Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
r
refined-terabyte-65361
08/26/2021, 8:59 PMI am trying to create vpc endpoint service using pulumi example
how to access arn of the service ?
https://www.pulumi.com/docs/reference/pkg/aws/ec2/vpcendpointservice/#network-load-balancers
l
little-cartoon-10569
08/26/2021, 9:23 PMThe VpcEndPointService resource has an arn output.
https://www.pulumi.com/docs/reference/pkg/aws/ec2/vpcendpointservice/#arn_nodejs
r
refined-terabyte-65361
08/26/2021, 9:28 PMSorry i mean arn of the nlb service which i will be adding in
VpcEndPointService
const configServiceSvc = new k8s.core.v1.Service(
"config-svc",
{
metadata: {
namespace: "kubernetes-dashboard",
name: "config",
annotations: {
"<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>": "nlb",
"<http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>": "true",
},
},
spec: {
type: "LoadBalancer",
ports: [
{
name: "http",
port: 8090,
targetPort: 8090,
},
],
},
},
{ provider: v.provider, dependsOn: namespace },
);l
little-cartoon-10569
08/26/2021, 9:34 PMSorry, I don't know about services within k8s. I'd have guessed that you'd have to use an AWS NLB. https://www.pulumi.com/docs/reference/pkg/aws/lb/loadbalancer/#arn_nodejs
r
refined-terabyte-65361
08/26/2021, 10:47 PM@little-cartoon-10569
Not specific to k8s but in general
I am creating aws nlb using pulumi
i want to see that the arn of the nlb after the resource is crated
want to check how to get the
networkLoadBalancerArns value
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2.VpcEndpointService("example", {
acceptanceRequired: false,
networkLoadBalancerArns: [aws_lb.example.arn],
});l
little-cartoon-10569
08/26/2021, 10:52 PMIf you have an NLB, then use its
arnUnfortunately, in your example, there is only a k8s load balancer service. I don't know how that creates an AWS load balancer behind the scenes (or even if it does create one at all).
If, for example, the load balancer is something inside your k8s cluster, then you're not going to be able to use it with VPC endpoints.
r
refined-terabyte-65361
08/26/2021, 10:54 PMya it creates nlb in aws
i tried arn like this but it gives error
Property 'arn' does not exist on type 'Service'.
const configServiceSvc = new k8s.core.v1.Service(
"config-service-svc",
{
metadata: {
namespace: "kubernetes-dashboard",
name: "config-service",
annotations: {
"<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>": "nlb",
"<http://service.beta.kubernetes.io/aws-load-balancer-internal|service.beta.kubernetes.io/aws-load-balancer-internal>": "true",
},
},
spec: {
type: "LoadBalancer",
ports: [
{
name: "http",
port: 8090,
targetPort: 8090,
},
],
},
},
{ provider: v.provider, dependsOn: namespace },
);
const example = new aws.ec2.VpcEndpointService("example", {
acceptanceRequired: false,
networkLoadBalancerArns: [configServiceSvc.arn],
});l
little-cartoon-10569
08/26/2021, 10:54 PMIn that example, there is no AWS load balancer (that I can see).
Just the one in k8s.
r
refined-terabyte-65361
08/26/2021, 10:55 PMbased on this annotation
"<http://service.beta.kubernetes.io/aws-load-balancer-type|service.beta.kubernetes.io/aws-load-balancer-type>": "nlbl
little-cartoon-10569
08/26/2021, 10:55 PMIf it does create an AWS load balancer, then you'll have to import it (if Pulumi is to manage it, which it might not?) or use
aws.alb.LoadBalancer.get()The object returned form
LoadBalander.get()arnUnfortunately, as far as I can tell, the only way to look up an existing load balancer is via its ARN. So, you may have to hard code that?
Or maybe if there's useful tags on it, you could use the AWS SDK to load all load balancers and filter by tag?
Sounds fairly laborious, either way 😞
r
refined-terabyte-65361
08/26/2021, 10:58 PMbut it is not existing resource
it will be created when i run pulumi up
when nlb gets created i want to use that nlb to create vpc endpoint service
sorry if i sound confusing 😞
l
little-cartoon-10569
08/26/2021, 11:01 PMIf it's not available during the 1st run, your options are to handle not being able to find it (and let the 2nd run of up find it), or use automation-api
You may even want to separate your code into projects...
I don't suppose the opposite is possible? Where you create the LB yourself, and tell k8s to use it?
That would be easier...
r
refined-terabyte-65361
08/26/2021, 11:03 PMactually it is part of cd pipeline i wont be able to manually create resources
harcoding arn works as expected
l
little-cartoon-10569
08/26/2021, 11:10 PMBut that is only going to work for now.. it's a workaround until you destroy resources.
If you can change the Pulumi program to create a load balancer, then change the service definition to use that load balancer, it would be more future-proof.
r
refined-terabyte-65361
08/26/2021, 11:12 PMyes i am creating load balancer using pulumi program
but not sure how to access arn of the load balancer
l
little-cartoon-10569
08/26/2021, 11:13 PMWhat I mean is: instead of creating the load balancer using
new k8s.core.v1.Service()new <http://aws.lb|aws.lb>.LoadBalancer()I'm reading the docs here and it doesn't look like this solution is supported 😞 https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html
I don't suppose the id property of the Service is the NLB arn, is it?
r
refined-terabyte-65361
08/26/2021, 11:18 PMi will try id once and see what it will generate
id dint work 😞
i will try to create nlb first and then import the resource arn and use it
l
little-cartoon-10569
08/27/2021, 12:07 AMGood luck. I couldn't see any way of achieving that using the Service class, but I've never used k8s, you're the expert here 🙂
s
steep-toddler-94095
08/27/2021, 1:22 AMcan you try
const nlbHostname = configServiceSvc.status.loadBalancer
.ingress[0].hostname
const awsAccountId = aws.getCallerIdentity().then(c => c.accountId)
const loadbalancer = LoadBalancer.get(
"somename",
awsLoadbalancerArn({ awsAccountId, lbHostname: nlbHostname })
)l
little-cartoon-10569
08/27/2021, 1:25 AMThat will work so long as the load balancer was created on a previous run.
If you destroy the stack and recreate, it'll mysteriously fail....
s
steep-toddler-94095
08/27/2021, 1:29 AMhmm i think the
getl
little-cartoon-10569
08/27/2021, 1:31 AMThe outputs from configServiceSvc all the way down to hostname all wait for the correct resources? That's smart. 😎
s
steep-toddler-94095
08/27/2021, 1:33 AMhaha yeah i'm not totally sure if it is guaranteed to work the first time but pulumi does do things like wait for deployment replicas to be ready so it isn't far fetched to think it might wait for the nlb to be provisioned as well for a service of type LoadBalancer
r
refined-terabyte-65361
08/27/2021, 1:40 AMsure i will try that and see if it works
@little-cartoon-10569 @steep-toddler-94095 Thanks a lot really appreciate your inputs 🙂
😛: 1