https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • g

    glamorous-helmet-50600

    05/10/2021, 1:48 PM
    Hey guys, how do you normally manage Certificates through Pulumi? I find it weird that the response from
    AzureNative.Web.GetCertificate.InvokeAsync
    is not coming with the PfxBlob populated, which makes it impossible for me to regenerate the CertificateArgs properly, resulting in pulumi finding a diff where it shouldn't. I don't think this is necessarily an issue with Pulumi as I've tested getting the certificate using Postman and it also comes back without the pfxBlob populated...so I'm just wondering now how I should go about this.
  • w

    white-cat-6621

    05/10/2021, 2:03 PM
    Hey folks, I'm trying to create a Kubernetes cluster (aks) with the network_configuration=AzureCni, and I don't find a way to choose an existing VNet. Is it possible? (notice that it is possible through the portal) and if so, how? Either way, how can we expose some of our pods/services with external IP - if it's possible?
  • e

    enough-butcher-66045

    05/10/2021, 8:40 PM
    hey peeps, I was able to create Key Vault Access Policies directly before... what's the approach with azure native?
    • 1
    • 1
  • e

    enough-butcher-66045

    05/10/2021, 8:41 PM
    the docs seem to suggest I need to do it w/the "new KeyVault" object, but if I set new access policies, wouldn't it delete the old ones as well?
  • e

    enough-butcher-66045

    05/10/2021, 8:41 PM
    the idea is my "core" stack creates some policies and then each app defines it's own access policies on top of that
  • e

    enough-butcher-66045

    05/10/2021, 8:41 PM
    it's obviously not practical for the apps to know the "core" policies
  • e

    enough-butcher-66045

    05/10/2021, 8:49 PM
    var vault = await GetVault.InvokeAsync(new GetVaultArgs
                {
                    ResourceGroupName = "blah",
                    VaultName = "blah"
                });
    
                vault.Properties.AccessPolicies.Add();
  • e

    enough-butcher-66045

    05/10/2021, 8:49 PM
    would I do something like that?
  • h

    handsome-state-59775

    05/10/2021, 8:51 PM
    As part of storage account replacement, the nested file share as well was marked for replacement in preview, however, during the actual update, the following error stops it all:
    Diagnostics:
      azure-native:storage:FileShare (fileShare):
        error: cannot check existence of resource '/subscriptions/****/resourceGroups/****/providers/Microsoft.Storage/storageAccounts/****/fileServices/default/shares/****': status code 400, {"error":{"code":"FeatureNotSupportedForAccount","message":"File is not supported for the account."}}
    Any insights?
    ✅ 1
    s
    • 2
    • 5
  • e

    enough-butcher-66045

    05/10/2021, 10:30 PM
    I'm running into a bunch of issues 😞 When I run
    pulumi up
    I get an exception.
    Exception 0xc0000005 0x0 0x7ffd826b0fff 0x1500ac40000
     
    PC=0x1500ac40000
     
    runtime: unknown pc 0x1500ac40000
    If I run it again, then I get a different error: pulumi😛roviders:azure (default_4_1_0): error: could not read plugin [C:\Users\FabricioSodano\.pulumi\plugins\resource-azure-v4.1.0\pulumi-resource-azure.exe] stdout: EOF The plugin is there.
    pulumi plugin install
    doesn't do anything. pulumi plugin rm and then installing them again produces the same error. This application is using azure-native and azure because I can't create KeyVault Access policies as standalone resources, and hence need to use the azure provider. @tall-librarian-49374 says it should work.
    s
    • 2
    • 9
  • e

    enough-butcher-66045

    05/10/2021, 10:34 PM
    using pulumi v3.2.1
  • s

    steep-beard-51313

    05/11/2021, 1:03 PM
    Hello everybody, I am a bit stuck with automating an AKS deployment through pulumi. My specific pain is that I would like to use the "azure cni" network plugin, but I can't figure out the right options for KubernetesClusterNetworkProfile to make it use an existing subnet within an existing vnet. I would also be fine with creating a new vnet and / or subnet, but then I would need to control the addressing, such that I can peer it with another vnet afterwards. Its a piece of cake in azure portal, but I can't figure it out in Pulumi:
    r
    • 2
    • 4
  • b

