I am running this example https://github.com/pulumi/pulumi-eks/tree/master/nodejs/eks/examples/nodegroup and running into this error.

│  ├─ pulumi-nodejs:dynamic:Resource     example-nodegroup-iam-simple-vpc-cni                            **creating failed**     1 error
 +   │  ├─ kubernetes:core:ConfigMap          example-nodegroup-iam-simple-nodeAccess                         **creating failed**     1 error

Diagnostics:
  kubernetes:core:ConfigMap (example-nodegroup-iam-simple-nodeAccess):
    error: Plan apply failed: Get <https://922FC00EB908914CAF76044D3533E63A.yl4.us-west-2.eks.amazonaws.com/api?timeout=32s>: net/http: TLS handshake timeout

  pulumi:pulumi:Stack (aws-arcus-kitchensink-naveen):
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized

    error: update failed

  pulumi-nodejs:dynamic:Resource (example-nodegroup-iam-simple-vpc-cni):
    error: Plan apply failed: Command failed: kubectl apply -f /var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized
    unable to recognize "/var/folders/6x/1nwydqkn1kn0n2wqmwwp1hsmvm6qls/T/tmp-12437sPtTDnmfv7lm.tmp": Unauthorized

Hi all. I’m creating an AWS VPC Peering connection between two AWS accounts but a weird behaviour is happening. I have the account A as the requester and B as the accepter. When I create the peering connection in A I can’t have auto accept because they are different accounts (maybe I can’t do an IAM Role for this, but it is not desired). When I create the VPC Peering Connection (the requester) it goes into a “pending accept” state (what is expected) causing Pulumi to fail. When I run it again it runs successfully. Should it consider the “pending accept” as a valid state or am I missing something?

Does pulumi have an option to create new

aws

accounts? I mean sub accounts?

Does the

eks

package have option to enable

API server endpoint access Private access

?

I am stuck with this

Refreshing (MINDBODY-Platform/naveen):
Permalink: <https://app.pulumi.com/MINDBODY-Platform/aws-arcus-kitchensink/naveen/updates/51>
error: the current deployment has 1 resource(s) with pending operations:
  * urn:pulumi:naveen::aws-arcus-kitchensink::arcus:cluster$eks:index:Cluster$eks:index:NodeGroup$aws:ec2/launchConfiguration:LaunchConfiguration::monitoring-nodeLaunchConfiguration, interrupted while deleting

These resources are in an unknown state because the Pulumi CLI was interrupted while
waiting for changes to these resources to complete. You should confirm whether or not the
operations listed completed successfully by checking the state of the appropriate provider.
For example, if you are using AWS, you can confirm using the AWS Console.

Once you have confirmed the status of the interrupted operations, you can repair your stack
using 'pulumi stack export' to export your stack to a file. For each operation that succeeded,
remove that operation from the "pending_operations" section of the file. Once this is complete,
use 'pulumi stack import' to import the repaired stack.

refusing to proceed

pulumi cancel

didn’t help.

Hi Guys, I have some issue with Pulumi-aws-typescript. 🙂 I was trying to figure out what is happening in the last 3 hours but I can't 🙂, I have a deployment in AWS, I created an instance with aws.ec2.Instance. Everything is fine, but if I rerun the project with "pulumi up --refresh" the engine wants the replace the instance but no point I think. I cannot see any difference in the details. and I cannot imagine any difference. Do you have any idea what is happening? 🙂

Is there a concept of data sources in pulumi? e.g., I have deployed k8s in GCP with the istio add-on and I would like to get access the

istio-ingressgateway

external IP address. In terraform I would use https://www.terraform.io/docs/providers/kubernetes/d/service.html but can't figure out how to do the same in pulumi

It's just code, so you can just go and ask it?

it's only a problem if it's being managed by pulumi, then it might not exist in all contexts your stack runs in (eg,

pulumi preview

when it hasn't been created)

but if it's assumed to exist already, you can just grab a client library and query it

there's also a handful of functions in the pulumi libraries to do this kind of thing (eg, there's a function in pulumi aws to query route53 for a zone)

