sparse-intern-71089
12/03/2019, 8:34 PMquaint-garden-96746
12/03/2019, 10:23 PMsudo tcpdump -i en0 "dst 54.70.73.136 || dst 35.163.58.164"
see many request to remote host during pulumi stack command runnig
then search info how to trace pulumi
https://www.pulumi.com/docs/troubleshooting/
and found this:quaint-garden-96746
12/03/2019, 10:29 PMcolossal-beach-47527
12/04/2019, 4:25 PMquaint-garden-96746
12/04/2019, 8:57 PMquaint-garden-96746
12/04/2019, 9:03 PMquaint-garden-96746
12/04/2019, 11:22 PMsecret : {
apiVersion: "v1"
data : "[secret]"
id : "default/backend-api-secrets-ahdxt3ym"
kind : "Secret"
metadata : "[secret]"
stringData: "[secret]"
type : "Opaque"
urn : "urn:pulumi:stage::project-aws-eks::k8s:app:backend$kubernetes:core/v1:Secret::backend-api-secrets"
}
metadata of the k8s.core.v1.Secret became secret I use it for the creating service account with providing registry secret with secret.metadata.name
but it’s encrypted and my service account became encrypted as well and then I use sa.metadata.name for my deployment and its also became encrypted all my k8s resources became encrypted 😄.
i found workaround with:
secret.id.apply(v => v.replace(/^[^\/]+\//,''))
It’s not a good solution at all. I think not all metadata in secrets must be encrypted -> name at leastquaint-garden-96746
12/04/2019, 11:42 PM