https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • a

    adamant-dress-73325

    03/28/2019, 8:49 PM
    @salmon-lawyer-85465 Ah I think I see what you’re asking, It is possible to use your languages module system to lay out your seperate concerns something like:
    import * as pulumi from "@pulumi/pulumi";
    import { createMyService } from "./myservice";
    
    let myService = createMyService();
    
    export const allServices = {
      myService
    };
  • i

    important-leather-28796

    03/28/2019, 9:17 PM
    I think I have found a bug. In prototyping I am tearing down app and infrastructure (cluster, db) stacks, but leaving up the identity stack (gcp). It seems roles are disappearing from BOTH pulumi related gcp service accounts, and NON-pulumi related service accounts. We have not seen this issue prior to pulumi and so I am correlating it with my activity in the same gcp project.
    c
    s
    • 3
    • 36
  • i

    important-leather-28796

    03/28/2019, 9:37 PM
    Does something in pulumi cli keep overwriting my
    ~/.kube/config
    ? I use gcloud to setup auth access key and it keeps disappearing. I could be doing this somewhere but wanted to rule out the cli
    c
    • 2
    • 5
  • b

    busy-pizza-73563

    03/28/2019, 10:20 PM
    I'm a bit confused about how [organizations, ]stacks and projects are namespaced. My expectation was that stacks are namespaced by project, but in reality they appear to be global. Reading https://pulumi.io/reference/organizing-stacks-projects.html , is it best practice to name your stacks like
    project-name/environment-name
    ? I'm using the filesystem backend, it that's in any way relevant.
    c
    b
    • 3
    • 15
  • m

    millions-judge-24978

    03/28/2019, 10:24 PM
    Is there a way to manually register stack outputs other than (for i.e. typescript) exporting at the top level.
    w
    • 2
    • 8
  • a

    abundant-monitor-15855

    03/29/2019, 12:44 PM
    it seems like some of the example code/documentation is missing on this property https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/apigateway/#MethodArgs-requestParameters
    m
    • 2
    • 7
  • s

    stocky-island-3676

    03/29/2019, 4:21 PM
    What could it be? Debugging
    <http://github.com/pulumi/pulumi|github.com/pulumi/pulumi>
    on branch
    v0.17.4
    directly get’s the
    readerr = EOF
    (in
    pkg/resource/plugin/plugin.go
    ).
    /usr/local/bin/pulumi-language-nodejs 127.0.0.1:58785
    returns a port number, as intended (just did
    brew reinstall pulumi
    ).
    -.txt
    • 1
    • 4
  • b

    brave-angle-33257

    03/29/2019, 4:58 PM
    just found out through failed deploy, that if you deploy a stack, then destroy it, then later redeploy the same stack, it keeps track of what version of pulumi/plugins that were used last time, and re-downloads and re-uses the old one?
    s
    i
    • 3
    • 34
  • f

    fierce-dinner-20116

    03/29/2019, 6:48 PM
    Hi, how do I move a stack from my own personal account to an organization?
    g
    • 2
    • 3
  • b

    big-potato-91793

    03/29/2019, 8:29 PM
    Hey i got this error trying to do a
    pulumi up
    , I got the
    You must specify exactly two subnets because you've set zone count to two.
    trying to deploy a AWS Elasticsearch service
    w
    • 2
    • 10
  • b

    billowy-garage-68819

    03/29/2019, 9:33 PM
    Is there a known issue in regards to pulumi.kubernetes.helm.v2.Chart not rendering multiple components per helm template file?
    c
    • 2
    • 18
  • f

    fierce-dinner-20116

    03/30/2019, 1:59 AM
    Has anyone gotten the Pulumi Github App to work with buildkite (http://buildkite.com/)? I see it in the Github checks, but I haven’t seen the Pulumi bot actually make a PR comment yet. I tried to reverse engineer the environment variables that I need to set by looking at https://sourcegraph.com/search?q=repo:%5Egithub%5C.com/pulumi++%22PULUMI_CI%22#3 In my buildkite builds, I use the following script to set up the env vars:
    #!/usr/bin/env bash
    
    set -ex
    
    cd "$(dirname "${BASH_SOURCE[0]}")/.."
    
