on deploying a recent change to AWS Load Balancer Controller Pulumi Community #kubernetes

on deploying a recent change to AWS Load Balancer ...

purple-plumber-90981

02/28/2022, 2:00 AM

on deploying a recent change to AWS Load Balancer Controller via helm, pulumi seems to be having issues with naming on one of the sub-resources

IngressClassParams

.... the first time i run pulumi the pulumi logical-name of this resource is

kube-system/alb-ingress-class-params

but any subsequent run tries to replace it with another instance with the name

alb-ingress-class-params

(ie without the namespace prefix as part of the logical name). ... thoughts ??? ..... more details in thread

purple-plumber-90981

02/28/2022, 2:01 AM

this is what i get every time on second run of

pulumi up

with code unchanged

purple-plumber-90981

02/28/2022, 2:03 AM

in k8s the resource (being a crd instance) has no namespace as part of its name

Copy code

01:42:55 bmeehan@_ip-10-232-32-165:~$ kubectl get -A ingressclassparams

NAME                       GROUP-NAME   SCHEME   IP-ADDRESS-TYPE   AGE
alb-ingress-class-params                                           6m55s
01:43:11 bmeehan@_ip-10-232-32-165:~$

purple-plumber-90981

02/28/2022, 2:06 AM

Copy code

02:04:03 bmeehan@_ip-10-232-32-165:~$ kubectl describe -A ingressclassparams alb-ingress-class-params
Name:         alb-ingress-class-params
Namespace:    
Labels:       <http://app.kubernetes.io/instance=itplat-helm-alb-controller|app.kubernetes.io/instance=itplat-helm-alb-controller>
              <http://app.kubernetes.io/managed-by=pulumi|app.kubernetes.io/managed-by=pulumi>
              <http://app.kubernetes.io/name=aws-load-balancer-controller|app.kubernetes.io/name=aws-load-balancer-controller>
              <http://app.kubernetes.io/version=v2.4.0|app.kubernetes.io/version=v2.4.0>
              <http://helm.sh/chart=aws-load-balancer-controller-1.4.0|helm.sh/chart=aws-load-balancer-controller-1.4.0>
Annotations:  <none>
API Version:  elbv2.k8s.aws/v1beta1
Kind:         IngressClassParams
Metadata:
  Creation Timestamp:  2022-02-28T01:36:16Z
  Generation:          1
  Managed Fields:
    API Version:  elbv2.k8s.aws/v1beta1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:<http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>:
        f:labels:
          .:
          f:<http://app.kubernetes.io/instance|app.kubernetes.io/instance>:
          f:<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>:
          f:<http://app.kubernetes.io/name|app.kubernetes.io/name>:
          f:<http://app.kubernetes.io/version|app.kubernetes.io/version>:
          f:<http://helm.sh/chart|helm.sh/chart>:
    Manager:         pulumi-resource-kubernetes
    Operation:       Update
    Time:            2022-02-28T01:36:16Z
  Resource Version:  3142930
  UID:               60287f23-183c-4316-b9a3-ce5bd2ae063b
Events:              <none>

purple-plumber-90981

02/28/2022, 2:07 AM

the code to deploy this alb controller via helm is very basic :-

Copy code

# setup aws-load-balancer-controller (ALB) via helm
k8s_h_alb_controller = k8s.helm.v3.Chart(
    "itplat-helm-alb-controller",
    k8s.helm.v3.ChartOpts(
        chart="aws-load-balancer-controller",
        fetch_opts=k8s.helm.v3.FetchOpts(
            repo="<https://aws.github.io/eks-charts>",
        ),
        namespace='kube-system',
        transformations=[remove_status],
        values={
            "clusterName": pulumi_stack_info['name'],
            "createIngressClassResource": "true",
            "enableCertManager": "true",
            "ingressClassParams": {
                "name": "alb-ingress-class-params"
            }
        },
    ),
    opts=pulumi.ResourceOptions(depends_on=[k8s_h_cert_manager], provider=k8s_provider),
)

purple-plumber-90981

02/28/2022, 2:19 AM

note that on first run, the "namespace" value is passing down to the crd resource as an input because it is the namespace the helm chart is deployed into :-

