Hi all I am trying to fix some differences between the Pulum Pulumi Community #general

Hi all. I am trying to fix some differences betwee...

polite-motherboard-78438

04/11/2020, 2:59 PM

Hi all. I am trying to fix some differences between the Pulumi state and my K8s state, but I am having some troubles and would be nice to have some help. When I run

pulumi preview

, I get the following diff:

Copy code

+   ├─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                    letsencrypt-prod                create
 -   ├─ kubernetes:helm.sh:Chart                                    letsencrypt-prod                delete
 -   │  └─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                 cert-maanger/letsencrypt-prod   delete

The resource that Pulumi is trying to create is the same as the one it is trying to delete. (On K8s). I am not sure since when this happen, but It could be because the change the way the "lets-encrypt" resource is managed in Pulumi, from an Helm Chart to a Custom resource. Still If I run

pulumi up

it fails, saying with "error":

Copy code

resource cert-maanger/letsencrypt-prod was not successfully created by the Kubernetes API server : <http://clusterissuers.cert-manager.io|clusterissuers.cert-manager.io> "letsencrypt-prod" already exists. That´s normal, since Pulumi is trying to create a resource that already exists.

So I am trying to converge the pulumi state with the K8s cluster state. First I tried to manually delete the "letsencrypt" resource by it´s urn like so:

pulumi state delete urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2/:letsencrypt-prod|helm.sh/v2/:letsencrypt-prod>

It gave an error: error:

Copy code

This resource can't be safely deleted because the following resources depend on it: cert-maanger/letsencrypt-prod" (urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod>)

Ok. makes sense. Let´s try to delete de dependent resource first:

Copy code

pulumi state delete urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod> --force -y

Another error: "*error: No such resource "urnpulumidev:brunopazdevkuberneteshelm.sh/v2:Chartert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod" exists in the current state*" So I have a resource that depends on a resource that doesnt exist?? Has anybody have an idea how to fix this? Do I have to edit the state manually to remove this resources and then maybe importing the existing one from the Cluster state? Thank you.

gorgeous-egg-16927

04/13/2020, 3:05 PM

If the resource is the same, you can set the

aliases

opt on the resource. https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/#CustomResourceOptions-aliases Here’s an example of this in action: https://github.com/pulumi/pulumi-kubernetes/blob/352861d76c54879a0fd82a79d328192fee1927d0/sdk/nodejs/apps/v1/Deployment.ts#L123-L127

gorgeous-egg-16927

04/13/2020, 3:06 PM

Here’s a related blog post: https://www.pulumi.com/blog/cumundi-guest-post/

polite-motherboard-78438

04/17/2020, 5:46 PM

Hi Thanks. Didnt know about aliases. I have tried by it´s not working. Here is the output of pulumi preview for the particular resources

Copy code

+   ├─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                    letsencrypt-prod                create     
 -   ├─ kubernetes:helm.sh:Chart                                    letsencrypt-prod                delete     
 -   │  └─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                 cert-maanger/letsencrypt-prod   delete

And the URNs:

Copy code

├─ kubernetes:<http://helm.sh/v2:Chart|helm.sh/v2:Chart>                                                              letsencrypt-prod
    │  │  URN: urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart::letsencrypt-prod|helm.sh/v2:Chart::letsencrypt-prod>
    │  └─ kubernetes:<http://cert-manager.io/v1alpha2:ClusterIssuer|cert-manager.io/v1alpha2:ClusterIssuer>                                     cert-maanger/letsencrypt-prod
    │        URN: urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod>

The let´s encrypt prod and cert-manager/lets-encrypt-prod are the same resource. I tried setting an alias like this on the new resource:

Copy code

aliases: [
      {
        name: "cert-manager/letsencrypt-prod",
        type: "kubernetes:<http://cert-manager.io/v1alpha2:ClusterIssuer|cert-manager.io/v1alpha2:ClusterIssuer>",
        parent: "kubernetes:<http://helm.sh/v2:Chart::letsencrypt-prod|helm.sh/v2:Chart::letsencrypt-prod>",
      },

I tried multiple combinations, with and without full urn´s, with and without parent, but same result. Am I missing something?

gorgeous-egg-16927

04/17/2020, 10:45 PM

It looks like the

name

should be

cert-maanger/letsencrypt-prod

. Looks like you had a typo in the original chart, perhaps?

polite-motherboard-78438

04/18/2020, 10:15 AM

ahh, good catch. 😉

Open in Slack

Previous Next