https://pulumi.com logo
Join Slack
Powered by
# general
  • e

    elegant-arm-64624

    05/31/2025, 3:39 AM
    import os from dotenv import load_dotenv import pulumi from pulumi import automation as auto from pulumi_gcp import compute # Load environment variables from .env load_dotenv(r"C:\Users\USER\OneDrive\Desktop\scaling_considerations\prod\deployment_manager\.env") # 1. Define the Pulumi program def pulumi_program(): # Create a VPC network compute_network = compute.Network("network", auto_create_subnetworks=True) # Allow HTTP and SSH access compute_firewall = compute.Firewall( "firewall", network=compute_network.self_link, allows=[compute.FirewallAllowArgs(protocol="tcp", ports=["22", "80"])], source_ranges=["0.0.0.0/0"], ) # Reserve a static external IP instance_addr = compute.Address("address", region=os.environ["GCP_REGION"]) # Define instance metadata to run a Docker container container_metadata = { "gce-container-declaration": """ spec: containers: - name: hello image: nginxdemos/hello ports: - containerPort: 80 restartPolicy: Always """, "google-logging-enabled": "true", } # Launch the VM with Container-Optimized OS and the container compute_instance = compute.Instance( "instance", machine_type="e2-medium", metadata=container_metadata, boot_disk=compute.InstanceBootDiskArgs( initialize_params=compute.InstanceBootDiskInitializeParamsArgs( image="cos-cloud/cos-stable" ) ), network_interfaces=[ compute.InstanceNetworkInterfaceArgs( network=compute_network.id, access_configs=[ compute.InstanceNetworkInterfaceAccessConfigArgs( nat_ip=instance_addr.address ) ], ) ], zone=os.environ["GCP_ZONE"], service_account=compute.InstanceServiceAccountArgs( scopes=["https://www.googleapis.com/auth/cloud-platform"] ), opts=pulumi.ResourceOptions(depends_on=[compute_firewall]), ) # Export outputs pulumi.export("instanceName", compute_instance.name) pulumi.export("instanceIP", instance_addr.address) # 2. Use the Automation API with env values def main(): stack_name = "dev" project_name = "gcp-vm-docker" # Load environment variables gcp_project = os.environ["GCP_PROJECT"] gcp_region = os.environ["GCP_REGION"] gcp_zone = os.environ["GCP_ZONE"] # Create or select a stack stack = auto.create_or_select_stack(stack_name=stack_name, project_name=project_name, program=pulumi_program,) print("Installing plugins...") stack.workspace.install_plugin("gcp", "v6.0.0") # Adjust version as needed print("Setting config from environment variables...") stack.set_config("gcp:project", auto.ConfigValue(value=gcp_project)) stack.set_config("gcp:region", auto.ConfigValue(value=gcp_region)) stack.set_config("gcp:zone", auto.ConfigValue(value=gcp_zone)) print("Refreshing stack...") stack.refresh(on_output=print) print("Updating stack...") up_result = stack.up(on_output=print) print(f"Instance name: {up_result.outputs['instanceName'].value}") print(f"Instance IP: {up_result.outputs['instanceIP'].value}") if name == "__main__": main()
  • a

    adamant-finland-93186

    06/02/2025, 1:13 PM
    Hi all, We see a lot of requests to our state backend when doing a
    pulumi up
    without any changes. Is this expected behavior? I would expect Pulumi to only make a snapshot if something changes, is that not the case? We have found the skip-checkpoints flag, but would like to better understand the underlying issue (if any) before we enable it. Our large >3000 resource stacks are currently taking a very long time (>40min) to
    up
    even if there are little or no changes and are looking to speed it up.
    e
    • 2
    • 12
  • w

    witty-battery-42692

    06/02/2025, 6:46 PM
    Is there any way to enforce on a stack or org level what pulumi client version is being used? Essentially want to confirm that users are using the same version, or at least a sufficiently updated one
    e
    • 2
    • 2
  • m

    mammoth-memory-47255

    06/03/2025, 11:21 AM
    Can a dynamic provider depend on outputs from another resource?
    l
    • 2
    • 9
  • m

    mammoth-memory-47255

    06/03/2025, 8:06 PM
    I ran into an issue where I have a set of resources with dependencies between them, where the graph I want to create is a DAG (ie. no cycles) but because of the way the resources are grouped into ComponentResources, there's no way to set up the dependencies correctly. Is there a way to add a dependency to a resource after creating it?
    e
    • 2
    • 2
  • e

