clever-policeman-58407
01/29/2024, 8:28 PMconfigurationValues
object when a certain environment is detected I would expect to be able to use Garden's $if; $then; $else
syntax to conditionally include or exclude that object.
i.e.
Starting from this:
SomeParentValue:
configurationValues:
debug: true
application_url: "localhost"
log_level: debug
I might then want to transition to a config like this:
SomeParentValue:
$if: ${local.env.DEBUG_MODE}
$then:
configurationValues:
debug: true
application_url: "localhost"
log_level: debug
This doesn't appear to function or validate. Is there a canonical way to achieve this?handsome-telephone-41387
01/30/2024, 8:10 PMmany-pizza-75746
02/01/2024, 5:25 AMbrave-notebook-73488
02/01/2024, 7:48 PMsome-engine-11706
02/06/2024, 1:29 PMkind: Module
type: kubernetes
name: ca-traefik
manifests:
- apiVersion: apps/v1
kind: Deployment
metadata:
name: ca-traefik
spec:
replicas: 1
selector:
matchLabels:
app: ca-traefik
template:
metadata:
labels:
app: ca-traefik
spec:
containers:
- name: ca-traefik
image: xxxx
ports:
- name: http
containerPort: 80
- apiVersion: v1
kind: Service
metadata:
name: ca-traefik
spec:
type: LoadBalancer
selector:
app: ca-traefik
ports:
- protocol: TCP
port: 80
targetPort: 80
kind: Module
type: kubernetes
name: ca-app
manifests:
- apiVersion: apps/v1
kind: Deployment
metadata:
name: ca-app
spec:
replicas: 1
selector:
matchLabels:
app: ca-app
template:
metadata:
labels:
app: ca-app
spec:
containers:
- name: ca-app
image: xxxxx
ports:
- name: http
containerPort: 8080
- apiVersion: v1
kind: Service
metadata:
name: ca-app
spec:
selector:
app: ca-app
ports:
- protocol: TCP
port: 8080
targetPort: 8080
kind: Module
type: container
name: ca-portal
image: xxxx
services:
- name: ca-portal
ports:
- name: http
containerPort: 8082
servicePort: 8080
ingresses:
- path: /
port: http
mammoth-flag-56137
02/12/2024, 6:57 AMsparse-easter-31125
02/14/2024, 6:03 AMaverage-umbrella-57073
02/16/2024, 2:14 PMcareful-wolf-76426
02/18/2024, 8:51 PMCommand "/Users/d/.garden/tools/mutagen/85054cb3eb04c4f0/mutagen sync create /Users/d/workspace/web-app-example/.garden/build/api exec:'/Users/d/.garden/tools/kubectl/1e94559bd98b1ec1/kubectl exec -i --context=arn:aws:eks:me-south-1:1234123:cluster/dev-dev-eks --namespace=example-garden-example-garden-d --container util Deployment/garden-util -- /.garden/mutagen-agent synchronizer':/data/8dd0cd22-01bf-4974-bea3-31792e90ecd7/api --name k8s--build-sync--remote-dev--example-garden-example-garden--api--ej46gf18 --sync-mode one-way-replica --default-file-mode 0644 --default-directory-mode 0755" failed with code 1:
Error: unable to connect to beta: unable to connect to endpoint: unable to dial agent endpoint: unable to handshake with agent process: unable to receive server magic number: EOF (error output: error: You must be logged in to the server (Unauthorized))
Here's the full output:
Connecting to agent (POSIX)...
Error: unable to connect to beta: unable to connect to endpoint: unable to dial agent endpoint: unable to handshake with agent process: unable to receive server magic number: EOF (error output: error: You must be logged in to the server (Unauthorized))
Any ideas how to debug this deploying to example project to EKS. Added ECR IAM permission. ⚠ build.api → Failed to start sync from Build api build path to Build sync Pod. 0 attempts left.
✖ build.api → Failed (took 46.2 sec)
ℹ deploy.api → Aborting because upstream dependency failed.
✖ build.api → Failed processing Build type=container name=api (took 50.83 sec). This is what happened:
Narrowed this down to kubectl not picking up the credentials when ran from garden cli. Tried with AWS env vars, sso and key in .aws/credentials. If I run the kubectl command passed to mutagen exec it works under same terminal so must be something to do with mutagen exec not getting creds?
Update: after loosing a day debugging this, restarted my mac and magically started working. Very odd. Must be bug somewhere with this stack.careful-wolf-76426
02/19/2024, 12:05 PMcareful-wolf-76426
02/19/2024, 9:34 PMtall-hair-97318
02/20/2024, 7:33 PMfreezing-pharmacist-34446
02/22/2024, 2:49 PMswift-spring-8620
02/23/2024, 5:03 PMkind: Deploy
type: helm
name: install-ngrok
varfiles:
- ngrok-helm-values.yml
spec:
chart:
name: ngrok-ingress-controller
repo: https://ngrok.github.io/kubernetes-ingress-controller
valueFiles:
- ngrok-helm-values.yml
# ngrok-helm-values.yml file
credentials:
apiKey: 'MY-API-KEY'
authtoken: 'MY-AUTH-TOKEN'
According to the ngrok installation guide, which can be found here: https://ngrok.com/docs/using-ngrok-with/k8s/ the helm chart should be installed as follows:
helm install ngrok-ingress-controller ngrok/kubernetes-ingress-controller \
--namespace ngrok-ingress-controller \
--create-namespace \
--set credentials.apiKey=$NGROK_API_KEY \
--set credentials.authtoken=$NGROK_AUTHTOKEN
Is there something I am doing incorrectly with how I have configured it inside of garden that could be causing the credentials to not be set correctly? Any help or support is very much appreciated.
