stocky-island-3676
03/06/2019, 8:37 AMkubectl
context for a Kubernetes resource to make sure it’s applied to the correct cluster (configured in the uniquely named context).
How can I avoid that Pulumi will *recreate*/replace the resource when I add new kubernetes.Provider(..., {context: ,})
to it?provider
on the resource in the Pulumi stack JSON file.import kubernetes = require("@pulumi/kubernetes")
let k8sProvider = new kubernetes.Provider("test-provider", {})
new kubernetes.core.v1.Namespace("test-namespace", {}, {
// provider: k8sProvider, // add after first `pulumi update`
})
white-balloon-205
stocky-island-3676
03/06/2019, 2:39 PMkubectl config use-context ...
before.
2. To use different RBAC roles (“least privilege”) in one Pulumi project.
3. We’re normally using aws-vault
in front of the exec
plugin (aws-iam-authenticator
). As it prompts for a MFA code and Pulumi seems to not support stdin, I’m using a context with only the aws-iam-authenticator
& aws-vault
before pulumi
.cool-egg-852
03/06/2019, 2:46 PMstocky-island-3676
03/06/2019, 2:52 PMcreamy-potato-29402
03/06/2019, 5:24 PMcool-egg-852
03/06/2019, 5:27 PMstocky-island-3676
03/06/2019, 5:46 PMcluster-admin
ClusterRole. Then applying monitoring with a K8s user with lowered rights, e.g. admin
RoleBinding (fixed to a monitoring
namespace).cool-egg-852
03/06/2019, 5:48 PMcluster-admin
, then they are already trusted enough to have cluster-admin
..stocky-island-3676
03/06/2019, 5:59 PMcool-egg-852
03/06/2019, 6:00 PMstocky-island-3676
03/06/2019, 6:09 PMnamespace
in K8s provider (when the issue is fixed).creamy-potato-29402
03/06/2019, 6:44 PMcool-egg-852
03/06/2019, 6:49 PMcreamy-potato-29402
03/06/2019, 6:50 PMcool-egg-852
03/06/2019, 6:53 PMcreamy-potato-29402
03/06/2019, 6:53 PMstocky-island-3676
03/06/2019, 8:02 PMcreamy-potato-29402
03/06/2019, 9:29 PM.metadata.name
manually, we will create new versions before deleteing the old ones.