https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • i

    incalculable-diamond-5088

    05/31/2019, 5:51 PM
    Hi, I have a question regarding provisioning secrets/credentials. Are there any guidelines for doing it in pulumi? Would you recommend an ‘get or create’ pattern for those (create if not exists, read if exists)? Is there any reference code for that?
  • f

    full-dress-10026

    05/31/2019, 6:54 PM
    I created an EKS cluster following https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/examples/nodegroup/index.ts and got:
    error: unable to recognize "/tmp/tmp-6861Tmql3TRQ88g0.tmp": Get <https://2B657DC438F30EA7CB5A8D2297BABFA3.sk1.us-west-2.eks.amazonaws.com/api?timeout=32s>: dial tcp 52.36.238.179:443: i/o timeout
     
        error: update failed
     
      pulumi-nodejs:dynamic:Resource (k8s-cluster-dev-vpc-cni):
        error: Plan apply failed: Command failed: kubectl apply -f /tmp/tmp-6861Tmql3TRQ88g0.tmp
        error: unable to recognize "/tmp/tmp-6861Tmql3TRQ88g0.tmp": Get <https://2B657DC438F30EA7CB5A8D2297BABFA3.sk1.us-west-2.eks.amazonaws.com/api?timeout=32s>: dial tcp 52.36.238.179:443: i/o timeout
     
      kubernetes:core:ConfigMap (k8s-cluster-dev-nodeAccess):
        error: Plan apply failed: Get <https://2B657DC438F30EA7CB5A8D2297BABFA3.sk1.us-west-2.eks.amazonaws.com/api?timeout=32s>: dial tcp 52.89.83.215:443: i/o timeout
    Here's what I did:
    const eksRole1 = iam.createRole(`eks-role`);
    const eksInstanceProfile = new aws.iam.InstanceProfile("eks-instance-profile", {role: eksRole1});
    
    const nodePolicy = new aws.iam.Policy("eks-node-policy", {
        namePrefix: `eks-node-${env}-`,
        policy: JSON.stringify({
            "Version": "2012-10-17",
            "Statement": [{
                "Effect": "Allow",
                "Action": [
                    "kms:Decrypt",
                    "pricing:*"
                ],
                "Resource": "*"
            }]
        })
    });
    
    new aws.iam.RolePolicyAttachment("eks-node-role-assignment", {
        policyArn: nodePolicy.arn,
        role: eksRole1
    });
    
    
    eksCluster = new eks.Cluster(`k8s-cluster-${env}`, {
        vpcId: vpc.id,
        subnetIds: vpc.publicSubnetIds,
        deployDashboard: false,
        skipDefaultNodeGroup: true,
        instanceRoles: [eksRole1]
    });
    
    eksCluster.createNodeGroup(`k8s-${env}-ng`, {
        instanceType: "t2.medium",
        desiredCapacity: 2,
        minSize: 1,
        maxSize: 2,
        instanceProfile: eksInstanceProfile,
    });
    Guessing the example code is missing something necessary.
    d
    w
    • 3
    • 4
  • b

    brave-angle-33257

    05/31/2019, 7:40 PM
    quick question.. is it possible to populate the aws objects with the region programatically? or does it have to be set in the config as
    aws:region
    ?
  • s

    stocky-spoon-28903

    05/31/2019, 7:51 PM
    @brave-angle-33257 For first class providers (i.e. those made with
    new aws.Provider(.....)
    you can set it directly
    b
    • 2
    • 5
  • f

    full-dress-10026

    05/31/2019, 8:51 PM
    Deploying this:
    const k8sDashboardChart = new k8s.helm.v2.Chart("k8s-dashboard", {
        repo: "stable",
        chart: "kubernetes-dashboard",
        version: "1.5.2",
        namespace: "kube-system"
    }, {providers: {kubernetes: k8sProvider}});
    results in
    error: Plan apply failed: 2 errors occurred:
        	* Timeout occurred for 'k8s-dashboard-kubernetes-dashboard'
        	* Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods
    Any idea why this would happen?
    i
    h
    c
    • 4
    • 20
  • f

    full-dress-10026

    05/31/2019, 11:30 PM
    Changing the
    values
    for a
    k8s.helm.v2.Chart
    does not output that any resource was updated. Is this expected?
    b
    c
    • 3
    • 2
  • t