    brave-winter-60074

    05/11/2021, 1:59 PM
    Hi everybody We are using pulumi for our IaC and Azure DevOps pipelines for build, Iac, deploy etc in one pipeline pr microservice. We now want to take the project further and start having staging and production environments as well. How to handle this in a smart way when using Pulumi? Azure DevOps Releases doesnt seem to fit our needs and we don’t think its a good idea that every develop can update the “prod” pulumi stacks and we would also like to have some kind of gate when going from staging to production. Any thoughts, articles or ideas? Thanx in advance
    e
    r
    • 3
    • 25
  • h

    handsome-state-59775

    05/12/2021, 8:39 AM
    How can I add a GPU node pool to AKS? I'm looking to avoid creating a separate namespace, and the approach given in the link below requires passing custom headers - not sure how to do that via Pulumi: https://docs.microsoft.com/en-us/azure/aks/gpu-cluster#use-the-aks-specialized-gpu-image-on-existing-clusters-preview Any insights?
    c
    • 2
    • 1
  • b

    billowy-army-68599

    05/12/2021, 11:37 PM
    hi all. I would love to get some ideas from the community - what was most confusing about Azure when you got started? Is there any parts of Azure documentation that were "missing" ? I'm looking to create some content here that helps users - focusing mostly on Azure and not Pulumi
    w
    • 2
    • 1
  • w

    worried-knife-31967

    05/13/2021, 2:37 PM
    Has anyone seen an example of using pulumi to do a slot switch deployment?
    ❓ 1
    w
    s
    • 3
    • 2
  • w

    worried-knife-31967

    05/14/2021, 11:42 AM
    @tall-librarian-49374 does the native provider allow for Deployment Slot settings or "sticky" configuration?
    c
    • 2
    • 4
  • g

    glamorous-lifeguard-90201

    05/17/2021, 10:00 AM
    Does anyone know where I can find best practices or examples with regard to mapping between Azure management groups, subscriptions and resource groups and Pulumi stacks? I am looking for a logical way to organize our Pulumi code base.
    b
    • 2
    • 2
  • r

    rhythmic-vegetable-87369

    05/18/2021, 3:40 AM
    Hi there, I would like to get the connection string of a sql database when I pass in the name. How can I go about achieving this?
  • r

    rhythmic-vegetable-87369

    05/18/2021, 3:41 AM
    FYI, I'm using the Pulumi.Azure.MSSql namespace to create it
  • l

    little-orange-65618

    05/18/2021, 6:34 PM
    Did something change, I keep getting this when creating storage account blob containers (and it didn't happen at all last week 0->100%):
    azure-native:storage:BlobContainer silver creating error: cannot check existence of resource '/subscriptions/.../resourceGroups/cinsights-tiny-emea-rg/providers/Microsoft.Storage/storageAccounts/cinsightstinyemeasa/blobServices/default/containers/silver': status code 500, {"error":{"code":"InternalError","message":"Server encountered an internal error. Please try again after some time.\nRequestId:...\nTime:2021-05-18T18:05:15.3099349Z"}}
    t
    • 2
    • 3
  • i

    icy-jordan-58549

    05/19/2021, 4:38 AM
    Team, looks like typescript definitions embedded in one single package (azure-native) drains tons of resources on development machine, is it possible to divide the package into multi-package / plugin per namespace? Something like:
    @pulumi/azure-native-network
    . Another possible solutions would be to not create one giant input types definition file and make it per namespace. Thanks
    b
    t
    g
    • 4
    • 9
  • m

    melodic-byte-32771

    05/19/2021, 7:28 AM
    Hi 😉 is there a way to get the secret with the azure-native provider?
    b
    • 2
    • 1
  • b

