https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • e

    enough-kite-69616

    05/19/2020, 2:51 PM
    Trying to set up a tiller ServiceAccount and ClusterRoleBinding as part of setting up AKS, but it's not showing those as resources to be created when I do
    pulumi up
  • e

    enough-kite-69616

    05/19/2020, 2:52 PM
    How do I make it do it?
    export const tillerSA = new ServiceAccount('tiller',
        {
            kind: 'ServiceAccount',
        });
    
    // @ts-ignore
    export const tillerCRB = new ClusterRoleBinding("tiller-cluster-admin",
        {
            roleRef: {
                apiGroup: "<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>",
                kind: "ClusterRole",
                name: 'cluster-admin'
            },
            subjects: [{
                kind: "ServiceAccount",
                name: 'tiller',
                namespace: "kube-system"
            }]
        })
  • e

    enough-kite-69616

    05/19/2020, 3:40 PM
    How do I use Pulumi to set the AKS credentials with Kubectl after creating the AKS cluster so I can create the service account, etc?
    b
    • 2
    • 1
  • f

    famous-jelly-72366

    05/20/2020, 12:12 PM
    slightly going crazy, trying to setup AKS with RBAC and AzureAD, but the resulting kubeconfig, asks me to do device login in browser, and then says I don't have permissons to anything (e.g.
    kubectl get pod
    must be doing something wrong :S
  • f

    famous-jelly-72366

    05/20/2020, 1:38 PM
    as soon as I disable
    azureActiveDirectory
    property under
    roleBasedAccessControl
    , but keeping rbac enabled things begin to behave as expected ... scratching my head 🤔
  • f

    famous-jelly-72366

    05/20/2020, 1:44 PM
    gahh ... think I finally figured it out ... need to use the the kubeAdminConfigRaw .. doh 🤦‍♂️
    k
    • 2
    • 2
  • e

    enough-kite-69616

    05/20/2020, 3:26 PM
    Trying to install a helm chart as part of my build:
    let camelK = new Chart("camel-k", {
        repo: "camel-k",
        chart: "camel-k",
        values: {
            'platform.build.registry.address' : acr.loginServer,
            'platform.build.registry.insecure' : !acr.adminEnabled
        }
    })
    and I'm getting this error:
    error: Error: Command failed: helm template /var/folders/_b/fnf5x33x71q84n1v5dtl90mw0000gn/T/tmp-45081RVV0QSVzTy32/camel-k --name-template camel-k --values /var/folders/_b/fnf5x33x71q84n1v5dtl90mw0000gn/T/tmp-45081RVV0QSVzTy32/camel-k/values.yaml --values /var/folders/_b/fnf5x33x71q84n1v5dtl90mw0000gn/T/tmp-45081cjOipuG2FUdg.yaml
        Error: apiVersion 'v2' is not valid. The value must be "v1"
     
        Error: apiVersion 'v2' is not valid. The value must be "v1"
    b
    • 2
    • 5
  • g

    gray-lawyer-89054

    05/22/2020, 11:10 AM
    Hi all, Is there some way to get Azure id to get existing resource? I feel that this could be part of Pulumi resource. Now I need to build manually:
    azure.network.PublicIp.get(
        `${stackName}-public-ip`,
        `/subscriptions/${azureSubscriptionId}/resourceGroups/${aksResourceGroup.name}/providers/Microsoft.Network/publicIPAddresses/${azurePublicIPName}`
      );
    a
    k
    • 3
    • 5
  • r

    ripe-russia-4239

    05/25/2020, 10:04 AM
    Hi everyone, I’m trying to provision a CosmosDB database on the free tier via Pulumi. I can’t find anything in the Pulumi documentation about this, but the Microsoft ARM docs indicate there’s a property that needs to be set,
    "enableFreeTier": true
    . I can’t find an equivalent property in the Pulumi Typescript SDK. Any ideas?
    k
    b
    • 3
    • 4
  • k

    kind-park-18928

    05/25/2020, 11:49 AM
    I'm trying to get a containerized AppService for Linux to pull images from Azure Container Registry. Anyone know what's the right value for the
    linuxFxVersion
    that needs to be set? I've attempted the following, but each time the container settings get misconfigured. 1.
    DOCKER|<http://registryname.azurecr.io/image:tag|registryname.azurecr.io/image:tag>
    causes the app service to pull from docker hub rather than ACR. 2.
    ACR|<http://registryname.azurecr.io/image:tag|registryname.azurecr.io/image:tag>
    causes the app services to treat the app like a non-containerized (zip-deploy) app. https://www.pulumi.com/docs/reference/pkg/azure/appservice/appservice/
    n
    t
    • 3
    • 8
  • l

