busy-umbrella-36067
02/19/2019, 6:42 PM.apply
method causes all of the annotations to be planned for removal.
I would expect Pulumi to wait until the security group is created to modify the Ingress (display the new annotation value as computed), is there a better way to go about this?
let Ingress = new k8s.extensions.v1beta1.Ingress("xxxxxxx-xxx", {
metadata: {
annotations: {
'<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>': 'alb',
'<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>': awsCertificate.arn,
'<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>': '[{"HTTPS": 443}]',
'<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>': 'internet-facing',
'<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>': 'ip',
'<http://alb.ingress.kubernetes.io/security-groups|alb.ingress.kubernetes.io/security-groups>': securityGroup.id.apply(id => {return id})
}
},
~ kubernetes:extensions/v1beta1:Ingress: (update)
[id=default/xxxx-xx-xxx]
[urn=urn:pulumi:xxxxxx-staging::xxxxxxxxx::kubernetes:extensions/v1beta1:Ingress::xxxxxx-xxxxxxx]
~ metadata : {
~ annotations: {
- <http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn> : "arn:aws:acm:xx-west-1:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxx"
- <http://alb.ingress.kubernetes.io/inbound-cidrs|alb.ingress.kubernetes.io/inbound-cidrs> : "xxxxxxxxxxxxxx"
- <http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports> : "[{\"HTTPS\": 443}]"
- <http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme> : "internet-facing"
- <http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type> : "ip"
- <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class> : "alb"
}
}
gorgeous-egg-16927
02/19/2019, 7:09 PMimport * as k8s from "@pulumi/kubernetes";
import * as random from "@pulumi/random";
const randID = new random.RandomString("rand", {
length: 6
});
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest": randID.result.apply(id => {return id}),
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});
Resources:
~ 1 to update
2 unchanged
Do you want to perform this update? details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:pulumi-k8s-test-dev::pulumi-k8s-test::pulumi:pulumi:Stack::pulumi-k8s-test-pulumi-k8s-test-dev]
~ kubernetes:core/v1:Pod: (update)
[id=default/pod-test-nqu8sske]
[urn=urn:pulumi:pulumi-k8s-test-dev::pulumi-k8s-test::kubernetes:core/v1:Pod::pod-test]
~ metadata : {
~ annotations: {
+ randomTest : "Esk%0Q"
}
}
gorgeous-egg-16927
02/19/2019, 7:11 PMapply
there. This worked the same for me: import * as k8s from "@pulumi/kubernetes";
import * as random from "@pulumi/random";
const randID = new random.RandomString("rand", {
length: 6
});
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest": randID.result,
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});
gorgeous-egg-16927
02/19/2019, 7:12 PMbusy-umbrella-36067
02/19/2019, 7:17 PMimport * as k8s from "@pulumi/kubernetes";
import * as aws from "@pulumi/aws";
import * as random from "@pulumi/random";
const securityGroup = new aws.ec2.SecurityGroup('sg-test', {
description: "Container node security group",
egress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
ingress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
})
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest2": securityGroup.apply(id => { return id }),
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});
gorgeous-egg-16927
02/19/2019, 7:29 PMProperty 'apply' does not exist on type 'SecurityGroup'
busy-umbrella-36067
02/19/2019, 7:30 PMbusy-umbrella-36067
02/19/2019, 7:30 PMsecurityGroup.id
gorgeous-egg-16927
02/19/2019, 7:33 PMaws:ec2:SecurityGroup (sg-test):
error: Plan apply failed: Error creating Security Group: InvalidParameterValue: Value (sg-test-2496046) for parameter GroupName is invalid. Group names may not be in the format sg-*.
status code: 400, request id: b553cde8-8174-4363-a802-7d9fbd2dc91b
gorgeous-egg-16927
02/19/2019, 7:33 PMgorgeous-egg-16927
02/19/2019, 7:36 PMgorgeous-egg-16927
02/19/2019, 7:37 PMconst securityGroup = new aws.ec2.SecurityGroup('sg-test', {
name: "sgtest",
description: "Container node security group",
egress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
ingress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
protocol: "-1",
toPort: 0,
}],
});
const pod = new k8s.core.v1.Pod("pod-test", {
metadata: {
annotations: {
"randomTest2": securityGroup.id,
"foo": "bar",
}
},
spec: {
containers: [
{name: "nginx", image: "nginx:1.13-alpine"},
],
},
});
gorgeous-egg-16927
02/19/2019, 7:40 PMsg-*
is not allowed, so when it autonamed based on that, it was invalidgorgeous-egg-16927
02/19/2019, 7:40 PMsecgrp-test
fixes it as wellbusy-umbrella-36067
02/20/2019, 3:11 AMgorgeous-egg-16927
02/20/2019, 4:16 PM