    echoing-battery-61643

    06/04/2025, 5:26 PM
    What is the recommended way to promote code from one environment to another, for example from dev to stage then to prod? I can use the pulumi project and stacks constructs but im not sure if that gives me the controls that i need. For example if i create an AWS EKS cluster in a project and launched it to all stacks (dev, stage, prod). Then i need to make a change, something that is not as easy as a parameter that can be in the stack environment config, something like changing networking cni. This will be a bunch of various code changes and it could take a while to roll out with testing along the way in the various environments (dev, stage, prod). Once i have made this change in dev and it is working for me, i would like to open a PR to get it reviewed, merged and then versioned so that the next environment can use it. I would like that the project or stack can reference a github URL that can ref a tag/commit. I am coming from the Terraform world where you can do this via:
    Copy code
    module "consul" {
      source = "github.com/hashicorp/example?ref=v1.2.0"
    }
    Is there something similar in pulumi? Does this make sense to do or am i trying to follow too closely to what i have done in Terraform? I have found Pulumi Components: https://www.pulumi.com/docs/iac/using-pulumi/extending-pulumi/build-a-component/#sharing-via-git. This gets me most of the way there but i still have to run a
    Copy code
    pulumi package add <repo_url>@<release-version>
    Which means i have to run this command and the CI/CD pipeline has to run it as well. This would mean adding a script that runs this command with the version? So the person updating it would have to update the version here? Not the worst thing but the workflow seems to be just a little off as in it is making the user look into another file that is not a Pulumi file to update a version number. Other notes: • i am only using python • I dont want to publish these publicly. Not that there are any secrets or proprietary things in it. For now, we dont want to spend time to make it publicly consumable.
    l
    f
    • 3
    • 16
  • m

    modern-spring-15520

    06/10/2025, 2:44 PM
    If you haven't taken a look at Pulumi IDP, this video is a quick 3 minute introduction to Pulumi IDP ( and why you might want to build a platform in general ) :

    https://www.youtube.com/watch?v=3gZmKaAeppc▾

  • f

    famous-ambulance-44173

    06/10/2025, 7:45 PM
    hey team, I think aws-native provider is somewhat broken as I am seeing that fields that are marked "forces replacement" in docs are actually not triggering replace. I am pretty sure it was not the case before. can someone check? nvm, opened an issue
  • d

    delightful-winter-67113

    06/10/2025, 10:20 PM
    Hi, I'm having an issue trying to using pulumi/auth-actions with GitHub. I get the following error:
    Copy code
    Error: Invalid response from token exchange 400: Bad Request (invalid_request: validation error: invalid token: upstream error: fetching oidc issuer signing key upstream error: invalid certificate thumprint on OIDC provider response)
    When I try to go to the dashboard OIDC Issuers it returns a 404 so I can't try to recreate the issuer to try to fix
    h
    a
    • 3
    • 11
  • n

    narrow-river-17495

    06/11/2025, 12:17 AM
    hey, we're experiencing an issue where some data seems to be disappearing from our Pulumi Cloud account, is there anything going on which might be causing this?
    q
    a
    • 3
    • 6
  • f

    famous-ambulance-44173

    06/11/2025, 8:07 PM
    Hi! Tomorrow 6/12 at 5 PM CET / 11 AM ET I will stream about writing pulumi component with TS and Go. While I know Python well and used Pulumi with Python mostly, I barely know anything about TS and Go. so if you are interested in joining me for the ride where I will for sure struggle 😅, I'd love to see you there! https://twitch.tv/dmfigol
  • l

    limited-tiger-5439

    06/12/2025, 11:05 AM
    Hey, is it possible to save the outputs from a preview? I'd like to have access to what pulumi believes the outputs will be after a preview has taken place and the
    --json
    command doesn't provide this in a straightforward way
    f
    • 2
    • 3
  • c

    cuddly-actor-86667

    06/12/2025, 11:58 AM
    Hello everyone, I'm trying to deploy Mistral-OCR from Azure AI Foundry. I'm not sure how it suppose to be done. I tried to do similar resources as done by Azure Portal UI. I have created AI Hub an AI Project inside it. Here is similar infrastructure being created Can you help me with some docs about how to deploy Mistral model? Should is use
    azureNative.machinelearningservices.ServerlessEndpoint
    or
    azureNative.cognitiveservices.Deployment
    ? I can share some code snippets later on
  • f

