• e

    eager-wall-56838

    7 months ago
    https://github.com/adriangb/xpresso-gke-demo I made a demo repo for a web framework I'm working on. I wanted to test the framework in a "production setting", but it also gave me the chance to try/learn Pulumi. I ended up with what I think is a pretty nice self contained GKE + CloudSQL example. Notably, I got CloudSQL auth via CloudSQL Proxy using Workload Identity working. Maybe I just couldn't find it, but I think this is the only full example of this pattern out there, written in Pulumi or otherwise. Any feedback is appreciated!
    e
    1 replies
    Copy to Clipboard
  • s

    sparse-intern-71089

    7 months ago
    This message was deleted.
    s
    p
    2 replies
    Copy to Clipboard
  • l

    lemon-wire-69305

    7 months ago
    Hi all, I'm creating a service account where I need certain permissions set to allow my compute engine instance to be able to write to a storage bucket. In order to do that, I figured I'd need to create a custom role and assign that to the service account. So far I've got:
    const org = gcp.organizations.getOrganization({
      domain: "my-org-name",
    });
    
    const myRole = new gcp.organizations.IAMCustomRole("role-xyz", {
      description: "xyz",
      orgId: org.then(o => o.orgId),
      permissions: [
        "storage.objects.create",
        "storage.objects.delete",
        "storage.objects.get",
        "storage.objects.list",
        "storage.objects.update",
      ],
      roleId: "my-role-id",
      title: "My New Role",
    });
    When I
    pulumi up
    I get the following error:
    * Unable to verify whether custom org role organizations/<my-org-id>/roles/my-role-id already exists and must be undeleted: Error when reading or editing Custom Organization Role "organizations/<my-org-id>/roles/my-role-id": googleapi: Error 400: The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}"., badRequest
    Any idea what's happening? The error message contains the correct org id, and I've checked in GCP Console and no role has been created. Thanks for your help!
    l
    3 replies
    Copy to Clipboard
  • l

    lemon-wire-69305

    7 months ago
    Hi all, I'm looking into running managed compute instances with docker containers atm and thought I'd see if anyone has any tips? The plan is to create my own docker image and put it in the container registry via CloudBuild. The templates would then reference my custom image (I'm not sure exactly how that would work just yet). If you're able to share any info regarding the setup and / or performing updates that'd be really useful. The compute instances will be hosting a number of websites so ideally updates would result in zero downtime.
    l
    1 replies
    Copy to Clipboard
  • e

    eager-thailand-33661

    6 months ago
    Hi, anyone trying out Pulumi with GCP data catalog? I've have troubles importing existing datacatalog entries but getting a reference using getEntry() works just fine. As an example, I have a pubsub topic created by pulumi that is automatically picked up by datacatalog. I can get a reference to that topic using getEnty resulting in:
    get-o40-entry-export         : {
            integrated_system          : "CLOUD_PUBSUB"
            linked_resource            : "//pubsub.googleapis.com/projects/mathem-m-test/topics/o40-topic"
            name                       : "projects/mathem-m-test/locations/global/entryGroups/@pubsub/entries/cHJvamVjdHMvbWF0aGVtLW0tdGVzdC90b3BpY3MvbzQwLXRvcGlj"
            source_system_timestamps   : {
                create_time: "2022-02-25T17:08:36.192Z"
                update_time: "2022-02-25T17:08:36.192Z"
            }
            type                       : "DATA_STREAM"
        }
    Since that datacatalog entry already exists, I want to import it to Pulumi but then I get a response that the resource doesn't exist.
    pulumi import google-native:datacatalog/v1:Entry o40-entry projects/mathem-m-test/locations/global/entryGroups/@pubsub/entries/cHJvamVjdHMvbWF0aGVtLW0tdGVzdC90b3BpY3MvbzQwLXRvcGlj
    
    =>
     Type                                   Name                Plan       Info
         pulumi:pulumi:Stack                    datapipelines-prod             1 error
     =   └─ google-native:datacatalog/v1:Entry  o40-entry           import     1 error
     
    Diagnostics:
      google-native:datacatalog/v1:Entry (o40-entry):
        error: Preview failed: resource 'projects/mathem-m-test/locations/global/entryGroups/@pubsub/entries/cHJvamVjdHMvbWF0aGVtLW0tdGVzdC90b3BpY3MvbzQwLXRvcGlj' does not exist
    Should I use a different resource name for the entry? The Entry resource seems to be referenced by a combination of an entry_group_id and an entry_id when using the getEntry function or when creating a custom Entry. Running gcloud data-catalog also returns that entry:
    gcloud data-catalog entries describe cHJvamVjdHMvbWF0aGVtLW0tdGVzdC90b3BpY3MvbzQwLXRvcGlj --location=global --entry-group=@pubsub
    
    =>
    integratedSystem: CLOUD_PUBSUB
    linkedResource: //pubsub.googleapis.com/projects/mathem-m-test/topics/o40-topic
    name: projects/mathem-m-test/locations/global/entryGroups/@pubsub/entries/cHJvamVjdHMvbWF0aGVtLW0tdGVzdC90b3BpY3MvbzQwLXRvcGlj
    sourceSystemTimestamps:
      createTime: '2022-02-25T17:08:36.192Z'
      updateTime: '2022-02-25T17:08:36.192Z'
    type: DATA_STREAM
    e
    g
    2 replies
    Copy to Clipboard
  • m

    modern-tent-49484

    6 months ago
    Is it not possible to add labels to things using the
    google-native
    provider?
    m
    g
    10 replies
    Copy to Clipboard
  • f

    future-window-78560

    6 months ago
    Hey everyone! I have followed this https://www.pulumi.com/blog/build-publish-containers-iac/ documentation 100 percent but I have no idea why am I continuously getting this error on image push to the artifact repository. Although this was working fine for me, a few months back. Any idea anyone?
    f
    f
    2 replies
    Copy to Clipboard
  • c

    cuddly-father-4905

    6 months ago
    Using
    @pulumi/google-native
    (Node.js, if that makes a difference), I'm attempting to import an existing project I'm using
    const project = new Project('foo', {
      // config
    }, {
      import: '<project-id>'
    });
    but I get an error saying
    error: resource '<project-id>' does not exist
    If I run
    gcloud projects list
    then I can see the project When importing the project, do I need to provide the identifier in a different format? For reference, I've also tried importing the project number, but didn't have any luck with that either Any suggestions would be much appreciated, thanks 🙂
    c
    b
    +1
    4 replies
    Copy to Clipboard
  • a

    astonishing-gpu-28317

    6 months ago
    does anyone use cloud build to deploy cloud run? we add environment variables during build that aren’t knowable during pulumi up, e.g. the code version being deployed. this causes problems because when we run
    pulumi up
    , those environment variables are removed by pulumi because they’re not defined in our pulumi cloud run profile
    a
    g
    7 replies
    Copy to Clipboard
  • e

    eager-thailand-33661

    6 months ago
    e
    b
    9 replies
    Copy to Clipboard