    better-shampoo-48884

    05/19/2021, 8:33 AM
    Wondering if this is a bug worth reporting or if it's very particular to whatever I'm doing "wrong" 🙂 (pasting a screenshot rather than a text dump as it'll be easier to grok): All I'm trying to do is update a Tag on all resources (description: test2, changed from description: test1). The way I've set up the network is that I create the vnet first - then I create subnets + nsgs in paralell after that. It seems like for some godforsaken reason (though hopefully just a stupid error message rather than planned activity) it tries to DELETE an existing subnet in order to change its tags.. Anyone else encounter this?
    t
    • 2
    • 3
  • h

    handsome-state-59775

    05/19/2021, 2:35 PM
    As part of setting up an AKS cluster, I create a system node pool and one or more user node pools - with the system node pools to be reserved for system pods via a taint. For whatever reason, the first stack I brought up did not apply the taint to the system node pool (maybe I had a bug in there at the time), but every new stack gets it. Now that the taint is being applied properly, I expect it to be applied to the first stack when I do a
    pulumi up -r --skip-preview -y
    on it as an update - however, this is not the case. Code in thread; any insights?
    • 1
    • 2
  • w

    worried-knife-31967

    05/20/2021, 12:50 PM
    https://github.com/pulumi/pulumi-azure/issues/896 this one is slightly worrying @tall-librarian-49374... State updated with empty information when Azure fails to create something... Very confusing. It was a mistake in my code that caused it, but I would have expected the library to not force me to do refreshes to remove an erroneously added thing. Is this potentially a wider thing?
    t
    • 2
    • 5
  • l

    limited-eve-38521

    05/20/2021, 3:01 PM
    Good morning, I was looking to do the pulumi equivalent of the az cdn command with min tls 1.2 and a managed cert (https://docs.microsoft.com/en-us/cli/azure/cdn/custom-domain?view=azure-cli-latest) AFDCustomDomain has exactly what i was expecting https://www.pulumi.com/docs/reference/pkg/azure-native/cdn/afdcustomdomain/
    tlsSettings: {
            certificateType: "ManagedCertificate",
            minimumTlsVersion: "TLS12",
        },
    But I dont see that with CustomDomain if i want to avoid FrontDoor? https://www.pulumi.com/docs/reference/pkg/azure-native/cdn/customdomain/ I was thinking of combining CustomDomain with ManagedCertificate https://www.pulumi.com/docs/reference/pkg/azure/appservice/managedcertificate/ but don't know how to get the min tls set as well?
    t
    r
    • 3
    • 9
  • e

    eager-byte-63000

    05/21/2021, 9:16 AM
    Hello there! Is anybody aware about a proper way to migrate documentdb DatabaseAccountSqlDatabase and DatabaseAccountSqlContainer recourses to azure-native? TL;DR: Following the migration guide, when I try to execute 
    pulumi import azure-native:documentdb:DatabaseAccountSqlDatabase databaseName databaseName
    I get the following error:
    azure-native:documentdb:DatabaseAccountSqlDatabase:
        error: azure-native:documentdb:DatabaseAccountSqlDatabase resource '[dbname]' has a problem: missing required property 'options'
        error: azure-native:documentdb:DatabaseAccountSqlDatabase resource '[dbname]' has a problem: missing required property 'resource'
        error: Preview failed: one or more inputs failed to validate
    If I execute 
    pulumi import azure-native:documentdb:SqlResourceSqlDatabase databaseName /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.DocumentDB/databaseAccounts/ddb1/sqlDatabases/databaseName
     apparently it imports db successfully but it doesn't go well for containers: when I execute 
    pulumi import azure-native:documentdb:SqlResourceSqlContainer containerName /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.DocumentDB/databaseAccounts/ddb1/sqlDatabases/databaseName/sqlContainers/containerName
     I get the following error:
    azure-native:documentdb:SqlResourceSqlContainer:
        error: Preview failed: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="The request path <https://cdbmgmtprodsg.documents.azure.com:450/subscriptions/[id]/resourceGroups/[resourceGroup]/providers/Microsoft.DocumentDB/databaseAccounts/[dbAccount]/sqlDatabases/uploaddb/sqlContainers/[containerName]?api-version=2021-01-15> is invalid.\r\nActivityId: 7d3e4a6e-0f4d-4fdf-9af7-e4951e98c388, Microsoft.Azure.Documents.Common/2.11.0"
    Any help is very appreciated!
    b
    • 2
    • 4
  • b

