https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    better-rainbow-14549

    02/19/2019, 9:45 AM
    I changed an azure.network.PublicIp's definition from using
    publicIpAddressAllocation
    to
    allocationMethod
    and it takes absolutely ages. is it getting a new IP? i thought it was just a property rename?
    g
    • 2
    • 4
  • i

    important-leather-28796

    02/19/2019, 3:29 PM
    I’m a typescript user and new to pulumi. I see that the sample
    index.ts
    has certain things
    clusterName, kubeconfig
    exported, but there is no explanation why. I’m assuming pulumi needs these named exports, but feeling a bit in the dark. I’m expecting the ts to be strongly typed; I was expecting to export something conforming to an
    interface
    for example.
    g
    • 2
    • 16
  • c

    colossal-beach-47527

    02/19/2019, 4:30 PM
    Hey everyone, I’ll be giving a webinar on using Pulumi with CircleCI today at 10AM PST (in an hour and a half). If you are interested in ⚡SUPERCHARGING⚡ the CD in CI/CD check it out. https://www2.circleci.com/CircleCI-Pulumi-Webinar.html
    ⚡ 4
  • b

    busy-umbrella-36067

    02/19/2019, 6:42 PM
    I’m seeing some weird behavior with k8s ingress annotations. I just recently added an aws security group to an annotation for a k8s ingress. However, using the
    .apply
    method causes all of the annotations to be planned for removal. I would expect Pulumi to wait until the security group is created to modify the Ingress (display the new annotation value as computed), is there a better way to go about this?
    let Ingress = new k8s.extensions.v1beta1.Ingress("xxxxxxx-xxx", {
          metadata: {
            annotations: {
              '<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>': 'alb',
              '<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>': awsCertificate.arn,
              '<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>': '[{"HTTPS": 443}]',
              '<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>': 'internet-facing',
              '<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>': 'ip',
              '<http://alb.ingress.kubernetes.io/security-groups|alb.ingress.kubernetes.io/security-groups>': securityGroup.id.apply(id => {return id})
            }
          },
    ~ kubernetes:extensions/v1beta1:Ingress: (update)
            [id=default/xxxx-xx-xxx]
            [urn=urn:pulumi:xxxxxx-staging::xxxxxxxxx::kubernetes:extensions/v1beta1:Ingress::xxxxxx-xxxxxxx]
          ~ metadata  : {
              ~ annotations: {
                  - <http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>        : "arn:aws:acm:xx-west-1:xxxxxxxxxxxx:certificate/xxxxxxxxxxxxx"
                  - <http://alb.ingress.kubernetes.io/inbound-cidrs|alb.ingress.kubernetes.io/inbound-cidrs>          : "xxxxxxxxxxxxxx"
                  - <http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>           : "[{\"HTTPS\": 443}]"
                  - <http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>                 : "internet-facing"
                  - <http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>            : "ip"
                  - <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>                      : "alb"
                }
            }
    g
    • 2
    • 15
  • i

    important-leather-28796

    02/19/2019, 6:53 PM
    @colossal-beach-47527 - regarding blue/green question in the webinar: we have an integration tested set of images for services/pods that run behind traefik for routing. Given that these images are tested together, it would be preferable to stand them up as a group vs let individual services come on-line and have a heterogeneous set of versioned services for some amount of time. The thought for blue/green would be (assuming
    blue
    is currently running): 1. stand up a new set of integration tested images as
    green
    2. smoke test 3. apply update to the traefik service to route to the
    green
    stack 4. tear down the
    blue
    stack Am I overthinking this? In all likelihood the heterogeneous set of services will be fine but I am just trying to identify all potential points of failure for CD. Any thoughts welcome with regards to strategy and pulumi usage
    c
    • 2
    • 5
  • b

    brave-salesmen-42327

    02/19/2019, 8:41 PM
    Using pulumi config, and pulumi secrets, stored locally and encrypted. There is some help text that pops out that says
    set PULUMI_CONFIG_PASSPHRASE to remember
    but when I do that, it does't seem to work.
    [git::secrets]$ echo ${PULUMI_CONFIG_PASSPHRASE}
    secret
    [git::secrets]$ p config --show-secrets
    Enter your passphrase to unlock config/secrets
        (set PULUMI_CONFIG_PASSPHRASE to remember):
    error: incorrect passphrase
    [git::secrets]$
    Ed. Note: I just pressed enter here, resulting in the 'incorrect passphrase' message. To show that it is the correct password stored in my config passphrase shell var:
    [git::secrets]$ p config --show-secrets
    Enter your passphrase to unlock config/secrets
        (set PULUMI_CONFIG_PASSPHRASE to remember):
    KEY         VALUE
    aws:region  us-east-1
    info        useless
    secrets     SuperSecret
    g
    • 2
    • 9
  • b

