dry-salesmen-32588
03/25/2022, 8:15 AMprehistoric-activity-61023
03/25/2022, 8:44 AMOutput.all
should do the trickapply
somerandomstring = importantresource.id.apply(lambda _id: f"{_id}stuff")
concat
function available:
somerandomstring = pulumi.Output.concat(importantresource.id, "stuff")
dry-salesmen-32588
03/25/2022, 8:46 AMprehistoric-activity-61023
03/25/2022, 8:47 AMdry-salesmen-32588
03/25/2022, 8:47 AMprehistoric-activity-61023
03/25/2022, 8:47 AMpulumi.Input
and resolve this just finedry-salesmen-32588
03/25/2022, 8:47 AMprehistoric-activity-61023
03/25/2022, 8:48 AMpulumi.Output[str]
differently than str
under the hood so it should (implicitly) create a dependency graph between the resources.dry-salesmen-32588
03/25/2022, 8:50 AMprehistoric-activity-61023
03/25/2022, 8:54 AMdry-salesmen-32588
03/25/2022, 8:54 AMprehistoric-activity-61023
03/25/2022, 8:54 AMdry-salesmen-32588
03/25/2022, 8:54 AMprehistoric-activity-61023
03/25/2022, 8:55 AMsomeconfig
?dry-salesmen-32588
03/25/2022, 8:55 AMprehistoric-activity-61023
03/25/2022, 8:56 AMdry-salesmen-32588
03/25/2022, 8:56 AMprehistoric-activity-61023
03/25/2022, 8:56 AMdry-salesmen-32588
03/25/2022, 8:56 AMprehistoric-activity-61023
03/25/2022, 8:56 AMdry-salesmen-32588
03/25/2022, 8:57 AMprehistoric-activity-61023
03/25/2022, 8:57 AMapply/concat/all
, everything should be fine.dry-salesmen-32588
03/25/2022, 8:58 AMprehistoric-activity-61023
03/25/2022, 9:00 AMformat
or even string concatenation -> you’re gonna harm yourself 😉dry-salesmen-32588
03/25/2022, 9:01 AMprehistoric-activity-61023
03/25/2022, 9:01 AMdry-salesmen-32588
03/25/2022, 9:02 AMprehistoric-activity-61023
03/25/2022, 9:02 AMdry-salesmen-32588
03/25/2022, 9:02 AMprehistoric-activity-61023
03/25/2022, 9:03 AMdry-salesmen-32588
03/25/2022, 9:04 AMprehistoric-activity-61023
03/25/2022, 9:04 AMvalues=Output.all([first_res.id, second_res.id]).apply(lambda res: {
"server": ...
})
dry-salesmen-32588
03/25/2022, 9:04 AMprehistoric-activity-61023
03/25/2022, 9:04 AMdry-salesmen-32588
03/25/2022, 9:04 AMprehistoric-activity-61023
03/25/2022, 9:06 AMdry-salesmen-32588
03/25/2022, 9:06 AMprehistoric-activity-61023
03/25/2022, 9:06 AMvaulthcl
function?dry-salesmen-32588
03/25/2022, 9:06 AMprehistoric-activity-61023
03/25/2022, 9:07 AMvaulthcl.format
with proper Output.all
calldry-salesmen-32588
03/25/2022, 9:07 AMprehistoric-activity-61023
03/25/2022, 9:07 AMdry-salesmen-32588
03/25/2022, 9:08 AMprehistoric-activity-61023
03/25/2022, 9:08 AMvaulthcl.format
got stringified version of the Output object and not the real valuedry-salesmen-32588
03/25/2022, 9:08 AMprehistoric-activity-61023
03/25/2022, 9:08 AMapply
or all
(in case you need to rely on more than one output)concat
(but it’s totally fine to use more generic apply
and all
)dry-salesmen-32588
03/25/2022, 9:09 AMprehistoric-activity-61023
03/25/2022, 9:10 AMOutput.all
from the screenshotdry-salesmen-32588
03/25/2022, 9:10 AMprehistoric-activity-61023
03/25/2022, 9:10 AMdry-salesmen-32588
03/25/2022, 9:11 AMprehistoric-activity-61023
03/25/2022, 9:12 AMdry-salesmen-32588
03/25/2022, 9:13 AMprehistoric-activity-61023
03/25/2022, 9:13 AM{0}
with proper reference to l
variable from lambda argumentsdry-salesmen-32588
03/25/2022, 9:13 AMprehistoric-activity-61023
03/25/2022, 9:15 AMdef format_vault_hcl(kms_key_id: Output[str], ...) -> Output[str]:
Output.all(kms_key_id, ...).apply(lambda args: ...)
