https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • s

    stocky-spoon-28903

    03/13/2019, 4:21 PM
    @orange-tailor-85423 You could do this in a multi-step process for now (using
    get
    first then converting it to a real resource), but the work on importing resources that @microscopic-florist-22719 is doing at the moment is the real way to do this
  • s

    stocky-spoon-28903

    03/13/2019, 4:21 PM
    OTOH, if it’s just for a one-off deletion, I’m not sure I see the advantage over issuing a
    gcloud
    command - it’s not like it’s a repeatable thing you want codified
  • o

    orange-tailor-85423

    03/13/2019, 4:21 PM
    ok - I knew that feature was coming but was looking for a way around
  • o

    orange-tailor-85423

    03/13/2019, 4:22 PM
    yeah, I’ll just remove it manually - we’ll just know that if we create new projects for test or for personal stuff we will remove them
  • b

    billions-lock-73409

    03/13/2019, 6:39 PM
    Stepped away from a project for a while, and now when running my update I get the following error regarding my applicaiton load balancer and listener:
    Diagnostics:
      aws:ec2:SecurityGroupRule (https-external-0-ingress):
        error: aws:ec2/securityGroupRule:SecurityGroupRule resource 'https-external-0-ingress' has a problem: "description" cannot be longer than 255 characters: "Externally available at port Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi."
    Here is the code for this specific piece:
    const appListener = loadBalancer
        .createTargetGroup(`probot-target-${env}`, {
            port: 3000,
            protocol: 'HTTP',
            healthCheck: { path: '/probot' },
            deregistrationDelay: 30,
        })
        .createListener('https', {
            certificateArn: secretsCert.arn,
            protocol: 'HTTPS',
            port: 443,
            sslPolicy: 'ELBSecurityPolicy-2016-08',
        });
    c
    l
    • 3
    • 22
  • i

    important-leather-28796

    03/13/2019, 7:47 PM
    Does pulumi use/read
    $HOME/.kube/config
    ? Or use the
    gcloud
    config? I had and old set of configs from an infrastructure yesterday and I could not
    pulumi up
    some things today - failed with:
    Diagnostics:
      kubernetes:core:Namespace (development):
        error: Plan apply failed: Get <https://104.154.180.226/api?timeout=32s>: x509: certificate signed by unknown authority
    Once I used my script to re-setup the
    gcloud config
    and kube config,
    pulumi up
    worked. Thoughts?
    g
    c
    l
    • 4
    • 121
  • c

    cool-egg-852

    03/13/2019, 7:50 PM
    It uses ~/.kube/config.
  • c

    cool-egg-852

    03/13/2019, 7:51 PM
    Unless you configure pulumi so it knows which kubectl context to use, it uses whatever is defaulted to
  • d

    damp-book-35965

    03/13/2019, 8:37 PM
    Question: When I create a namespace using this:
    const ns = new k8s.core.v1.Namespace("test", {}, { provider: cluster.provider });
    Why does it create it as
    test-zu7jbnvc
    Is it possible to keep it as test only ?
    g
    c
    • 3
    • 9
  • a

    alert-monitor-28534

    03/14/2019, 9:23 AM
    Hi all, I'd like to get the floating IP of an OpenStack instance to be used in my own Python function, but I fail to get it in string format. I only get
    pulumi.output.Output object
    . I do get the
    pulumi up
    to print them to outputs. So how to do this?
    c
    • 2
    • 1
  • m

    millions-judge-24978

    03/14/2019, 2:47 PM
    Are there any resources to simplify the build and push of an image to an ECR repository? There is some great stuff here https://github.com/pulumi/pulumi-cloud/blob/master/aws/service.ts, but it is embedded within
    @pulumi/cloud.Service
    .
  • i

    important-leather-28796

    03/14/2019, 3:26 PM
    When I write a
    Component
    , do I need to propagate the
    providers
    in
    opts
    to the children or is that handled automatically? I’m testing locally with an empty
    $HOME/.kube/config
    to expose these areas where I have mishandled providers.
    m
    • 2
    • 10
  • f

    faint-vegetable-61837

    03/14/2019, 3:54 PM
    Hi, I ran into a problem with aws IAM resources. Sometimes a resource (Role or Policy) may be recreated on AWS with the same name (ARN). Pulumi update won't detect any changes in this case. However, if on AWS console pulumi created resources that reference this ARN now show internal AWS id instead of ARN. A scenario - a role is created by one stack (kiam). Another stack (an app) creates another role with trusted policy to give the first role permission to assume the app role. If the first stack is destroyed and deployed again, updating the second stack does not do any update, however the policy does not reference the correct ARN anymore.
    c
    • 2
    • 7
  • f