    blue-answer-29496

    02/19/2019, 9:01 PM
    Are there any plans to have an ability to do a CLI prompt based setting of config values? Like I could define questions to ask that are used to set config values to make it a bit easier to configure application options.
  • b

    blue-answer-29496

    02/19/2019, 9:01 PM
    Instead of having to have the user RTFM and do several pulumi config set commands
    g
    • 2
    • 3
  • f

    faint-vegetable-61837

    02/19/2019, 9:04 PM
    hi, I got an error when running
    pulumi update
    on a stack to create RDS instances. Got
    failed to complete update: [404] Not Found: Update '1ac5fad4-38d6-465e-9b21-742c277e252a' not found
    error on one of the instances. It was actually created in AWS. Followed the steps in the troubleshooting guide (cancel update, export / import, refresh). This does not pick up the created instance. When I try to run
    pulumi update
    again, it fails because the instance already exists. Would be great if there were a better way to handle it - instead of cancelling update, resolving it manually by pointing at the created resource ARN, for example
    • 1
    • 1
  • i

    important-leather-28796

    02/19/2019, 9:15 PM
    If I want to debug the config and try the following in
    index.ts
    , should this work:
    import { Config } from '@pulumi/pulumi'
    
    const config = new Config()
    export const dbUser = config.require('dbUser')
    with
    pulumi stack output dbUser
    ? Currently I get
    error: current stack does not have output property 'dbUser'
    g
    • 2
    • 2
  • i

    important-leather-28796

    02/19/2019, 10:40 PM
    Getting an optional string[] from the config seems more difficult than necessary - am I missing something?
    let additionalZones: string[] = []
    if (config.get('clusterAdditionalZones')) {
      additionalZones = config.get('clusterAdditionalZones')!.split(',')
    }
    export const clusterAdditionalZones = additionalZones
    with config yml:
    config:
      deployment:clusterAdditionalZones: us-central1-a,us-central1-b
    I tried a string[] in the yaml and it rejected it with
    line 7: cannot unmarshal !!seq into string
    g
    • 2
    • 1
  • h

    helpful-ice-5738

    02/19/2019, 10:43 PM
    example seems wacky in this documentation: https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/apigateway/#Method
    A map of request query string parameters and headers that should be passed to the integration. For example:
    
    import * as pulumi from "@pulumi/pulumi";
    would define that the header X-Some-Header and the query string some-query-param must be provided on the request, or
    s
    • 2
    • 4
  • b

    brainy-magician-83981

    02/20/2019, 1:27 AM
    Hi, I've created an S3 bucket with my stack. I want to to copy files from another bucket created outside my stack. Can this be done with Pulumi? (Easy to do with aws s3 cp cli)
  • i

    incalculable-angle-91273

    02/20/2019, 2:15 AM
    I’m deploying a helm chart and I want to not include an object in the chart. Specifically in the istio helm chart there is an
    istio-autogenerated-k8s-ingress
    Gateway object that I don’t want to deploy. Can I use a transformation to achieve this? I tried using a
    delete obj
    and
    obj = {}
    but it still deploys the gateway.
  • i

    important-leather-28796

    02/20/2019, 2:04 PM
    I’m creating a
    new gcp.container.Cluster
    , having a few problems mapping the last few cli options. I tried
    nodePools
    but it doesn’t seem like the right thing based on the docs and it doesn’t typecheck. Where can I find these mappings or are they unsupported? doc: https://pulumi.io/reference/pkg/nodejs/@pulumi/gcp/container/#Cluster
    gcloud beta container clusters create \
      --enable-autorepair \
      --enable-autoscaling \
      --enable-autoupgrade \
      --enable-cloud-logging \
      --enable-cloud-monitoring \
  • i

    important-leather-28796

    02/20/2019, 3:14 PM
    An innocuous mistake in
    pulumi-kubernetes
    package.json is preventing a green build for us. I have PR’d a fix. A hotfix release would be appreciated. https://github.com/pulumi/pulumi-kubernetes/pull/441
    g
    • 2
    • 9
  • c

    colossal-beach-47527

    02/20/2019, 4:09 PM
    In case you missed yesterday’s presentation on how to ⚡SUPERCHARGE⚡ your CI/CD using Pulumi and CircleCI Orbs, the video has been posted on YouTube:

    https://youtu.be/_TAnuA1_AVQ▾

    📺 2
    ⚡ 2
  • b

    busy-daybreak-68237

    02/20/2019, 4:34 PM
    Hello, I created a Pulumi nginx service on fargate. The URL provided doesn't load because no internet gateway was setup
  • b

