Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
t
tall-shoe-66375
03/25/2021, 2:17 PMHello, has pulumi the management for ClusterIssuer on Kubernetes ?
b
brave-planet-10645
03/25/2021, 2:19 PMNot exactly... you can use a custom resource like the following...
t
tall-shoe-66375
03/25/2021, 2:20 PMshow me plis
b
brave-planet-10645
03/25/2021, 2:20 PMconst stagingCertificate = new k8s.apiextensions.CustomResource("stagingCertificate", {
apiVersion: "<http://cert-manager.io/v1alpha2|cert-manager.io/v1alpha2>",
kind: "ClusterIssuer",
metadata: {
name: "letsencrypt-staging",
namespace: certManagerNamespace.metadata.name
},
spec: {
acme: {
server: "<https://acme-staging-v02.api.letsencrypt.org/directory>",
email: "<mailto:email@example.com|email@example.com>",
privateKeySecretRef: {
name: "letsencrypt-staging"
},
solvers: [
{
http01: {
ingress: {
class: "nginx"
}
}
}
]
}
}
}, {provider: args.provider, parent: chart});(I'm assuming you're trying to do something like that)
π 1
t
tall-shoe-66375
03/25/2021, 2:21 PMyep!
cool
I have an issue importing a Instance DB from GCP
can you help me to figure out how to import ?
I used
pulumi import gcp:sql/databaseInstance:DatabaseInstance db_instance projects/mystical-moon-307818/instances/prod-mysqlgcp:sql:DatabaseInstance (db_instance):
error: gcp:sql/databaseInstance:DatabaseInstance resource 'db_instance' has a problem: AtLeastOne: "settings": one of `clone,settings` must be specified
error: gcp:sql/databaseInstance:DatabaseInstance resource 'db_instance' has a problem: AtLeastOne: "clone": one of `clone,settings` must be specified
error: Preview failed: one or more inputs failed to validatel
loud-helicopter-75345
03/25/2021, 2:26 PMthere's a video here regarding cert-manager if that's what you are looking for: https://www.pulumi.com/resources/certificates-as-code-with-pulumi-and-cert-manager/
They use crd2pulumi to auto create the types.
Another example here: https://www.pulumi.com/blog/introducing-crd2pulumi/#cert-manager-example
t
tall-shoe-66375
03/25/2021, 2:26 PMThanks @loud-helicopter-75345
π 2
l
loud-helicopter-75345
03/25/2021, 2:28 PMI found the CRD yaml here btw: https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm
b
brave-planet-10645
03/25/2021, 2:28 PMYou can use Helm to install it if you don't want to use crd2pulmi. I did this recently using this code:
const chart = new k8s.helm.v3.Chart("certmanagerchart", {
fetchOpts: {
repo: "<https://charts.jetstack.io>"
},
chart: "cert-manager",
namespace: certManagerNamespace.metadata.name,
values: {
installCRDs: true
}
}, {
provider: provider
});t
tall-shoe-66375
03/25/2021, 2:29 PMIt throwme a lot of issues so I installed directly using the Manifests, the clusterissuer is needed for manage the auto-renewal cert with Letsencrypt
l
loud-helicopter-75345
03/25/2021, 2:29 PMYeah but helm won't help you when you go to create a ClusterIssuer right as typescript doesn't have knowledge of the CRDs so can't do autocompleteion or type checking.
t
tall-shoe-66375
03/25/2021, 2:30 PMIt is correct, those need to be created separatelyβ¦
l
loud-helicopter-75345
03/25/2021, 2:30 PMYeah @Cesar it throws errors about hooks right? π
t
tall-shoe-66375
03/25/2021, 2:30 PMyep, even adding the repo on terminal using helm repo add β¦.
l
loud-helicopter-75345
03/25/2021, 2:30 PMI wonder how many people are going through the same process π
t
tall-shoe-66375
03/25/2021, 2:30 PMwith nginx all works like a charm
π 1
b
brave-planet-10645
03/25/2021, 2:31 PMDon't forget if you install things with helm on the command line it won't be in the pulumi state and therefore won't be managed by pulumi
π 1
t
tall-shoe-66375
03/25/2021, 2:32 PMyes, i know π
I have this error trying to use helm with cert manager
Error: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to pull chart: non-absolute URLs should be in form of repo_name/path_to_chart, got: jetstackb
brave-planet-10645
03/25/2021, 2:33 PMCan you paste the code you're using?
