Channels
#general
Title
c
cool-egg-852
08/01/2019, 6:42 PMAnyone have any idea why a k8s secret containing a GCP ServiceAccount’s credentials would constantly be replaced every time? Pulumi detects it as being empty every time
upw
white-balloon-205
08/01/2019, 6:43 PM
c
cool-egg-852
08/01/2019, 6:46 PMThanks!
Once I upgraded the provider, I started getting another error unfortunately:
error: Failed to check for changes in resource sellercenter-shopify-app-ls7jmimu/sellercenter-shopify-app-v46sn5kv because of an error computing the JSON patch describing the resource changes: Internal error occurred: admission webhook "<http://configmaps.vault-secrets-webhook.admission.banzaicloud.com|configmaps.vault-secrets-webhook.admission.banzaicloud.com>" does not support dry runSo whatever changes were done are making a critical BC break I think
c
creamy-potato-29402
08/01/2019, 6:54 PMWe’re working on a fix.
c
cool-egg-852
08/01/2019, 6:54 PMIs this a known issue I should track on GH?
Also thanks for working on a fix.
c
creamy-potato-29402
08/01/2019, 6:55 PMnope, it’s tracked in this PR: https://github.com/pulumi/pulumi-kubernetes/pull/682
c
cool-egg-852
08/01/2019, 6:56 PMThanks
c
creamy-potato-29402
08/01/2019, 7:18 PM@cool-egg-852 can you please try development version
0.25.4-dev.1564681515that seems like it should fix that. cc @gorgeous-egg-16927
c
cool-egg-852
08/01/2019, 7:20 PMSure
Doesn’t seem to have fixed it
I’ve seem some more work on that PR. Is there another version you’d like me to try?
g
gorgeous-egg-16927
08/01/2019, 8:56 PM@cool-egg-852 Would you be able to open an issue with a repro? I think the error you saw may be a different issue.
c
cool-egg-852
08/01/2019, 8:57 PMReproducing it is not easy given the requirements I believe. I can see if I can make something that reproduces it. I have no problem opening a new issue though.
🙏 1
I’ll see what I can do about reproducing it tomorrow though. The cause is definitely caused by changes in 0.25.3 though.
My guess is that the new dry-run support doesn’t consider mutating webhook controllers that don’t support dry-run.
I’m guessing the cluster has the feature enabled, and thus it’s trying to use the new logic
I’m not entirely familiar with the feature, but I think the error needs to be caught and then fallback to the old diffing logic.
I’ve filed https://github.com/banzaicloud/bank-vaults/issues/575 so they can add support for it in the future, but obviously pulumi shouldn’t fail because of this.
g
gorgeous-egg-16927
08/01/2019, 11:15 PMWe’re in the process of adding an opt-in feature flag for the diff changes, and will be defaulting back to the previous behavior ASAP
c
cool-egg-852
08/01/2019, 11:18 PMOk cool. I won’t upgrade the provider until the. Looking forward to the fix though for the secrets and such that I started this thread for. Hope to see the change soon. Thanks for all the hard work!
g
gorgeous-egg-16927
08/02/2019, 3:13 AMhttps://github.com/pulumi/pulumi-kubernetes/releases/tag/v0.25.4 was just released. thanks for your patience!
c
cool-egg-852
08/02/2019, 2:27 PMthanks for the update. You guys are awesome.