    busy-daybreak-68237

    02/20/2019, 4:34 PM
    What's the correct way to get that all setup?
    g
    • 2
    • 16
  • b

    busy-daybreak-68237

    02/20/2019, 4:34 PM
    I just followed the example here
  • b

    busy-daybreak-68237

    02/20/2019, 4:35 PM
    https://pulumi.io/quickstart/cloudfx/tutorial-service.html
  • c

    chilly-dusk-63796

    02/20/2019, 6:03 PM
    😛artypus-8bit: Coming up 😛artypus-8bit: : Our first meetup at our Seattle HQ tomorrow night starting at
    6:30pm
    - join us for free food, drinks, swag, and most importantly - great talks! https://www.meetup.com/Pulumi-Seattle/events/258138687/
    👍 1
    e
    • 2
    • 1
  • l

    lemon-greece-30910

    02/20/2019, 7:22 PM
    Hi, how do i attach persistent storage to a container? i have followed the tutorials and am able to successfully create a container running nginx (following: https://pulumi.io/quickstart/cloudfx/tutorial-service.html). but i am unable to find an example of how to attach a persistent volume. i can create a EFS (given in the example at: https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/efs/), but i cant figure out how to attach it to the container. is anyone able to provide an example of how i do this? any help is appreciated.
    b
    • 2
    • 2
  • h

    helpful-ice-5738

    02/20/2019, 7:27 PM
    I’m baaack with more api questions, I’m guessing for @lemon-spoon-91807… have you been able to get an IntegrationResponse working? I’m a little confused because in AWS, I expect to have to associate an integration response with the method response but there’s no argument for that 😕 I have
    const _301_method = new aws.apigateway.MethodResponse("301Method", {
        httpMethod: demo_method_get.httpMethod,
        resourceId: demo_resource_with_params.id,
        restApi: demo_api.id,
        statusCode: "301",
        responseParameters: {"method.response.header.Location": true}
    });
    
    const _301_integration = new aws.apigateway.IntegrationResponse("301Integration", {
        httpMethod: demo_method_get.httpMethod,
        resourceId: demo_resource_with_params.id,
        restApi: demo_api.id,
        statusCode: _301_method.statusCode,
        responseParameters: {"method.response.header.Location": true}
    }, {dependsOn: [demo_integration_get, _301_method]});
    and get the response from AWS:
    Plan apply failed: Error creating API Gateway Integration Response: BadRequestException: Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: 1]
    l
    • 2
    • 15
  • f

    full-dress-10026

    02/20/2019, 7:49 PM
    I seem to consistently get this "failure" when running
    pulumi up
    with my `FargateService`:
    updating urn:pulumi:app-dev::app::awsx:x:ecs:FargateService$aws:ecs/service:Service::http-backend: timeout while waiting for state to become 'true' (last state: 'false', timeout: 10m0s)
    Not sure what causes that because the service is correctly deployed and currently healthy. Any ideas?
    l
    • 2
    • 48
  • g

    gifted-island-55702

    02/20/2019, 7:54 PM
    Hello! I have a question regarding the stack name displayed during pulumi preview:
    pulumi up
    Previewing update (dev):
    
         Type                 Name               Plan     
         pulumi:pulumi:Stack  example-dev
    where
    example
    is my project name and
    dev
    is my stack name
  • g

    gifted-island-55702

    02/20/2019, 7:55 PM
    It’s a bit misleading that the name of the stack above is displayed in
    <project>-<stack>
    format
  • g

    gifted-island-55702

    02/20/2019, 8:00 PM
    Also when I checked a Stack resource in the exported stack json file, for example for the project and stack names above its:
    urn:pulumi:dev::example::pulumi:pulumi:Stack::example-dev
    . Is this intended?
    l
    • 2
    • 25
  • o

    orange-tailor-85423

    02/20/2019, 8:45 PM
    Anybody standing up private cluster in GKE and coming up with a good workflow for access to the masters?
    i
    • 2
    • 1
  • o

    orange-tailor-85423

    02/20/2019, 8:47 PM
    Ideally master authorized network would be the IP/subnet of a bastion host(s) but in the meantime and during initial setup our CI/CD agent needs to access the cluster. Any subsequent cluster changes that require talking to the master API would need to be in the authorized networks too. Thoughts or ideas?
Powered by Linen
Title
o

orange-tailor-85423

02/20/2019, 8:47 PM
Ideally master authorized network would be the IP/subnet of a bastion host(s) but in the meantime and during initial setup our CI/CD agent needs to access the cluster. Any subsequent cluster changes that require talking to the master API would need to be in the authorized networks too. Thoughts or ideas?
View count: 1