billions-lock-73409
03/13/2019, 6:39 PMDiagnostics:
aws:ec2:SecurityGroupRule (https-external-0-ingress):
error: aws:ec2/securityGroupRule:SecurityGroupRule resource 'https-external-0-ingress' has a problem: "description" cannot be longer than 255 characters: "Externally available at port Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi."
Here is the code for this specific piece:
const appListener = loadBalancer
.createTargetGroup(`probot-target-${env}`, {
port: 3000,
protocol: 'HTTP',
healthCheck: { path: '/probot' },
deregistrationDelay: 30,
})
.createListener('https', {
certificateArn: secretsCert.arn,
protocol: 'HTTPS',
port: 443,
sslPolicy: 'ELBSecurityPolicy-2016-08',
});
important-leather-28796
03/13/2019, 7:47 PM$HOME/.kube/config
? Or use the gcloud
config? I had and old set of configs from an infrastructure yesterday and I could not pulumi up
some things today - failed with:
Diagnostics:
kubernetes:core:Namespace (development):
error: Plan apply failed: Get <https://104.154.180.226/api?timeout=32s>: x509: certificate signed by unknown authority
Once I used my script to re-setup the gcloud config
and kube config, pulumi up
worked. Thoughts?cool-egg-852
03/13/2019, 7:50 PMcool-egg-852
03/13/2019, 7:51 PMdamp-book-35965
03/13/2019, 8:37 PMconst ns = new k8s.core.v1.Namespace("test", {}, { provider: cluster.provider });
Why does it create it as test-zu7jbnvc
Is it possible to keep it as test only ?alert-monitor-28534
03/14/2019, 9:23 AMpulumi.output.Output object
. I do get the pulumi up
to print them to outputs. So how to do this?millions-judge-24978
03/14/2019, 2:47 PM@pulumi/cloud.Service
.important-leather-28796
03/14/2019, 3:26 PMComponent
, do I need to propagate the providers
in opts
to the children or is that handled automatically? I’m testing locally with an empty $HOME/.kube/config
to expose these areas where I have mishandled providers.faint-vegetable-61837
03/14/2019, 3:54 PMfull-dress-10026
03/14/2019, 4:05 PMpulumi up
?
Error: Failed to load gRPC binary module because it was not installed for the current system
Expected directory: node-v48-linux-x64-glibc
Found: [node-v57-linux-x64-glibc]
This problem can often be fixed by running "npm rebuild" on the current system
Original error: Cannot find module '/home/kenny/compute_software/infrastructure/pulumi-datomic-src/node_modules/grpc/src/node/extension_binary/node-v48-linux-x64-glibc/grpc_node.node'
at Object.<anonymous> (/home/kenny/compute_software/infrastructure/pulumi-datomic-src/node_modules/grpc/src/grpc_extension.js:53:17)
at Module._compile (module.js:541:32)
at Object.Module._extensions..js (module.js:550:10)
at Module.load (module.js:458:32)
at tryModuleLoad (module.js:417:12)
at Function.Module._load (module.js:409:3)
at Module.require (module.js:468:17)
at require (internal/module.js:20:19)
at Object.<anonymous> (/home/kenny/compute_software/infrastructure/pulumi-datomic-src/node_modules/grpc/src/client_interceptors.js:144:12)
at Module._compile (module.js:541:32)
Running pulumi up
again results in the same error. As the exception says, I can run npm rebuild
. After that, pulumi up
will work as expected. However, if I open a new terminal and run pulumi up
I get that exception again. This started happening recently and I'm not sure why. I'm on Node 8 installed with nvm, Pulumi 0.17.1. Any ideas on what could cause this?full-dress-10026
03/14/2019, 4:59 PMtags
to an awsx.Cluster
? I don't see a param for that currently but you can do it in the console.damp-book-35965
03/14/2019, 5:24 PMmac-nshah:nshah-pulumi-eks nshah$ kubectl get <http://storageclasses.storage.k8s.io|storageclasses.storage.k8s.io>
NAME PROVISIONER AGE
gp2 (default) <http://kubernetes.io/aws-ebs|kubernetes.io/aws-ebs> 52m
nshah-test-eks-pulumi-gp2-dtx905hi (default) <http://kubernetes.io/aws-ebs|kubernetes.io/aws-ebs> 50m
important-leather-28796
03/14/2019, 6:11 PMdomain
as an input to a Component
. What is the recommended type for the Component
args? Resolve before or resolve in the component? This gist works but is messy. It is similarly messy with usage of a Namespace
. I’m looking for a ts best-practice review of https://gist.github.com/rosskevin/075cd7a8fc691e549d55835bdf68d75b before I move all of our app components over and follow this as an example. Note that some of this code is a shared library for multiple apps/stacks, so I want to make the arg types versatile.full-dress-10026
03/14/2019, 6:37 PMStackReference
, how do you get the output as an array? I tried this:
let subnetIds = myStack.getOutput("subnetIds") as pulumi.Output<string[]>;
but Typescript fails with: TS2740: Type 'Output<any>' is missing the following properties from type 'Input<string>[]': length, pop, push, concat, and 26 more..
