To track the progress of Stack CustomResources (CRs) you can:
Tail the operator logs e.g.,
kubectl logs pulumi-kubernetes-operator-5488b96dcd-dkmm9 -f
Or, you can get the stack details.
kubectl get stack s3-bucket-stack -o json
In the details stack.status
will show:
- A permalink URL for the Stack in the Pulumi Service when available.
- The last commit
state
of the Pulumi program that has been successfully deployed, and - Any Pulumi stack outputs that exist.
{
...
"status": {
"lastUpdate": {
"permalink": "https://app.pulumi.com/metral/s3-op-project/dev/updates/1",
"state": "bd1edfac28577d62068b7ace0586df595bda33be"
},
"outputs": {
"bucketNames": [
"my-bucket-0-5f38fc3",
"my-bucket-1-588d2e8"
]
}
}
}
Create an NGINX Deployment in the same cluster as the operator, using its ServiceAccount.
Based on what backend you have chosen, choose from one of the following set of instructions:
When using the Pulumi SaaS backend:
- Download
nginx_k8s_stack.yaml
. - Update the Pulumi API token Secret to use your Pulumi credentials.
- Update the
stack
org to match your account, leaving the stack project name as-is to work with the example repo'sPulumi.yaml
. - Deploy the Stack CustomResource:
kubectl apply -f nginx_k8s_stack.yaml
When using the S3 Bucket backed state backend:
- Download
s3backend/nginx_k8s_stack.yaml
. - Update
backend
reference in the spec to refer to the S3 bucket where state should be stored. - Update the
aws-creds-secret
secret to refer to AWS credentials necessary to access the state backend bucket. - Update the
KMS Key ARN
and region to refer to the KMS key to use as a secrets encryption provider. - Deploy the Stack CustomResource:
kubectl apply -f s3backend/nginx_k8s_stack.yaml
kubectl get stack nginx-k8s-stack -o json
Click to expand stack details
{
"apiVersion": "pulumi.com/v1",
"kind": "Stack",
"metadata": {
"finalizers": [
"finalizer.stack.pulumi.com"
],
"generation": 1,
"name": "nginx-k8s-stack",
"namespace": "default",
"resourceVersion": "12091631",
"selfLink": "/apis/pulumi.com/v1/namespaces/default/stacks/nginx-k8s-stack",
"uid": "83d321cd-cef5-4176-97e0-b4579ad702c0"
},
"spec": {
"accessTokenSecret": "pulumi-api-secret",
"commit": "2b0889718d3e63feeb6079ccd5e4488d8601e353",
"destroyOnFinalize": true,
"projectRepo": "https://github.com/metral/pulumi-nginx",
"stack": "metral/nginx/dev"
},
"status": {
"lastUpdate": {
"permalink": "https://app.pulumi.com/metral/nginx/dev/updates/1",
"state": "2b0889718d3e63feeb6079ccd5e4488d8601e353"
},
"outputs": {
"name": "nginx-043u51ml"
}
}
}
If destroyOnFinalize: true
was set on the Stack when created, it will destroy
the stack's resources and the stack before the CR is deleted.
kubectl delete stack nginx-k8s-stack
# For SaaS backend
kubectl delete secret pulumi-api-secret
# For S3 backend
kubectl delete secret aws-creds-secret
Deploys an AWS S3 Buckets Stack and its AWS secrets.
Based on what backend you have chosen, choose from one of the following set of instructions:
- Download
s3_bucket_stack.yaml
to start with a simple example. - Update the Pulumi API token Secret,
stack
, and the cloud provider Secret to use your Pulumi and AWS credentials. - Deploy the Stack CustomResource:
kubectl apply -f s3_bucket_stack.yaml
- Download
s3backend/s3_bucket_stack.yaml
to start with a simple example. - Update
backend
reference in the spec to refer to the S3 bucket where state should be stored. - Update the
pulumi-aws-secrets
secret to refer to AWS credentials necessary to access the state backend bucket. - Update the
KMS Key ARN
andregion
to refer to the KMS key to use as a secrets encryption provider. - Deploy the Stack CustomResource:
kubectl apply -f s3backend/s3_bucket_stack.yaml
kubectl get stack s3-bucket-stack -o json
Click to expand stack details
{
"apiVersion": "pulumi.com/v1",
"kind": "Stack",
"metadata": {
"finalizers": [
"finalizer.stack.pulumi.com"
],
"generation": 1,
"name": "s3-bucket-stack",
"namespace": "default",
"resourceVersion": "10967723",
"selfLink": "/apis/pulumi.com/v1/namespaces/default/stacks/s3-bucket-stack",
"uid": "84166e1e-be47-47f8-8b6c-01474c37485b"
},
"spec": {
"accessTokenSecret": "pulumi-api-secret-itolsj",
"commit": "bd1edfac28577d62068b7ace0586df595bda33be",
"config": {
"aws:region": "us-east-2"
},
"destroyOnFinalize": true,
"envSecrets": [
"pulumi-aws-secrets-ont5hl"
],
"projectRepo": "https://github.com/metral/test-s3-op-project",
"stack": "metral/s3-op-project/dev"
},
"status": {
"lastUpdate": {
"permalink": "https://app.pulumi.com/metral/s3-op-project/dev/updates/1",
"state": "bd1edfac28577d62068b7ace0586df595bda33be"
},
"outputs": {
"bucketNames": [
"my-bucket-0-5f38fc3",
"my-bucket-1-588d2e8"
]
}
}
}
Now, you can make a change to the CR - like changing the commit
to deploy to a different commit (e.g. cc5442870f1195216d6bc340c14f8ae7d28cf3e2
which adds another S3 bucket). Applying this to the cluster will drive a Pulumi deployment to update the stack.
kubectl apply -f ../stack-examples/yaml/s3_bucket_stack.yaml
If destroyOnFinalize: true
was set on the Stack when created, it will destroy
the stack's resources and the stack before the CR is deleted.
kubectl delete stack s3-bucket-stack
# For SaaS backend
kubectl delete secret pulumi-api-secret
# For S3 backend
kubectl delete secret pulumi-aws-secrets
Check out ext_s3_bucket_stack.yaml
for an extended options example.
Check out troubleshooting for more details.