    full-dress-10026

    03/14/2019, 4:05 PM
    Does anyone have any idea why I'd be getting this exception after running
    pulumi up
    ?
    Error: Failed to load gRPC binary module because it was not installed for the current system
        Expected directory: node-v48-linux-x64-glibc
        Found: [node-v57-linux-x64-glibc]
        This problem can often be fixed by running "npm rebuild" on the current system
        Original error: Cannot find module '/home/kenny/compute_software/infrastructure/pulumi-datomic-src/node_modules/grpc/src/node/extension_binary/node-v48-linux-x64-glibc/grpc_node.node'
            at Object.<anonymous> (/home/kenny/compute_software/infrastructure/pulumi-datomic-src/node_modules/grpc/src/grpc_extension.js:53:17)
            at Module._compile (module.js:541:32)
            at Object.Module._extensions..js (module.js:550:10)
            at Module.load (module.js:458:32)
            at tryModuleLoad (module.js:417:12)
            at Function.Module._load (module.js:409:3)
            at Module.require (module.js:468:17)
            at require (internal/module.js:20:19)
            at Object.<anonymous> (/home/kenny/compute_software/infrastructure/pulumi-datomic-src/node_modules/grpc/src/client_interceptors.js:144:12)
            at Module._compile (module.js:541:32)
    Running
    pulumi up
    again results in the same error. As the exception says, I can run
    npm rebuild
    . After that,
    pulumi up
    will work as expected. However, if I open a new terminal and run
    pulumi up
    I get that exception again. This started happening recently and I'm not sure why. I'm on Node 8 installed with nvm, Pulumi 0.17.1. Any ideas on what could cause this?
    🤨 1
    b
    • 2
    • 6
  • f

    full-dress-10026

    03/14/2019, 4:59 PM
    Is there a way to add
    tags
    to an
    awsx.Cluster
    ? I don't see a param for that currently but you can do it in the console.
  • d

    damp-book-35965

    03/14/2019, 5:24 PM
    When deploying a new EKS cluster, I see two default storage classes created. One of them is from pulumi..other is from AWS I think. I had to patch the storage class to make it non default by hand. Do I need to do something in the config to ensure only one default exists ?
    mac-nshah:nshah-pulumi-eks nshah$ kubectl get <http://storageclasses.storage.k8s.io|storageclasses.storage.k8s.io>
    NAME                                           PROVISIONER             AGE
    gp2 (default)                                  <http://kubernetes.io/aws-ebs|kubernetes.io/aws-ebs>   52m
    nshah-test-eks-pulumi-gp2-dtx905hi (default)   <http://kubernetes.io/aws-ebs|kubernetes.io/aws-ebs>   50m
    c
    • 2
    • 6
  • i

    important-leather-28796

    03/14/2019, 6:11 PM
    @lemon-spoon-91807 I’ve got another question about outputs/inputs. I want to use a stack Output
    domain
    as an input to a
    Component
    . What is the recommended type for the
    Component
    args? Resolve before or resolve in the component? This gist works but is messy. It is similarly messy with usage of a
    Namespace
    . I’m looking for a ts best-practice review of https://gist.github.com/rosskevin/075cd7a8fc691e549d55835bdf68d75b before I move all of our app components over and follow this as an example. Note that some of this code is a shared library for multiple apps/stacks, so I want to make the arg types versatile.
    l
    • 2
    • 2
  • f

    full-dress-10026

    03/14/2019, 6:37 PM
    When using a
    StackReference
    , how do you get the output as an array? I tried this:
    let subnetIds = myStack.getOutput("subnetIds") as pulumi.Output<string[]>;
    but Typescript fails with:
    TS2740: Type 'Output<any>' is missing the following properties from type 'Input<string>[]': length, pop, push, concat, and 26 more..
    . I'm fairly certain the type of
    getOutput
    is correct.
    i
    l
    • 3
    • 15
  • f

    full-dress-10026

    03/14/2019, 7:04 PM
    Is there an easy way to add a CloudWatch event rule to a lambda function not created by pulumi?
    • 1
    • 2
  • s

