it even stranger: if we remove the service (commenting it) and redeploy again (uncommenting it), this code works on the new deployment.

limited-rainbow-51650

04/20/2021, 11:43 AM

And again, when updating the service with e.g. an additional annotation, the problem comes up again: no nodeport value. Is Pulumi not fetching the full state on update @gorgeous-egg-16927?

proud-pizza-80589

04/20/2021, 1:15 PM

We had something simular, de deployed a k8s secret in a helm file with value X and then the chart had an init container to update it. Pulumi never saw the updated value, like it was “cached” or something. We fixed it by manually getting it

Copy code

const secret = fabricCa.getResource('v1/Secret', 'default', 'ca-tls-cert');

// <https://www.pulumi.com/docs/intro/concepts/resources/#resource-get>
const updatedSecret = k8s.core.v1.Secret.get('tlssecret', secret.id, {
  provider,
  dependsOn: [fabricCa],
});

export const data = updatedSecret.data.apply((data) => data);

proud-pizza-80589

04/20/2021, 1:15 PM

apply on “secret” = old version apply on “updatedSecret” = new version

proud-pizza-80589

04/20/2021, 1:16 PM

not sure if it helps your issue, but the ability to force a fetch from the cluster might help as workaround

limited-rainbow-51650

04/20/2021, 1:28 PM

This is well worth the try. Tnx for the suggestion @proud-pizza-80589

limited-rainbow-51650

04/20/2021, 1:45 PM

BTW @proud-pizza-80589 did you ever file a Github issue regarding this?

proud-pizza-80589

04/20/2021, 1:46 PM

No, i figured it works as designed because we are updating the secret outside of pulumi’s process, it cannot really know about the changed value

limited-rainbow-51650

04/20/2021, 2:05 PM

ok. That is clearly not the case for me. Also the service is deployed by Pulumi.

fast-dinner-32080

04/20/2021, 4:55 PM

One option might be to do a get on the secret after it is created. If the nodeport is automatically allocated by k8s and not in your spec then I don’t know if pulumi does a lookup of the full resource if it was created since it is updated outside of it’s creation.

limited-rainbow-51650

04/20/2021, 6:56 PM

@fast-dinner-32080 the nodeport value is visible in the Pulumi state with the correct value, after the k8s

Service

is created. Why don’t I get this value (which remains unchanged) if I just add e.g. an annotation?

gorgeous-egg-16927

04/20/2021, 9:15 PM

Hmm, that is odd. It sounds to me like the

healthPortNumber

code is running prior to the

nodePort

value resolving (it’s usually set by the cluster). This seems like a possible oversight in the await logic for Service resources. If you look at https://www.pulumi.com/docs/reference/pkg/kubernetes/core/v1/service/#service you’ll notice that the

nodePort

isn’t considered as part of the readiness check.

gorgeous-egg-16927

04/20/2021, 9:16 PM

@billowy-army-68599 Any ideas for workarounds here?

limited-rainbow-51650

04/22/2021, 11:18 AM

@gorgeous-egg-16927 @billowy-army-68599 should I file a GH issue for this?

billowy-army-68599

04/22/2021, 3:17 PM

Sorry lots of plates spinning at the moment. Yes a GitHub issue would great at thank you

limited-rainbow-51650

04/23/2021, 12:21 PM

@billowy-army-68599 https://github.com/pulumi/pulumi-kubernetes/issues/1540

4 Views

Open in Slack

Previous Next