• d

    damp-honey-93158

    2 months ago
    has anyone got the pulumi code to enable container insights for a newly created AKS cluster? (I'm using C#). I've got the docs from m/soft on the subject (https://docs.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-onboard) just not sure how this translates to the ManagedCluster API or otherwise.
    d
    b
    5 replies
    Copy to Clipboard
  • d

    damp-honey-93158

    2 months ago
    OK, here's a challenge question: I've created an AKS cluster, it uses cert-manager and external-dns in order to provision certs for ingress rules via Lets Encrypt. We are very much using "ephemeral" environments - so clusters come and go frequently. This in turn causes us to hit the Lets Encrypt rate limits rather quickly. We have a multitude of projects using this ephemeral style setup - and each one uses a simple subdomain from a wildcard cert we have for their project. For example; if my project is called "cats", then my DNS subdomain (for which I'll have an Azure DNS Zone) would be cats.contoso.com - and as a happy developer I'll start provisioning stuff at flying.cats.contoso.com or sleepy.cats.contoso.com and so on. The point being I can do what I want within the "cats" subdomain. Finally my question: how do we ensure we don't hit rate limits? The cert-manager docs indicate that we should simply back up / restore the secrets for the (in our case) ClusterIssuer and the Ingress objects. While this seems conceptually easy (my first reaction was to say: "ok, lets use a key vault for this), it means we have to write code to store / retrieve the secret values. Is this an already solved problem for k8s using LE with cert-manager?
  • b

    bored-airplane-19518

    2 months ago
    Hi there, Wondering if there is native Pulumi support for using Azure KeyVault as the secrets store? I can only see it being used to store the encryption key, but I'd like to store our secret values there for better management of them. Aware I could use the Azure SDK to retrieve these secrets in code, but seems like there could/should be something built into the Pulumi to read/reference these secrets.
    b
    1 replies
    Copy to Clipboard
  • a

    ancient-solstice-53934

    2 months ago
    Hi, I have created an azure container registry 'acracr166usdevt' using pulumi native 1.66. I have used both the following methods to retrieve admin user and password var registry = GetRegistryCredentials.Invoke(new GetRegistryCredentialsInvokeArgs { ResourceGroupName = _settings.ResourceGroup, RegistryName = registryName }); but getting following errors 2022-07-25T18:32:48.1317669Z Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:containerregistry:getRegistryCredentials returned an error: request failed /subscriptions/............./resourceGroups/.............../providers/Microsoft.ContainerRegistry/registries/acracr166usdevt/getCredentials: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'acracr166usdevt' not found."") and var registry = GetRegistryCredentials.InvokeAsync(new GetRegistryCredentialsArgs() { ResourceGroupName = _settings.ResourceGroup, RegistryName = registryName }).GetAwaiter().GetResult(); at Task<int> Pulumi.Deployment+Runner.Pulumi.IRunner.RunAsync<TStack>(IServiceProvider serviceProvider)+() => { } 2022-07-25T18:12:50.0562862Z at Task<int> Pulumi.Deployment+Runner.RunAsync<TStack>(Func<TStack> stackFactory) ---> Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:containerregistry:getRegistryCredentials returned an error: request failed /subscriptions/......../resourceGroups/..................../providers/Microsoft.ContainerRegistry/registries/acracr166usdevt/getCredentials: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'acracr166usdevt' not found."") 2022-07-25T18:12:50.0564522Z at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request) 2022-07-25T18:12:50.0565245Z at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2 2022-07-25T18:12:50.0566041Z at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult) 2022-07-25T18:12:50.0567018Z at ContainerApp ....Pulumi.Resources.ContainerAppService.CreateContainerApp(string appName, Input<string> envId, Input<string> registryServer) in D😕a/1/s/build/pulumi/...Pulumi/Resources/ContainerAppService.cs:line 56 2022-07-25T18:12:50.0568101Z at void ........Pulumi.Resources.ContainerAppService.CreateContainerApp() in D😕a/1/s/build/pulumi/.......Pulumi/Resources/ContainerAppService.cs:line 30 2022-07-25T18:12:50.0569006Z at new ......Pulumi.CoreRuntimeStack() in D😕a/1/s/build/pulumi/.....Pulumi/CoreRuntimeStack.cs:line 18 2022-07-25T18:12:50.0569605Z --- End of inner exception stack trace
  • g

    gorgeous-accountant-60580

    1 month ago
    Hi! I’m trying to create a resource in Azure, that needs to be accessible from AKS. To do this, I’d like to look up the AKS vnet. Unfortunately, the azure-native.network.LookupVirtualNetwork() method takes a resource group name and the vnet name. The vnets for our AKS clusters have random names, but there should only be one vnet in the resource group. Is it possible to look up the vnet without knowing the name?
  • a

    ancient-solstice-53934

    1 month ago
    Hi, Is there any timeout constraint for Pulumi while creating large number of Azure resources? Sometime I see timeout error.
    a
    g
    +2
    4 replies
    Copy to Clipboard
  • r

    rough-window-15889

    1 month ago
    Hi I am looking to use Microsoft.Authorization/roleAssignmentScheduleRequests but it does not seem to be in the Pulumi azure-native api. Am I missing something? I thought the sdks always update to match Microsoft's APIs
  • j

    jolly-baker-26598

    1 month ago
    Hello, I tried to use the ARM conversion tool but it failed. it said my code was valid but it couldn't convert it. I generated the template from an existing resource in the portal so I would expect it to be be valid. Any ideas what's wrong? Here's the template
    {
        "$schema": "<https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#>",
        "contentVersion": "1.0.0.0",
        "parameters": {
            "staticSites_Feedbapp_name": {
                "defaultValue": "Feedbapp",
                "type": "String"
            }
        },
        "variables": {},
        "resources": [
            {
                "type": "Microsoft.Web/staticSites",
                "apiVersion": "2022-03-01",
                "name": "[parameters('staticSites_Feedbapp_name')]",
                "location": "Central US",
                "tags": {},
                "sku": {
                    "name": "Free",
                    "tier": "Free"
                },
                "properties": {
                    "repositoryUrl": <repo url>,
                    "branch": "main",
                    "stagingEnvironmentPolicy": "Enabled",
                    "allowConfigFileUpdates": true,
                    "provider": "GitHub",
                    "enterpriseGradeCdnStatus": "Disabled"
                }
            }
        ]
    }
    j
    g
    3 replies
    Copy to Clipboard
  • c

    clean-truck-93285

    1 month ago
    Under site config, there is a LinuxFxVersion that gets set. For me, it “DOTNETCORE|6.0”. If you running Windows, it netFrameworkVersion with a value. Example: “v6.0”. https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapp/#siteconfig
    c
    s
    9 replies
    Copy to Clipboard
  • j

    jolly-baker-26598

    1 month ago
    I'm using the typescript library to create a Static Web App but I don't see a way to provide app settings. How do I do that?