    famous-ambulance-44173

    06/12/2025, 5:40 PM
    hey team, I need some help with typescript cross-lang components. I was building this sample component and here are the issues noticed 1. it works when I reference it locally, but not via git. I don't see any helpful error messages
    Copy code
    -> % pulumi package add <https://github.com/dmfigol/pulumi-aws-vpc-typescript>
    Downloading provider: github.com_dmfigol_pulumi-aws-vpc-typescript.git
    Added package "pulumi-aws-vpc-ts" to Pulumi.yaml
    error: Detected that /home/dmfigol/.pulumi/plugins/resource-github.com_dmfigol_pulumi-aws-vpc-typescript.git-v0.0.0-x026726ba8803765d31f11953b7efb095be00747b/pulumi-resource-github.com_dmfigol_pulumi-aws-vpc-typescript.git exited prematurely. 
           This is *always* a bug in the provider. Please report the issue to the provider author as appropriate.
           To assist with debugging we have dumped the STDOUT and STDERR streams of the plugin:
    2. sometimes/often when I change my typescript code, my stack is not picking up those changes and I get error like this:
    Copy code
    Diagnostics:
      pulumi:pulumi:Stack (pulumi-aws-vpc-ts-dev):
        Error: pulumi-aws-vpc-ts:index:VPC is not assignable from {vpcCidr: string}
        Cannot assign '{vpcCidr: string}' to 'pulumi-aws-vpc-ts:index:VPC':
          vpcCidrr: Missing required property 'vpcCidrr'
          Existing properties are: vpcCidrr
    even though both pulumi.yaml and interface have correct attributes. it starts to work after I rerun emitting of js files from ts, but I haven't been able to fully understand what causes this problem exactly. seems like some cached value of schema? but where and how to fix it? UPD: I was able to fix it by deleting sdks/ folder completely. but is it really supposed to be this way? 3. what is the value of specifying pulumi.input in the interface? it seems everything works without it, e.g.:
    Copy code
    export interface VpcArgs {
        tags?: { [key: string]: string };  // versus
        tags?: { [key: string]: pulumi.Input<string> };
    }
    4. are there more references in how to type complex attributes, e.g. optional maps, optional nested objects, etc.? this doc page references a single string as input and it is not very helpful
    a
    m
    • 3
    • 9
  • b

    boundless-waiter-17971

    06/16/2025, 5:19 PM
    Hi, I am using Pulumi ESC. Any way to transfer environments from a user to an organization? Probably not possible with the UI, but I was looking at
    EscClient.clone_environment
    method in the python library, which seems to be what I want, except that it only supports cloning environments within the same org. Do you have any recommendatinon on how to achieve this?
    f
    • 2
    • 7
  • p

    purple-cricket-64791

    06/16/2025, 11:04 PM
    Hey I'm getting this:
    Copy code
    brian.yeh@Brians-MacBook-Pro central-ocpp % pulumi refresh
    Please choose a stack, or create a new one: staging
    Previewing refresh (staging)
    
    View in Browser (Ctrl+O): <https://app.pulumi.com/heynairb/central-ocpp/staging/previews/f51a5768-ca08-4d23-87f9-379162481e55>
    
    
    
    error: failed to decrypt configuration key 'central-ocpp:SENTRY_DSN': [400] Bad Request: invalid ciphertext
    When I use the cli. It happens any time I access anything related to a secret. But the GHA that deploys these secret values work fine. What's wrong? Is there a way to fix? Also if I set a new secret, the deploy isn't able to decrypt it.
  • a

    ancient-evening-32372

    06/17/2025, 10:08 AM
    Hi i use the latest pulumi version 3.177.0 to install plugins offline from a file like:
    Copy code
    pulumi plugin install resource gitlab 6.5.0 --file gitlab6.5.0.tar.gz
    Pulumi still tries to read from an online resource https://api.pulumi.com/api/preview/registry/packages?limit=499&amp;name=gitlab Isnt it possible to install plugins in an offline env?
    e
    • 2
    • 1
  • m

    modern-spring-15520

    06/17/2025, 2:21 PM
    Hey All, We have the engineers on the Pulumi AI team answering questions on reddit tomorrow. If you have any questions you'd like to ask, ask away. https://www.reddit.com/r/pulumi/comments/1lcyfyi/pulumi_ama_wednesday_ask_us_anything_ai_pulumi/ https://pulumi-community.slack.com/archives/CB36DSVSA/p1750094061203539
  • r

    rhythmic-secretary-1287

    06/19/2025, 5:38 AM
    Now that pulumi has released pulumi_operator v2 but there is no #C01F5GS6G3X anymore (archived), where do we talk about it? I want to understand things like: On the stack CRD we have : • EnvRefs: we populate from one of the from • Workflow/spec/env/valueFrom • Workflow/spec/envFrom Is there any difference on all of this in the context of setting envvars from configmaps or secrets on the workspace pod? I understand that all of them do the same?
  • r

    rhythmic-secretary-1287

    06/19/2025, 7:47 AM
    Another pulumi operator question: on my migration journey… we mount files in the V1 pulumi operator (e.g.
    ~/.aws/config
    ). Checking the workflow template, it states on the containers:
    List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
    Do we have a way to mount extra stuff?
  • i

