Seems like Pulumi needs some work with regards to it’s diffing for nodepools. Adding labels when there were none before is triggering a replacement due to not having whatever GKE adds such as

maxPodsPerNode, namePrefix, nodeCount

, etc.

I've got a feature I'm working on to automatically create a scheduled pipeline in Gitlab with each new EKS cluster created via Pulumi. Since the gitlab provider in Pulumi doesn't yet exist, and support in terraform for scheduled pipelines is still in MR (https://github.com/terraform-providers/terraform-provider-gitlab/pull/116) I'm trying to find another way to tie in the pipeline creation. Short of writing my own Pulumi provider for the purpose, the gitlab REST API works great for this, so I thought perhaps there's a way in pulumi to: - during

update

check if a scheduled pipeline already exists via the gitlab API, and if it doesn't then create one - during

destroy

check if a scheduled pipeline already exists via the gitlab API, and if it does then delete it Is this reasonable? Is there a better approach for doing this?

Hey in this snippet:

The Lambda resource is pointing to a assetArchive which points to a folder.

From my understanding, it zips it up before deploying.

Is it also possible to do that with a Lambda Layer?

Right now the lambda layer code looks like this:

Is it possible to use a pulumi.asset.assetArchive in the Lambda Layer to point to a src folder of the Lambda code, instead of an already zipped file?

so I have stacks named thusly org/environment/stack where the stack could refer to my k8s provisioning stuff or the network. In regards to network, when I have org/preprod/network and org/prod/network it really confused the pulumi cli on configuration, is there anything I can do short of doing a config refresh every time I change stacks?

Is there a way to lookup details only for a specific resource with

pulumi up

? In the same update, I’m also deleting a big Helm chart (

kube-prometheus

) and that creates a very, very big details list. Therefore, if I can select just one resource (which is not of that chart’s resources) would help a lot.

How's pulumi's performance with large stacks? Is there a recommended limit on the max resources to manage with a single stack? In theory you could put an entire companies infrastructure in one stack.

Hi there! Heard about Pulumi recently, I'd like to give it a try but wondering if I can easily upgrade from community account to a team account if it suits our need ? I intend to use community at first as Ill be the only one to test it. Thanks!

Also quick noob question on outputs/consumers, can a project written in typescript can consume outputs of a project written in python for instance ?

Posting https://github.com/pulumi/pulumi-eks/issues/137#issuecomment-500061653 for visibility. Do I just need to create a whole separate program / stack for now?

Hi, are there some ways to reverse engineer an actual deploy into pulumi? at least to navigate it as Outputs

I'm building a dynamic provider and a class to manage in pulumi. I've implemented a

create

method that works when I do

pulumi up

. The

create

method makes a

POST

to a server API, and then it gets back a result object with some data about the created resource, e.g.

id

,

owner

, etc. I'd like to be able to do something like:

console.log(myNewResource.id);

However, I'm not sure how to expose the returned values in the resource's state. Any pointers or examples?

How would you get the queue URL off of a

aws.sqs.Queue

?

Hmm, my APIGateway endpoint url has a /stage appended to the end of it. Anybody know how this happens?

I thought it came from the stack name. I deleted the stack and recreated a 'develop' but /stage is still being appended to the api gateway endpoint url

Hrm, I had a

protected: true

flag on an AWS Secrets manager resource. I changed the resource name and took the protected flag off because it coudln't delete a protected resource to do a renaming. It's still giving me a protection error even with protected flag gone:

Getting this error:

error: Preview failed: refusing to delete protected resource 'urn:pulumi:develop::savor-live::aws:secretsmanager/secret:Secret::

Although, i know secretse manager has some weird deletion lifecycle policy where it can't fully be deleted before 7 days minimum

and both my names were already there. I wonder if I should just leave secrets manager out of Pulumi and just manage it manually.

Hrm or can I reset it by doing a stack export, deleting the resource URN and then

pulumi up

?

If I had an existing secretsManager and wanted to put it under Pulumi how would I do that? Is there a way to tie the URN to ARN?

Is there a way to redirect the pulumi's stream display outputs to an external ressource (let's say Elastic search or another DB for example) ? I'm actually wrapping the

pulumi

binary with a python script that does the job but it feels very hacky and not secure. anyone have an idea ?

I am running into an error for

aws

vpc

with

AccessDenied

. https://asciinema.org/a/XDK4ZRawRIDXYUEW8aNDGj5fZ and here is the sample code

import * as awsx from '@pulumi/awsx';

const vpc = new awsx.ec2.Vpc('custom', {
  cidrBlock: '10.0.0.0/16',
  numberOfAvailabilityZones: 3,
  subnets: [
    { type: 'public' },
    { type: 'private' },
    { type: 'isolated', name: 'db' },
    { type: 'isolated', name: 'redis' }
  ]
});

It is failing with this error

invocation of aws:index/getAvailabilityZones:getAvailabilityZones returned an error: invoking aws:index/getAvailabilityZones:getAvailabilityZones: Error fetching Availability Zones: UnauthorizedOperation: You are not authorized to perform this operation.

I am able to get the

aws ec2 describe-availability-zones
{
    "AvailabilityZones": [
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1a",
            "ZoneId": "use1-az1"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1b",
            "ZoneId": "use1-az2"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1c",
            "ZoneId": "use1-az4"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1d",
            "ZoneId": "use1-az6"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1e",
            "ZoneId": "use1-az3"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1f",
            "ZoneId": "use1-az5"
        }
    ]
}

Which permissions am I missing? Thanks

Hmm, if I create an S3 Bucket Policy, that has cognito authorizers and cloudfront stuff in the policy, is there anyway to 'wait' for the output variables in cognito and cloudfront?

Do I do a 'depends on'?

While I'm working with a local version of pulumi/azure JS SDK with yarn link, how does it determine which plugin version to load? I believe I have all the latest, but it still tries to load 0.18.2:

could not load plugin for azure provider 'urn:pulumi:dev::azure-play::pulumi:providers:azure::default': no resource plugin 'azure-v0.18.2' found in the workspace

. Is this what the stack remembered to use? I seem to have reset it by unlinking, referencing the latest in package.json, running

pulumi up

, and then linking again. Is there an easier way?