https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • w

    worried-engineer-33884

    08/05/2019, 4:08 PM
    Is there support for tree shaking with inline lambda functions?
    w
    • 2
    • 3
  • b

    best-xylophone-83824

    08/05/2019, 5:10 PM
    how can I programmatically create project and stack in organisation? My current attempt is
    PULUMI_ACCESS_TOKEN=.... pulumi new gcp-typescript --force --name gcp-bootstrap --stack prod
    fails 😞
    • 1
    • 2
  • w

    worried-engineer-33884

    08/05/2019, 5:39 PM
    Would it make sense to use
    .appy
    in a
    lambda.CallbackFactory
    ?
    w
    • 2
    • 3
  • w

    worried-engineer-33884

    08/05/2019, 6:09 PM
    message has been deleted
  • b

    bitter-island-28909

    08/05/2019, 8:06 PM
    Anyone have a pattern they like for installing database migrations to a database created by Pulumi? Right now I’m making an ECS task that runs my migration scripts, and a Pulumi Dynamic Resource to launch the task using the AWS CLI once the database is available. This is a lot of moving parts and rather gross.
    b
    • 2
    • 7
  • s

    salmon-morning-96600

    08/05/2019, 8:09 PM
    Hi guys, just wondering when we may see the final 3 parts of this lab series: https://github.com/pulumi/kubernetes-the-prod-way
  • c

    cool-egg-852

    08/05/2019, 8:41 PM
    Untitled.txt
    w
    g
    • 3
    • 6
  • r

    rich-easter-89163

    08/06/2019, 12:34 AM
    Hello, qq: is there a way to output preview details to a file? I'm having a pretty big diff and running out of scroll
    • 1
    • 1
  • f

    full-dress-10026

    08/06/2019, 12:57 AM
    createNodeGroup
    on a
    eks.Cluster
    takes an
    instanceType
    parameter which must be a
    aws.ec2.InstanceType
    . I'd like to pass in a string from a config file. How can I do this without Typescript complaining?
    b
    • 2
    • 2
  • s

    stale-autumn-24797

    08/06/2019, 1:19 AM
    I’m getting the following error when using the Pulumi Azure DevOps release task to run pulumi up:
    2019-08-05T19:10:09.1841769Z ##[section]Starting: Run pulumi  
    2019-08-05T19:10:09.1845138Z ==============================================================================
    2019-08-05T19:10:09.1845233Z Task         : Pulumi Azure Pipelines Task
    2019-08-05T19:10:09.1845346Z Description  : Azure Pipelines task extension for running Pulumi apps.
    2019-08-05T19:10:09.1845410Z Version      : 0.1.19
    2019-08-05T19:10:09.1845509Z Author       : Pulumi
    2019-08-05T19:10:09.1845565Z Help         : Join us on Slack at <https://slack.pulumi.io>.
    2019-08-05T19:10:09.1845633Z ==============================================================================
    2019-08-05T19:10:09.3946841Z Downloading: <https://get.pulumi.com/releases/sdk/pulumi-v0.17.27-linux-x64.tar.gz>
    2019-08-05T19:10:09.7313899Z Extracting archive
    2019-08-05T19:10:09.7348031Z [command]/bin/tar xzC /home/vsts/work/_temp/1ad4480f-4b59-4fed-9e58-4f008e359445 -f /home/vsts/work/_temp/5888e3ed-db52-4523-9c13-87a924a0050d
    2019-08-05T19:10:10.8380108Z Prepending PATH environment variable with directory: /home/vsts/work/_temp/1ad4480f-4b59-4fed-9e58-4f008e359445/pulumi
    2019-08-05T19:10:10.8388818Z [command]/home/vsts/work/_temp/1ad4480f-4b59-4fed-9e58-4f008e359445/pulumi/pulumi version
    2019-08-05T19:10:10.9270755Z v0.17.27
    2019-08-05T19:10:10.9325912Z [command]/home/vsts/work/_temp/1ad4480f-4b59-4fed-9e58-4f008e359445/pulumi/pulumi login
    2019-08-05T19:10:11.4999524Z Logged into <http://pulumi.com|pulumi.com> as mike (<https://app.pulumi.com/mike>)
    2019-08-05T19:10:11.5044407Z [command]/home/vsts/work/_temp/1ad4480f-4b59-4fed-9e58-4f008e359445/pulumi/pulumi stack select mike/microservice-aks-deploy/mapper
    2019-08-05T19:10:12.3840915Z [command]/home/vsts/work/_temp/1ad4480f-4b59-4fed-9e58-4f008e359445/pulumi/pulumi up --yes
    2019-08-05T19:10:13.3621045Z Previewing update (mapper):
    2019-08-05T19:10:14.2525744Z error: could not load plugin for kubernetes provider 'urn:pulumi:mapper::microservice-aks-deploy::pulumi:providers:kubernetes::inflation_provider': no resource plugin 'kubernetes' found in the workspace or on your $PATH
    2019-08-05T19:10:14.2611968Z ##[error]Pulumi command exited with code '255' while trying to run 'up --yes'.
    2019-08-05T19:10:14.2686239Z ##[section]Finishing: Run pulumi
    Any ideas on how to fix this?
    c
    s
    g
    • 4
    • 30
  • a

