proud-pizza-80589
03/07/2021, 8:16 PMconst cluster = new eks.Cluster(name, {
instanceType: "t2.medium",
desiredCapacity: 1,
minSize: 1,
maxSize: 2,
storageClasses: 'gp2',
deployDashboard: false,
});
fails with
Diagnostics:
eks:index:VpcCni (chartmuseum-vpc-cni):
error: Command failed: kubectl apply -f /var/folders/4z/2zvwp19d343djqc78xywc6p00000gn/T/tmp-215018e7GR5EVRaFT.tmp
error: You must be logged in to the server (the server has asked for the client to provide credentials)
kubernetes:<http://storage.k8s.io/v1:StorageClass|storage.k8s.io/v1:StorageClass> (chartmuseum-gp2):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
kubernetes:core/v1:ConfigMap (chartmuseum-nodeAccess):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
pulumi:pulumi:Stack (chartmuseum-tutorial-chartmuseum):
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: update failed
The cluster is created so not sure why this suddenly no longer worksaverage-nest-71706
03/08/2021, 7:08 AMsecurity_groups=[aws_security_group["lb_sg"]["id"]],
I believe the documentation assumed that I already have created a security group for application load balancer. But what if I want to create a new security group for alb?
You have a documentation on how to create security group on elb but I think that alb has different approach in creating one.broad-hairdresser-1495
03/08/2021, 12:15 PMpulumi import aws:ec2/instance:Instance myInstanceName i-0ba17989210ad396a
Import works fine but, it looks like one config is missing from import, networkInterfaces: []
Due to when running pulumi up
networkInterfaces are in pulumi console.
but now im getting this issue with imported resource:
>pumuli up
+-aws:ec2/instance:Instance: (replace)
[id=i-0bdc3124xxxx]
[urn=urn:pulumi:ob-server83::local_proj::aws:ec2/instance:Instance::aws2-eu1tst-rhtestsuppdb002]
[provider=urn:pulumi:ob-server83::local_proj::pulumi:providers:aws::default_3_30_0::9807bxxx]
~ networkInterfaces: [
+ [0]: {
+ deleteOnTermination: false
+ deviceIndex : 0
+ networkInterfaceId : "eni-021d47151dexxx"
}
]
-----------------
--aws:ec2/instance:Instance: (delete-replaced)
[id=i-0bdc3124xxxx]
[urn=urn:pulumi:ob-server83::local_proj::aws:ec2/instance:Instance::aws2-eu1tst-rhtestsuppdb002]
[provider=urn:pulumi:ob-server83::local_proj::pulumi:providers:aws::default_3_30_0::9807bxxxx]
diff between pulumi up
and pulumi import
in console:
is it possible to add manually config in stack so that when running pulumi up
it wont have this networkInterfaces diff?acceptable-stone-35112
03/08/2021, 2:04 PMlimited-planet-95090
03/08/2021, 11:51 PMlittle-cartoon-10569
03/09/2021, 1:17 AMenough-leather-70274
03/09/2021, 6:04 AMpulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8
It just gives me a blank security group, not all the rules defined in it.enough-leather-70274
03/09/2021, 6:06 AMmicroscopic-dress-1605
03/09/2021, 8:38 AMaws.iam.getPolicyDocument
.
However, I’ve noticed that getPolicyDocument
gets mocked away during unit testing.
As a result: GetPolicyDocumentResult.json
returns undefined in the unit test 😒
Of course I can add something like this in Mocks.call
:
pulumi.runtime.setMocks({
newResource: function(resourceType: string, name: string, inputs: any, provider?: string, id?: string) {},
call: function(token: string, args: any, provider?: string) {
switch (token) {
case 'aws:iam/getPolicyDocument:getPolicyDocument':
return {
json: JSON.stringify(args),
};
}
return args;
},
});
But then the returned IAM Policy json document is not a valid IAM policy.
What would be the preferred way of unit testing the result of getPolicyDocument
? Thank you for your input.