@high-translator-22614 Yep you're right, thanks. Was able to get it using:

import * as k8s from '@kubernetes/client-node'
import { devKubeconfig } from '../cluster'

export const ingressIpAddress = devKubeconfig.apply(config => {
    const kc = new k8s.KubeConfig()
    kc.loadFromString(config)
    const api = kc.makeApiClient(k8s.CoreV1Api)
    return api.readNamespacedService('istio-ingressgateway', 'istio-system').then(svc => {
        let ipAddress = ''
        if (svc.body.status) {
            const status = svc.body.status
            if (status.loadBalancer) {
                const lb = status.loadBalancer
                if (lb.ingress) {
                    const ingress = lb.ingress
                    if (ingress[0].ip) {
                        ipAddress = ingress[0].ip
                    }
                }
            }
        }
        return ipAddress
    })
})

Hi, is there a built in flag that allows you to turn resources on and off easily or do we just need to wrap if in an if statement? I know you can do this in terraform with the count function. Just wondered if Pulumi has something similar

Why do fully qualified stack names not include the project name? On the website it's

{org-name}/{project-name}/{stack-name}

in the UI and URLs. On the CLI it's

{org-name}/{stack-name}

. This gets confusing when you have two projects in the same org with the same

{stack-name}

.

I’m trying to interact with pulumi-cloudflare, though it is not clear to me how the pulumi lib maps to the api. Specifically I’m looking to purge cache by url after a pulumi deployment (https://api.cloudflare.com/#zone-purge-files-by-url). Neither the reference docs nor github have given me a clue here how to essentially

POST zones/:identifier/purge_cache

. What am I missing? Any pointers to samples or docs?

Hi fokls! I'm trying to create an

aws.route53.Record

but it creates a sufixed record (e.g my-api-<RANDOM_IDENTIFIER>.mysite.com) which is wrong, I created it according the docs (https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/route53/#alias-record) and I don't see an option to create it without the sufix, my code is almost the same of the docs:

new aws.route53.Record('my-api', {
    aliases: [
      {
        evaluateTargetHealth: false,
        name: loadBalancer.dnsName,
        zoneId: loadBalancer.zoneId,
      },
    ],
    type: aws.route53.RecordTypes.A,
    zoneId: zone.zoneId,
  });

Any clues on it?

@creamy-potato-29402 I want to run a piece of imperative code to purge cache after k8 Deployment/Service/Ingress ready. I saw your writeup on kubespy and I’m interested in doing something with similar conditions at the end of a

pulumi up

. I was thinking a polling call to

pulumi.all

on each resource’s status. Is there already some sample code out there I can look at perhaps? Or any thoughts for/against this approach?

How might one access the value of an Output inside an explicit Function? In that case does the Pulumi library need to be imported into that Function?

Hey all! Facing some issues with pulumi and kubernetes. Currently trying to set up rbac in pulumi for a cluster but in clusterrolebinding setting subjects according to the format mentioned in the documentation doesn't seem to work. Does anyone know the correct way to specify subjects ?

Hey, I need to move 2 off my project from pulumi backend to s3. Could someone help me with that?

Hey folks, we are experiencing some issues combinating pulumi and recent releases of

knative-eventing

. In detail they include a legacy kubernetes deployment with a defined replica of

0

. Unfortunately this fails the stack since

pulumi-kubernetes

executes a readiness probe after applying the resource which never fulfills. Is there any solution to this, e.g. to disable the readiness probe for a certain resource?

If I want to imperatively poll for an updated manifest, would I call

k8s.apps.v1beta1.Deployment.get('myapp', myWebDeployment.id)

to get latest/fresh values?

Is there any way to get Pulumi to perform a sanity check about which AWS account it is interacting with? We use several different AWS accounts for security reasons. While I definitely want to be able to apply different stacks to different accounts, accidentally applying a stack to a different account than where it was created causes a big mess.

Anybody else done a cloud migration and had to translate iam permissions from one to the other? Asking for a friend

I'm getting this when running

pulumi logs -f

on a beefy machine while following logs from 2 lambda functions in one stack.

To create an AWS Organizations OU (https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/organizations/#pulumi_aws.organizations.OrganizationalUnit) I have to provide the

parent_id

property, which in a lot of cases is the root of the Organization. I can't find a way, native to pulumi, to get information about the Organization if the Organization has already been created by someone outside of pulumi.

same as ⬆️ about getting kubernetes information

but using boto3 instead of kubernetes client

Is there any way to make pulumi wait for a Job to complete before deploying a Deployment?