Channels
#kubernetes
Title
p
purple-plumber-90981
08/06/2021, 1:28 AMis there a way to depend on a subresource of a pululmi.helm.v3.Chart for subsequent resources ?
ie when i deploy cert-manager by helm and subsequently `aws-load-balancer-controller`by helm i sometimes get
Copy code
error: resource kube-system/aws-load-balancer-serving-cert was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>": Post "<https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s>": no endpoints available for service "cert-manager-webhook"this is because the cert-manager-webhook endpoint is not yet ready
if i rerun pulumi up a couple of minutes later all is fine
i tried creating a test cert and depending on that, but it seems cert creation can work before the webhook endpoint is ready
b
billowy-army-68599
08/06/2021, 2:20 AM
there's a
.readyp
purple-plumber-90981
08/06/2021, 2:27 AMawesome, trying, thanks
b
bored-table-20691
08/06/2021, 2:35 AM@billowy-army-68599 what’s the semantics on it? Is it set to true/resolves once every part of the chart is ready?
p
purple-plumber-90981
08/06/2021, 2:38 AM Copy code
opts=pulumi.ResourceOptions(depends_on=[certmgr_namespace, k8s_h_cert_manager.ready], provider=k8s_provider),
AttributeError: 'Chart' object has no attribute 'ready'
error: an unhandled error occurred: Program exited with non-zero exit code: 1b
billowy-army-68599
08/06/2021, 2:50 AM
looks like it only exits for typescript 😞
p
purple-plumber-90981
08/06/2021, 2:53 AMlooking through the code for https://github.com/pulumi/pulumi-kubernetes/blob/master/sdk/python/pulumi_kubernetes/helm/v3/helm.py to see if i can find an alternative
b
bored-table-20691
08/06/2021, 3:05 AMIt looks like in TS it’s just doing apply on the resources list.
Looking at Go, the Resources field is public, so would it be possible to just do ApplyT on that?
p
purple-plumber-90981
08/06/2021, 5:35 AMok so that was a good hint… looks like in python i can depend on a subresource of a helm chart like :-
opts=pulumi.ResourceOptions(depends_on=[k8s_h_cert_manager.resources['v1/Service:cert-manager/cert-manager-webhook']], provider=k8s_provider),you can get a list of the resource names with some pulumi futures hackery like :-
Copy code
wtf_resources = k8s_h_cert_manager.resources.apply(lambda resources: resources.keys())
pulumi.export('wtf_resources', wtf_resources)b
bored-table-20691
08/06/2021, 6:16 AM@purple-plumber-90981 any reason not to depend on the entire set of resources?
p
purple-plumber-90981
08/06/2021, 6:16 AMdoesnt wait for them to be created
i think once the helm yaml has been fired off thats it, the dependency is satisfied wether the resources are ready or not
i found that my cert-manager / alb race condition was satisfied by depending on the cert manager webhook service
this is one of the last resources in that chart to be created
the problem was intermittent but regular before… since i changed the depends, no failure
b
bored-table-20691
08/06/2021, 3:59 PMRight - I was more thinking that you would do what the TS code is doing and just wait on the entire array of
resources4 Views