sparse-intern-71089
09/21/2021, 9:49 AMgorgeous-country-43026
09/21/2021, 9:50 AMgorgeous-country-43026
09/21/2021, 9:54 AMgorgeous-country-43026
09/21/2021, 9:55 AMgorgeous-country-43026
09/21/2021, 10:09 AMexport const certManager = new k8s.helm.v3.Chart("cert-manager", {
chart: "cert-manager",
version: "v1.3.1",
fetchOpts: {
repo: "<https://charts.jetstack.io>"
},
namespace: nginxIngressNamespace.metadata.name,
values: {
installCRDs: true,
nodeSelector: rootDefs.systemNodeLabels,
webhook: {
nodeSelector: rootDefs.systemNodeLabels
},
cainjector: {
nodeSelector: rootDefs.systemNodeLabels
},
securityContext: {
fsGroup: 1001,
runAsUser: 1001
}
}
}, {provider: cluster.k8sProvider});
gorgeous-country-43026
09/21/2021, 10:09 AMgorgeous-country-43026
09/21/2021, 10:10 AMgorgeous-country-43026
09/21/2021, 10:10 AMgorgeous-country-43026
09/21/2021, 10:11 AMgorgeous-country-43026
09/21/2021, 10:31 AMgorgeous-country-43026
09/21/2021, 10:31 AMgorgeous-country-43026
09/21/2021, 10:31 AMgorgeous-country-43026
09/21/2021, 11:03 AMgorgeous-country-43026
09/21/2021, 11:25 AMgorgeous-country-43026
09/21/2021, 11:25 AMexport const certManager = new k8s.yaml.ConfigFile("cert-manager", {
file: "cert-manager/cert-manager.yaml",
transformations: [
// force all deployments to system nodes
(obj: any, opts: pulumi.CustomResourceOptions) => {
if (obj.kind === 'Deployment') {
obj.spec.nodeSelector = rootDefs.systemNodeLabels
}
},
// Set security context for all deployments to non root
(obj: any, opts: pulumi.CustomResourceOptions) => {
if (obj.kind === "Deployment") {
obj.spec.securityContext = {
fsGroup: 1001,
runAsUser: 1001
}
}
},
]
}, {provider: cluster.k8sProvider});
gorgeous-country-43026
09/21/2021, 11:25 AMgorgeous-country-43026
09/21/2021, 11:25 AMgorgeous-country-43026
09/21/2021, 11:26 AMgorgeous-country-43026
09/21/2021, 12:21 PMgorgeous-country-43026
09/21/2021, 12:21 PMgorgeous-country-43026
09/21/2021, 12:21 PMgorgeous-country-43026
09/21/2021, 12:22 PMgorgeous-country-43026
09/21/2021, 12:34 PMgorgeous-country-43026
09/21/2021, 12:35 PMgorgeous-country-43026
09/21/2021, 1:07 PMpulumi up
it again freezes. The way to get it past this is to do a az aks get-credentials...
to get the valid credentials to that cluster to your local .kube/config
as the active context. If after this one runs pulumi up
it doesn't freeze and passes.
To me this sounds like helm chart support in Pulumi does not respect the provider configuration. Which to me sounds like a very bad bug waiting to destroy things in a horrible way. The reason why it hang was because my .kube/config
was pointing to a non-existing cluster (one I had just wiped out).billowy-army-68599
billowy-army-68599
gorgeous-country-43026
09/22/2021, 5:15 AMgorgeous-country-43026
09/22/2021, 5:15 AMgorgeous-country-43026
09/22/2021, 5:16 AMgorgeous-country-43026
09/22/2021, 5:17 AMbillowy-army-68599
gorgeous-country-43026
09/23/2021, 6:50 AMgorgeous-country-43026
09/23/2021, 6:51 AM