    some-waitress-78905

    03/14/2019, 7:11 PM
    hello 🙂 I am looking at google cloud sql https://pulumi.io/reference/pkg/nodejs/@pulumi/gcp/sql/ and I am trying to enable high availability; not sure how to do this... my db instance looks like this:
    export const instance = new gcp.sql.DatabaseInstance("fleetgrid-sql", {
      region: 'us-central1',
      databaseVersion: "POSTGRES_9_6",
      settings: {
        tier: "db-f1-micro",
        ipConfiguration: {
          authorizedNetworks: [{ value: "0.0.0.0/0" }],
        },
      },
    });
    i
    g
    • 3
    • 5
  • o

    orange-tailor-85423

    03/14/2019, 8:12 PM
    any way to suppress metadata diffs on a
    pulumi preview --diff
  • o

    orange-tailor-85423

    03/14/2019, 8:13 PM
    would just like to see resource changes/updates
    w
    • 2
    • 1
  • g

    gray-city-50684

    03/15/2019, 12:36 PM
    Is there a way to add code to a ComponentResource that runs only when the resources are actually being created (and not during preview)? The use case is: I would like to run some “pre-install” checks when I create my Kubernetes resources. Sometimes the Kubernetes cluster will be created with the same Pulumi app, but sometimes it will do the installation into an already existing Kubernetes cluster. When it is an already existing cluster I would like to check if certain pre-requisites are correctly installed.
    a
    • 2
    • 2
  • f

    few-processor-86645

    03/15/2019, 2:22 PM
    Is it possible to configure "Authentication / Authorization" tab of an Azure Web App with pulumi or do I have to use the graph api?
  • f

    faint-vegetable-61837

    03/15/2019, 3:41 PM
    Is it possible to annotate an existing k8s namespace ("kube-system") with pulumi?
    g
    • 2
    • 1
  • i

    important-leather-28796

    03/15/2019, 6:07 PM
    Having a problem adding a ClusterRoleBinding - not sure if it is with my gcp identities setup or in k8s. Error:
    <http://clusterrolebindings.rbac.authorization.k8s.io|clusterrolebindings.rbac.authorization.k8s.io> is forbidden: User "<mailto:ci-infrastructure@xxx.iam.gserviceaccount.com|ci-infrastructure@xxx.iam.gserviceaccount.com>" cannot create resource "clusterrolebindings" in API group "<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>" at the cluster scope
    I verified this roleRef/subjects from a manually created one:
    const name = 'cluster-admin-binding'
    export const clusterAdminBinding = new k8s.rbac.v1.ClusterRoleBinding(
      name,
      {
        metadata: { name },
        roleRef: {
          apiGroup: '<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>',
          kind: 'ClusterRole',
          name: 'cluster-admin',
        },
        subjects: [
          {
            apiGroup: '<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>',
            kind: 'User',
            name: stack.identity.getOutput('ciInfrastructure').apply(v => v.email),
          },
        ],
      },
      optsC({ dependsOn: [cluster] }),
    )
    What am I missing?
    c
    • 2
    • 8
  • i

    important-leather-28796

    03/15/2019, 7:38 PM
    I need to write a transformation for a
    k8s.yaml.ConfigFile
    that removes a Namespace declaration from a raw yaml manifest provided by cert-manager. Given the ts definition, this looks not possible. How can I do it?
    c
    • 2
    • 3
  • d

    damp-book-35965

    03/15/2019, 8:47 PM
    How do I switch of validation in the same way I do: kubectl apply -f file.yaml --validate=false
  • d

    damp-book-35965

    03/15/2019, 8:49 PM
    As of now just have this:
    new k8s.yaml.ConfigFile()
    Trying this in typescript but can't figure out where the validation flag can be turned off
    c
    g
    • 3
    • 6
  • d

    damp-book-35965

    03/15/2019, 10:01 PM
    @creamy-potato-29402 https://github.com/pulumi/pulumi-kubernetes/issues/219 Is this being actively worked on ?
    c
    • 2
    • 1
Powered by Linen
Title
d

damp-book-35965

03/15/2019, 10:01 PM
@creamy-potato-29402 https://github.com/pulumi/pulumi-kubernetes/issues/219 Is this being actively worked on ?
c

creamy-potato-29402

03/16/2019, 6:10 AM
@damp-book-35965 we’re waiting for the ecosystem to catch up before we start.
👍 1
View count: 1