https://pulumi.com logo
#general
Title
# general
h

helpful-advantage-49286

01/07/2019, 7:54 PM
Hey all, looking at the kubernetes the prod way tutorial and curious if there is an ETA on the additional labs?
m

microscopic-florist-22719

01/07/2019, 7:55 PM
cc @calm-apple-46440 @creamy-potato-29402
g

gorgeous-egg-16927

01/07/2019, 8:20 PM
@helpful-advantage-49286 - @creamy-potato-29402 is planning to flesh out that content over the next 1-2 months.
h

helpful-advantage-49286

01/07/2019, 8:21 PM
Got it, so don’t hold my breath if I need to setup something sooner!
g

gorgeous-egg-16927

01/07/2019, 8:21 PM
Yeah, although don't hesitate to ping us directly if there's something we can help with in the meantime!
h

helpful-advantage-49286

01/07/2019, 8:24 PM
Thanks! Going to poke around a bit try to figure it out some!
c

creamy-potato-29402

01/07/2019, 8:24 PM
I'm working on the technical collateral right now
h

helpful-advantage-49286

01/07/2019, 8:24 PM
Was mostly hoping it would have some good advice for setting up Jenkins/CI/CD, which is the part that I am finding the least amount of clarity on.
c

creamy-potato-29402

01/07/2019, 8:25 PM
Actually I'd love to hear your feedback note of you have a chance:)
Ah
Yes. This is a point we planned to flesh out
What part is unclear now?
I can maybe unblock you
h

helpful-advantage-49286

01/07/2019, 8:26 PM
Oh, just how to wire it all up between GitHub (w/o Actions), how to configure jenkins (is the jenkins conf inside pulumi as well, or just the primary node provisioning), and then get it deploying via pulumi.
Only feedback I have so far is where to store the main pulumi service account creds so it can be used is left as an exercise to the reader, which is fine, hard to resist checking them into the repo when that happens though 😜
c

creamy-potato-29402

01/07/2019, 8:29 PM
Hmm yeah. We haven't spent that much time on Jenkins mostly because I don't have that much experience with it
h

helpful-advantage-49286

01/07/2019, 8:30 PM
ah, so w/ CI/CD in the next section, what is it going to use to operate the pipeline?
c

creamy-potato-29402

01/07/2019, 8:30 PM
Was going to start with Travis
h

helpful-advantage-49286

01/07/2019, 8:32 PM
Ah, makes sense. Maybe where I should start as well then! I always default to jenkins because I am a masochist! 😜
c

creamy-potato-29402

01/07/2019, 8:32 PM
Lol
So the repo had scripts that let you log on as a service account
The idea is to let an actual admin bootstrap this
The ci section will basically add scripts that create Travis secrets
h

helpful-advantage-49286

01/07/2019, 8:34 PM
aaaah
c

creamy-potato-29402

01/07/2019, 8:35 PM
Not quite sure yet how that translates to Jenkins
For Travis this is like 2 lines
Afk but back soon
h

helpful-advantage-49286

01/07/2019, 8:36 PM
Same, if you have the two lines or pointers towards it, that would be awesome!
I like the idea of doing Travis since I need to orchestrate osx builds as well eventually
c

creamy-potato-29402

01/07/2019, 8:36 PM
Yeah I can show you
Give me 10 minutes...
h

helpful-advantage-49286

01/07/2019, 8:38 PM
No rush! I am about to bounce for an appointment, I appreciate the help.
c

creamy-potato-29402

01/07/2019, 8:59 PM
@helpful-advantage-49286 this should work:
Copy code
travis login --pro --github-token <gh-token>
# Generate `credentials.tar.gz`. This contains client-secret.json and kubeconfig.yaml.
./scripts/login-to-ci-service-account.sh

# NOTE: Repository root must have a `.travis.yaml` file!
mv credentials.tar.gz <your-repository-root>
cd <your-repository-root>
travis encrypt-file credentials.tar.gz --add --pro
The
--pro
is for the case where you’re paying for travis ci, i.e., using travis-ci.com.
If you are not, elide this flag. You’d know because you’d be using travis-ci.org
Then:
Copy code
This last command will:

Generate credentials.tar.gz.enc
Alter travis.yaml so that the first before_install command is to decrypt credentials.tar.gz.enc.
In order to get this to work you need to:

git add credentials.tar.gz.enc
git add .travis.yaml
NOTE: Do not add credentials.tar.gz to the repository! This contains your secrets!
h

helpful-advantage-49286

01/07/2019, 10:17 PM
Nice! I will check this out and get back to you, got sucked into some deep yak shaving, so may take a bit to get back to our nascent prod deployment!
@creamy-potato-29402 working my way through the 2nd lab now, one thing is envName is required and not set anywhere in the lab
c

creamy-potato-29402

01/08/2019, 10:00 PM
Will take a look soon... On the road from Oregon. @gorgeous-egg-16927 ?
g

gorgeous-egg-16927

01/08/2019, 10:02 PM
@helpful-advantage-49286 What is requiring envName?
h

helpful-advantage-49286

01/08/2019, 10:02 PM
lab 2, when you run pulumi up you need to have specified an envName config variable, but the lab doesn’t mention it
👀 1
Also, if you haven’t specified a zone, you get a runtime error
g

gorgeous-egg-16927

01/08/2019, 10:08 PM
Ok, it looks like you just need to choose a zone and a name for your env. I'll open an issue to clarify the docs on that
h

helpful-advantage-49286

01/09/2019, 6:19 PM
@creamy-potato-29402 the ./scripts/login command doesn’t generate a credentials.tar.gz
c

creamy-potato-29402

01/09/2019, 6:25 PM
@helpful-advantage-49286 you mean
./scripts/login-to-ci-service-account.sh
? that’s right. it should be getting client credentials out of the identity stack reference.
h

helpful-advantage-49286

01/09/2019, 6:26 PM
Yeah, at least the version I have grabs them, auths the service account and then deletes them.
c

creamy-potato-29402

01/09/2019, 6:26 PM
correct.
You are trying to get this for travis ci?
h

helpful-advantage-49286

01/09/2019, 6:28 PM
Yeah, your paste mentioned running it to get a credentials.tar.gz
Instead, I just grabbed the files
oh, I misread your comment, you mean create one using X and Y, sorry!
c

creamy-potato-29402

01/09/2019, 6:31 PM
ha
np
lmk if I can help otherwise