当我使用 Pulumi 将资源部署到 Kubernetes 时,如果我犯了错误,Pulumi 会等待 Kubernetes 资源健康。
\n Type Name Status Info\n + pulumi:pulumi:Stack aws-load-balancer-controller-dev **creating failed** 1 error\n + \xe2\x94\x9c\xe2\x94\x80 jaxxstorm:aws:loadbalancercontroller foo created\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:yaml:ConfigFile foo-crd created\n + \xe2\x94\x82 \xe2\x94\x94\xe2\x94\x80 kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition targetgroupbindings.elbv2.k8s.aws created 1 warning\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:core/v1:Namespace foo-namespace created\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:core/v1:Service foo-webhook-service **creating failed** 1 error\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:rbac.authorization.k8s.io/v1:Role foo-role created\n + \xe2\x94\x9c\xe2\x94\x80 pulumi:providers:kubernetes k8s created\n + \xe2\x94\x9c\xe2\x94\x80 aws:iam:Role foo-role created\n + \xe2\x94\x82 \xe2\x94\x94\xe2\x94\x80 aws:iam:Policy foo-policy created\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:core/v1:Secret foo-tls-secret created\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:rbac.authorization.k8s.io/v1:ClusterRole foo-clusterrole created\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:admissionregistration.k8s.io/v1beta1:ValidatingWebhookConfiguration foo-validating-webhook created 1 warning\n + \xe2\x94\x9c\xe2\x94\x80 kubernetes:admissionregistration.k8s.io/v1beta1:MutatingWebhookConfiguration foo-mutating-webhook created 1 warning\n + \xe2\x94\x94\xe2\x94\x80 kubernetes:core/v1:ServiceAccount foo-serviceAccount **creating failed** 1 error\n C\nDiagnostics:\n kubernetes:core/v1:ServiceAccount (foo-serviceAccount):\n error: resource aws-load-balancer-controller/foo-serviceaccount was not successfully created by the Kubernetes API server : ServiceAccount "foo-serviceaccount" is invalid: metadata.labels: Invalid value: "arn:aws:iam::616138583583:role/foo-role-10b9499": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')\n\n kubernetes:core/v1:Service (foo-webhook-service):\n error: 2 errors occurred:\n * resource aws-load-balancer-controller/foo-webhook-service-4lpopjpr was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: Resource operation was cancelled for "foo-webhook-service-4lpopjpr"\n * Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods\n有没有办法禁用此功能,以便我不必向 Pulumi 发送信号来终止?
\nPulumi 对 Kubernetes 资源有特殊的等待逻辑。您可以在这里阅读更多相关内容
Pulumi 将等待 Kubernetes 资源“健康”。“健康”的定义可能会根据所创建的资源而变化,但通常 Pulumi 会等待资源:
您可以通过向该资源添加注释来跳过此逻辑,如下所示:
pulumi.com/skipAwait: "true"
您还可以使用以下示例更改超时或 Pulumi 将等待的时间:
pulumi.com/timeoutSeconds: 600
这会添加到您使用 Pulumi 管理的任何 Kubernetes 资源中,例如,服务资源可能如下所示(使用 Pulumi 的 typescript SDK):
const service = new k8s.core.v1.Service(`${name}-service`, {
metadata: {
namespace: "my-service",
},
annotations: {
"pulumi.com/timeoutSeconds": "60" // Only wait 1 minute for pulumi to timeout
"pulumi.com/skipAwait": "true" // don't use the await logic at all
}
spec: {
ports: [{
port: 443,
targetPort: 9443,
}],
selector: {
"app.kubernetes.io/name": "my-deployment",
"app.kubernetes.io/instance": "foo",
},
},
});
| 归档时间: |
|
| 查看次数: |
1847 次 |
| 最近记录: |