https://pulumi.com logo
q

quiet-wolf-18467

10/25/2019, 1:58 PM
I'm trying to use a secret as the kubeconfig for the k8s.Provider, but it keeps failing. Does anyone know what I am doing wrong? 😞
Copy code
const kubernetesProvider = new k8s.Provider("metrics", {
  kubeconfig: config.requireSecret("kubeconfig")
});
g

gentle-diamond-70147

10/25/2019, 2:59 PM
What error do you get with this?
q

quiet-wolf-18467

10/25/2019, 3:00 PM
It's the same as when I load from file
error: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provide
but the kubeconfig works when used with kubectl
I'm going round in circles now
g

gentle-diamond-70147

10/25/2019, 3:01 PM
So you get the same error when doing
fs.readFileSync(...
?
q

quiet-wolf-18467

10/25/2019, 3:01 PM
Yep
g

gentle-diamond-70147

10/25/2019, 3:01 PM
Let me try to reproduce this... give me a few.
q

quiet-wolf-18467

10/25/2019, 3:01 PM
Happy to share screen
g

gentle-diamond-70147

10/25/2019, 3:01 PM
Will take a bit, have to spin up a k8s cluster.
Hmm, I'm not able to reproduce this. How are you using the
kubernetesProvider
object? Are you passing it to each of your kubernetes resources? e.g.
Copy code
const ns = new k8s.core.v1.Namespace(name, {}, { provider: kubernetesProvider });
q

quiet-wolf-18467

10/25/2019, 3:33 PM
Yep
Copy code
import * as fs from "fs";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
const config = new pulumi.Config();

const kconfig = fs.readFileSync("../kubeconfig").toString();
const kubernetesProvider = new k8s.Provider("metrics", {
  kubeconfig: config.requireSecret("kubeconfig")
});

const appLabels = { app: "nginx" };
const deployment = new k8s.apps.v1.Deployment("nginx", {
  spec: {
    selector: { matchLabels: appLabels },
    replicas: 1,
    template: {
      metadata: { labels: appLabels },
      spec: { containers: [{ name: "nginx", image: "nginx" }] }
    }
  }
});

export const name = deployment.metadata.name;
Oh
I added it to the other file and not my nginx deploy
I'm so sorry for wasting your time
g

gentle-diamond-70147

10/25/2019, 3:39 PM
All good! Glad you got it figured out.
config.requireSecret(...)
should definitely work for this so you shouldn't need to do the
fs.readFileSync
part.
q

quiet-wolf-18467

10/25/2019, 3:41 PM
Thank you 🙂
Do you know if its possible to create a secret, thats actually a service account token; and access it?
Copy code
export const serviceAccountSecret = new k8s.core.v1.Secret(
  "community-token-pulumi",
  {
    type: "<http://kubernetes.io/service-account-token|kubernetes.io/service-account-token>",
    metadata: {
      annotations: {
        "<http://kubernetes.io/service-account.name|kubernetes.io/service-account.name>": serviceAccount.metadata.name
      }
    }
  }
);
The object would be this