https://pulumi.com logo
Join Slack
Powered by
When trying to deploy `kiam` helm chart, it seems ...
# general
i
When trying to deploy 
kiam
helm chart, it seems that the TLS certificates are not generated. I checked 
helm template .
and it generates them. Does pulumi has its own helm implementation?
c
no
it uses 
helm template
i
Does it use system helm, or downloads its own? Anyway, there’s a problem - the certificate not generated. Do you have any direction to look at?
c
I’ts hard to say what’s going on without more info. It uses the system helm
there might be a bug here but it’s really hard to see where it would be since we’re literally calling out to 
helm template
i
Can I provide any additional info? I can even jump on a call and we can look at it
But I’m generating the template using system helm and it does contain the certificates
c
does it show up in the preview?
i
nope
c
can you point me to the helm code you’re using?
i
In preview no data is shown
c
and the TLS certs are… CRDs?
i
Sure.
Copy code
new k8s.helm.v2.Chart('kiam', {
      chart: 'stable/kiam',
      values: {
        fullnameOverride: 'kiam',
        server: {
          nodeSelector: {
            'nodeGroupName': 'default'
          }
        }
      }
    }, { parent: this })
c
I mean which helm repository
i
c
oh I see
so this is captured in the 
_helpers
?
is that right?
i
Correct
c
I see. We will not render that, then.
i
hmmm… but why?
c
helm template
doesn’t know about helpers!
What does helm do here? generate a file?
you can do this with pulumi though. Something like:
Copy code
kiam.apply(kiam => { [... generate cert here ...] })
you’d have to write the code yourself.
is there a helm CLI command to expand the helpers automatically?
i
Here’s helm template output:
Copy code
---
# Source: kiam/templates/agent-secret.yaml
kind: Secret
apiVersion: v1
metadata:
  name: release-name-kiam-agent
type: Opaque
data:
  ca: LS0tLS1CRUdJTiBDRV...
  cert: LS0tLS1CRUdJTiBDR...
  key: LS0tLS1CRUdJTiBSU0...
It does generate the keys and certs
c
sorry, I’m confused … so you want it to generate a secret?
I apologize for my lack of experience with this particular chart.
and helm generally.
i
And to prove this, I ran locally 
helm template .
on this exact repository - and it generated a K8S secret resource with the certificate from helpers
c
ok so this doesn’t generate the secret at all, or generates it without any data?
i
While in pulumi, it does generate the secret, but without any data
c
what happens if you pass the CA file? still empty?
i
If I pass I guess it will work
c
just want to make sure. sanity check.
i
let me try
Yep, it does create the data:
c
omg
ok
please file a bug and I will follow up
if you don’t mind.
i
I’m not even sure what to write there and what’s the cause
c
if you put the code above in and mention that you tried it both with and without the CA file, and include the link to the kiam stuff
I’ll figure it out.
I ask only because I don’t have time to try it myself right now.
on first blush it seems we’re somehow eliding the helpers, but I don’t yet know how.
i
The helpers do work. Most of the helm charts use helpers
c
yeah I don’t know, I’ll have to dig in, sorry.
i
@creamy-potato-29402 Found the issue. The problem was outdated local helm repo
Sorry for the false alarm
c
ah
welp 🙂
Open in Slack
PreviousNext
Powered by