. I'm fairly certain the type of getOutput
is correct.full-dress-10026
03/14/2019, 7:04 PMsome-waitress-78905
03/14/2019, 7:11 PMexport const instance = new gcp.sql.DatabaseInstance("fleetgrid-sql", {
region: 'us-central1',
databaseVersion: "POSTGRES_9_6",
settings: {
tier: "db-f1-micro",
ipConfiguration: {
authorizedNetworks: [{ value: "0.0.0.0/0" }],
},
},
});
orange-tailor-85423
03/14/2019, 8:12 PMpulumi preview --diff
orange-tailor-85423
03/14/2019, 8:13 PMgray-city-50684
03/15/2019, 12:36 PMfew-processor-86645
03/15/2019, 2:22 PMfaint-vegetable-61837
03/15/2019, 3:41 PMimportant-leather-28796
03/15/2019, 6:07 PM<http://clusterrolebindings.rbac.authorization.k8s.io|clusterrolebindings.rbac.authorization.k8s.io> is forbidden: User "<mailto:ci-infrastructure@xxx.iam.gserviceaccount.com|ci-infrastructure@xxx.iam.gserviceaccount.com>" cannot create resource "clusterrolebindings" in API group "<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>" at the cluster scope
I verified this roleRef/subjects from a manually created one:
const name = 'cluster-admin-binding'
export const clusterAdminBinding = new k8s.rbac.v1.ClusterRoleBinding(
name,
{
metadata: { name },
roleRef: {
apiGroup: '<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>',
kind: 'ClusterRole',
name: 'cluster-admin',
},
subjects: [
{
apiGroup: '<http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>',
kind: 'User',
name: stack.identity.getOutput('ciInfrastructure').apply(v => v.email),
},
],
},
optsC({ dependsOn: [cluster] }),
)
What am I missing?important-leather-28796
03/15/2019, 7:38 PMk8s.yaml.ConfigFile
that removes a Namespace declaration from a raw yaml manifest provided by cert-manager. Given the ts definition, this looks not possible. How can I do it?damp-book-35965
03/15/2019, 8:47 PMdamp-book-35965
03/15/2019, 8:49 PMnew k8s.yaml.ConfigFile()
Trying this in typescript but can't figure out where the validation flag can be turned offdamp-book-35965
03/15/2019, 10:01 PMfull-dress-10026
03/15/2019, 11:40 PMcurved-tent-22690
03/16/2019, 4:08 PMimportant-carpenter-15282
03/16/2019, 7:14 PMCephObjectStoreUser
CRD that the operator will use to create a user, and the access key/secret key for the user (object store = S3 API) are created in a Secret--can I/how do I get that secret/link it to the Pulumi object? See https://rook.github.io/docs/rook/v0.9/ceph-object.html#create-a-user for the CRD and explanation of the CRD -> Secret chain.incalculable-diamond-5088
03/17/2019, 8:48 PM