    if [ "$BUILDKITE_PULL_REQUEST" == "false" ]; then
        export PULUMI_CI_BUILD_TYPE=push
    else
        export PULUMI_CI_BUILD_TYPE=pull_request
        export PULUMI_CI=pr
    fi
    
    export PULUMI_CI_BUILD_ID=$BUILDKITE_BUILD_ID
    export PULUMI_CI_BUILD_URL=$BUILDKITE_BUILD_URL
    In the build step that actually runs
    pulumi preview --diff
    , I can see that
    PULUMI_CI_BUILD_TYPE == pull_request
    and
    PULUMI_CI == pr
    . Is there anything else that I need to set?
    w
    c
    • 3
    • 8
  • q

    quiet-magazine-16687

    03/30/2019, 8:55 AM
    am trying to use pulumi with k8s to install Knative + Isito
  • q

    quiet-magazine-16687

    03/30/2019, 8:55 AM
    hit with this issue
  • q

    quiet-magazine-16687

    03/30/2019, 8:55 AM
    https://github.com/pulumi/pulumi-kubernetes/issues/510
  • q

    quiet-magazine-16687

    03/30/2019, 8:56 AM
    any thoughts to skip duplicates during
    pulumi up
    ?
  • q

    quiet-magazine-16687

    03/30/2019, 8:56 AM
    @creamy-potato-29402 ^^
    c
    • 2
    • 12
  • g

    great-byte-67992

    03/30/2019, 11:27 AM
    Hey, i'm trying to replicate some behavior of Skaffold using pulumi. I'm trying to deploy a few k8s deployments/services and then port forward them to the local machine using
    kubectl port-forward
    - except i'm trying to do all of this within pulumi so that a dev can just do a
    pulumi up
    and everything runs in their local minikube with automatic port forwarding. I don't suppose this is a supported use-case and i've just been hacking around trying to block pulumi up from exiting so that I can spawn the port-forward commands from nodejs. Has anyone else tried something like this? I guess i need a feature like a "post deployment callback" or a way to run before/after code and potenticall re-run pulumi (i.e. a watch mode). Should i just write a wrapper for pulumi?
    c
    • 2
    • 6
  • q

    quiet-magazine-16687

    03/31/2019, 2:02 AM
    @great-byte-67992 - IMHO you can use the
    ClusterIP
    transformation and then use the
    minikube tunnel
    command so that you can reach your pods cluster ip from the host machine
    👍 1
  • q

    quiet-magazine-16687

    03/31/2019, 2:02 AM
    https://github.com/kubernetes/minikube/blob/master/docs/tunnel.md
  • b

    boundless-author-24618

    03/31/2019, 6:10 AM
    After updating to Pulumi AWS 0.18 I am still getting the "A duplicate Security Group rule was found on" when trying to assign a security group to an application load balancer. It looks like the load balancer creates its own security group and the one I am trying to get it to use just gets created along side it. However if I try and not assign any security groups to the load balancer it will not create it's own and gives me the "ValidationError: A security group must be specified". Am I doing something wrong or is this a bug?
    w
    s
    • 3
    • 5
  • b

    big-potato-91793

    04/01/2019, 12:07 AM
    Hey, it’s their a way to move a pulumi state to another login. For now, it’s on my personal account and i will need to move it the company one?
    g
    • 2
    • 4
  • b

    big-potato-91793

    04/01/2019, 1:29 PM
    Another question, I know in
    helm
    we can ovveride a variable value in the command line. It’s their a way to do this in pulumi. I got a stack by branch… i want the version of the main app to be the SHA version… in helm we are doing something like
    --set-string image.tag ${SHA}
    .. what is the best way to do something like this in pulumi?
    b
    m
    • 3
    • 7
  • c

