This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

10/10/2019, 10:18 PM

This message was deleted.

worried-city-86458

10/10/2019, 10:19 PM

Is it expected to need to run

helm repo update

worried-city-86458

10/10/2019, 10:19 PM

After doing that manually the update nearly succeeded:

Copy code

pulumi:pulumi:Stack (k8s-infra-dev):
    error: update failed
 
  kubernetes:policy:PodSecurityPolicy (monitoring/po-grafana):
    error: Plan apply failed: resource monitoring/po-grafana was not successfully created by the Kubernetes API server : podsecuritypolicies.policy "po-grafana" already exists

worried-city-86458

10/10/2019, 10:20 PM

Ran again and preview looks like the following:

Copy code

Type                                           Name                   Plan
     pulumi:pulumi:Stack                            k8s-infra-dev
     └─ kubernetes:helm.sh:Chart                    po
 +      ├─ kubernetes:policy:PodSecurityPolicy      monitoring/po-grafana  create
 -      └─ kubernetes:extensions:PodSecurityPolicy  monitoring/po-grafana  delete

worried-city-86458

10/10/2019, 10:23 PM

Is this a case of the resource api versions changing and not being picked up by Pulumi?

gorgeous-egg-16927

10/10/2019, 10:34 PM

Yeah, Pulumi just interacts with helm on your system, so you have to run

helm repo update

to pull in new chart info.

gorgeous-egg-16927

10/10/2019, 10:35 PM

We aren’t currently auto-aliasing PSPs, so that would explain the error you’re seeing

gorgeous-egg-16927

10/10/2019, 10:37 PM

https://github.com/pulumi/pulumi-kubernetes/issues/828 is tracking getting those added for all resources types

worried-city-86458

10/10/2019, 10:49 PM

Thanks. Is there a workaround to specify the alias myself?

worried-city-86458

10/10/2019, 10:51 PM

So for CI/CD, we should always run

helm repo update

outside of Pulumi?

gorgeous-egg-16927

10/10/2019, 11:04 PM

You could specify the alias with a transformation along the lines of https://github.com/pulumi/pulumi-kubernetes/blob/049ce63bcafb65b12a2b89621ac6a399118844db/sdk/nodejs/helm/v2/helm.ts#L43-L60 I think

Copy code

transformations: [
    (obj: any, opts: pulumi.CustomResourceOptions) => {
        if (obj.kind === "PodSecurityPolicy") {
            opts.aliases = [
                { parent: opts.parent, type: "kubernetes:policy/v1beta1:PodSecurityPolicy"},
                { parent: opts.parent, type: "kubernetes:extensions/v1beta1:PodSecurityPolicy"},
            ];
        }
    },
],

would work

gorgeous-egg-16927

10/10/2019, 11:05 PM

I’d run

helm repo update

after it gets installed in your CI pipeline

worried-city-86458

10/10/2019, 11:24 PM

The transform worked great, thanks again.

👍 1

3 Views

Open in Slack

Previous Next