also, on 0.17.8:

An error occurred: unknown flag: --json
WARNING: Pulumi Preview failed.

yet it's in the changelog https://github.com/pulumi/pulumi/blob/master/CHANGELOG.md#0178-released-april-23-2019

pulumi RBAC - I just set it up so base access is READ by default and only our CI/CD account has WRITE

but it just let me modify a stack BUT it did not let my coworker

because I’m an Admin in the slack org is it inferring/granting me something I can’t see?

Are there any docs/examples of how

ignoreChanges

works ?

Hi, in a project I made changes to less than 20 lambda that are handling http requests from cloud-aws API. The pulumi update command I started took almost 30 minutes, and one other I did earlier took ~45 min (but had more changed attached). A pulumi up with no changes took 1 minute. Do you know if there is a reason for that to take to so much time, or do you think the reason is on my end ? I never had this issue before on this project. (pulumi v0.17.8 and node.js v12.1.0)

I ran

refresh

on an AWS stack and was logged into the wrong account. For some reason I said "yes, delete all those things from my state" before realizing the mistake. Is there a way to recover a previous state, e.g. from yesterday or from before the last refresh?

Has anyone successfully deployed

v.0.7.2

of

cert-manager

via Pulumi https://github.com/jetstack/cert-manager/releases/tag/v0.7.2 ? (I’m trying to deploy 0.7.2, but I’ve seen this issue with

v.0.7.0

). Whenever I run

pulumi up

with the

certManager

k8s.yaml.ConfigGroup

, I get this error:

kubernetes:apiregistration:APIService (<http://v1beta1.admission.certmanager.k8s.io|v1beta1.admission.certmanager.k8s.io>):
    error: failed to determine if the following GVK is namespaced: apiregistration/v1beta1, Kind=APIService

kubectl apply --dry-run -f cert-manager.yaml

doesn’t complain at all.

Hi all! I came across an issue with lambda permissions yesterday. Made a PR to

awsx

https://github.com/pulumi/pulumi-awsx/pull/262 🙂 do I have to sign a CLM or anything to get it merged?

Hi, I'm creating an ec2 instance, then an ebs volume and a volume attachment, which looks like:

new aws.ec2.VolumeAttachment(`wordpress-content-attachment`, {
    instanceId: ec2Instance.id,
    volumeId: dataVolume.id,
    deviceName: '/dev/xvdc',
    forceDetach: true
  })

When something changed in the instance, it will trigger a volume attachment replace too. You can see in the code sample how it's handled by pulumi, nothing changed in the code between the commands. Basically first it's say that volume in use, looks like it ignores forceDetach, then the second time realizes, that it's detached from the previous one, therefore unable to detach it and after a refresh everything is good. Is it normal?

Kudos to @fierce-dinner-20116 for putting together such an excellent bug report! https://github.com/pulumi/pulumi-kubernetes/issues/553#issue-439375032 Having a full reproduction ready to go makes tracking down the cause so much faster. 🐛 🔨

@gorgeous-egg-16927 and to you for a swift fix 🙂 I thought that fix would alleviate my issue as well, but I was wrong. Basically getting the same error message, but perhaps due to namespace/other transformations I have to do due to missing helm capabilities. Should I create a new issue or do you know of an existing one it makes sense to tag onto?

Is there existing support for AWS amplify in pulumi?

Anyone else having issues with the new remote backends? It is probably just me, but I am trying to use an S3 bucket and getting issues:

could not create stack: An IO error occurred during the current operation: blob (code=Unknown): MissingRegion: could not find region configuration

I just noticed some interesting behavior around PolicyAttachment. It feels a little unexpected to me but maybe it's a misunderstanding on my part. I have an Administrator group in my AWS account with the admin policy attached to it. I wrote some Pulumi code to attach the admin policy to a role I created - in doing so I did not specify the existing group in the attachment - my expectation was there could be multiple attachments for a single policy - but it looks as though it behaves as though there is a single attachment resource for a policy and within that resource all the roles, groups, and users that you want linked to the policy must be specified. What happened is after deploying the Pulumi specified infra, my admin policy was removed from my Admin group and applied to the role. So it seems using attachments can have side effects on resources not created by Pulumi...?

hi all, has anybody found a good workflow for local development of http lambda functions? Similar to what

serverless-offline

offers?