    thankful-island-60540

    06/01/2019, 7:01 AM
    Hi, does anyone succeeded in deploying a k8s helm chart using Pulumi
    python
    code? it seems to have braking bugs in the code, that preventing me from adding custom values, or setting a specific namespace to deploy to its even hard to debug since its not possible to execute the python code not from the Pulumi CLI (or its not documented how) anyone with a success experience?
    b
    • 2
    • 3
  • a

    average-dream-51210

    06/02/2019, 1:23 AM
    Hm, anybody have any suggestions on how to manage dev/stage/prod with Pulumi? I know there's the concept of stacks. How would it be integrated with git dev/stage/prod branches?
  • a

    average-dream-51210

    06/02/2019, 1:24 AM
    If git branch is switched from dev to stage, i'd use Pulumi to switch from dev to stage stack also?
  • a

    average-dream-51210

    06/02/2019, 1:26 AM
    Ah cool, there's good info on that in the docs 😄
  • a

    average-dream-51210

    06/02/2019, 1:30 AM
    Hm, if I used a git branch per pulumi stack for dev/stage/prod would it be wise to create a githook to execute a stack switch with pulumi upon git checkout to another branch?
    b
    b
    • 3
    • 6
  • c

    colossal-room-15708

    06/03/2019, 1:48 PM
    I'm doing a quick 15min talk on Pulumi tomorrow at a meetup. When other people do this on Pulumi, what are the main things attendees go "uuuuhhhh" and "wooooow"? 🙂 Especially when comparing it to things like Azure ARM templates or AWS CloudFormation.
    😛artypus: 1
    :woohoo: 2
  • s

    stocky-spoon-28903

    06/03/2019, 2:33 PM
    Loops ;-)
    b
    • 2
    • 5
  • s

    stocky-spoon-28903

    06/03/2019, 2:34 PM
    I’ll put up a better answer shortly
  • t

    tall-librarian-49374

    06/03/2019, 2:39 PM
    Wow goes for any non-trivial example in a familiar programming language. Questions are around high-level things like "but it's not from my cloud vendor", "how up-to-date is it going to be", "can I use it for free in a real project", "why do you use terraform".
  • j

    jolly-egg-4894

    06/03/2019, 2:45 PM
    Whenever I show someone this is example where all you need for an API Gateway that talks to Lambda that can add data to a DynamoDB table and it creates the resources 24 lines of non squashed perfectly normal code https://github.com/lindydonna/velocity-examples/blob/master/pulumi/pulumi-cloud/index.js
    👍 1
  • s

    shy-receptionist-99213

    06/03/2019, 3:57 PM
    i’d say sourcing some values from terraform remote state into your kubernetes deployment (like some aws endpoints for prometheus exporter deployed in k8s) should get some
    wows
    .
  • f

    full-dress-10026

    06/03/2019, 4:58 PM
    I switched computers and ran
    pulumi up
    in a stack that has an existing EKS cluster running. I received a bunch of these errors:
    error: Preview failed: unable to read kubectl config: invalid configuration: no configuration has been provided
    I thought Pulumi automatically creates the config file for connecting the the cluster. Do I need to explicitly provide it? Reading through https://pulumi.io/quickstart/aws/tutorial-eks/, it does not appear that you need to set a k8s config file.
    c
    • 2
    • 31
  • b

    brave-angle-33257

    06/03/2019, 5:06 PM
    output/string issue.. looking for best-practice advice
    s
    b
    • 3
    • 27
  • f

    full-dress-10026

    06/03/2019, 5:32 PM
    Can you get the AWS LB Pulumi object from an
    k8s.core.v1.Service
    ?
    w
    c
    s
    • 4
    • 9
  • d

    delightful-city-79989

    06/03/2019, 5:57 PM
    Hi, i’m attempting to create a single lambda that will serve an express app that renders individual javascript functions. I’m not entirely sure if the approach i’m taking is kosher. Would greatly appreciate any comments/advice! https://github.com/michaelnyu/next-pulumi-test
    b
    • 2
    • 2
  • w

    worried-engineer-33884

    06/03/2019, 6:41 PM
    is there a way to test a dependsOn relationship?
  • h

    handsome-actor-1155

    06/03/2019, 6:51 PM
    Is there a way to get a k8sProvider from a newly created EKS cluster to be able to pass to a helm chart deployment in the same pulumi program?
    • 1
    • 2
  • o

    orange-policeman-59119

    06/03/2019, 11:31 PM
    Is it normal for upgrading a resource plugin to require both the old and new versions to be installed side-by-side? The following are short transcripts from a CI system log:
    > @pulumi/kubernetes@v0.23.1 install /builds/[redacted-repo]/pulumi/node_modules/@pulumi/kubernetes
    > node scripts/install-pulumi-plugin.js resource kubernetes v0.23.1
    