βοΈ 1
If you've literally copied and pasted my code you'll need to make sure
providerl
loud-helicopter-75345
03/25/2021, 2:34 PMActually looking at my code again. Cert-manager didn't throw me any errors when using Helm, the errors came from the ingress-nginx chart
t
tall-shoe-66375
03/25/2021, 2:35 PMexport const cert_manager_controller = new k8s.helm.v3.Chart("cert_manager_controller",
{
namespace: cert_manager_namespace,
chart: cert_manager_repo,
version: certManagerChartVersion,
//fetchOpts: {repo: "<https://charts.jetstack.io>"},
values: {
set: {
installCRDS: true,
},
},
},
{provider: clusterProvider, dependsOn: [namespace_cert_manager]},
);b
brave-planet-10645
03/25/2021, 2:36 PMI'm using helm for ingress-nginx as well... here's mine (which works)
const nginxIngress = new k8s.helm.v3.Chart(`${name}-helm`, {
fetchOpts: {
repo: "<https://kubernetes.github.io/ingress-nginx>"
},
chart: "ingress-nginx",
namespace: ingressNamespace.metadata.name,
values: {
controller: {
replicaCount: 1,
nodeSelector: {
"<http://beta.kubernetes.io/os|beta.kubernetes.io/os>": "linux"
},
admissionWebhooks: {
patch: {
nodeSelector: {
"<http://beta.kubernetes.io/os|beta.kubernetes.io/os>": "linux"
}
}
}
},
defaultBackend: {
nodeSelector: {
"<http://beta.kubernetes.io/os|beta.kubernetes.io/os>": "linux"
}
}
}
}, {provider: provider});π 1
@tall-shoe-66375 you've commented out
fetchOptsconst nginxIngress = new k8s.helm.v3.Chart("nginx-ingress", {
path: "./nginx-ingress",
});t
tall-shoe-66375
03/25/2021, 2:37 PMI added the // comment of fetchOpts after the error and installed with the manfiest
l
loud-helicopter-75345
03/25/2021, 2:45 PMInstead of:
values: {
set: {
installCRDS: true,
},
},values: {
installCRDS: true,
},Just like in @brave-planet-10645 example
β
1
t
tall-shoe-66375
03/25/2021, 2:50 PMHouston, works and I have some issues
π 1
as Cert Manager Installation mention for GCP
let me fix!
+ ββ kubernetes:<http://helm.sh/v3:Chart|helm.sh/v3:Chart> cert_manager_controller created
+ ββ kubernetes:core/v1:ServiceAccount cert-manager/cert_manager_controller-cert-manager-webhook **creating failed**
+ ββ kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRoleBinding|rbac.authorization.k8s.io/v1:ClusterRoleBinding> cert_manager_controller-cert-manager-controller-certificates **creating failed**
+ ββ kubernetes:core/v1:ServiceAccount cert-manager/cert_manager_controller-cert-manager-cainjector **creating failed**
+ ββ kubernetes:core/v1:ServiceAccount cert-manager/cert_manager_controller-cert-manager **creating failed**l
loud-helicopter-75345
03/25/2021, 3:04 PMYeah I'm not sure why that creation failed. there should be an error somewhere. π€·
t
tall-shoe-66375
03/25/2021, 3:12 PMRBAC
but the cert-manager.io is gone
at least here in Mexico I can not view
l
loud-helicopter-75345
03/25/2021, 3:24 PMOh yeah, it seems to be down atm
If you are looking for docs there is always the source: https://github.com/cert-manager/website/blob/master/content/en/docs/installation/kubernetes.md
t
tall-shoe-66375
03/25/2021, 3:29 PMGithub to the Rescue!!!
π 1
I need to create this firs with Pulumi:
Note: When running on GKE (Google Kubernetes Engine), you may encounter a 'permission denied' error when creating some of these resources. This is a nuance of the way GKE handles RBAC and IAM permissions, and as such you should 'elevate' your own privileges to that of a 'cluster-admin' before running the above command. If you have already run the above command, you should run them again after elevating your permissions:some error on cert-manager
kubernetes:apps/v1:Deployment (cert-manager/cert_manager_controller-cert-manager-cainjector):
error: resource cert-manager/cert_manager_controller-cert-manager-cainjector was not successfully created by the Kubernetes API server : Deployment.apps "cert_manager_controller-cert-manager-cainjector" is invalid: [metadata.name: Invalid value: "cert_manager_controller-cert-manager-cainjector": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. '<http://example.com|example.com>', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.serviceAccountName: Invalid value: "cert_manager_controller-cert-manager-cainjector": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. '<http://example.com|example.com>', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]l
loud-helicopter-75345
03/26/2021, 4:23 PMYeah it's just as it says, the "cert_manager_controller" value should be changed to use hyphens instead of underscores