https://pulumi.com logo
Join Slack
Powered by
Hello folks, not sure if that's strictly speaking ...
# aws
g
Hello folks, not sure if that's strictly speaking a 
aws-native
issue here or a pulumi (python here) one so I'll start here:
Copy code
cluster = Cluster(resource_name="eks",
                  args=ClusterArgs(role_arn=cluster_role.arn, version="1.32",
                                   resources_vpc_config=ClusterResourcesVpcConfigArgs(
                                       subnet_ids=vpc.private_subnet_ids,
                                       endpoint_public_access=True,
                                       endpoint_private_access=True,
                                       # public_access_cidrs=["0.0.0.0"]
                                   ),
                                   ),
                  opts=ResourceOptions(provider=awsn))
when changing the 
public_access_cidrs
the preview basically shows that every dependant resources will be replaced, oidc provider, roles depending on it.. and consequently any resources created with a sub sequent kubernetes provider? 1. is there a way to work around that ? or would that be a bug? 2. more generally, how does the plan work? any pointers would me appreciated, that's just to satisfy my curiosity
Something like it:
Copy code
Previewing update (dev):
     Type                              Name                 Plan        Info
     pulumi:pulumi:Stack               pulumi-dev                
 +-  ├─ aws-native:iam:OidcProvider    oidc-provider        replace     [diff: ~url]
 ~   ├─ aws-native:eks:Cluster         eks                  update      [diff: ~resourcesVpcConfig]
 +-  ├─ kubernetes:helm.sh/v3:Release  nginx-ingress        replace     [diff: +compat-allowNullValues,atomic,cleanupOnFail,dependencyUpdate,description,devel,disableCRDHooks,disableOpenapiValidation,disableWebhooks,forceUpdate,keyring,lint,name,postrender,recreatePods,renderSubchartNotes,replace,resetValues,reuseValues,skipAwait,skipCrds,timeout,values,verify,waitForJobs~provider,repositoryOpts]
 +-  ├─ pulumi:providers:kubernetes    kubernetes-provider  replace     [diff: ~kubeconfig]
 ~   └─ aws-native:iam:Role            vpc-cni-role         update      [diff: ~assumeRolePolicyDocument]
n
Do you know what version of 
aws-native
you are using?
g
latest avail i think
Copy code
poetry show pulumi-aws-native
 name         : pulumi-aws-native                                                                      
 version      : 1.28.0                                                                                 
 description  : A native Pulumi package for creating and managing Amazon Web Services (AWS) resources. 

dependencies
 - parver >=0.2.1
 - pulumi >=3.142.0,<4.0.0
 - semver >=2.8.1
run a different version in some production code (1.24.0) and had the same behaviour
n
For the resources that are being replaced, what properties of the cluster do they reference?
g
so i generate the kubeconfig dynamically with the 
cluster.name
cluster.endpoint
and 
cluster.certificate_authority_data
and the 
OidcProvider
relies on 
cluster.open_id_connect_issuer_url
n
Do you have access to the full diff? I'm curious what information it shows on the fields that are changing
g
i ll provide something next week, i need to fly out in a bit
n
Ok cool. If you have an example program I could play around with you could also create an issue with it and I can debug it. https://github.com/pulumi/pulumi-aws-native/issues/new/choose
g
Open in Slack
PreviousNext
Powered by