    better-shampoo-48884

    05/21/2021, 11:32 AM
    Trying to figure out how to scope this to the correct subscription: https://www.pulumi.com/docs/reference/pkg/azure-native/containerservice/listmanagedclusteradmincredentials/ The code is inside a ComponentResource which has a provider attached:
    const currentKubeconfig = pulumi.all([aks.name, args.group[group.location].name]).apply(([clusterName, rgName]) => {
                                return azure.containerservice.listManagedClusterAdminCredentials({
                                    resourceGroupName: rgName,
                                    resourceName: clusterName,
                                })
                            })
    It seems I can attach a provider to the listManagedClusterAdmin - but how would I get that from the parent ComponentResource?
    • 1
    • 1
  • t

    tall-scientist-89115

    05/21/2021, 3:40 PM
    Hey we noticed this morning our primary cluster was trying to swap out the vnet (and failing because it has resources), because someone on the team npm installed azure-native 1.7 and the (default) azure-native provider that created the resource was at 1.5. I guess locking versions would work.. but every time we upgrade azure-native we're going to have to rebuild the cluster? Did the arm interface change? I Was a bit surprised at this behavior from a minor release
    b
    l
    t
    • 4
    • 18
Powered by Linen
Title
t

tall-scientist-89115

05/21/2021, 3:40 PM
Hey we noticed this morning our primary cluster was trying to swap out the vnet (and failing because it has resources), because someone on the team npm installed azure-native 1.7 and the (default) azure-native provider that created the resource was at 1.5. I guess locking versions would work.. but every time we upgrade azure-native we're going to have to rebuild the cluster? Did the arm interface change? I Was a bit surprised at this behavior from a minor release
b

billowy-army-68599

05/21/2021, 3:46 PM
can you share the diff?
l

limited-eve-38521

05/21/2021, 3:58 PM
Untitled
specifically
[provider: urn:pulumi:prod-cluster::infra::pulumi:providers:azure-native::default_1_5_0::5472e0f4-f1bc-4d9f-8aa5-4818dd7b1307 => urn:pulumi:prod-cluster::infra::pulumi:providers:azure-native::default_1_7_0::3726aa65-bea9-4a3e-93ed-6c7fd82df168]
b

billowy-army-68599

05/21/2021, 4:01 PM
can you open an issue for this? that doesn't look right
l

limited-eve-38521

05/21/2021, 4:05 PM
will do
t

tall-librarian-49374

05/21/2021, 4:08 PM
Sounds like https://github.com/pulumi/pulumi-azure-native/issues/611
Did you run a refresh before you got this diff?
l

limited-eve-38521

05/21/2021, 4:16 PM
ill try that
same diff after refresh
regarding the version change
t

tall-librarian-49374

05/21/2021, 4:26 PM
I don’t think it’s related to the version. You’ll get it on refresh without a version update.
We haven’t changed the API version of the virtual network resource since 1.0 https://github.com/pulumi/pulumi-azure-native/blame/master/sdk/dotnet/Network/VirtualNetwork.cs
l

limited-eve-38521

05/21/2021, 4:31 PM
regarding the subnet issue i believe https://github.com/pulumi/pulumi-azure-native/issues/611 is it
that happens whether we lock azure-native to 1.5 or not
adding
{ ignoreChanges: ["subnets"] },
to the VirtualNetwork fixed it for us for now
t

tall-scientist-89115

05/21/2021, 5:04 PM
so if we rebuild this cluster, what's the best practice to avoiding this bug for now? Use the classic provider for the vn and az native for the subnets?
the other workaround mentioned in that ticket,
{ ignoreChanges: ['subnets'] }
, just resulted in the preview not showing the subnet replacement, but the update itself trying to create one
I took it to the ticket
View count: 3