更改 Pulumi 部署 Kubernetes 资源时的超时时间
Change Pulumi's timeout when deploying Kubernetes resources
我用Pulumi部署资源到Kubernetes时,如果出错,Pulumi会等待Kubernetes资源健康。
Type Name Status Info
+ pulumi:pulumi:Stack aws-load-balancer-controller-dev **creating failed** 1 error
+ ├─ jaxxstorm:aws:loadbalancercontroller foo created
+ ├─ kubernetes:yaml:ConfigFile foo-crd created
+ │ └─ kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition targetgroupbindings.elbv2.k8s.aws created 1 warning
+ ├─ kubernetes:core/v1:Namespace foo-namespace created
+ ├─ kubernetes:core/v1:Service foo-webhook-service **creating failed** 1 error
+ ├─ kubernetes:rbac.authorization.k8s.io/v1:Role foo-role created
+ ├─ pulumi:providers:kubernetes k8s created
+ ├─ aws:iam:Role foo-role created
+ │ └─ aws:iam:Policy foo-policy created
+ ├─ kubernetes:core/v1:Secret foo-tls-secret created
+ ├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRole foo-clusterrole created
+ ├─ kubernetes:admissionregistration.k8s.io/v1beta1:ValidatingWebhookConfiguration foo-validating-webhook created 1 warning
+ ├─ kubernetes:admissionregistration.k8s.io/v1beta1:MutatingWebhookConfiguration foo-mutating-webhook created 1 warning
+ └─ kubernetes:core/v1:ServiceAccount foo-serviceAccount **creating failed** 1 error
C
Diagnostics:
kubernetes:core/v1:ServiceAccount (foo-serviceAccount):
error: resource aws-load-balancer-controller/foo-serviceaccount was not successfully created by the Kubernetes API server : ServiceAccount "foo-serviceaccount" is invalid: metadata.labels: Invalid value: "arn:aws:iam::616138583583:role/foo-role-10b9499": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
kubernetes:core/v1:Service (foo-webhook-service):
error: 2 errors occurred:
* resource aws-load-balancer-controller/foo-webhook-service-4lpopjpr was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: Resource operation was cancelled for "foo-webhook-service-4lpopjpr"
* Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods
有没有办法禁用它,这样我就不必向 Pulumi 发送信号来终止?
Pulumi 在 Kubernetes 资源上有特殊的 await 逻辑。您可以阅读更多相关信息 here
Pulumi 将等待 Kubernetes 资源“健康”。 “健康”的定义可以根据正在创建的资源而改变,但通常 Pulumi 会等待资源:
- 存在
- 处于就绪状态(如果资源有一个)
您可以通过向该资源添加注释来跳过此逻辑,如下所示:
pulumi.com/skipAwait: "true"
您还可以使用以下示例更改超时时间或 Pulumi 等待的时间:
pulumi.com/timeoutSeconds: 600
这会添加到您使用 Pulumi 管理的任何 Kubernetes 资源中,例如,服务资源可能如下所示(使用 Pulumi 的 typescript SDK):
const service = new k8s.core.v1.Service(`${name}-service`, {
metadata: {
namespace: "my-service",
},
annotations: {
"pulumi.com/timeoutSeconds": "60" // Only wait 1 minute for pulumi to timeout
"pulumi.com/skipAwait": "true" // don't use the await logic at all
}
spec: {
ports: [{
port: 443,
targetPort: 9443,
}],
selector: {
"app.kubernetes.io/name": "my-deployment",
"app.kubernetes.io/instance": "foo",
},
},
});
我用Pulumi部署资源到Kubernetes时,如果出错,Pulumi会等待Kubernetes资源健康。
Type Name Status Info
+ pulumi:pulumi:Stack aws-load-balancer-controller-dev **creating failed** 1 error
+ ├─ jaxxstorm:aws:loadbalancercontroller foo created
+ ├─ kubernetes:yaml:ConfigFile foo-crd created
+ │ └─ kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition targetgroupbindings.elbv2.k8s.aws created 1 warning
+ ├─ kubernetes:core/v1:Namespace foo-namespace created
+ ├─ kubernetes:core/v1:Service foo-webhook-service **creating failed** 1 error
+ ├─ kubernetes:rbac.authorization.k8s.io/v1:Role foo-role created
+ ├─ pulumi:providers:kubernetes k8s created
+ ├─ aws:iam:Role foo-role created
+ │ └─ aws:iam:Policy foo-policy created
+ ├─ kubernetes:core/v1:Secret foo-tls-secret created
+ ├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRole foo-clusterrole created
+ ├─ kubernetes:admissionregistration.k8s.io/v1beta1:ValidatingWebhookConfiguration foo-validating-webhook created 1 warning
+ ├─ kubernetes:admissionregistration.k8s.io/v1beta1:MutatingWebhookConfiguration foo-mutating-webhook created 1 warning
+ └─ kubernetes:core/v1:ServiceAccount foo-serviceAccount **creating failed** 1 error
C
Diagnostics:
kubernetes:core/v1:ServiceAccount (foo-serviceAccount):
error: resource aws-load-balancer-controller/foo-serviceaccount was not successfully created by the Kubernetes API server : ServiceAccount "foo-serviceaccount" is invalid: metadata.labels: Invalid value: "arn:aws:iam::616138583583:role/foo-role-10b9499": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
kubernetes:core/v1:Service (foo-webhook-service):
error: 2 errors occurred:
* resource aws-load-balancer-controller/foo-webhook-service-4lpopjpr was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: Resource operation was cancelled for "foo-webhook-service-4lpopjpr"
* Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods
有没有办法禁用它,这样我就不必向 Pulumi 发送信号来终止?
Pulumi 在 Kubernetes 资源上有特殊的 await 逻辑。您可以阅读更多相关信息 here
Pulumi 将等待 Kubernetes 资源“健康”。 “健康”的定义可以根据正在创建的资源而改变,但通常 Pulumi 会等待资源:
- 存在
- 处于就绪状态(如果资源有一个)
您可以通过向该资源添加注释来跳过此逻辑,如下所示:
pulumi.com/skipAwait: "true"
您还可以使用以下示例更改超时时间或 Pulumi 等待的时间:
pulumi.com/timeoutSeconds: 600
这会添加到您使用 Pulumi 管理的任何 Kubernetes 资源中,例如,服务资源可能如下所示(使用 Pulumi 的 typescript SDK):
const service = new k8s.core.v1.Service(`${name}-service`, {
metadata: {
namespace: "my-service",
},
annotations: {
"pulumi.com/timeoutSeconds": "60" // Only wait 1 minute for pulumi to timeout
"pulumi.com/skipAwait": "true" // don't use the await logic at all
}
spec: {
ports: [{
port: 443,
targetPort: 9443,
}],
selector: {
"app.kubernetes.io/name": "my-deployment",
"app.kubernetes.io/instance": "foo",
},
},
});