^ before I go down the path of writing my own.

Similarly, does anyone have a good way of speeding up deployment of lambda code changes? Right now I’m sitting at ~35 seconds

I can’t remember what apex/up or serverless were

Is there a way (for CI) to get the CLI to output the nice pretty graph output, but without running in interactive mode? In other words, just print out the nice output at the end state of running.

I don’t know typescript super well, but is there a way to avoid having to do all these null checks when making changes to k8s yaml files via pulumi: https://pulumi.io/quickstart/aws/tutorial-eks.html#running-off-the-shelf-guestbook-yaml ? I still write k8s yaml for most things because we ship that yaml for our users to run (and other tooling is able to injest yaml), but I’d like to be able to “sprinkle” in things like secrets / env vars via pulumi. For instance in that example, there is a section where they’re changing the type of a service to a Loadbalancer:

// Make the 'frontend' Service public by setting it to be of type
                // LoadBalancer
                if (obj.kind == "Service" && obj.metadata.name == "frontend") {
                    if (obj.spec) {
                        obj.spec.type = "LoadBalancer"
                    }
                }

Is there a way to just tell the compiler that

obj

is a k8s

Service

, and just assign obj.spec.type=Loadbalancer directly without needing to check to see if

spec

is a field on

obj

at all?

I have a gcloud function that needs to call an aws lambda

What’s the correct way to use the dynamic endpoint output from the lambda when creating the gcloud function (which right now is a pub/sub topic onMessagePublished handler).

I am doing it by using endpointString.apply(…) and sometimes it gets created, sometimes it gets deleted

Any way to helm init from within Pulumi? The examples I find all seem to require running helm init manually before pulumi up. Would really to init tiller, etc. on pulumi up.

Hello, I have a stupid question and I’m not sure it is directly linked to Pulumi, but I’m sure you must have faced simiral issues 😄. I have a project with an API created by API from pulumi/cloud-aws. At the beginning everything was fine, I could get Json responses to my call. But now I face CORS issues, so I tried to solve it by adding headers to my all my responses, and returning 204 to every call OPTIONS (It’s not great but I’m just trying to make things work for a small PoC) Now every route seems fine, I don’t have the same issues as before, but all my responses body are Json, base 64 encoded 🙃. Do you know why it that and how could I go back to a state of having Json body as responses ? I always use Response.status().json(myObject) in my controllers The headers I added are the following : ‘Access-Control-Allow-Origin’ -> ‘*’ ‘Access-Control-Allow-Headers’ -> ‘Origin, X-Requested-With, Content-Type, Accept, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Cache-Control, Access-Control-Request-Headers, devToken, email’ ‘Access-Control-Allow-Methods’ -> ‘POST, GET, OPTIONS, PUT, DELETE’

Hi all! I'm having an issue with helm chart module and was wondering if this is a known issue or is there a workaround. Basically, I get

error: YAMLException: bad indentation of a mapping entry at line 47, column 9:
                - 1.1.1.1
                ^

with the

values

config below.

// `<https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config>`
new k8s.helm.v2.Chart("certmanager",
            {
                ...
                values: {
                    podDnsPolicy: "None",
                    podDnsConfig: {
                        nameservers: ["1.1.1.1", "8.8.8.8"]
                    }
                }
            },
            { providers: { kubernetes: this.k8sProvider } });

This seems to be about underlying yaml parser of the module or I'm trying to set the values in a wrong way and missing something very basic here. Has anyone bumped into anything similar before?

@adamant-intern-63433 I suspect that's a problem with the underlying chart. Can you show us the snippet of code where

.Values.podDnsConfig.nameservers

is referenced in the chart?