https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • c

    chilly-photographer-60932

    07/05/2019, 7:34 PM
    I am running this example https://github.com/pulumi/pulumi-eks/tree/master/nodejs/eks/examples/nodegroup and running into this error.
    │  ├─ pulumi-nodejs:dynamic:Resource     example-nodegroup-iam-simple-vpc-cni                            **creating failed**     1 error
     +   │  ├─ kubernetes:core:ConfigMap          example-nodegroup-iam-simple-nodeAccess                         **creating failed**     1 error
    Diagnostics:
      kubernetes:core:ConfigMap (example-nodegroup-iam-simple-nodeAccess):
        error: Plan apply failed: Get <https://922FC00EB908914CAF76044D3533E63A.yl4.us-west-2.eks.amazonaws.com/api?timeout=32s>: net/http: TLS handshake timeout
    
      pulumi:pulumi:Stack (aws-arcus-kitchensink-naveen):
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    
        error: update failed
    
      pulumi-nodejs:dynamic:Resource (example-nodegroup-iam-simple-vpc-cni):
        error: Plan apply failed: Command failed: kubectl apply -f /var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
        unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    w
    • 2
    • 20
  • p

    plain-businessperson-30883

    07/05/2019, 8:29 PM
    Hi all. I’m creating an AWS VPC Peering connection between two AWS accounts but a weird behaviour is happening. I have the account A as the requester and B as the accepter. When I create the peering connection in A I can’t have auto accept because they are different accounts (maybe I can’t do an IAM Role for this, but it is not desired). When I create the VPC Peering Connection (the requester) it goes into a “pending accept” state (what is expected) causing Pulumi to fail. When I run it again it runs successfully. Should it consider the “pending accept” as a valid state or am I missing something?
    b
    b
    • 3
    • 5
  • c

    chilly-photographer-60932

    07/05/2019, 10:01 PM
    Does pulumi have an option to create new
    aws
    accounts? I mean sub accounts?
    b
    b
    +2
    • 5
    • 15
  • c

    chilly-photographer-60932

    07/05/2019, 10:38 PM
    Does the
    eks
    package have option to enable
    API server endpoint access Private access
    ?
    w
    • 2
    • 3
  • c

    chilly-photographer-60932

    07/05/2019, 10:59 PM
    I am stuck with this
    Refreshing (MINDBODY-Platform/naveen):
    Permalink: <https://app.pulumi.com/MINDBODY-Platform/aws-arcus-kitchensink/naveen/updates/51>
    error: the current deployment has 1 resource(s) with pending operations:
      * urn:pulumi:naveen::aws-arcus-kitchensink::arcus:cluster$eks:index:Cluster$eks:index:NodeGroup$aws:ec2/launchConfiguration:LaunchConfiguration::monitoring-nodeLaunchConfiguration, interrupted while deleting
    
    These resources are in an unknown state because the Pulumi CLI was interrupted while
    waiting for changes to these resources to complete. You should confirm whether or not the
    operations listed completed successfully by checking the state of the appropriate provider.
    For example, if you are using AWS, you can confirm using the AWS Console.
    
    Once you have confirmed the status of the interrupted operations, you can repair your stack
    using 'pulumi stack export' to export your stack to a file. For each operation that succeeded,
    remove that operation from the "pending_operations" section of the file. Once this is complete,
    use 'pulumi stack import' to import the repaired stack.
    
    refusing to proceed
    pulumi cancel
    didn’t help.
    w
    • 2
    • 8
  • c

    cuddly-eye-68174

    07/06/2019, 3:17 PM
    Hi Guys, I have some issue with Pulumi-aws-typescript. 🙂 I was trying to figure out what is happening in the last 3 hours but I can't 🙂, I have a deployment in AWS, I created an instance with aws.ec2.Instance. Everything is fine, but if I rerun the project with "pulumi up --refresh" the engine wants the replace the instance but no point I think. I cannot see any difference in the details. and I cannot imagine any difference. Do you have any idea what is happening? 🙂
    s
    • 2
    • 21
  • e

    early-match-56268

    07/07/2019, 12:57 PM
    Is there a concept of data sources in pulumi? e.g., I have deployed k8s in GCP with the istio add-on and I would like to get access the
    istio-ingressgateway
    external IP address. In terraform I would use https://www.terraform.io/docs/providers/kubernetes/d/service.html but can't figure out how to do the same in pulumi
  • h

    high-translator-22614

    07/07/2019, 6:19 PM
    It's just code, so you can just go and ask it?
  • h

    high-translator-22614

    07/07/2019, 6:20 PM
    it's only a problem if it's being managed by pulumi, then it might not exist in all contexts your stack runs in (eg,
    pulumi preview
    when it hasn't been created)
  • h

    high-translator-22614

    07/07/2019, 6:20 PM
    but if it's assumed to exist already, you can just grab a client library and query it
  • h

    high-translator-22614

    07/07/2019, 6:21 PM
    there's also a handful of functions in the pulumi libraries to do this kind of thing (eg, there's a function in pulumi aws to query route53 for a zone)
  • e