    astonishing-finland-20071

    08/06/2019, 6:30 AM
    I'm using pulumi to create aws cognito user pool and associate it with lambda trigger. But every time the lambda function update, it'll re-create cognito user pool and all users store in it will gone. Does anyone knows how to fix it ?
    b
    h
    • 3
    • 5
  • g

    glamorous-waitress-51149

    08/06/2019, 9:47 AM
    Does pulumi run in its own shell? For example
    AWS_PROFILE=lykke ./build-local.sh && cd ./artifacts/infra && pulumi up --yes
    fails with an error about aws access key yet if i run each command separately it works fine
    s
    • 2
    • 6
  • j

    jolly-egg-4894

    08/06/2019, 10:58 AM
    If I create a script called `test.sh`:
    #!/bin/sh
    echo "_$BOB"
    And run
    ./test.sh && BOB="a" ./test.sh && ./test.sh
    The output is:
    _
    _a
    _
  • j

    jolly-egg-4894

    08/06/2019, 11:01 AM
    If you really don’t want to
    export
    AWS_PROFILE
    so it’s available to all the subsequent commands you can do this instead:
    AWS_PROFILE=lykke sh -c './build-local.sh && cd ./artifacts/infra && pulumi up --yes'
  • b

    billions-lock-80282

    08/06/2019, 11:46 AM
    Hi, Google raised a security issue with us regarding a GCP service account which had been compromised and the key had been found here: https://www.bountysource.com/teams/pulumi/issues. The issue no longer exists so I need some assistance understanding what the issue was. This service account is encrypted in my Pulumi scripts but I use GCP storage for backend.
    w
    • 2
    • 1
  • w

    worried-engineer-33884

    08/06/2019, 2:49 PM
    is there a way to bypass serialization of the callback in
    lambda.CallbackFunction
    in test mode? still digging, but it looks like adding that resource is increasing our test run time by 7x
  • b

    best-xylophone-83824

    08/06/2019, 2:56 PM
    People, how do you run pulumi in CI/CD? Examples given in docs are unpractical, no way I am installing nodejs and rebuilding node-grpc on every pulumi run 🙂
    w
    • 2
    • 5
  • b

    best-xylophone-83824

    08/06/2019, 2:57 PM
    I think I'll commit node-modules to git and call it a day
    w
    • 2
    • 3
  • c

    cool-egg-852

    08/06/2019, 2:57 PM
    You can always use the pulumi docker image.
  • c

    cool-egg-852

    08/06/2019, 2:58 PM
    Or setup caching in your CI system.
  • c

    cool-egg-852

    08/06/2019, 2:58 PM
    I know many of them will support caching specific directories between runs
    b
    • 2
    • 7
  • b

    best-xylophone-83824

    08/06/2019, 2:59 PM
    pulumi docker image have just pulumi runtime, but project code like
    @pulumi/gcp
    is in node_modules.
  • b

    best-xylophone-83824

    08/06/2019, 3:06 PM
    Interestingly Pulumi's own blog post (https://www.pulumi.com/blog/day-2-kubernetes-migrating-eks-nodegroups-with-zero-downtime/) shows exact problem with current infrastructure as a code tools,but doesn't admit it. No matter what you do, you fall back to bash 😞
    g
    • 2
    • 3
  • b

    bitter-island-28909

    08/06/2019, 5:10 PM
    Getting the output of a DynamicResource doesn’t seem to work as expected in dynamically typed javascript. I’m setting
    myProperty
    in the
    outs
    key of the return value of the provider’s
    create
    method, but calling
    resource.myProperty
    returns undefined. Inspecting the resource object itself, I don’t see any values pertaining to
    myProperty.
    w
    • 2
    • 7
  • b

    best-xylophone-83824

    08/06/2019, 6:12 PM
    is there a reason why pulumi/pulumi docker doesn't come with all plugins installed? Or maybe having pulumi-full image is something you might be open to?
    w
    • 2
    • 1
  • h

