https://pulumi.com logo
c

cool-egg-852

08/01/2019, 6:42 PM
Anyone have any idea why a k8s secret containing a GCP ServiceAccount’s credentials would constantly be replaced every time? Pulumi detects it as being empty every time
up
is run.
c

cool-egg-852

08/01/2019, 6:46 PM
Thanks!
Once I upgraded the provider, I started getting another error unfortunately:
error: Failed to check for changes in resource sellercenter-shopify-app-ls7jmimu/sellercenter-shopify-app-v46sn5kv because of an error computing the JSON patch describing the resource changes: Internal error occurred: admission webhook "<http://configmaps.vault-secrets-webhook.admission.banzaicloud.com|configmaps.vault-secrets-webhook.admission.banzaicloud.com>" does not support dry run
So whatever changes were done are making a critical BC break I think
c

creamy-potato-29402

08/01/2019, 6:54 PM
We’re working on a fix.
c

cool-egg-852

08/01/2019, 6:54 PM
Is this a known issue I should track on GH?
Also thanks for working on a fix.
c

creamy-potato-29402

08/01/2019, 6:55 PM
c

cool-egg-852

08/01/2019, 6:56 PM
Thanks
c

creamy-potato-29402

08/01/2019, 7:18 PM
@cool-egg-852 can you please try development version
0.25.4-dev.1564681515
?
that seems like it should fix that. cc @gorgeous-egg-16927
c

cool-egg-852

08/01/2019, 7:20 PM
Sure
Doesn’t seem to have fixed it
I’ve seem some more work on that PR. Is there another version you’d like me to try?
g

gorgeous-egg-16927

08/01/2019, 8:56 PM
@cool-egg-852 Would you be able to open an issue with a repro? I think the error you saw may be a different issue.
c

cool-egg-852

08/01/2019, 8:57 PM
Reproducing it is not easy given the requirements I believe. I can see if I can make something that reproduces it. I have no problem opening a new issue though.
🙏 1
I’ll see what I can do about reproducing it tomorrow though. The cause is definitely caused by changes in 0.25.3 though.
My guess is that the new dry-run support doesn’t consider mutating webhook controllers that don’t support dry-run.
I’m guessing the cluster has the feature enabled, and thus it’s trying to use the new logic
I’m not entirely familiar with the feature, but I think the error needs to be caught and then fallback to the old diffing logic.
I’ve filed https://github.com/banzaicloud/bank-vaults/issues/575 so they can add support for it in the future, but obviously pulumi shouldn’t fail because of this.
g

gorgeous-egg-16927

08/01/2019, 11:15 PM
We’re in the process of adding an opt-in feature flag for the diff changes, and will be defaulting back to the previous behavior ASAP
c

cool-egg-852

08/01/2019, 11:18 PM
Ok cool. I won’t upgrade the provider until the. Looking forward to the fix though for the secrets and such that I started this thread for. Hope to see the change soon. Thanks for all the hard work!
g

gorgeous-egg-16927

08/02/2019, 3:13 AM
https://github.com/pulumi/pulumi-kubernetes/releases/tag/v0.25.4 was just released. thanks for your patience!
c

cool-egg-852

08/02/2019, 2:27 PM
thanks for the update. You guys are awesome.