    early-match-56268

    07/07/2019, 8:13 PM
    @high-translator-22614 Yep you're right, thanks. Was able to get it using:
    import * as k8s from '@kubernetes/client-node'
    import { devKubeconfig } from '../cluster'
    
    export const ingressIpAddress = devKubeconfig.apply(config => {
        const kc = new k8s.KubeConfig()
        kc.loadFromString(config)
        const api = kc.makeApiClient(k8s.CoreV1Api)
        return api.readNamespacedService('istio-ingressgateway', 'istio-system').then(svc => {
            let ipAddress = ''
            if (svc.body.status) {
                const status = svc.body.status
                if (status.loadBalancer) {
                    const lb = status.loadBalancer
                    if (lb.ingress) {
                        const ingress = lb.ingress
                        if (ingress[0].ip) {
                            ipAddress = ingress[0].ip
                        }
                    }
                }
            }
            return ipAddress
        })
    })
  • b

    billions-lock-80282

    07/08/2019, 10:33 AM
    Hi, is there a built in flag that allows you to turn resources on and off easily or do we just need to wrap if in an if statement? I know you can do this in terraform with the count function. Just wondered if Pulumi has something similar
    h
    s
    • 3
    • 4
  • f

    fresh-summer-65887

    07/08/2019, 11:22 AM
    Why do fully qualified stack names not include the project name? On the website it's
    {org-name}/{project-name}/{stack-name}
    in the UI and URLs. On the CLI it's
    {org-name}/{stack-name}
    . This gets confusing when you have two projects in the same org with the same
    {stack-name}
    .
    b
    w
    • 3
    • 12
  • i

    important-leather-28796

    07/08/2019, 3:09 PM
    I’m trying to interact with pulumi-cloudflare, though it is not clear to me how the pulumi lib maps to the api. Specifically I’m looking to purge cache by url after a pulumi deployment (https://api.cloudflare.com/#zone-purge-files-by-url). Neither the reference docs nor github have given me a clue here how to essentially
    POST zones/:identifier/purge_cache
    . What am I missing? Any pointers to samples or docs?
    w
    h
    • 3
    • 7
  • r

    rich-easter-89163

    07/08/2019, 6:28 PM
    Hi fokls! I'm trying to create an
    aws.route53.Record
    but it creates a sufixed record (e.g my-api-<RANDOM_IDENTIFIER>.mysite.com) which is wrong, I created it according the docs (https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/route53/#alias-record) and I don't see an option to create it without the sufix, my code is almost the same of the docs:
    new aws.route53.Record('my-api', {
        aliases: [
          {
            evaluateTargetHealth: false,
            name: loadBalancer.dnsName,
            zoneId: loadBalancer.zoneId,
          },
        ],
        type: aws.route53.RecordTypes.A,
        zoneId: zone.zoneId,
      });
    Any clues on it?
    g
    b
    • 3
    • 8
  • i

    important-leather-28796

    07/08/2019, 7:59 PM
    @creamy-potato-29402 I want to run a piece of imperative code to purge cache after k8 Deployment/Service/Ingress ready. I saw your writeup on kubespy and I’m interested in doing something with similar conditions at the end of a
    pulumi up
    . I was thinking a polling call to
    pulumi.all
    on each resource’s status. Is there already some sample code out there I can look at perhaps? Or any thoughts for/against this approach?
    • 1
    • 4
  • s

    swift-painter-31084

    07/09/2019, 2:39 AM
    How might one access the value of an Output inside an explicit Function? In that case does the Pulumi library need to be imported into that Function?
    b
    w
    • 3
    • 10
  • f

    few-ability-86674

    07/09/2019, 8:06 AM
    Hey all! Facing some issues with pulumi and kubernetes. Currently trying to set up rbac in pulumi for a cluster but in clusterrolebinding setting subjects according to the format mentioned in the documentation doesn't seem to work. Does anyone know the correct way to specify subjects ?
  • b

    big-potato-91793

    07/09/2019, 1:02 PM
    Hey, I need to move 2 off my project from pulumi backend to s3. Could someone help me with that?
    w
    • 2
    • 1
  • b

    best-salesclerk-82359

    07/09/2019, 2:05 PM
    Hey folks, we are experiencing some issues combinating pulumi and recent releases of
    knative-eventing
    . In detail they include a legacy kubernetes deployment with a defined replica of
    0
    . Unfortunately this fails the stack since
    pulumi-kubernetes
    executes a readiness probe after applying the resource which never fulfills. Is there any solution to this, e.g. to disable the readiness probe for a certain resource?
    g
    • 2
    • 2
  • i

    important-leather-28796

    07/09/2019, 3:33 PM
    If I want to imperatively poll for an updated manifest, would I call
    k8s.apps.v1beta1.Deployment.get('myapp', myWebDeployment.id)
    to get latest/fresh values?
    w
    • 2
    • 6
  • b

    bitter-island-28909

    07/09/2019, 5:52 PM
    Is there any way to get Pulumi to perform a sanity check about which AWS account it is interacting with? We use several different AWS accounts for security reasons. While I definitely want to be able to apply different stacks to different accounts, accidentally applying a stack to a different account than where it was created causes a big mess.
    g
    w
    o
    • 4
    • 6
  • o