    limited-carpenter-34991

    05/27/2020, 11:05 AM
    Is Azure Static Web Apps (Preview) also available inside Pulumi Azure Package ?
    ➕ 3
    t
    r
    • 3
    • 4
  • s

    sparse-intern-71089

    05/27/2020, 11:53 AM
    This message was deleted.
    t
    • 2
    • 1
  • l

    limited-carpenter-34991

    05/27/2020, 1:43 PM
    Hi there, if i import an existing resource in azure ( for example resource group) with the importId parameter inside the CustomResourceOptions, why does pulumi rename my resource ?
    var resourceGroup = new ResourceGroup("resourceBla", new ResourceGroupArgs,
    new CustomResourceOptions
    {
     ImportId = "/subscriptions/4711/resourceGroups/resourceBla"
    }); 
    
    azure:core:ResourceGroup  resourceBla                  import     [diff: ~name]; 1 warning
    a
    • 2
    • 3
  • p

    plain-tiger-79744

    05/28/2020, 10:10 AM
    Can I use multiple `ActiveDirectoryAdministrator`s for Azure SQL? The Azure CLI has at least a list functionality to retrieve multiple admins
    az sql server ad-admin list --id
    c
    • 2
    • 2
  • b

    bitter-afternoon-8442

    05/28/2020, 11:17 AM
    Hello, sorry for maybe a stupid question, but couldn't find exactly what I'm looking for in the docs. What's the best way to reference a resource that is not managed/created by Pulumi? I just want to get the secret from other Azure Function that lives in the same Azure Subscription. Using Terraform I could reference the resource using the
    data
    keyword, but in Pulumi i'm not sure what's the best approach. I'm using the Typescript library. Thanks!
    c
    • 2
    • 3
  • l

    limited-carpenter-34991

    05/28/2020, 12:18 PM
    Hi, how can i create a client secret from a service principal?
    a
    b
    • 3
    • 9
  • k

    kind-park-18928

    05/28/2020, 4:37 PM
    Not really a pulumi question, but more about the terraform provider/bridge.... I have a containerized app service that pulls from an ACR. When newer images become available, ACR's webhook notifies the app service's
    serviceUri
    . Anyone know how to fetch this
    serviceUri
    programmatically (yellow portion in diagram below) in a pulumi or terraform script? It's generally of the form:
    https://$<container-registry-name>:XXXXXXXXXXXXX@<app-service-name>.<http://scm.azurewebsites.net/docker/hook|scm.azurewebsites.net/docker/hook>
    b
    a
    • 3
    • 15
  • k

    kind-park-18928

    05/29/2020, 6:49 AM
    Just curious if a pulumi stack should have 1:1 or 1:many relationship with an azure subscription? I have two separate azure subscriptions; one for testing and the other for production. FWIW: Maintaining two separate stacks seems a bit cumbersome since I must remember to: 1. Switch the stack while targeting production AND 2. Switch the subscription ID (via AZ CLI or environment variable or pulumi config). Thoughts?
    t
    • 2
    • 3
  • h

    high-scientist-88788

    06/01/2020, 5:36 PM
    Hey all! Apologies if this has already come up. Trying to get custom domain names on web apps set up and working with https and certificates and similarly want this on my azure app gateway. Has anyone got this working with Pulumi? I tried converting my web app to use a certificate from key vault but it seems like I may need to use key vault "secrets" with a passwordless pfx? Then can set the key vault secret Id through Pulumi
    a
    • 2
    • 1
  • b

    better-rainbow-14549

    06/01/2020, 6:08 PM
    in @pulumi/azure:3.6.1 azure.config.tenantId is always
    undefined
    now is this a bug? i've been using it to configure some custom code and thought I could rely on it. $ARM_TENANT_ID is still set correctly
    • 1
    • 2
  • a

    able-beard-29160

    06/01/2020, 9:42 PM
    Folks, there's an innocuous thing that's annoying me. It seems that the Azure provider, when generating names by suffixing them with some random characters, doesn't use a hyphen separator between my name and that suffix. I vaguely remember that the AWS provider was not doing this. Is there something special about Azure (maybe limits?) so that the hyphen isn't used in the final generated names? For example, if I have a resource named
    aks-cluster
    it will generate something like
    aks-clustere624bc72
    , instead of
    aks-cluster-e624bc72
    .
    a
    e
    t
    • 4
    • 5
  • r

