https://pulumi.com logo
Title
a

adamant-terabyte-3965

07/15/2022, 4:50 PM
I'm trying to create two identical environments in different namespaces on the same EKS cluster. What I expected to happen is that Pulumi would detect existing resources that would be shared and only create ones that are needed in the new namespace. That's mostly true except for when I
pulumi up
it tries to create all resources, which causes it to error out with the following error:
kubernetes:core/v1:ServiceAccount (aws-lb-controller-sa):
    error: resource kube-system/lb-serviceaccount was not successfully created by the Kubernetes API server : serviceaccounts "lb-serviceaccount" already exists
At this point the ServiceAccount for my load balancer exists on the
kube-system
namespace, and doesn't need creation in the new namespace. How do I get Pulumi to discover existing resources (in this case, my load balancer ServiceAccount) in a different namespace or at least not try and error out attempting to recreate the existing ServiceAccount? I've tried to run
pulumi refresh
on my newly created stack, but it doesn't seem to change anything.
I've also considered just separating out cluster-specific stuff into another project, though I'm not sure which is the best practice
b

billowy-army-68599

07/15/2022, 5:30 PM
@adamant-terabyte-3965 Pulumi drives towards a desired state. In this case, you’ve defined something in your pulumi program, and it doesn’t exist in Pulumi’s state. When something doesn’t exist in Pulumi’s state, Pulumi assumes it needs to be created. If it exists in the cloud provider, you’ll get the error you’re seeing To fix this, you need to import the resource into Pulumi’s state so it knows about it. You can do this using an
import
resource provider or the
pulumi import
command: https://www.pulumi.com/docs/guides/adopting/import/
a

adamant-terabyte-3965

07/15/2022, 5:53 PM
Oh great thank you! If I'm understanding the import ID's correctly, do I need to export the import ID when I create that resource, or go into the Pulumi state in order to find it?
b

billowy-army-68599

07/15/2022, 6:45 PM
The import id is just the resource name. It should be namespace/name
👀 1
a

adamant-terabyte-3965

07/15/2022, 6:46 PM
thank you!