Thanksorange-ability-1812
02/26/2024, 7:35 PMserviceAccount:my-project.svc.id.goog[my-k8s-namespace/k8s-sa-name]
and the KSA will automatically have the same permissions as the bound SA in GCP.
My question is if anyone has experience with getting this to work within garden?
The immediate problem is the namespace which is fixed (AFAIK) in the role binding.
There are things like Common Expression Language (CEL) and some additional matching roles that might help but I try not to lean on those too much as its pretty complex.
In lieu of using some cloud feature I was wondering if there might be a way to have something similar to the copySecret
option in the kubernetes
provider for service accounts in Garden.chilly-beard-31233
02/28/2024, 1:22 PMhandsome-telephone-41387
03/01/2024, 8:09 PMbright-policeman-43626
03/04/2024, 6:14 AMbright-policeman-43626
03/04/2024, 4:25 PMℹ api-demographics [silly] → Getting the release status for api-demographics
ℹ api-demographics [silly] → Execing '/Users/jhan.silva/.garden/tools/helm/e19cd5906fb2b863/darwin-arm64/helm --kube-context gke_develop_us-east1_dev-1s --namespace local-env status api-demographics --output json' in /Users/jhan.silva/.garden/tools/helm/e19cd5906fb2b863/darwin-arm64
ℹ api-demographics [silly] → Installing Helm release api-demographics
ℹ api-demographics [silly] → Execing '/Users/jhan.silva/.garden/tools/helm/e19cd5906fb2b863/darwin-arm64/helm --kube-context gke_develop_us-east1_dev-1s --namespace local-env install api-demographics /Users/jhan.silva/Documents/2024/projects/the-resurrection-of-garden/api/.garden/build/api/base-chart/ --namespace local-env --timeout 300s --values /Users/jhan.silva/Documents/2024/projects/the-resurrection-of-garden/api-demographics/.garden/build/api/base-chart/garden-values.yml --atomic' in /Users/jhan.silva/.garden/tools/helm/e19cd5906fb2b863/darwin-arm64
Not even with --log-level silly I can detect what's going on, it seems to be a Helm problem, but I have other deployment that gets deployed with remote sources that works just fine.
Version 0.12.61
miniature-jewelry-50722
03/06/2024, 12:12 AMchart/templates/service-a
chart/templates/service-b
chart/templates/service-c
And we have a monorepo that is home to all our services, which look something like:
packages/service-a
packages/service-b
packages/service-c
Right now the chart is really only used in production, and for dev we have garden setup using Container Modules for each of our services (rather than Kubernetes or Helm). The plan is to make the helm chart flexible enough for both prod and dev, and Garden could use Helm Modules against it.
I'm trying to steer clear of completely renovating the helm chart and not separate each service into it's own chart, I think that'd be the cleanest solution, but it would be a large lift that I don't think we're ready for, is there possibly an in-between solution that you can think of or have experience with in the past? Or even a public repo I could reference would be awesome!bright-policeman-43626
03/06/2024, 7:54 AMsources.name
from the project-config to bring sources or microservices that are dependencies of the microservice I'm developing at the moment.
Would it be possible to allow the sources to also be a path
similar to the way that the module sources
work? (allows both URL/Folder).
That would be amazing!
cc @freezing-pharmacist-34446
https://cdn.discordapp.com/attachments/1214843614442815508/1214843614987816990/image.png?ex=65fa9648&is=65e82148&hm=954f3ac7080f56c0c50fce7088a4214913a9ebec9e37a4d62efa252bb2224b5a&agreeable-motorcycle-74046
03/12/2024, 9:33 AMchilly-beard-31233
03/12/2024, 2:03 PMthousands-train-42002
03/12/2024, 6:50 PMfreezing-quill-12960
03/20/2024, 7:49 AMbright-policeman-43626
03/22/2024, 6:36 PMstocky-hair-84003
04/05/2024, 1:31 AMcluster-buildkit
remote environment so that I can pull from a private repo during a build?
I've been researching using Garden for building our enterprise applications which use Node's NPM and PHP Composer with lots of packages pulled from private repositories during the build.
Ideally I'd like to use cluster-buildkit
to build inside our remote k8s cluster, however I haven't been able to find a way to pass secrets into a remote build.
We currently build in Jenkins using buildkit's experiental SSH mounts in the Dockerfile (eg RUN --mount=type=ssh composer install
) which avoids pushing ssh keys into images during the build, and we'd like to retain that method.
Am I missing something obvious or is this method not currently supported?acceptable-easter-34090
04/09/2024, 7:16 AMyaml
.build-template:
stage: build
image: paketobuildpacks/builder-jammy-tiny:latest
script:
- /cnb/lifecycle/creator -app=. -tag=$IMAGE_TAG_LATEST $IMAGE_TAG_VERSION
What is the best approach to use it with Garden ?
Edit: also, this issue is talking about a "spring boot hot reload" example, but the link leads to a 404. Where are the examples now?bright-policeman-43626
04/11/2024, 5:45 PMopenssl rand -base64 12
gives me a random string that I could usebreezy-queen-93424
04/11/2024, 6:39 PMproject.garden.yml
with three other repos on github linked as sources
. sources[].repositoryUrl
is github ssh
protocol (git@github.com:owner/repo.git
)
2. we run garden deploy
on github actions to deploy to test, dev, prod environments and also on local machine for local development in dev clusters.
Now my question is, does anyone here has any experience in getting garden to pull sources on Github Actions runners from other repos in the same organization?
For my purposes, I don't want to use ssh keys on the runners or use PATs to authenticate the github org. I decided to GitHub apps, which is installed on all repos and I get a short lived token while running the workflow.
I would like to use this token to configure the git client on the runner and then make garden pull sources without running into auth issues. However I haven't been able to get it working.