https://pulumi.com logo
Powered by
b

bitter-dentist-28132

09/03/2019, 10:02 PM
is there a way to force a resource to be replaced? it seems there's a bug where updating the labels of a 
clusterIP
service doesn't cause a replace, instead it tries to update the service which causes an error because the 
spec.clusterIP
field is immutable and set by kubernetes if not specified at creation time
c

creamy-potato-29402

09/03/2019, 10:08 PM
@bitter-dentist-28132 When you say updating the labels should cause a replace, what do you mean?
which labels?
b

bitter-dentist-28132

09/03/2019, 10:08 PM
the service's metadata.labels field
i.e.
Copy code
~ kubernetes:core/v1:Service: (update)
            [id=default/nginxingresscontroller-nginx-ingress-default-backend]
            [urn=urn:pulumi:nightly::cfm::kubernetes:<http://helm.sh/v2:Chart$kubernetes:core/v1:Service::nginxingresscontroller-nginx-ingress-default-backend|helm.sh/v2:Chart$kubernetes:core/v1:Service::nginxingresscontroller-nginx-ingress-default-backend>]
            [provider=urn:pulumi:nightly::cfm::pulumi:providers:kubernetes::cfm::a54fb532-f407-4d17-8436-5dd9fb344698]
          ~ metadata: {
              ~ labels: {
                  ~ chart: "nginx-ingress-1.17.1" => "nginx-ingress-1.17.1"
                }
            }
c

creamy-potato-29402

09/03/2019, 10:10 PM
why should that trigger a replace?
b

bitter-dentist-28132

09/03/2019, 10:12 PM
anything should trigger a replace when you've got a service of type 
clusterIP
when you haven't specified 
spec.clusterIP
, otherwise you end up with:
Copy code
* Service "nginxingresscontroller-nginx-ingress-default-backend" is invalid: spec.clusterIP: Invalid value: "": field is immutable
unfortunately, that field is not really immutable, in that kubernetes changes it to an automatically-assigned IP if it's empty. it's just not mutable for the user.
c

creamy-potato-29402

09/03/2019, 10:14 PM
We shouldn’t be triggering a replace unless you change a field that is immutable. If you didn’t change 
.spec.clusterIP
, it should be an update.
it sounds like somehow 
""
is getting passed as the value of `.spec.clusterIP`—so if the API server filled that value in, that might register it as a change, I guess?
are you instantiating this from YAML or a helm chart?
b

bitter-dentist-28132

09/03/2019, 10:25 PM
this one is a helm chart
c

creamy-potato-29402

09/03/2019, 10:25 PM
yeah. when we’ve seen this before it’s because the hlm author put 
""
in that field.
really, really annoying.
b

bitter-dentist-28132

09/03/2019, 10:25 PM
😑
c

creamy-potato-29402

09/03/2019, 10:25 PM
it’s pretty common though.
b

bitter-dentist-28132

09/03/2019, 10:25 PM
it always boggles my mind how terrible helm is
c

creamy-potato-29402

09/03/2019, 10:25 PM
it pretty much precludes ever updating the chart. 🙂
b

bitter-dentist-28132

09/03/2019, 10:26 PM
i guess i'll open a bug on the chart...
c

creamy-potato-29402

09/03/2019, 10:26 PM
if you use the 
transformations
callback you can fix this by setting 
clusterIP: undefined
it’s a huge pain.
b

bitter-dentist-28132

09/03/2019, 10:29 PM
ah, looks like i can specify 
.Values.controller.metrics.service.omitClusterIP
, very odd that it'll put an empty clusterIP by default instead of just not specifying that key
c

creamy-potato-29402

09/03/2019, 10:31 PM
lol
one day I’ll write a kube linter and just run it on every goddamn helm chart.
I know they exist, but there’s a bunch of stuff like this that I feel like I know and a lot of other people don’t.
b

bitter-dentist-28132

09/03/2019, 10:38 PM
heh. yeah, that and adding an explicit 
namespace: {{ .Release.Namespace }}
everywhere so that it doesn't rely on tiller's resource transformations.
such a strange tool.
anyway, thanks a bunch, wouldn't have guessed the chart was doing that.
c

creamy-potato-29402

09/03/2019, 10:41 PM
yeah, this is the sort of bug that you just have to pick up after a looooooooong time helping people debug. 🙂
s

stocky-island-3676

09/13/2019, 12:34 PM
@creamy-potato-29402 There’s already a 
helm lint
command. Don’t know if it tests for this, though.
Powered by