    orange-tailor-85423

    07/09/2019, 10:51 PM
    Anybody else done a cloud migration and had to translate iam permissions from one to the other? Asking for a friend
    c
    • 2
    • 3
  • s

    swift-painter-31084

    07/09/2019, 11:30 PM
    I'm getting this when running
    pulumi logs -f
    on a beefy machine while following logs from 2 lambda functions in one stack.
    Untitled.txt
    w
    • 2
    • 3
  • c

    colossal-room-15708

    07/10/2019, 2:22 AM
    To create an AWS Organizations OU (https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/organizations/#pulumi_aws.organizations.OrganizationalUnit) I have to provide the
    parent_id
    property, which in a lot of cases is the root of the Organization. I can't find a way, native to pulumi, to get information about the Organization if the Organization has already been created by someone outside of pulumi.
    w
    • 2
    • 1
  • h

    high-translator-22614

    07/10/2019, 2:58 AM
    same as ⬆️ about getting kubernetes information
  • h

    high-translator-22614

    07/10/2019, 2:59 AM
    but using boto3 instead of kubernetes client
    c
    • 2
    • 1
  • c

    cool-egg-852

    07/10/2019, 3:45 PM
    Is there any way to make pulumi wait for a Job to complete before deploying a Deployment?
    w
    • 2
    • 4
  • m

    most-judge-33290

    07/10/2019, 4:27 PM
    I am getting an error that subnets cannot be empty with the following
    new awsx.ecs.FargateService(imageName, {
        name: imageName,
        cluster,
        subnets: ['subnet-1', 'subnet-2, 'subnet-3'],
        securityGroups: ['sg-x'],
        taskDefinitionArgs: {
          container: {
            image: `<http://myaccount.dkr.ecr.us-west-2.amazonaws.com/${imageName}|myaccount.dkr.ecr.us-west-2.amazonaws.com/${imageName}>`,
            cpu: compute || 512 /*10% of 1024*/,
            memory: memory || 512 /*MB*/,
            portMappings: [targetGroupListener],
            environment: environment || [
              { name: 'NODE_ENV', value: 'production' },
              { name: 'PORT', value: '80' },
            ],
          },
        },
        desiredCount: desiredCount || 2,
      });
    w
    l
    • 3
    • 13
Powered by Linen
Title
m

most-judge-33290

07/10/2019, 4:27 PM
I am getting an error that subnets cannot be empty with the following
new awsx.ecs.FargateService(imageName, {
    name: imageName,
    cluster,
    subnets: ['subnet-1', 'subnet-2, 'subnet-3'],
    securityGroups: ['sg-x'],
    taskDefinitionArgs: {
      container: {
        image: `<http://myaccount.dkr.ecr.us-west-2.amazonaws.com/${imageName}|myaccount.dkr.ecr.us-west-2.amazonaws.com/${imageName}>`,
        cpu: compute || 512 /*10% of 1024*/,
        memory: memory || 512 /*MB*/,
        portMappings: [targetGroupListener],
        environment: environment || [
          { name: 'NODE_ENV', value: 'production' },
          { name: 'PORT', value: '80' },
        ],
      },
    },
    desiredCount: desiredCount || 2,
  });
w

white-balloon-205

07/10/2019, 4:41 PM
What is the exact error message?
m

most-judge-33290

07/10/2019, 4:49 PM
Plan apply failed: InvalidParameterException: subnets can not be empty.
    	status code: 400, request id: 0e12e236-0189-418c-a510-6961c10c28be "fieldbook_mobile_api"
w

white-balloon-205

07/10/2019, 4:55 PM
If you run
pulumi preview --diff
does it show you what values are being passed to
networkConfiguration
on the
Service
? (in particular the
subnets
)?
m

most-judge-33290

07/10/2019, 4:57 PM
networkConfiguration           : {
                assignPublicIp: true
                securityGroups: [
                    [0]: "sg-x"
                ]
            }
w

white-balloon-205

07/10/2019, 4:57 PM
Ahh - looks like there may actually be a bug here - the
subnets
argument will not be passed along. You should though be getting the subnets associated with
cluster.vpc.publicSubnetIds
- not clear why that would be empty? (though it's not what you want here regardless). cc @lemon-spoon-91807 https://github.com/pulumi/pulumi-awsx/blob/e709a077df4233eef0615bad09d0f6828e50f2bd/nodejs/awsx/ecs/fargateService.ts#L210
@most-judge-33290 would you mind opening an issue on this?
l

lemon-spoon-91807

07/10/2019, 4:58 PM
yup. this is a straight up bug
i'll open the issue
no need for @most-judge-33290 to have to do it 🙂
i'll fix today, thanks for the report!
m

most-judge-33290

07/10/2019, 4:59 PM
ok, thanks guys
l

lemon-spoon-91807

07/10/2019, 4:59 PM
Looks like @gentle-diamond-70147 already did! https://github.com/pulumi/pulumi-awsx/issues/360
https://github.com/pulumi/pulumi-awsx/pull/362
View count: 1