enough-kite-69616
05/19/2020, 2:51 PMpulumi up
enough-kite-69616
05/19/2020, 2:52 PMexport const tillerSA = new ServiceAccount('tiller',
{
kind: 'ServiceAccount',
});
// @ts-ignore
export const tillerCRB = new ClusterRoleBinding("tiller-cluster-admin",
{
roleRef: {
apiGroup: "<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>",
kind: "ClusterRole",
name: 'cluster-admin'
},
subjects: [{
kind: "ServiceAccount",
name: 'tiller',
namespace: "kube-system"
}]
})
enough-kite-69616
05/19/2020, 3:40 PMfamous-jelly-72366
05/20/2020, 12:12 PMkubectl get pod
must be doing something wrong :Sfamous-jelly-72366
05/20/2020, 1:38 PMazureActiveDirectory
property under roleBasedAccessControl
, but keeping rbac enabled things begin to behave as expected ... scratching my head 🤔famous-jelly-72366
05/20/2020, 1:44 PMenough-kite-69616
05/20/2020, 3:26 PMlet camelK = new Chart("camel-k", {
repo: "camel-k",
chart: "camel-k",
values: {
'platform.build.registry.address' : acr.loginServer,
'platform.build.registry.insecure' : !acr.adminEnabled
}
})
and I'm getting this error:
error: Error: Command failed: helm template /var/folders/_b/fnf5x33x71q84n1v5dtl90mw0000gn/T/tmp-45081RVV0QSVzTy32/camel-k --name-template camel-k --values /var/folders/_b/fnf5x33x71q84n1v5dtl90mw0000gn/T/tmp-45081RVV0QSVzTy32/camel-k/values.yaml --values /var/folders/_b/fnf5x33x71q84n1v5dtl90mw0000gn/T/tmp-45081cjOipuG2FUdg.yaml
Error: apiVersion 'v2' is not valid. The value must be "v1"
Error: apiVersion 'v2' is not valid. The value must be "v1"
gray-lawyer-89054
05/22/2020, 11:10 AMazure.network.PublicIp.get(
`${stackName}-public-ip`,
`/subscriptions/${azureSubscriptionId}/resourceGroups/${aksResourceGroup.name}/providers/Microsoft.Network/publicIPAddresses/${azurePublicIPName}`
);
ripe-russia-4239
05/25/2020, 10:04 AM"enableFreeTier": true
. I can’t find an equivalent property in the Pulumi Typescript SDK. Any ideas?kind-park-18928
05/25/2020, 11:49 AMlinuxFxVersion
that needs to be set? I've attempted the following, but each time the container settings get misconfigured.
1. DOCKER|<http://registryname.azurecr.io/image:tag|registryname.azurecr.io/image:tag>
causes the app service to pull from docker hub rather than ACR.
2. ACR|<http://registryname.azurecr.io/image:tag|registryname.azurecr.io/image:tag>
causes the app services to treat the app like a non-containerized (zip-deploy) app.
https://www.pulumi.com/docs/reference/pkg/azure/appservice/appservice/limited-carpenter-34991
05/27/2020, 11:05 AMsparse-intern-71089
05/27/2020, 11:53 AMlimited-carpenter-34991
05/27/2020, 1:43 PMvar resourceGroup = new ResourceGroup("resourceBla", new ResourceGroupArgs,
new CustomResourceOptions
{
ImportId = "/subscriptions/4711/resourceGroups/resourceBla"
});
azure:core:ResourceGroup resourceBla import [diff: ~name]; 1 warning
plain-tiger-79744
05/28/2020, 10:10 AMaz sql server ad-admin list --id
bitter-afternoon-8442
05/28/2020, 11:17 AMdata
keyword, but in Pulumi i'm not sure what's the best approach. I'm using the Typescript library.
Thanks!limited-carpenter-34991
05/28/2020, 12:18 PMkind-park-18928
05/28/2020, 4:37 PMserviceUri
.
Anyone know how to fetch this serviceUri
programmatically (yellow portion in diagram below) in a pulumi or terraform script?
It's generally of the form: https://$<container-registry-name>:XXXXXXXXXXXXX@<app-service-name>.<http://scm.azurewebsites.net/docker/hook|scm.azurewebsites.net/docker/hook>
kind-park-18928
05/29/2020, 6:49 AMhigh-scientist-88788
06/01/2020, 5:36 PMbetter-rainbow-14549
06/01/2020, 6:08 PMundefined
now is this a bug? i've been using it to configure some custom code and thought I could rely on it. $ARM_TENANT_ID is still set correctlyable-beard-29160
06/01/2020, 9:42 PMaks-cluster
it will generate something like aks-clustere624bc72
, instead of aks-cluster-e624bc72
.rhythmic-vegetable-87369
06/02/2020, 1:19 AMrhythmic-vegetable-87369
06/02/2020, 3:37 AMazure:authorization:Assignment (Documents_Storage_BlobContributor):
2020-06-02T03:34:10.4452081Z error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '21b1f2bf-4c53-4095-9ce2-4af53127ba02' with object id '21b1f2bf-4c53-4095-9ce2-4af53127ba02' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/xxx/resourceGroups/matchnet-cloud-CI-rg/providers/Microsoft.Storage/storageAccounts/mndocs7bfc08c1/providers/Microsoft.Authorization/roleAssignments/412ec827-5f3e-8e4e-01d5-f62906xxx64c33b' or the scope is invalid. If access was recently granted, please refresh your credentials."
2020-06-02T03:34:10.4454670Z
Any ideas as to how I can get it fixed? Looks like the logged in user doesn't have permissions.rough-tomato-98795
06/02/2020, 11:45 AMError checking if CosmosDB Account "ugplv-qamsdn-logs-db" already exists (Resource Group "r669-inspire-cloud"): documentdb.DatabaseAccountsClient#CheckNameExists: Failure responding to request: StatusCode=500 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF
not sure if that's pulumi/terraform/azure problem.? But most likely seems like azure: https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/databaseaccounts/checknameexists#code-try-0 ?plain-tiger-79744
06/02/2020, 4:08 PMbitter-afternoon-8442
06/02/2020, 5:43 PMazure.appservice
package. Using TypeScript with "@pulumi/azure": "^3.7.0"
and "@pulumi/pulumi": "^2.3.0"
.
Thanks.rhythmic-vegetable-87369
06/03/2020, 6:19 AMbitter-afternoon-8442
06/03/2020, 1:12 PMable-beard-29160
06/03/2020, 9:26 PMazureadindexApplication (aks-app):
error: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-06-03T114137","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"97f0f1cd-7a27-4838-b226-534ce6003e08"}}]
limited-carpenter-34991
06/04/2020, 7:50 AMaz ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/SUBSCRIPTION_ID"
or what kind resources i have to create with pulumi to have a service principal, which is able to sign in to the subscription and has contributor rights to deploy new resources inside a cicd pipeline?