    incalculable-elephant-87683

    06/19/2025, 4:42 PM
    Hey, I found an old Slack message with this same issue but it had no responses. Wondering if anyone has since ran into this. Using C#, I'm trying to mock the output of a
    StackReference
    for unit testing where I'm using
    RequireOutput
    in the stack. I set up mocking to add a value to the output using
    ImmutableDictionary.CreateBuilder<string, object>()
    like in the docs. However, the
    RequireOutput
    throws this exception:
    Copy code
    System.NullReferenceException: Object reference not set to an instance of an object.
       at Output<object> Pulumi.StackReference.RequireOutput(Input<string> name)+(ValueTuple<string, string, ImmutableDictionary<string, object>> v) => { }
       at Output<ValueTuple> Pulumi.Output<T>.Apply(Func<T, Task> func)+(T t) => { }
       at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)
       at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<WithIsSecret>g__GetData|0(?)+GetData(?)
       at Pulumi.Deployment.TestAsync(IMocks mocks, Func`2 runAsync, TestOptions options)
       at Thread.Uniti.Azure.Environment.Tests.EnvironmentStackTests.InitializeAsync() in /Users/john.marian/Repos/uniti/backend/Infrastructure/Azure/Thread.Uniti.Azure.Environment/tests/EnvironmentStackTests.cs:line 22
       at Xunit.v3.XunitTestRunnerBase`2.CreateTestClassInstance(TContext ctxt) in /_/src/xunit.v3.core/Runners/XunitTestRunnerBase.cs:line 62
       at Xunit.v3.ExceptionAggregator.RunAsync[T](Func`1 code, T defaultValue) in /_/src/xunit.v3.core/Exceptions/ExceptionAggregator.cs:line 146
    g
    • 2
    • 3
  • f

    famous-ambulance-44173

    06/19/2025, 5:54 PM
    hi, I was planning to try using Go for component resource, but I haven't found any good tutorial? it seems on this page https://www.pulumi.com/docs/iac/using-pulumi/extending-pulumi/build-a-component/ go examples are not available.
  • f

    flaky-country-91356

    06/19/2025, 7:18 PM
    Hi guys, sorry is this was asked before 🙏 At work we have stacks files, each of them handles cluster provisioning and k8s resources as well as some grafana dashboards. We have approximately 150 stacks. I would like to build on top of
    pulumi automation api
    a way to
    make changes to the files and later CI to run refresh a previews in the MR
    , but all the examples I saw for
    pulumi automation api
    interacts directly with the backend (our backend lives in a bucket BTW!) is there any examples or doc to avoid using the state backend and only verify and makes stack files changes? Thanks!
  • b

    bored-kangaroo-88486

    06/20/2025, 7:58 AM
    I am currently evaluating Pulumi using my work email address with the free version of Pulumi. Once I am happy that it meets our requirements, we will purchase the Team version. When we do this, will any stacks that I have deployed during the free version be available to all team members?
    • 1
    • 1
  • q

    quick-airline-50836

    06/22/2025, 9:47 PM
    Would'nt it be great if we could use Plumi to deploy inrastructure using drag and drop canvas. I am working on building a platform for the same.
    b
    b
    • 3
    • 5
  • p

    proud-air-35241

    06/23/2025, 3:22 AM
    Does the Pulumi Kubernetes Operator support stacks in any namespace, or only in the namespace the operator is deployed in? The non-code documentation is sparse in this regard.
  • r

    rapid-parrot-24984

    06/23/2025, 1:03 PM
    Hey everybody, we are migrating our Terraform provider from SDK v2 to the Plugin Framework, our Pulumi provider is using the SDK v2 bridge, what are the necessary steps we need to take so our Pulumi provider is compatible with the Plugin Framework? Here is our Pulumi provider repo: https://github.com/pulumiverse/pulumi-cpln
  • e

    enough-petabyte-41044

    06/24/2025, 5:18 PM
    Are there any plans to support OpenShift Kubernetes?
  • m

    modern-spring-15520

    06/26/2025, 6:48 PM
    I posted a short video about building an internal developer platform:

    https://youtu.be/is83TV8nrTg▾

  • g

    gorgeous-minister-41131

    06/26/2025, 10:12 PM
    Hey - so y'all released Pulumi 3.180.0; but there is no release in GitHub. We are using asdf plugin to install Pulumi from GitHub. https://www.pulumi.com/docs/iac/download-install/versions/ https://github.com/pulumi/pulumi/releases/tag/v3.178.0 Can someone invoke this build/release on GitHub?
    e
    • 2
    • 5