I'm trying to use a secret as the kubeconfig for t...
# generalq
quiet-wolf-18467
10/25/2019, 1:58 PM
I'm trying to use a secret as the kubeconfig for the k8s.Provider, but it keeps failing. Does anyone know what I am doing wrong? 😞
Copy code
const kubernetesProvider = new k8s.Provider("metrics", {
kubeconfig: config.requireSecret("kubeconfig")
});g
gentle-diamond-70147
10/25/2019, 2:59 PMWhat error do you get with this?
q
quiet-wolf-18467
10/25/2019, 3:00 PM
It's the same as when I load from file
quiet-wolf-18467
10/25/2019, 3:00 PM
error: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been providequiet-wolf-18467
10/25/2019, 3:00 PM
but the kubeconfig works when used with kubectl
quiet-wolf-18467
10/25/2019, 3:00 PM
I'm going round in circles now
g
gentle-diamond-70147
10/25/2019, 3:01 PMSo you get the same error when doing
fs.readFileSync(...q
quiet-wolf-18467
10/25/2019, 3:01 PM
Yep
g
gentle-diamond-70147
10/25/2019, 3:01 PMLet me try to reproduce this... give me a few.
q
quiet-wolf-18467
10/25/2019, 3:01 PM
Happy to share screen
g
gentle-diamond-70147
10/25/2019, 3:01 PMWill take a bit, have to spin up a k8s cluster.
gentle-diamond-70147
10/25/2019, 3:33 PMHmm, I'm not able to reproduce this.
How are you using the
kubernetesProvider Copy code
const ns = new k8s.core.v1.Namespace(name, {}, { provider: kubernetesProvider });q
quiet-wolf-18467
10/25/2019, 3:33 PM
Yep
quiet-wolf-18467
10/25/2019, 3:37 PM
Copy code
import * as fs from "fs";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
const config = new pulumi.Config();
const kconfig = fs.readFileSync("../kubeconfig").toString();
const kubernetesProvider = new k8s.Provider("metrics", {
kubeconfig: config.requireSecret("kubeconfig")
});
const appLabels = { app: "nginx" };
const deployment = new k8s.apps.v1.Deployment("nginx", {
spec: {
selector: { matchLabels: appLabels },
replicas: 1,
template: {
metadata: { labels: appLabels },
spec: { containers: [{ name: "nginx", image: "nginx" }] }
}
}
});
export const name = deployment.metadata.name;quiet-wolf-18467
10/25/2019, 3:37 PM
Oh
quiet-wolf-18467
10/25/2019, 3:38 PM
I added it to the other file and not my nginx deploy
quiet-wolf-18467
10/25/2019, 3:38 PM
I'm so sorry for wasting your time
g
gentle-diamond-70147
10/25/2019, 3:39 PMAll good! Glad you got it figured out.
gentle-diamond-70147
10/25/2019, 3:40 PMconfig.requireSecret(...)fs.readFileSyncq
quiet-wolf-18467
10/25/2019, 3:41 PM
Thank you 🙂
quiet-wolf-18467
10/25/2019, 3:53 PM
Do you know if its possible to create a secret, thats actually a service account token; and access it?
quiet-wolf-18467
10/25/2019, 3:53 PM
Copy code
export const serviceAccountSecret = new k8s.core.v1.Secret(
"community-token-pulumi",
{
type: "<http://kubernetes.io/service-account-token|kubernetes.io/service-account-token>",
metadata: {
annotations: {
"<http://kubernetes.io/service-account.name|kubernetes.io/service-account.name>": serviceAccount.metadata.name
}
}
}
);quiet-wolf-18467
10/25/2019, 3:53 PM
The object would be this
13 Views