As you see the code is written in Typescript.microscopic-dress-1605
03/09/2021, 9:47 AMwooden-truck-40033
03/09/2021, 2:31 PMaverage-school-38756
03/09/2021, 9:01 PMpulumi_postgresql
provider to connect to the database via the endpoint (using the master credentials) but i'm getting a timeout:
postgresql:index:Role (pg-user):
error: error detecting capabilities: error PostgreSQL version: dial tcp 10.0.1.136:5432: i/o timeout
That's when i realized that my database is in a VPC, and there is no public endpoint. So how can i use IaC to handle this task?enough-leather-70274
03/09/2021, 11:24 PMshy-oxygen-8874
03/10/2021, 1:28 AMwooden-truck-40033
03/10/2021, 12:07 PM<powershell>
[string]$EKSBinDir = "$env:ProgramFiles\Amazon\EKS"
[string]$EKSBootstrapScriptName = 'Start-EKSBootstrap.ps1'
[string]$EKSBootstrapScriptFile = "$EKSBinDir\$EKSBootstrapScriptName"
[string]$cfn_signal = "$env:ProgramFiles\Amazon\cfn-bootstrap\cfn-signal.exe"
& $EKSBootstrapScriptFile -EKSClusterName ${ClusterName} ${BootstrapArguments} 3>&1 4>&1 5>&1 6>&1
$LastError = if ($?) { 0 } else { $Error[0].Exception.HResult }
`& $cfn_signal --exit-code=$LastError ``
`--stack="${AWS::StackName}" ``
`--resource="NodeGroup" ``
--region=${AWS::Region}
</powershell>
wooden-truck-40033
03/10/2021, 12:08 PM${AWS::StackName}
?wooden-truck-40033
03/10/2021, 12:09 PMshy-sunset-67287
03/10/2021, 1:22 PMValidationException
when creating Lambda functions in python? I’m already running with pulumi up --logtostderr -v=9 2> out.txt
but I can’t find in the logs any detail about the AWS call that fails and why. This has had me stumped for a couple days now, so any help would be very much appreciated 😄adamant-translator-31969
03/10/2021, 2:50 PMpowerful-art-3002
03/10/2021, 3:00 PMbreezy-apartment-46543
03/10/2021, 3:39 PMflat-insurance-25294
03/10/2021, 8:07 PMSecureString
? https://www.pulumi.com/docs/reference/pkg/aws/ssm/parameter/ or do we need to supply its ARN/ID ourselves?flat-insurance-25294
03/10/2021, 8:07 PMTo specify an AWS KMS CMK, use the KeyId parameter. The default is the AWS managed CMK for your account, aws/ssm.It sounds like it uses a default one if not supplied.
polite-lighter-21850
03/10/2021, 8:49 PMaverage-nest-71706
03/11/2021, 8:38 AMtest = aws.lb.LoadBalancer(
"MyTestALB",
internal=False,
load_balancer_type="application",
security_groups=[alb_security_group.id],
subnets=[__item["id"] for __item in aws_subnet["public"]],
enable_deletion_protection=True,
#access_logs=aws.lb.LoadBalancerAccessLogsArgs(
# bucket=
# )
)
I would like to understand what this line of code is saying:
subnets=[__item["id"] for __item in aws_subnet["public"]],
My question is how am I going to get the subnets, because the lb documentation assumed that I already the code getting the subnets and it is assigned to aws_subnet["public"].agreeable-ram-97887
03/11/2021, 5:11 PMpulumi destroy
, where pulumi incorrectly thinks an AWS resource failed to destroy (when in fact, it had). The process goes something like this:
1. I call pulumi up
on a stack which includes and AWS EKS Cluster. I am not an admin user on AWS, but nevertheless I have access to all EKS-relevant actions for resources with the proper tags. So the building succeeds without any issues
2. I then tear this stack down with pulumi destroy
which fails for some unknown reason. The error message tells me that the EKS cluster failed to be destroyed due to a permissions issue (as a result, pulumi thinks the cluster still exists)
3. But I check on the AWS console, and can confirm that in fact the cluster HAS been properly destroyed. Looking into CloudWatch, it appears that the the pulumi destroy process successfully destroyed the EKS cluster, but then tried to do it again (which is then denied since the non-existent cluster of course does not have the proper tags which allow me to operate on it)
4. Any subsequent pulumi destroy
call also fails for the same reason. Similarly pulumi refresh
fails because pulumi would like to "describe" the cluster to determine it's state, which of course also fails due to the same tag-condition
5. The situation is thus stuck until a colleague who is an AWS admin calls either pulumi destroy
or pulumi refresh
on my behalf
So has anyone else experienced similar behavior? Or are there any thoughts on what could be wrong here? It seems to me like it is a Pulumi issue (rather than an AWS permissions issue) since Pulumi mistakenly thinks the cluster fails to be destroyedbusy-apartment-9626
03/11/2021, 9:50 PMtriggers
and variables
. I noticed in AWSX a redeployed is forced by a new hash of a bunch of settings in variables
, but my impression is that's what triggers
are for. Am I missing something here?ambitious-monitor-34019
03/12/2021, 12:01 AMmysterious-oyster-86659
03/12/2021, 1:06 AMpulumi up
).
So, ideally #1 would occur first with its own pulumi up
and then - after that entire deployment is complete - automatically do the same for #2 but somehow be able to be aware of and use resources that were changed/deleted/added from #1. Finally, being able to “tear” all this down in an automated way would be fantastic, but that’s secondary for now.
What your advice for approaching this use-case?quick-finland-93793
03/12/2021, 5:41 PMPulumi.Aws
plugin (current v3.32.1) i get exception that certain setter-methods of basic resources do not exist:
System.MissingMethodException: Method not found: "Void Pulumi.aws.Rds.ClusterArgs.set_engine(Puluim.Input'1<System.String>)
Does someone else has noticed something like that? What am I doing wrong?
With version v3.13.0
everything works finequick-finland-93793
03/12/2021, 5:41 PMPulumi.Aws
plugin (current v3.32.1) i get exception that certain setter-methods of basic resources do not exist:
System.MissingMethodException: Method not found: "Void Pulumi.aws.Rds.ClusterArgs.set_engine(Puluim.Input'1<System.String>)
Does someone else has noticed something like that? What am I doing wrong?
With version v3.13.0
everything works fine