I think you would also need to filter out Istio CRs to avoid cross-contamination. i.e. If I create a service entry with exportTo: ['*'] in a namespace not managed by a given mesh, it shouldn't appear in Envoys for that mesh. Having spoken to @harveyxia, #29802 doesn't ignore Istio resources created in a given namespace.

I did some more investigating and after deleting my go mod cache and re-downloading everything it appears to not be an issue. I have no idea what was causing it.

I'm trying to write my own provider using the boilerplate template but I think there is a breaking bug. From what I can tell the provider is expected to output to stdout the port it is listening on, but what appears to happen is that grpc logging beats it to it.

When I run Pulumi up I get:

pulumi:providers:tsb (tsb):
    error: tsb (resource) plugin [/Users/liamwhite/go/bin/pulumi-resource-tsb] wrote a non-numeric port to stdout ('2021-05-27T13:44:04.073942Z	info	[core]parsed scheme: ""'): strconv.Atoi: parsing "2021-05-27T13:44:04.073942Z\tinfo\t[core]parsed scheme: \"\"": invalid syntax

I can fix this by manually configuring the grpc logger to either info log to stderr (or discard).

// NewHostClient dials the target address, connects over gRPC, and returns a client interface.
func NewHostClient(addr string) (*HostClient, error) {
	grpclog.SetLoggerV2(grpclog.NewLoggerV2(os.Stderr, os.Stderr, os.Stderr)) // <-----------
	conn, err := grpc.Dial(
		addr,
		grpc.WithInsecure(),
		grpc.WithUnaryInterceptor(rpcutil.OpenTracingClientInterceptor()),
		rpcutil.GrpcChannelOptions(),
	)
...

The only problem with sending to stderr is that it shows up in diagnostics so it may be preferable to io.Discard instead.

@lukehoban I wasn't logging anything this just happened importing the standard boilerplate Main function @3.3.1.

I'm trying to write my own provider using the boilerplate template but I think there is a breaking bug. From what I can tell the provider is expected to output to stdout the port it is listening on, but what appears to happen is that grpc logging beats it to it.

When I run Pulumi up I get:

pulumi:providers:tsb (tsb):
    error: tsb (resource) plugin [/Users/liamwhite/go/bin/pulumi-resource-tsb] wrote a non-numeric port to stdout ('2021-05-27T13:44:04.073942Z	info	[core]parsed scheme: ""'): strconv.Atoi: parsing "2021-05-27T13:44:04.073942Z\tinfo\t[core]parsed scheme: \"\"": invalid syntax

I can fix this by manually configuring the grpc logger to either info log to stderr (or discard).

// NewHostClient dials the target address, connects over gRPC, and returns a client interface.
func NewHostClient(addr string) (*HostClient, error) {
	grpclog.SetLoggerV2(grpclog.NewLoggerV2(os.Stderr, os.Stderr, os.Stderr))
	conn, err := grpc.Dial(
		addr,
		grpc.WithInsecure(),
		grpc.WithUnaryInterceptor(rpcutil.OpenTracingClientInterceptor()),
		rpcutil.GrpcChannelOptions(),
	)
...

The only problem with sending to stderr is that it shows up in diagnostics so it may be preferable to io.Discard instead.

As the version is hardcoded, whenever I rebuild I get:

Diagnostics:
  pulumi:providers:tsb (tsb):
    error: pulumi:providers:tsb resource 'tsb's property 'version' value {${VERSION}} has a problem: could not parse provider version: Invalid character(s) found in major number "${VERSION}"

Is there any reason we can't just populate this with the provider version?

Hi all,

I raised a support ticket with AWS and this was the response I got. I haven't got time to verify this works but let me know if it does!

From their investigation, the issue mentioned is more related to cert-manager setup. The cert-manager-webhook deployment uses port 10250 which is also used for kubelet on the Fargate pods. Therefore when the connection was made to the cert-manager-webhook service it was reporting the error with ip address corresponding to pod cert-manager-webhook.

Here are the steps to address the error:

•Updated the deployment and changed port references from 10250 to 10260 at --secure-port and containerPort.

  kubectl edit deployment -n cert-manager cert-manager-webhook

•Updated the service and changed port reference from 10250 to 10260 at targetPort.

  kubectl edit svc -n cert-manager cert-manager-webhook

•Wait for the new pod to appear for the updated deployment. •Create an issuer now with same command: cat <<EOF | kubectl apply -f - apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: selfsigned-issuer namespace: appspace spec: selfSigned: {} EOF issuer.cert-manager.io/selfsigned-issuer created