Channels
#general
Title
f
fancy-magazine-29876
01/15/2019, 6:31 PMhow is pulumi expected to work from a CI/CD tool (i.e. CircleCI) when deploying to kubernetes? doesn't seem to be a simple way to handle cluster auth with microstacks
c
creamy-potato-29402
01/15/2019, 6:36 PM@fancy-magazine-29876 what do you mean by “microstacks”?
f
fancy-magazine-29876
01/15/2019, 6:36 PMbasically our infra project (and subsequently stacks for staging/prod )are totally separate from all other applications
and we are using local login
c
creamy-potato-29402
01/15/2019, 6:37 PMNo, this is actually pretty easy: https://github.com/pulumi/kubernetes-the-prod-way/tree/master/services
f
fancy-magazine-29876
01/15/2019, 6:38 PMhow would i reference the infra stack though?
its in a different repo and we arent using pulumi cloud login
c
creamy-potato-29402
01/15/2019, 6:38 PMThe
scriptsThis line creates a Kubernetes provider out of the kubeconfig file, which is a stack output of the managed compute stack.
it’s super easy.
f
fancy-magazine-29876
01/15/2019, 6:39 PMbut all the code is in the same repo
am i missing something?
c
creamy-potato-29402
01/15/2019, 6:40 PMWhy does that matter? They’re different stacks, right?
They don’t share anything at all.
f
fancy-magazine-29876
01/15/2019, 6:40 PMso how does it get the stack info?
where is that state referenced
c
creamy-potato-29402
01/15/2019, 6:41 PMIn the line above the k8s app is inspecting the stack output of the managed compute stack.
whichever stack provisions the GKE cluster exports the kubeconfig file, the app stack references it.
Right?
f
fancy-magazine-29876
01/15/2019, 6:41 PMya, so i'm assuming you can't use local login with that then
pulumi cloud pricing is prohibitive with the approach we are going for
c
creamy-potato-29402
01/15/2019, 6:42 PMIt should work with any backend?
f
fancy-magazine-29876
01/15/2019, 6:42 PMi'm still missing how if i have stacks with local state, how a stack in one repo could reference the output of a stack in another
c
creamy-potato-29402
01/15/2019, 6:43 PMconst infrastructureStack = new pulumi.StackReference(infrastructureStackName);f
fancy-magazine-29876
01/15/2019, 6:43 PMya i get that
c
creamy-potato-29402
01/15/2019, 6:44 PMDoes that not work with the local backend?
is that what you’re saying?
cc @microscopic-florist-22719
f
fancy-magazine-29876
01/15/2019, 6:45 PMa stack reference to a stack with local state only would have to read from disk
so i would have to clone the repos of all stacks i want to reference
i haven't actually tried it because i dont see how it would work
m
microscopic-florist-22719
01/15/2019, 6:46 PM
that's correct--local stack references would need access to any state you'd like to share
👍 1
f
fancy-magazine-29876
01/15/2019, 6:46 PMi.e if i'm working in
~/projects/infracdpulumi login file://$(PWD)i see no issues doing this with cloud login, but it's really cost-prohibitive
a S3 state option would be great - i could probably hack something together but builtin functionality would go a long way
c
creamy-potato-29402
01/16/2019, 4:18 AM@fancy-magazine-29876 yeah, this is probably harder than it could be. I’m not sure what the priority is right now. @white-balloon-205 @big-piano-35669?
If you don’t want to use the managed offering you can get head into your other repository,
pulumi stack output <whatever> | pbcopypulumi config set <whatever> <whatever>The problem more generally is not that this can’t be done, it’s that (I think) there is no shared state to reference.
This isn’t going to be easy to solve with “just” the S3 backend. YOu need some way to address other state files, and that is going to require something to broker those things.
Open to hear other solutions though.
f
fancy-magazine-29876
01/16/2019, 10:33 PM@creamy-potato-29402 git subtrees could help as an alternative to baking anything into pulumi - although the infra repo (networking, instances, etc) would need to be added as a subtree to all application repos (at least ones that deploy to k8s or need to reference the infra stacks). also, keeping code up to date could be a nightmare or might just need to be worked into the regular workflow of things
c
creamy-potato-29402
01/16/2019, 10:35 PMYeah, I suspect there are many ways to skin this cat… are you talking to anyone else over here about this stuff? Might be worth chatting with @big-piano-35669 @adamant-restaurant-73893
I will confer with my colleagues about this, since I think it will come up, but I don’t have a clear answer for you right now. I’m sorry. 😞
f
fancy-magazine-29876
01/16/2019, 10:39 PMthat's ok, just spitballing - haven't talked to anyone else yet. i'll think on it a bit
c
creamy-potato-29402
01/16/2019, 10:40 PMWell they call the shots around here lol, I think it’s worth having a chat with them if you have the time.
👍 1