    cuddly-eye-68174

    04/01/2019, 1:51 PM
    @creamy-potato-29402 @white-balloon-205 Guys, there are lot of open issue injunction with HELM/K8s Charts install. Namespace issue, now i had to handle capability issue....These come from the separated backend. "helm template" uses its own engine and "helm install" uses the tiller. We would have an idea with my college @cold-coat-35200. Can you guys put an option into the chart resource for example: templateBackend: "tiller|template" => if we use tiller, helm install --dry-run --debug can generate the resource files, I think...maybe it's not easy to parse, but should not be impossible...it could be a good option to solve a lots of issue in that case the pulumi client can reach the particular tiller to ask for a proper output. K8s does the same with its API (it's quite new: https://kubernetes.io/blog/2019/01/14/apiserver-dry-run-and-kubectl-diff/ ) it should be the same story with tiller. What do you think? Bullshit? 🙂
    w
    c
    c
    • 4
    • 22
  • b

    billowy-garage-68819

    04/01/2019, 3:57 PM
    is there an equivalent to terraform's lifecycle { ignore_changes = [] } ?
    g
    • 2
    • 1
  • b

    billowy-garage-68819

    04/01/2019, 6:37 PM
    is there a flag to disable validation for @pulumi.kubernetes.yaml.ConfigFile? Working with an extension with some CRD's that don't seem to validate out of the box currently: https://github.com/jetstack/cert-manager/issues/1143
    f
    g
    • 3
    • 6
  • b

    billowy-laptop-45963

    04/01/2019, 6:43 PM
    what are the advantages of creating a ComponentResource over just creating a function that creates a bunch of resources?
    i
    o
    • 3
    • 8
  • i

    important-leather-28796

    04/01/2019, 8:08 PM
    I need to incorporate a shell command to
    htpasswd
    to create a basic auth token prior to creating a secret with that token, the equivalent of
    htpasswd -cb ${FILE} admin@${DOMAIN} ${TRAEFIK_PW}
    
    kubectl create secret generic \
        ${NAME} \
        --from-file=${FILE} \
        --namespace=${TRAEFIK_NAMESPACE}
    can I use a promise or other to make this happen?
  • s

    some-king-80791

    04/02/2019, 12:13 AM
    Hi, is there any plan to bump pulumi version for cloudflare provider?
    s
    • 2
    • 10
  • b

    busy-umbrella-36067

    04/02/2019, 2:35 AM
    Is there a cleaner way of using pulumi outputs inside of IAM Policies? Using
    .apply
    on just the kms key id results in
    "Calling [toJSON] on an [Output<T>] is not supported.
    const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
        name: 'ecs-XXXXXX-task',
        policy: kmsKey.arn.apply(id => JSON.stringify({
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "kms:Decrypt"
              ],
              "Resource": [
                id
              ]
            }
          ]
        }))
      })
    w
    s
    • 3
    • 4
Powered by Linen
Title
b

busy-umbrella-36067

04/02/2019, 2:35 AM
Is there a cleaner way of using pulumi outputs inside of IAM Policies? Using
.apply
on just the kms key id results in
"Calling [toJSON] on an [Output<T>] is not supported.
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
    name: 'ecs-XXXXXX-task',
    policy: kmsKey.arn.apply(id => JSON.stringify({
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "kms:Decrypt"
          ],
          "Resource": [
            id
          ]
        }
      ]
    }))
  })
w

white-balloon-205

04/02/2019, 2:51 AM
That should definitely work as-is and not result in that error. Is there anything else in your repro case that might be triggering this?
s

stocky-spoon-28903

04/02/2019, 2:57 AM
I think the error is from a slightly different construction where the apply is called from inside the object?
✔️ 1
b

busy-umbrella-36067

04/02/2019, 12:12 PM
Yeah, the error happens when I use it like this.
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
    name: 'ecs-XXXXXX-task',
    policy: JSON.stringify({
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "kms:Decrypt"
          ],
          "Resource": [
            kmsKey.id.apply(id => id)
          ]
        }
      ]
    })
  })
or this
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
    name: 'ecs-XXXXX-task',
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt"
      ],
      "Resource": [
        ${kmsKey.id.apply(id => id)}
      ]
    }
  ]
}`
  })
s

stocky-spoon-28903

04/02/2019, 12:14 PM
@busy-umbrella-36067 they are expected: see the other way I posted here: https://pulumi-community.slack.com/archives/C84L4E3N1/p1554173011157600
👍 1
View count: 1