rhythmic-camera-25993
02/10/2020, 3:31 PMrhythmic-camera-25993
02/10/2020, 3:34 PMrefined-vegetable-66224
02/10/2020, 3:54 PMloadBalancers
property or the applicationListener
in the container definition?
Loadbalancing ref: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#FargateServiceArgs
applicationListener ref: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ecs/#Containerrhythmic-camera-25993
02/10/2020, 4:13 PMportMappings
property, you can specify it like portMappings: [ appServerTargetGroup ]
rhythmic-camera-25993
02/10/2020, 4:14 PMrefined-vegetable-66224
02/10/2020, 4:24 PMbillions-forest-38488
02/11/2020, 4:43 PMOutputs
from another stack, for example, this CFN stack has some EC2's with SGs:
VpcId:
Fn::ImportValue: !Sub '${Env}-vpc'
However, I'm unsure how to inject these into cloudformation.Stack()
as it no longer nestedadventurous-jordan-10043
02/12/2020, 9:11 AMbillions-forest-38488
02/12/2020, 10:07 AMpulumi_aws.lambda_.*Function*()
and getting the error:
aws:lambda:Function (AlarmLambda):
error: filename or s3_* attributes must be set
My code:
def generate_zip():
zf = zipfile.ZipFile('lambda.zip', mode='w')
zf.writestr('index.py', data='''def lambda_handler(event, context): \n\treturn "Hello, world!"''')
zf.close()
return zf.fp
alarm_lambda = aws_lambda.Function(
'AlarmLambda',
name=f'{Env}-alarm-consumer',
description='CloudWatch alarm consumer',
environment={
'Variables': {
'LOGLEVEL': 'INFO'
}
},
code=generate_zip(),
handler='index.handler',
role=alarm_lambda_role.arn,
runtime='python3.6',
timeout=60
)
In the docs I do not see a param called filename
and I'd rather not use the s3_* bits - any thoughts? Thanks!rapid-oyster-28892
02/12/2020, 1:36 PM▶ pulumi up --logtostderr -v=9 2> out.txt
Previewing update (dev):
Type Name Plan
pulumi:pulumi:Stack pulumi-demo-dev running
refined-vegetable-66224
02/12/2020, 1:52 PMabundant-author-13372
02/13/2020, 12:44 PMquiet-painter-30539
02/17/2020, 9:39 PMquiet-painter-30539
02/18/2020, 10:48 AM__init__() got an unexpected keyword argument 'rotation_enabled'
quiet-painter-30539
02/18/2020, 5:46 PM#1
self.my_cluster = eks.Cluster(self.my_name,
name = self.my_name,
role_arn = self.my_role.arn,
vpc_config = self.my_vpc_config,
tags = self.my_eks_tags)
... EKS gets created just fine and EKS creates a security group which it adds into self.my_cluster.vpc_config dict. So far so good.
I have now EKS and if I add some new piece of code (#2):
#2
self.my_cluster.vpc_config["clusterSecurityGroupId"]
... I can access that security group.
But the problem is here. If I try to create EKS (#1) and access that security group value (#2) in the same "pulumi up" run I get an error:
KeyError: 'clusterSecurityGroupId'
How do I access that security group id since I need it in later steps?breezy-agency-15661
02/18/2020, 9:57 PM//const lb = new awsx.lb.NetworkListener("nginx", { port: 80 });
const service = new awsx.ecs.FargateService("nginx", {
// cluster,
taskDefinitionArgs: {
containers: {
nginx: {
image: image,
memory: 512,
portMappings: [ ?? ],
},
},
},
desiredCount: 1,
});
salmon-ghost-86211
02/20/2020, 4:24 PMimport * as k8s from "@pulumi/kubernetes";
const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(
"rwingress",
{
metadata: {
namespace: "platform",
annotations: {
"<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "alb",
"<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>": "internet-facing",
"<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>": "arn:aws:acm:us-east-1:111111111111:certificate/12345678-90ab-cdef-1234-567890abcdef",
"<http://alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol|alb.ingress.kubernetes.io/aws-load-balancer-backend-protocol>": "http",
"<http://alb.ingress.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled|alb.ingress.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled>": "true",
"<http://alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports|alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports>": "https"
},
labels: { app: "rw" }
},
spec: {
rules: [
{
http: {
paths: [
{
path: "/admin*",
backend: { serviceName: "rec-app", servicePort: 80 }
},
{
path: "/*",
backend: { serviceName: "rw", servicePort: 80 }
}
]
}
}
]
}
},
{ provider: cluster.provider }
);
It correctly creates an ALB with a single https/443 listener with rules that direct to new target groups pointing to the mentioned services.