    [resource plugin kubernetes-0.23.1] installing
    
    ...
    
    Previewing update ([redacted-stack-name]):
    error: could not load plugin for kubernetes provider 'urn:pulumi:[redacted-stack-name]::vendor-sync-pipeline::pulumi:providers:kubernetes::default': no resource plugin 'kubernetes-v0.22.0' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource kubernetes v0.22.0`
    It looks like it wants both the old version 0.22 and the new version 0.23.1 installed to use the stack. Is that right?
    c
    w
    • 3
    • 12
  • f

    full-dress-10026

    06/03/2019, 11:43 PM
    Passing
    autoScalingGroupTags: myTags
    to
    eks.Cluster.createNodeGroup
    will fail on an update with the following message in the CF console: "You cannot have multiple tags with the same key name."
    w
    • 2
    • 2
  • p

    proud-alarm-92546

    06/03/2019, 11:57 PM
    anyone have suggestions on how to recover from this? s3 backed state, assume-role, my session token expired mid run. after that, everything results in a
    failed to load checkpoint
    Diagnostics:
      awsx:x:ec2:Subnet (new-test-vpc1-private-0):
        error: post-step event returned an error: failed to save snapshot: failed to load checkpoint: blob (code=Unknown): ExpiredToken: The provided token has expired.
          status code: 400, request id: C77A7470E00DFB92, host id: Rdn/3pvDB4Qc+R2/vKyqqdjycosJ8zROTd9A2JvIo/NudbxN/aU7NcwrbRteASkrGhg12TgGxqk=
    
      pulumi:pulumi:Stack (make-vpc-vpc-dev):
        error: update failed
    
      awsx:x:ec2:Vpc (new-test-vpc1):
        error: resource complete event returned an error: failed to save snapshot: An IO error occurred during the current operation: blob (code=Unknown): ExpiredToken: The provided token has expired.
          status code: 400, request id: D634E0AAE7B29B13, host id: FGLgu6SwARaLVmv6eFYt4G1LAtwPeADhZkq/i0j8QQ5J2mlFRLNvInrvBXLGFeDV0yMi0wKGZDc=
    
    Resources:
        7 unchanged
    error: failed to load checkpoint: blob (code=NotFound): NoSuchKey: The specified key does not exist.
      status code: 404, request id: 8FDFF4787E944F03, host id:
  • p

    proud-alarm-92546

    06/04/2019, 12:00 AM
    bailing for the evening, but I'll keep tabs on this in case someone has ideas. state handling during failures definitely seems to be in strong need of improvement, this is the second of this sort I've run into, effectively leaving me in a "delete it all by hand and start over" state.
    w
    b
    • 3
    • 7
  • p

    powerful-london-34081

    06/04/2019, 10:44 AM
    I'm having an issue where I'm iterating over an array using for-of, instantiating a set of resources per iteration (resourceA, resourceB). An output value from resourceA is used for resourceB, but the output of resourceA.outputValue.apply() always returns the output of resourceA in the last iteration - for all iterations (as if the variables that hold references to the resources are overwritten each iteration, and the last value is used for all resources. If I instead of referring to variables created in the for-of iteration, push the instantiated resources to an array and do a resources[i].outputValue.apply(), everything works as one would expect. Is this a bug, or intended behavior?
  • s

    stocky-spoon-28903

    06/04/2019, 10:51 AM
    @powerful-london-34081 can you post a snippet your code?
  • p

    powerful-london-34081

    06/04/2019, 11:15 AM
    @stocky-spoon-28903
    -.ts
Powered by Linen
Title
p

powerful-london-34081

06/04/2019, 11:15 AM
@stocky-spoon-28903
-.ts
View count: 1