Forgive me if this is dumb, Pulumi is my first intro to typescript. I am trying to create a k8s custom resource but my

@pulumi/kubernetes

doesn’t have

apiextensions.v1beta1.CustomResource

but it looks like its in the `v0.20.3`release I am using: https://github.com/pulumi/pulumi-kubernetes/blob/v0.20.3/sdk/nodejs/provider.ts#L3098

😛artypus-8bit:Thanks for supporting our 😛artyk8s:Kubernetes in production with Pulumi meetup yesterday! For folks who didn't make it, here is a Youtube link to Part 1: @breezy-hamburger-69619's talk (part 2 is on the way!) . Feel free to join our meetup group and stay tuned for more future events! https://www.meetup.com/Pulumi-Seattle/

if

core.v1.Secret

doesn’t have

.id

, whats the recommended path for adding it to a volume?

Can someone help me answer this software procurement question for our infosec?

Which of the following external compliance standards is the software/tool audited against? Please attach a copy of the report for InfoSec.

Select all that are applicable:

Cloud Security Alliance STAR Self-Assessment
ISO 27001
Penetration Test
PCI
Security Whitepaper
SOC 2
SOC 3
None

I am trying to get started with pulumi and GCP. (I am new to both). I did what is described https://pulumi.io/quickstart/gcp/setup.html. But I am getting an error "error: Plan apply failed: googleapi: Error 400: The user does not have access to service account "default". Ask a project owner to grant you the iam.serviceAccountUser role on the service account., badRequest". I can create gke clusters using gcloud cli and the service account. I am not sure why pulumi is trying to use "default" service account. Any help is appreciated

pulumi.dev.yaml

config:
  gcp:project: kubeval

main.py

import pulumi
from pulumi_gcp import container

cluster = container.Cluster("kubia", zone="europe-west1-b", initial_node_count=2, project="kubeval")

Hey y'all, are you expecting to do a release of

@pulumi/kubernetes

soon that deps on 0.16.15? I need

deleteBeforeReplace

opt-in. 😉

I’m creating a VPC with

awsx.ec2.Vpc

and the VPC and associated resources (subnets, nats, igw, etc.) don’t have any names on them, yet I’m specifying it in the constructor call. Is this expected?

So I see that there's a

pulumi-vsphere

provider on Github. Any idea when there might be a

pulumi-nsxt

provider built on Terraform's

nsxt

provider for vSphere networking? (I'm not in a place at my current shop to invest the time building one myself--particularly as this is not a Go shop and I am not a Go programmer--but I may be able to sell Pulumi here if it's not super far out.)

(I'm already eventually going to have to sell making a provider for our public cloud offering; VMware is a transitory step for my team to moving to our public cloud, and I don't want to waste my bullets.)

Which permission(s) am I missing when I get a

error creating EKS Cluster (helloworld-eksCluster-8325104): AccessDeniedException: User: arn:aws:iam:…:user/Jens is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-west-2:…:cluster/helloworld-eksCluster-8325104

I’ve got

AmazonEKSClusterPolicy

and

AmazonEKSServicePolicy

attached directly to my User.

Hi guys

I am trying to communicate/deply aws lambda via pulumi by following node code on url https://pulumi.io/quickstart/aws/tutorial-rest-api.html and additionally I login to aws from cmd, also my user have full rights for lambda. But it is giving below error: aws:lambda:Function (hello66382ec5): error: Plan apply failed: Error creating Lambda function: AccessDeniedException: Cross-account pass role is not allowed. status code: 403, request id: 882ffd22-38ab-11e9-b66c-07979886e804 aws:iam:RolePolicyAttachment (hello4c238266): error: Plan apply failed: Error attaching policy arn:aws:iam::aws:policy/AmazonS3FullAccess to IAM Role hello4c238266-531ff17: NoSuchEntity: The role with name hello4c238266-531ff17 cannot be found. status code: 404, request id: 8845a738-38ab-11e9-ae34-1b91e3cf7465 aws:iam:RolePolicyAttachment (hello66382ec5-32be53a2): error: Plan apply failed: Error attaching policy arn:aws:iam::aws:policy/AWSLambdaFullAccess to IAM Role hello66382ec5-b302f63: NoSuchEntity: The role with name hello66382ec5-b302f63 cannot be found. status code: 404, request id: 881262ee-38ab-11e9-b9bc-f57a45e4467f kindly help

is there a plan for datadog support? We’re currently using terraform to provision monitors, etc and it would be great if we could do it with pulumi

@stocky-spoon-28903 I am still working on the solidserver provider. I merged the diff: https://github.com/dustinfarris/pulumi-solidserver/pull/1 but getting this error when I run make:

error: failed to gather package metadata: problem gathering resources: 6 errors occurred:
        * cannot find package "<http://github.com/terraform-providers/terraform-provider-solidserver|github.com/terraform-providers/terraform-provider-solidserver>" in any of:
        /Users/dustinfarris/Projects/go/src/github.com/dustinfarris/pulumi-solidserver/vendor/github.com/terraform-providers/terraform-provider-solidserver (vendor tree)
        /usr/local/Cellar/go/1.11.5/libexec/src/github.com/terraform-providers/terraform-provider-solidserver (from $GOROOT)
        /Users/dustinfarris/Projects/go/src/github.com/terraform-providers/terraform-provider-solidserver (from $GOPATH)

It is looking for

terraform-providers/terraform-provider-solidserver

but this should be

alexissavin/terraform-provider-solidserver

. I grepped the boilerplate code and I'm not finding "terraform-providers" anywhere meaningful. Any ideas?

One sec

Ahh, this is likely a bug in tfgen that assumes we’re only ever wrapping official providers and thus where they live

Is there more of a backtrace than this?

not really, but hold on i'll paste everything

Maybe as a gist?

does that work? ☝️

Yup I’ll investigate

Hi, I ran into problems when trying to set an RSA key as pulumi config;

pulumi config set rsaKey "$(<~/.ssh/id_rsa)" --secret

Error: bad flag syntax: -----BEGIN OPENSSH PRIVATE KEY-----

Is there an option to set config from file contents?

Also, I was wondering, is it advisable to load RSA key from a file during stack update instead of storing it in stack state? I'd prefer this due to security concerns

I can not create the record in the example:

Struggling to get my IAM policy to work, I’m trying to reference an ARN for a KMS key I created and marked as a dependency, but the

Output

isn’t ever resolved and the object (not the arn) ends up getting shoved in the json thus causing the error:

Plan apply failed: Error putting IAM role policy ******: MalformedPolicyDocument: Syntax errors in policy.
    	status code: 400, request id: 5d766e02-392b-11e9-b9bc-f57a45e4467f

just about every time i try and e.g. generate a config that's dependent on some output<>s it takes me 10 goes and i end up with something like

"appsettings.Production.json": {
    "HttpProxy":{
        "HostMappings":{
            "v1.services":{
                "__pulumiOutput":true,
                "isKnown":{}
            }
        }
    }
}