I’m seeing some weird behavior with k8s ingress an...
# generalb
busy-umbrella-36067
02/19/2019, 6:42 PMI’m seeing some weird behavior with k8s ingress annotations.
I just recently added an aws security group to an annotation for a k8s ingress. However, using the
.apply Copy code
let Ingress = new k8s.extensions.v1beta1.Ingress("xxxxxxx-xxx", {
metadata: {
annotations: {
'<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>': 'alb',
'<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>': awsCertificate.arn,
'<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>': '[{"HTTPS": 443}]',
'<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>': 'internet-facing',
'<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>': 'ip',
'<http://alb.ingress.kubernetes.io/security-groups|alb.ingress.kubernetes.io/security-groups>': securityGroup.id.apply(id => {return id})
}
}, Copy code
~ kubernetes:extensions/v1beta1:Ingress: (update)
[id=default/xxxx-xx-xxx]
[urn=urn:pulumi:xxxxxx-staging::xxxxxxxxx::kubernetes:extensions/v1beta1:Ingress::xxxxxx-xxxxxxx]
~ metadata : {
~ annotations: {
- <http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn> : "arn:aws:acm:xx-west-1:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxx"
- <http://alb.ingress.kubernetes.io/inbound-cidrs|alb.ingress.kubernetes.io/inbound-cidrs> : "xxxxxxxxxxxxxx"
- <http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports> : "[{\"HTTPS\": 443}]"
- <http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme> : "internet-facing"
- <http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type> : "ip"
- <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class> : "alb"
}
}g
gorgeous-egg-16927
02/19/2019, 7:09 PMI just tried something similar and wasn’t able to reproduce.
Copy code
import * as k8s from "@pulumi/kubernetes";
import * as random from "@pulumi/random";
const randID = new random.RandomString("rand", {
length: 6
});
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest": randID.result.apply(id => {return id}),
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
}); Copy code
Resources:
~ 1 to update
2 unchanged
Do you want to perform this update? details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:pulumi-k8s-test-dev::pulumi-k8s-test::pulumi:pulumi:Stack::pulumi-k8s-test-pulumi-k8s-test-dev]
~ kubernetes:core/v1:Pod: (update)
[id=default/pod-test-nqu8sske]
[urn=urn:pulumi:pulumi-k8s-test-dev::pulumi-k8s-test::kubernetes:core/v1:Pod::pod-test]
~ metadata : {
~ annotations: {
+ randomTest : "Esk%0Q"
}
}gorgeous-egg-16927
02/19/2019, 7:11 PMBTW, you should be able to skip the
apply Copy code
import * as k8s from "@pulumi/kubernetes";
import * as random from "@pulumi/random";
const randID = new random.RandomString("rand", {
length: 6
});
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest": randID.result,
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});gorgeous-egg-16927
02/19/2019, 7:12 PMI don’t see anything obviously wrong in the info you provided, but I’ll take a look if you can provide repro steps for me
b
busy-umbrella-36067
02/19/2019, 7:17 PMCan you try this?
Copy code
import * as k8s from "@pulumi/kubernetes";
import * as aws from "@pulumi/aws";
import * as random from "@pulumi/random";
const securityGroup = new aws.ec2.SecurityGroup('sg-test', {
description: "Container node security group",
egress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
ingress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
})
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest2": securityGroup.apply(id => { return id }),
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});g
gorgeous-egg-16927
02/19/2019, 7:29 PM@busy-umbrella-36067 I’m getting a warning that
Property 'apply' does not exist on type 'SecurityGroup'b
busy-umbrella-36067
02/19/2019, 7:30 PMah sorry
busy-umbrella-36067
02/19/2019, 7:30 PMsecurityGroup.idg
gorgeous-egg-16927
02/19/2019, 7:33 PM Copy code
aws:ec2:SecurityGroup (sg-test):
error: Plan apply failed: Error creating Security Group: InvalidParameterValue: Value (sg-test-2496046) for parameter GroupName is invalid. Group names may not be in the format sg-*.
status code: 400, request id: b553cde8-8174-4363-a802-7d9fbd2dc91bgorgeous-egg-16927
02/19/2019, 7:33 PMLooks like it could be a bug with the autonaming for sec group
gorgeous-egg-16927
02/19/2019, 7:36 PM@busy-umbrella-36067 Yeah, manually setting the sg name to “sgtest” fixed it for me
gorgeous-egg-16927
02/19/2019, 7:37 PM Copy code
const securityGroup = new aws.ec2.SecurityGroup('sg-test', {
name: "sgtest",
description: "Container node security group",
egress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
ingress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
});
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest2": securityGroup.id,
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});gorgeous-egg-16927
02/19/2019, 7:40 PMAh, it’s actually a problem with the name you picked for the sec group. I guess
sg-*gorgeous-egg-16927
02/19/2019, 7:40 PMChanging the resource name to
secgrp-testb
busy-umbrella-36067
02/20/2019, 3:11 AMI filed the bug with more specific detail here: https://github.com/pulumi/pulumi-kubernetes/issues/438
g
gorgeous-egg-16927
02/20/2019, 4:16 PMThanks, I’ll take a look today.