Copy code

02:16:28 bmeehan@_ip-10-232-32-165:~$ pulumi stack export -s ipd-eks-apse2-configure | jq '.deployment.resources[]|select(.id=="alb-ingress-class-params").inputs'
{
  "apiVersion": "elbv2.k8s.aws/v1beta1",
  "kind": "IngressClassParams",
  "metadata": {
    "labels": {
      "<http://app.kubernetes.io/instance|app.kubernetes.io/instance>": "itplat-helm-alb-controller",
      "<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>": "pulumi",
      "<http://app.kubernetes.io/name|app.kubernetes.io/name>": "aws-load-balancer-controller",
      "<http://app.kubernetes.io/version|app.kubernetes.io/version>": "v2.4.0",
      "<http://helm.sh/chart|helm.sh/chart>": "aws-load-balancer-controller-1.4.0"
    },
    "name": "alb-ingress-class-params",
    "namespace": "kube-system"
  }
}
02:17:38 bmeehan@_ip-10-232-32-165:~$

purple-plumber-90981

02/28/2022, 2:20 AM

note2: its also in the output annotations

Copy code

02:17:38 bmeehan@_ip-10-232-32-165:~$ pulumi stack export -s ipd-eks-apse2-configure | jq '.deployment.resources[]|select(.id=="alb-ingress-class-params").outputs.metadata.annotations'
{
  "<http://kubectl.kubernetes.io/last-applied-configuration|kubectl.kubernetes.io/last-applied-configuration>": "{\"apiVersion\":\"elbv2.k8s.aws/v1beta1\",\"kind\":\"IngressClassParams\",\"metadata\":{\"labels\":{\"<http://app.kubernetes.io/instance\|app.kubernetes.io/instance\>":\"itplat-helm-alb-controller\",\"<http://app.kubernetes.io/managed-by\|app.kubernetes.io/managed-by\>":\"pulumi\",\"<http://app.kubernetes.io/name\|app.kubernetes.io/name\>":\"aws-load-balancer-controller\",\"<http://app.kubernetes.io/version\|app.kubernetes.io/version\>":\"v2.4.0\",\"<http://helm.sh/chart\|helm.sh/chart\>":\"aws-load-balancer-controller-1.4.0\"},\"name\":\"alb-ingress-class-params\",\"namespace\":\"kube-system\"}}\n"
}
02:19:55 bmeehan@_ip-10-232-32-165:~$

purple-plumber-90981

02/28/2022, 2:22 AM

the details of the second run of

pulumi up

look like :-

purple-plumber-90981

02/28/2022, 2:22 AM

clearly showing the namespace is being dropped from the pulumi logical-resource name the second time around

purple-plumber-90981

02/28/2022, 2:24 AM

with the result of any second (or subsequent) run being

ingressclassparams.elbv2.k8s.aws "alb-ingress-class-params" already exists

purple-plumber-90981

02/28/2022, 2:25 AM

the upshot of which is that i cant replace my helm-deployed ALB now without destroying every service depending on it and removing it entirely and recreating it from scratch

purple-plumber-90981

02/28/2022, 2:26 AM

causing an significant outage of every service with an ALB backed ingress in my cluster every time ALB helm chart is updated

quiet-wolf-18467

02/28/2022, 7:23 AM

Can you open an issue, please? I’ll try to reproduce this morning and raise this with the correct people

purple-plumber-90981

02/28/2022, 8:50 PM

https://support.pulumi.com/hc/en-us/requests/1384 raised

rhythmic-whale-48997

05/25/2022, 1:49 PM

Any news on this? 🙂

victorious-engine-64347

06/29/2022, 2:25 PM

I am experiencing same issue. I created an issue @quiet-wolf-18467 https://github.com/pulumi/pulumi-kubernetes/issues/2035

Copy code

ingressclassparams.elbv2.k8s.aws "alb" already exists

victorious-engine-64347

06/29/2022, 10:57 PM

Solution Answer: https://github.com/pulumi/pulumi-kubernetes/issues/2035#issuecomment-1170230339 🚀 🚀

6 Views

Open in Slack

Previous Next