THE ISSUE: I can't seem to figure out how to add an http/80 listener that redirects to https/443. The api doesn't seem to allow me to add any other rules even with annotations like
"<http://alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports|alb.ingress.kubernetes.io/aws-load-balancer-ssl-ports>": "https"
removed.incalculable-portugal-13011
02/20/2020, 6:56 PMlet appVpc = aws.ec2.getVpc({id: "my-vpc-id"});
const webServerLoadBalancer = new awsx.lb.ApplicationLoadBalancer("web-server-lb-" + userEnv, {
securityGroups: [],
vpc: appVpc,
subnets: ["subnet-1", "subnet-2", "subnet-3"]
});
const webServerLoadBalancerListener = webServerLoadBalancer.createListener("ws-https-" + userEnv, {
port: 443,
protocol: "HTTPS",
certificateArn: "my-cert-arn"
});
const webServerLoadBalancerRedirectToHttpsListener = webServerLoadBalancer.createListener("ws-redirect-to-https", {
port: 80,
protocol: "HTTP",
defaultAction: {
type: "redirect",
redirect: {
protocol: "HTTPS",
port: "443",
statusCode: "HTTP_301"
}
}
});
const webServerCluster = new awsx.ecs.Cluster("web-server-" + userEnv, {
securityGroups: ["sg-1"],
vpc: appVpc
});
const webServerFargateService = new awsx.ecs.FargateService("web-server-" + userEnv, {
cluster: webServerCluster,
networkConfiguration: {
subnets: ["subnet-1", "subnet-2", "subnet-3"]
},
taskDefinitionArgs: {
containers: {
webServer: {
image: "my-org/web-server:" + userEnv,
portMappings: [
webServerLoadBalancerListener
],
healthCheck: {...healthCheckArgs}
}
}
}
});
the error I’m receiving is that error: aws:ecs/service:Service resource 'web-server-dev' has a problem: "network_configuration.0.subnets": required field is not set
, which doesn’t make sense to me. per the docs, I’m setting the networkConfiguration
property of the service, and I’m tried both wrapping that property in an array and as an object. no dice either way. any thoughts? (edited)fresh-daybreak-17893
02/20/2020, 8:14 PMpulumi = ">=1.10.1"
pulumi-aws = ">=1.0.0"
with pulumi version 1.10.1.
pulumi is reporting that it cannot find aws credentials:
- aws:ebs:Volume prometheus_volume **deleting failed** error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
pulumi:pulumi:Stack prometheus-dev running error: update failed
pulumi:pulumi:Stack prometheus-dev **failed** 1 error
Diagnostics:
aws:ebs:Volume (prometheus_volume):
error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
pulumi:pulumi:Stack (prometheus-dev):
error: update failed
but the command aws --profile=<profile name> ec2 describe-instances
works as expected. <profile name>
from the preceding command is also configured in the application's Pulumi.dev.yaml
I tend to think this is a case of user error. Is there some combination of package versions that I should be using to avoid this behavior?
additionally, our team recently changed our convention surrounding aws profile names. Is it possible that pulumi is trying to use old names that are cached somewhere?colossal-plastic-46140
02/21/2020, 4:06 PMbitter-zebra-93800
02/22/2020, 2:04 AMcolossal-ram-89482
02/24/2020, 1:00 AMfilename
arguments to supply the code deployment package. In Pulumi, in both TS/JS and Python, only the S3 option seems to be available. A couple of questions:
1) Why is this the case?
2) My understanding is that the Pulumi providers are usually auto-generated from the corresponding Terraform provider. Where is the logic that removes the filename
argument in this case? (Or is auto-generation not used?)aloof-psychiatrist-4562
02/24/2020, 6:16 PMpulumi-awsx
for python. i didn’t see an issue raised about it; is this something that would be a ‘nice to have’?salmon-ghost-86211
02/24/2020, 9:44 PMimport * as k8s from "@pulumi/kubernetes";
const httpsIngressResource = new k8s.extensions.v1beta1.Ingress(...
An ALB is created with an HTTPS/443 listener and the rules I have specified, but the problem is there is no HTTP/80 listener that redirects to HTTPS. The Ingress call doesn't look like it supports that either. It looks like I could do something like
import * as aws from "@pulumi/aws";
const httpListener = new aws.lb.Listener("httpListener", {
but I'm not sure how to reference the load balancer created above. The only piece of data that seems to cross over between AWS and Pulumi is the URL.
Can someone provide assistance with either the Listener
object or maybe Ingress
or IngressList
to solve this problem?salmon-ghost-86211
02/24/2020, 9:50 PMimport
was on <https://www.pulumi.com/blog/adopting-existing-cloud-resources-into-pulumi/>
, but I have no idea how to extend that example. I'm confused as to why I would need to specify the cidrBlock for a VPC. Can't Pulumi read that in? What details are required for importing different types of objects?late-advantage-85073
02/26/2020, 12:37 AMsalmon-account-74572
02/26/2020, 1:17 AMcalm-parrot-72437
02/26/2020, 8:51 PMaloof-psychiatrist-4562
02/27/2020, 4:34 AMbillions-forest-38488
02/28/2020, 1:17 PM