https://pulumi.com logo
Title
p

plain-belgium-35196

01/04/2023, 10:55 PM
Hi teams, Try to create eks addon ebs-csi-controller-sa, but got this conflict error: [conflict with “pulumi-resource-kubernetes” using v1: .metadata.labels.app.kubernetes.io/managed-by](error: resource kube-system/ebs-csi-controller-sa was not successfully created by the Kubernetes API server : use the “pulumi.com/patchForce” annotation if you want to overwrite the existing values: Apply failed with 1 conflict: conflict with “pulumi-resource-kubernetes” using v1: .metadata.labels.app.kubernetes.io/managed-by)
b

billowy-army-68599

01/04/2023, 11:18 PM
It looks to be already installed?
p

plain-belgium-35196

01/05/2023, 2:33 AM
Yes. This might be this scenario.
The scenario is Pulumi will add this label, app.kubernetes.io/managed-by, with the value as “pulumi” automatically. However it conflict with the eks addon, so it will fail with conflict error message when I tried to create the addon via pulumi.
Do you have any idea about it?
b

billowy-army-68599

01/05/2023, 3:11 AM
if the app is already installed in your cluster, you need to remove it or import it into state instread of trying to reinstall it
p

plain-belgium-35196

01/05/2023, 4:25 AM
Got it. How to import it into state?
b

billowy-army-68599

01/05/2023, 4:38 AM
p

plain-belgium-35196

01/05/2023, 7:33 AM
Thanks
One more question is how I can check the return error, if the error is because of the resource is existing I can skip this error
b

billowy-army-68599

01/05/2023, 3:52 PM
You cannot, the kubernetes api is returning the error
does a service account with that name already exist?
p

plain-belgium-35196

01/09/2023, 6:29 PM
No. I created it first, for I need to annotate the role data on it for the addon
I mean the sa was created by my pulumi code before the addon
Got this error when I tried to import sa into pulumi.
kubernetes:core/v1:ServiceAccount (ebs-csi-node-sa):
    error: inputs to import do not match the existing resource
Could you please give me some ideas. thanks
b

billowy-army-68599

01/10/2023, 5:59 AM
the error is fairly self explanatory
p

plain-belgium-35196

01/10/2023, 7:17 AM
My question is what is the unmatched data and how I can fix it. I guess that is the labels. I tried to use “IgnoreChanges” to ignore these unmatched data, but I failed. My code is like this:
pulumi.IgnoreChanges([]string{"metadata.labels.*", "metadata.annotations.*"}))
Is the syntax right? Thanks a lot.
awsEbsCsiDriversa, err := corev1.NewServiceAccount(ctx, fmt.Sprintf("%s", _AwsEbsCsiDriverSaName), &corev1.ServiceAccountArgs{
			Metadata: &metav1.ObjectMetaArgs{
				ClusterName: eksCluster.Core.Cluster().Name(),
				Name:        pulumi.String(_AwsEbsCsiDriverSaName),
				Namespace:   pulumi.String(_KubeSystemNameSpaceName),
			},
		},
			pulumi.Provider(k8sProviderEnabledServerSideApply),
			pulumi.DependsOn([]pulumi.Resource{iamRole4AwsEbsCsiDriver}),
			pulumi.Import(pulumi.ID(fmt.Sprintf("%s/%s", _KubeSystemNameSpaceName, _AwsEbsCsiDriverSaName))),
			pulumi.Protect(true),
			pulumi.IgnoreChanges([]string{"metadata.labels.*", "metadata.annotations.*"}))
		if err != nil {
			return fmt.Errorf("error creating service account: %v", err)
		}
This is my code. I didn’t set labels here.
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2023-01-09T10:29:51Z"
  labels:
    <http://app.kubernetes.io/component|app.kubernetes.io/component>: csi-driver
    <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: EKS
    <http://app.kubernetes.io/name|app.kubernetes.io/name>: aws-ebs-csi-driver
    <http://app.kubernetes.io/version|app.kubernetes.io/version>: 1.14.0
  name: ebs-csi-controller-sa
  namespace: kube-system
  resourceVersion: "4479"
  uid: bc03278e-8591-47d9-a224-675a7f6f9000
This is the SA in kubernetes
b

billowy-army-68599

01/10/2023, 3:49 PM
You can’t
ignoreChanges
on an import, the inputs have to match. You’ll need to add the labels to your metadata
p

plain-belgium-35196

01/10/2023, 7:05 PM
Got it. Thanks.