https://pulumi.com logo
Join Slack
Powered by
Hey all, looking at the kubernetes the prod way tu...
# general
h
Hey all, looking at the kubernetes the prod way tutorial and curious if there is an ETA on the additional labs?
m
cc @calm-apple-46440 @creamy-potato-29402
g
@helpful-advantage-49286 - @creamy-potato-29402 is planning to flesh out that content over the next 1-2 months.
h
Got it, so don’t hold my breath if I need to setup something sooner!
g
Yeah, although don't hesitate to ping us directly if there's something we can help with in the meantime!
h
Thanks! Going to poke around a bit try to figure it out some!
c
I'm working on the technical collateral right now
h
Was mostly hoping it would have some good advice for setting up Jenkins/CI/CD, which is the part that I am finding the least amount of clarity on.
c
Actually I'd love to hear your feedback note of you have a chance:)
Ah
Yes. This is a point we planned to flesh out
What part is unclear now?
I can maybe unblock you
h
Oh, just how to wire it all up between GitHub (w/o Actions), how to configure jenkins (is the jenkins conf inside pulumi as well, or just the primary node provisioning), and then get it deploying via pulumi.
Only feedback I have so far is where to store the main pulumi service account creds so it can be used is left as an exercise to the reader, which is fine, hard to resist checking them into the repo when that happens though 😜
c
Hmm yeah. We haven't spent that much time on Jenkins mostly because I don't have that much experience with it
h
ah, so w/ CI/CD in the next section, what is it going to use to operate the pipeline?
c
Was going to start with Travis
h
Ah, makes sense. Maybe where I should start as well then! I always default to jenkins because I am a masochist! 😜
c
Lol
So the repo had scripts that let you log on as a service account
The idea is to let an actual admin bootstrap this
The ci section will basically add scripts that create Travis secrets
h
aaaah
c
Not quite sure yet how that translates to Jenkins
For Travis this is like 2 lines
Afk but back soon
h
Same, if you have the two lines or pointers towards it, that would be awesome!
I like the idea of doing Travis since I need to orchestrate osx builds as well eventually
c
Yeah I can show you
Give me 10 minutes...
h
No rush! I am about to bounce for an appointment, I appreciate the help.
c
@helpful-advantage-49286 this should work:
Copy code
travis login --pro --github-token <gh-token>
# Generate `credentials.tar.gz`. This contains client-secret.json and kubeconfig.yaml.
./scripts/login-to-ci-service-account.sh

# NOTE: Repository root must have a `.travis.yaml` file!
mv credentials.tar.gz <your-repository-root>
cd <your-repository-root>
travis encrypt-file credentials.tar.gz --add --pro
The 
--pro
is for the case where you’re paying for travis ci, i.e., using travis-ci.com.
If you are not, elide this flag. You’d know because you’d be using travis-ci.org
Then:
Copy code
This last command will:

Generate credentials.tar.gz.enc
Alter travis.yaml so that the first before_install command is to decrypt credentials.tar.gz.enc.
In order to get this to work you need to:

git add credentials.tar.gz.enc
git add .travis.yaml
NOTE: Do not add credentials.tar.gz to the repository! This contains your secrets!
h
Nice! I will check this out and get back to you, got sucked into some deep yak shaving, so may take a bit to get back to our nascent prod deployment!
@creamy-potato-29402 working my way through the 2nd lab now, one thing is envName is required and not set anywhere in the lab
c
Will take a look soon... On the road from Oregon. @gorgeous-egg-16927 ?
g
@helpful-advantage-49286 What is requiring envName?
h
lab 2, when you run pulumi up you need to have specified an envName config variable, but the lab doesn’t mention it
👀 1
Also, if you haven’t specified a zone, you get a runtime error
g
Ok, it looks like you just need to choose a zone and a name for your env. I'll open an issue to clarify the docs on that
h
@creamy-potato-29402 the ./scripts/login command doesn’t generate a credentials.tar.gz
c
@helpful-advantage-49286 you mean 
./scripts/login-to-ci-service-account.sh
? that’s right. it should be getting client credentials out of the identity stack reference.
h
Yeah, at least the version I have grabs them, auths the service account and then deletes them.
c
correct.
You are trying to get this for travis ci?
h
Yeah, your paste mentioned running it to get a credentials.tar.gz
Instead, I just grabbed the files
oh, I misread your comment, you mean create one using X and Y, sorry!
c
ha
np
lmk if I can help otherwise
Open in Slack
PreviousNext
Powered by