https://pulumi.com logo
#general
Title
# general
p

polite-motherboard-78438

04/11/2020, 2:59 PM
Hi all. I am trying to fix some differences between the Pulumi state and my K8s state, but I am having some troubles and would be nice to have some help. When I run
pulumi preview
, I get the following diff:
Copy code
+   ├─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                    letsencrypt-prod                create
 -   ├─ kubernetes:helm.sh:Chart                                    letsencrypt-prod                delete
 -   │  └─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                 cert-maanger/letsencrypt-prod   delete
The resource that Pulumi is trying to create is the same as the one it is trying to delete. (On K8s). I am not sure since when this happen, but It could be because the change the way the "lets-encrypt" resource is managed in Pulumi, from an Helm Chart to a Custom resource. Still If I run
pulumi up
it fails, saying with "error":
Copy code
resource cert-maanger/letsencrypt-prod was not successfully created by the Kubernetes API server : <http://clusterissuers.cert-manager.io|clusterissuers.cert-manager.io> "letsencrypt-prod" already exists. That´s normal, since Pulumi is trying to create a resource that already exists.
So I am trying to converge the pulumi state with the K8s cluster state. First I tried to manually delete the "letsencrypt" resource by it´s urn like so:
pulumi state delete urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2/:letsencrypt-prod|helm.sh/v2/:letsencrypt-prod>
It gave an error: error:
Copy code
This resource can't be safely deleted because the following resources depend on it: cert-maanger/letsencrypt-prod" (urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod>)
Ok. makes sense. Let´s try to delete de dependent resource first:
Copy code
pulumi state delete urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod> --force -y
Another error: "*error: No such resource "urnpulumidev:brunopazdevkuberneteshelm.sh/v2:Chartert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod" exists in the current state*" So I have a resource that depends on a resource that doesnt exist?? Has anybody have an idea how to fix this? Do I have to edit the state manually to remove this resources and then maybe importing the existing one from the Cluster state? Thank you.
g

gorgeous-egg-16927

04/13/2020, 3:05 PM
p

polite-motherboard-78438

04/17/2020, 5:46 PM
Hi Thanks. Didnt know about aliases. I have tried by it´s not working. Here is the output of pulumi preview for the particular resources
Copy code
+   ├─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                    letsencrypt-prod                create     
 -   ├─ kubernetes:helm.sh:Chart                                    letsencrypt-prod                delete     
 -   │  └─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                 cert-maanger/letsencrypt-prod   delete
And the URNs:
Copy code
├─ kubernetes:<http://helm.sh/v2:Chart|helm.sh/v2:Chart>                                                              letsencrypt-prod
    │  │  URN: urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart::letsencrypt-prod|helm.sh/v2:Chart::letsencrypt-prod>
    │  └─ kubernetes:<http://cert-manager.io/v1alpha2:ClusterIssuer|cert-manager.io/v1alpha2:ClusterIssuer>                                     cert-maanger/letsencrypt-prod
    │        URN: urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod>
The let´s encrypt prod and cert-manager/lets-encrypt-prod are the same resource. I tried setting an alias like this on the new resource:
Copy code
aliases: [
      {
        name: "cert-manager/letsencrypt-prod",
        type: "kubernetes:<http://cert-manager.io/v1alpha2:ClusterIssuer|cert-manager.io/v1alpha2:ClusterIssuer>",
        parent: "kubernetes:<http://helm.sh/v2:Chart::letsencrypt-prod|helm.sh/v2:Chart::letsencrypt-prod>",
      },
I tried multiple combinations, with and without full urn´s, with and without parent, but same result. Am I missing something?
g

gorgeous-egg-16927

04/17/2020, 10:45 PM
It looks like the
name
should be
cert-maanger/letsencrypt-prod
. Looks like you had a typo in the original chart, perhaps?
p

polite-motherboard-78438

04/18/2020, 10:15 AM
ahh, good catch. 😉