dry-salesmen-32588
03/25/2022, 9:15 AMprehistoric-activity-61023
03/25/2022, 9:16 AMdry-salesmen-32588
03/25/2022, 9:16 AMprehistoric-activity-61023
03/25/2022, 9:16 AMdry-salesmen-32588
03/25/2022, 9:16 AMprehistoric-activity-61023
03/25/2022, 9:26 AMdry-salesmen-32588
03/25/2022, 2:13 PM# Creating vault namespace
namespace=Namespace("vault", opts=ResourceOptions(provider=k8s_provider))
certmgryaml=Output.all(namespace.id).apply(lambda l: ConfigGroup("selfsigned_crtmgr", yaml='''apiVersion: <http://cert-manager.io/v1|cert-manager.io/v1> \
kind: Issuer \
metadata: \
name: vault-selfsigned \
namespace: {l[0]} \
spec: \
selfSigned: {{}} \
--- \
apiVersion: <http://cert-manager.io/v1|cert-manager.io/v1> \
kind: Certificate \
metadata: \
name: selfsigned-cert \
namespace: {namespace.id} \
spec: \
commonName: vault \
usages: \
- server auth \
dnsNames: \
- vault \
- vault.{l[0]} \
- vault.{l[0]}.svc \
- vault.{l[0]}.svc.cluster.local \
ipAddresses: \
- 127.0.0.1 \
secretName: vault-selfsigned-cert-tls \
issuerRef: \
name: vault-selfsigned''', opts=ResourceOptions(provider=k8s_provider)))
prehistoric-activity-61023
03/25/2022, 2:59 PMselfSigned: {{}}
namespace: {namespace.id}
should be replaced with:
namespace: {l[0]}
from pulumi_kubernetes.apiextensions import CustomResource
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.meta.v1 import ObjectMetaArgs
namespace = Namespace(
"vault",
opts=pulumi.ResourceOptions(
provider=k8s_provider,
),
)
issuer = CustomResource(
"test-issuer",
api_version="<http://cert-manager.io/v1|cert-manager.io/v1>",
kind="Issuer",
metadata=ObjectMetaArgs(
name="vault-selfsigned",
namespace=namespace.metadata.name,
),
spec={
"selfSigned": {}
},
opts=pulumi.ResourceOptions(
provider=k8s_provider,
),
)
certificate = CustomResource(
"test-certificate",
api_version="<http://cert-manager.io/v1|cert-manager.io/v1>",
kind="Certificate",
metadata=ObjectMetaArgs(
name="selfsigned-cert",
namespace=namespace.metadata.name,
),
spec={
"commonName": "vault",
"usages": [
"server auth",
],
"dnsNames": [
"vault",
pulumi.Output.concat("vault.", namespace.metadata.name),
pulumi.Output.concat("vault.", namespace.metadata.name, ".svc"),
pulumi.Output.concat("vault.", namespace.metadata.name, ".svc.cluster.local"),
],
"ipAddresses": [
"127.0.0.1",
],
"secretName": "vault-selfsigned-cert-tls",
"issuerRef": {
"name": "issuer",
},
},
opts=pulumi.ResourceOptions(
provider=k8s_provider,
depends_on=[issuer],
),
)
Issuer
is NOT gonna be created before the namespace because it uses the namespace object (namespace.metadata.name
) - that creates an implicit dependency between these 2 resources
• actually, I wasn’t able to repeat the trick with name in case of Certificate
and Issuer
and that’s why I used depends_on
and explicitly stated that they depend on each other (although, I guess it would be possible to create the simultaneously and it will eventually resolve itself)vault-0fumaikh
). If you want it to be named just vault
, pass the metadata.name
explicitly while creating it.dnsNames
like this as well:
namespace.metadata.name.apply(lambda name: [
"vault",
f"vault.{name}",
f"vault.{name}.svc",
f"vault.{name}.svc.cluster.local",
])
I hope all that is gonna help you or at least guide you in the right direction 🙂.dry-salesmen-32588
03/28/2022, 10:52 AM