https://pulumi.com logo
#kubernetes
Title
# kubernetes
p

purple-plumber-90981

08/06/2021, 1:28 AM
is there a way to depend on a subresource of a pululmi.helm.v3.Chart for subsequent resources ?
ie when i deploy cert-manager by helm and subsequently `aws-load-balancer-controller`by helm i sometimes get
Copy code
error: resource kube-system/aws-load-balancer-serving-cert was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>": Post "<https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s>": no endpoints available for service "cert-manager-webhook"
this is because the cert-manager-webhook endpoint is not yet ready
if i rerun pulumi up a couple of minutes later all is fine
i tried creating a test cert and depending on that, but it seems cert creation can work before the webhook endpoint is ready
b

billowy-army-68599

08/06/2021, 2:20 AM
p

purple-plumber-90981

08/06/2021, 2:27 AM
awesome, trying, thanks
b

bored-table-20691

08/06/2021, 2:35 AM
@billowy-army-68599 what’s the semantics on it? Is it set to true/resolves once every part of the chart is ready?
p

purple-plumber-90981

08/06/2021, 2:38 AM
Copy code
opts=pulumi.ResourceOptions(depends_on=[certmgr_namespace, k8s_h_cert_manager.ready], provider=k8s_provider),
    AttributeError: 'Chart' object has no attribute 'ready'
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
b

billowy-army-68599

08/06/2021, 2:50 AM
looks like it only exits for typescript 😞
p

purple-plumber-90981

08/06/2021, 2:53 AM
b

bored-table-20691

08/06/2021, 3:05 AM
It looks like in TS it’s just doing apply on the resources list. Looking at Go, the Resources field is public, so would it be possible to just do ApplyT on that?
p

purple-plumber-90981

08/06/2021, 5:35 AM
ok so that was a good hint… looks like in python i can depend on a subresource of a helm chart like :-
opts=pulumi.ResourceOptions(depends_on=[k8s_h_cert_manager.resources['v1/Service:cert-manager/cert-manager-webhook']], provider=k8s_provider),
you can get a list of the resource names with some pulumi futures hackery like :-
Copy code
wtf_resources = k8s_h_cert_manager.resources.apply(lambda resources: resources.keys())
pulumi.export('wtf_resources', wtf_resources)
b

bored-table-20691

08/06/2021, 6:16 AM
@purple-plumber-90981 any reason not to depend on the entire set of resources?
p

purple-plumber-90981

08/06/2021, 6:16 AM
doesnt wait for them to be created
i think once the helm yaml has been fired off thats it, the dependency is satisfied wether the resources are ready or not
i found that my cert-manager / alb race condition was satisfied by depending on the cert manager webhook service
this is one of the last resources in that chart to be created
the problem was intermittent but regular before… since i changed the depends, no failure
b

bored-table-20691

08/06/2021, 3:59 PM
Right - I was more thinking that you would do what the TS code is doing and just wait on the entire array of
resources
, so that you don’t need to pick a particular one (and find out it’s name, tc)
4 Views