https://pulumi.com logo
Powered by
d

dry-pilot-73614

09/17/2018, 4:24 PM
I have a function that injects a cloudsql-proxy sidecar into a k8s deployment. It seems that every other time I run 
pulumi up
it wants to remove the 
volumes
in my pod spec.
and the update details:
Copy code
* pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:media-products-unleash-test::unleash::pulumi:pulumi:Stack::unleash-media-products-unleash-test]
    ~ kubernetes:apps/v1:Deployment: (update)
        [id=unleash-wl7co5fo/unleash-8c31kw3y]
        [urn=urn:pulumi:media-products-unleash-test::unleash::kubernetes:apps/v1:Deployment::unleash]
      ~ spec      : {
          ~ template: {
              ~ spec    : {
                  - volumes   : [
                  -     [0]: {
                          - name  : "cloudsql-instance-credentials"
                          - secret: {
                              - secretName: "unleash-cloudsql-proxy-credentials-h1ngv4ru"
                            }
                        }
                    ]
                }
            }
        }
Am I doing something wrong?
w

white-balloon-205

09/17/2018, 4:26 PM
cc @creamy-potato-29402
d

dry-pilot-73614

09/17/2018, 4:31 PM
The next run tried to update the deployment with no changes…
Copy code
* pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:media-products-unleash-test::unleash::pulumi:pulumi:Stack::unleash-media-products-unleash-test]
    ~ kubernetes:apps/v1:Deployment: (update)
        [id=unleash-wl7co5fo/unleash-8c31kw3y]
        [urn=urn:pulumi:media-products-unleash-test::unleash::kubernetes:apps/v1:Deployment::unleash]
(no changes below)
Then timed out waiting for a ReplicaSet to update:
Copy code
error: Plan apply failed: 2 errors occurred:

    * Timeout occurred for 'unleash-8c31kw3y'
    * Attempted to roll forward to new ReplicaSet, but minimum number of Pods did not become live
The replicaset was never going to update because nothing changed.
c

creamy-potato-29402

09/17/2018, 4:56 PM
@dry-pilot-73614 that’s super weird, I’ll look right after our team meeting.
@dry-pilot-73614 the second thing is for sure a bug, the first, I’m not sure yet.
d

dry-pilot-73614

09/18/2018, 4:10 AM
Alright. I’ll try out the dev build. I want to use the new unwrapping anyway.
c

creamy-potato-29402

09/18/2018, 4:11 AM
Not much has changed since last week’s release.
I will fix the second issue pretty quick.
The first one, I’m still trying to reproduce….
I am doubtful it’s our bug, but man, that code is bananas, and we need to make a better API to support those sorts of scenarios. @lemon-spoon-91807 we have something planned for this deeply-nested type stuff right?
Was that the well-typed nested resolution stuff you were working on?
l

lemon-spoon-91807

09/18/2018, 4:13 AM
looking
yes... the new pulumi.output function should make this much nicer.
c

creamy-potato-29402

09/18/2018, 4:14 AM
Oh thank god.
d

dry-pilot-73614

09/18/2018, 4:14 AM
I’m going to try the new output function now
c

creamy-potato-29402

09/18/2018, 4:15 AM
@dry-pilot-73614 you did the right thing, I’m just saying we’re working on a fix. 🙂
l

lemon-spoon-91807

09/18/2018, 4:15 AM
basically, doing 
pulumi.output(args.spec!)
will give you the entire unwrapped type.
note: we haven't shipped it yet 😄
but this is like the textbook case of where it will be so much nicer.
c

creamy-potato-29402

09/18/2018, 4:16 AM
@dry-pilot-73614 if you try the new way out and see if that works, I’ll write fix your bug. 🙂
I mean I’ll do it anyway, but I’d be curious to see what happens.
l

lemon-spoon-91807

09/18/2018, 4:18 AM
did it in notepad, so probably wrong
but it shuld end up more like:
Copy code
args.spec = pulumi.output(args.spec!).apply(spec => {
    spec.template.spec.containers = spec.template.spec.containers || [];
    spec.template.spec.containers.push({
            name: 'cloudsql-proxy',
            image: '<http://gcr.io/cloudsql-docker/gce-proxy:1.11|gcr.io/cloudsql-docker/gce-proxy:1.11>',
            command: [
                '/cloud_sql_proxy',
                `-instances=${project}:${region}:${instanceName}=tcp:${dbPort}`,
                '-credential_file=/var/run/secrets/cloudsql/credentials.json',
            ],
            securityContext: {
                runAsUser: 2, // non-root user
                allowPrivilegeEscalation: false,
            },
            volumeMounts: [
                {
                    name: 'cloudsql-instance-credentials',
                    mountPath: '/var/run/secrets/cloudsql',
                    readOnly: true,
                },
            ],
        });
    
    spec.template.spec.volumes = spec.template.spec.volumes || [];
    spec.template.spec.volumes.push({
            name: 'cloudsql-instance-credentials',
            secret: {
                secretName: credentialsSecret.metadata.apply(x => x.name),
            },
        });
    
    return spec;
});
c

creamy-potato-29402

09/18/2018, 4:19 AM
lol amazing
l

lemon-spoon-91807

09/18/2018, 4:19 AM
hopefully 🙂
c

creamy-potato-29402

09/18/2018, 4:19 AM
Cyrus: wizard????
l

lemon-spoon-91807

09/18/2018, 4:21 AM
Anything else i can help with?
c

creamy-potato-29402

09/18/2018, 4:23 AM
That’s probably it. THe other bug is something for me.
Thanks!
l

lemon-spoon-91807

09/18/2018, 4:23 AM
any time. night!
d

dry-pilot-73614

09/18/2018, 3:21 PM
I ran into a problem because you can’t assigning an Output to a property on an unwrapped type, which I do with 
secretName: credentialsSecret.metadata.apply(x => x.name)
.
I was able to rework the code to get the secret name in a different scope and unwrap it along with the deployment spec.
That also fixed the problem with volumes on 0.15.2.
Thanks for the help!
Powered by