    rhythmic-vegetable-87369

    06/02/2020, 1:19 AM
    Hi all! I'm trying to use pulumi in my release pipeline and use blobs to maintain state. My release pipeline keeps on throwing the "Pulumi CLI login command failed" error. I have configured the env variables as well. Any ideas as to how I could get this sorted out? Thanks in advance.
    w
    c
    • 3
    • 4
  • r

    rhythmic-vegetable-87369

    06/02/2020, 3:37 AM
    azure:authorization:Assignment (Documents_Storage_BlobContributor):
    2020-06-02T03:34:10.4452081Z     error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '21b1f2bf-4c53-4095-9ce2-4af53127ba02' with object id '21b1f2bf-4c53-4095-9ce2-4af53127ba02' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/xxx/resourceGroups/matchnet-cloud-CI-rg/providers/Microsoft.Storage/storageAccounts/mndocs7bfc08c1/providers/Microsoft.Authorization/roleAssignments/412ec827-5f3e-8e4e-01d5-f62906xxx64c33b' or the scope is invalid. If access was recently granted, please refresh your credentials."
    2020-06-02T03:34:10.4454670Z
    Any ideas as to how I can get it fixed? Looks like the logged in user doesn't have permissions.
    • 1
    • 1
  • r

    rough-tomato-98795

    06/02/2020, 11:45 AM
    Hi, we keep receiving
    Error checking if CosmosDB Account "ugplv-qamsdn-logs-db" already exists (Resource Group "r669-inspire-cloud"): documentdb.DatabaseAccountsClient#CheckNameExists: Failure responding to request: StatusCode=500 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
    not sure if that's pulumi/terraform/azure problem.? But most likely seems like azure: https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/databaseaccounts/checknameexists#code-try-0 ?
  • p

    plain-tiger-79744

    06/02/2020, 4:08 PM
    Hi! Is it possibe to import an Azure Key Vault Key from another Azure Key Vault?
    t
    • 2
    • 5
  • b

    bitter-afternoon-8442

    06/02/2020, 5:43 PM
    https://www.pulumi.com/docs/reference/pkg/azure/appservice/functionappslot/ Is the FunctionAppSlot implemented? I just can't find it in the
    azure.appservice
    package. Using TypeScript with
    "@pulumi/azure": "^3.7.0"
    and
    "@pulumi/pulumi": "^2.3.0"
    . Thanks.
    t
    • 2
    • 2
  • r

    rhythmic-vegetable-87369

    06/03/2020, 6:19 AM
    Hi! How can I access my output from the azure pulumi task in another task in the same release pipeline?
    m
    t
    +2
    • 5
    • 51
  • b

    bitter-afternoon-8442

    06/03/2020, 1:12 PM
    Having problems to provision new CosmosDB Instances, seems like the problem is happening on the azure go sdk/azure api. Terraform AzureRM created a PR with a workaround on this problem: https://github.com/terraform-providers/terraform-provider-azurerm/pull/7189 Any idea when it'll be reflected on Pulumi after it's merged? (Not demanding or something like that, just curious about how is the process when there are changes in the Terraform Providers. 🙂)
    r
    t
    • 3
    • 3
  • a

    able-beard-29160

    06/03/2020, 9:26 PM
    This is not strictly related to Pulumi (I think), but maybe someone can point me in the right direction. I'm trying to create a service principal (as part of a CI/CD pipeline) and this is run using a non-owner service principal (it has the Contributor and User Access Administrator roles assigned), but I'm getting a permission error. Any ideas?
    azuread:index:Application (aks-app):
    error: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-06-03T11:41:37","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"97f0f1cd-7a27-4838-b226-534ce6003e08"}}]
    a
    • 2
    • 6
  • l

    limited-carpenter-34991

    06/04/2020, 7:50 AM
    Hi, does pulumi have an equivalent for
    az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"
    or what kind resources i have to create with pulumi to have a service principal, which is able to sign in to the subscription and has contributor rights to deploy new resources inside a cicd pipeline?
    a
    • 2
    • 3
Powered by Linen
Title
l

limited-carpenter-34991

06/04/2020, 7:50 AM
Hi, does pulumi have an equivalent for
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"
or what kind resources i have to create with pulumi to have a service principal, which is able to sign in to the subscription and has contributor rights to deploy new resources inside a cicd pipeline?
a

able-beard-29160

06/04/2020, 7:54 AM
I'm not 100% familiar with Azure, but from my understanding, what you want can be done like this: https://gist.github.com/igstan/7bed390f5d5bbb478167ca7b6f2c939b
The main thing to explore is that
azuread
package.
l

limited-carpenter-34991

06/04/2020, 9:51 AM
Ah ok thx. I will check this.
View count: 3