I have a function that injects a cloudsql-proxy si...
# generald
dry-pilot-73614
09/17/2018, 4:24 PMI have a function that injects a cloudsql-proxy sidecar into a k8s deployment. It seems that every other time I run
pulumi upvolumesdry-pilot-73614
09/17/2018, 4:24 PMHere’s the function and the volumes section: https://gist.github.com/ddunkin/a74ad80503ec034ecb296e2d01ab5872#file-cloudsql-proxy-ts-L106-L115
dry-pilot-73614
09/17/2018, 4:25 PMand the update details:
Copy code
* pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:media-products-unleash-test::unleash::pulumi:pulumi:Stack::unleash-media-products-unleash-test]
~ kubernetes:apps/v1:Deployment: (update)
[id=unleash-wl7co5fo/unleash-8c31kw3y]
[urn=urn:pulumi:media-products-unleash-test::unleash::kubernetes:apps/v1:Deployment::unleash]
~ spec : {
~ template: {
~ spec : {
- volumes : [
- [0]: {
- name : "cloudsql-instance-credentials"
- secret: {
- secretName: "unleash-cloudsql-proxy-credentials-h1ngv4ru"
}
}
]
}
}
}dry-pilot-73614
09/17/2018, 4:26 PMAm I doing something wrong?
w
white-balloon-205
09/17/2018, 4:26 PM
cc @creamy-potato-29402
d
dry-pilot-73614
09/17/2018, 4:31 PMThe next run tried to update the deployment with no changes…
Copy code
* pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:media-products-unleash-test::unleash::pulumi:pulumi:Stack::unleash-media-products-unleash-test]
~ kubernetes:apps/v1:Deployment: (update)
[id=unleash-wl7co5fo/unleash-8c31kw3y]
[urn=urn:pulumi:media-products-unleash-test::unleash::kubernetes:apps/v1:Deployment::unleash]
(no changes below)dry-pilot-73614
09/17/2018, 4:32 PMThen timed out waiting for a ReplicaSet to update:
Copy code
error: Plan apply failed: 2 errors occurred:
* Timeout occurred for 'unleash-8c31kw3y'
* Attempted to roll forward to new ReplicaSet, but minimum number of Pods did not become livedry-pilot-73614
09/17/2018, 4:33 PMThe replicaset was never going to update because nothing changed.
c
creamy-potato-29402
09/17/2018, 4:56 PM@dry-pilot-73614 that’s super weird, I’ll look right after our team meeting.
creamy-potato-29402
09/18/2018, 4:02 AM@dry-pilot-73614 the second thing is for sure a bug, the first, I’m not sure yet.
d
dry-pilot-73614
09/18/2018, 4:10 AMAlright. I’ll try out the dev build. I want to use the new unwrapping anyway.
c
creamy-potato-29402
09/18/2018, 4:11 AMNot much has changed since last week’s release.
creamy-potato-29402
09/18/2018, 4:11 AMI will fix the second issue pretty quick.
creamy-potato-29402
09/18/2018, 4:11 AMThe first one, I’m still trying to reproduce….
creamy-potato-29402
09/18/2018, 4:12 AMI am doubtful it’s our bug, but man, that code is bananas, and we need to make a better API to support those sorts of scenarios. @lemon-spoon-91807 we have something planned for this deeply-nested type stuff right?
creamy-potato-29402
09/18/2018, 4:12 AMWas that the well-typed nested resolution stuff you were working on?
l
lemon-spoon-91807
09/18/2018, 4:13 AMlooking
lemon-spoon-91807
09/18/2018, 4:14 AMyes... the new pulumi.output function should make this much nicer.
c
creamy-potato-29402
09/18/2018, 4:14 AMOh thank god.
d
dry-pilot-73614
09/18/2018, 4:14 AMI copied the structure from https://github.com/pulumi/pulumi/issues/1887
dry-pilot-73614
09/18/2018, 4:14 AMI’m going to try the new output function now
c
creamy-potato-29402
09/18/2018, 4:15 AM@dry-pilot-73614 you did the right thing, I’m just saying we’re working on a fix. 🙂
l
lemon-spoon-91807
09/18/2018, 4:15 AMbasically, doing
pulumi.output(args.spec!)lemon-spoon-91807
09/18/2018, 4:15 AMnote: we haven't shipped it yet 😄
lemon-spoon-91807
09/18/2018, 4:15 AMbut this is like the textbook case of where it will be so much nicer.
c
creamy-potato-29402
09/18/2018, 4:16 AM@dry-pilot-73614 if you try the new way out and see if that works, I’ll write fix your bug. 🙂
creamy-potato-29402
09/18/2018, 4:16 AMI mean I’ll do it anyway, but I’d be curious to see what happens.
l
lemon-spoon-91807
09/18/2018, 4:18 AMdid it in notepad, so probably wrong
lemon-spoon-91807
09/18/2018, 4:18 AMbut it shuld end up more like:
lemon-spoon-91807
09/18/2018, 4:18 AM Copy code
args.spec = pulumi.output(args.spec!).apply(spec => {
spec.template.spec.containers = spec.template.spec.containers || [];
spec.template.spec.containers.push({
name: 'cloudsql-proxy',
image: '<http://gcr.io/cloudsql-docker/gce-proxy:1.11|gcr.io/cloudsql-docker/gce-proxy:1.11>',
command: [
'/cloud_sql_proxy',
`-instances=${project}:${region}:${instanceName}=tcp:${dbPort}`,
'-credential_file=/var/run/secrets/cloudsql/credentials.json',
],
securityContext: {
runAsUser: 2, // non-root user
allowPrivilegeEscalation: false,
},
volumeMounts: [
{
name: 'cloudsql-instance-credentials',
mountPath: '/var/run/secrets/cloudsql',
readOnly: true,
},
],
});
spec.template.spec.volumes = spec.template.spec.volumes || [];
spec.template.spec.volumes.push({
name: 'cloudsql-instance-credentials',
secret: {
secretName: credentialsSecret.metadata.apply(x => x.name),
},
});
return spec;
});c
creamy-potato-29402
09/18/2018, 4:19 AMlol amazing
l
lemon-spoon-91807
09/18/2018, 4:19 AMhopefully 🙂
c
creamy-potato-29402
09/18/2018, 4:19 AMCyrus: ✨ wizard???? ✨
l
lemon-spoon-91807
09/18/2018, 4:21 AMAnything else i can help with?
c
creamy-potato-29402
09/18/2018, 4:23 AMThat’s probably it. THe other bug is something for me.
creamy-potato-29402
09/18/2018, 4:23 AMThanks!
l
lemon-spoon-91807
09/18/2018, 4:23 AMany time. night!
d
dry-pilot-73614
09/18/2018, 3:21 PMI ran into a problem because you can’t assigning an Output to a property on an unwrapped type, which I do with
secretName: credentialsSecret.metadata.apply(x => x.name)dry-pilot-73614
09/18/2018, 3:21 PMI was able to rework the code to get the secret name in a different scope and unwrap it along with the deployment spec.
dry-pilot-73614
09/18/2018, 3:24 PMThat also fixed the problem with volumes on 0.15.2.
dry-pilot-73614
09/18/2018, 3:24 PMdry-pilot-73614
09/18/2018, 3:24 PMThanks for the help!