    high-translator-22614

    08/06/2019, 6:13 PM
    i think the assumption is that, in addition to the pulumi language packages, you'll be pulling in third-party packages
  • j

    jolly-lifeguard-22556

    08/06/2019, 6:16 PM
    I'm a little stuck at the moment.
    pulumi up
    is convinced it needs to finish deleting resources from a previous update on 4 AWS ACM SSL certs. I don't want these resources to be deleted and I can't find any way to tell Pulumi to abort the previous delete attempt
  • j

    jolly-lifeguard-22556

    08/06/2019, 6:17 PM
    They're all showing up as
    completing deletion from previous update
    but I'm not seeing any way to modify this using
    stack export
    b
    • 2
    • 1
  • b

    best-xylophone-83824

    08/06/2019, 6:54 PM
    @bitter-oil-46081, in https://github.com/pulumi/pulumi/issues/2788 you write
    2: For previews and updates where we also plan to run user code, we as the language host if it knows of any plugins that may be needed. Only NodeJS >implements this today, and does so by walking all the package.json's and looking for pulumi specific metadata.
    For (2), we now support the language host to communicate an optional server.
    how can I change, if possible, package.json so that
    pulumi plugin install
    pulls plugins from a custom --server?
    b
    • 2
    • 7
  • h

    handsome-actor-1155

    08/06/2019, 8:27 PM
    Just curious, do you (Pulumi folks) see the use of CD tools like Harness or Spinnaker to take over the deployment of applications as complementary? Do you feel that Pulumi can handle those tasks just as well and as such there is no need for those tools? Or are they services you can see Pulumi integrating with?
    h
    b
    c
    • 4
    • 27
Powered by Linen
Title
h

handsome-actor-1155

08/06/2019, 8:27 PM
Just curious, do you (Pulumi folks) see the use of CD tools like Harness or Spinnaker to take over the deployment of applications as complementary? Do you feel that Pulumi can handle those tasks just as well and as such there is no need for those tools? Or are they services you can see Pulumi integrating with?
h

high-translator-22614

08/06/2019, 8:39 PM
As an outsider: Harness looks like another k8s/helm product? So useful in it's own realm, but pulumi has more flexibility. Spinnaker looks like it might have more flexibility? It's not super clear how it defines infrastructure or what it can/can't do?
I am looking forward to a pulumi service: manages deployment environments, integrates with gitub/etc, gives a web interface to pulumi CLI commands, etc
b

bitter-island-28909

08/06/2019, 8:44 PM
I’m not on k8s, but I can tell you that my application deployments currently consist of entering a new version number in a Pulumi config and running
pulumi up
.
I like it so far.
h

high-translator-22614

08/06/2019, 8:45 PM
yeah, i should try pulumi with gitlab's environment features (especially the feature deployment configurations). Problem is permissions--pulumi effectively needs to run as super-root
like, that's a lot of trust on a third-party service
b

bitter-island-28909

08/06/2019, 8:47 PM
Definitely. I use an on-site CI server for that reason.
h

high-translator-22614

08/06/2019, 8:50 PM
like, even when I wrote my CI/CD for SaltStack (SpiroFS), it only gave the server permissions to just upload new state, and that's still scare af
b

bitter-island-28909

08/06/2019, 8:55 PM
I wish it was easier to give Pulumi a more limited permissions set (i.e: you can create anything, but you can’t read or touch any resources that weren’t created by you.). But that is very hard if not impossible to express in IAM (I haven’t used the others much.)
h

high-translator-22614

08/06/2019, 8:57 PM
yeah.... the user/resource/permissions model makes that impossible unless each resource has an owner (from what I've seen, neither AWS or GCP have this concept)
b

bitter-island-28909

08/06/2019, 8:58 PM
you can sort of using tags and conditions
but it gets messy fast
c

cool-egg-852

08/06/2019, 9:31 PM
The way we’re handling it via GitOps. So you can use whatever tool you want, but it’s deployment operation should be limited to changing a value in Pulumi.production.yaml for example. In our case,
linio:appRevision
. So the tool (in our case Jenkins) clones our infrastructure repository, makes the appropriate change, commits and pushes it up. This triggers another build, this time in the infrastructure repository that actually handles the deployment. If you follow this, you can have pulumi running on a separate server than the one doing your CI for testing and such.
It can be much more locked down, but still be permissive to avoid having to deal with all of the permissions.
h

high-translator-22614

08/06/2019, 9:45 PM
yeah, but that mostly just hides your godbox
and my point of the problem of pulumi-as-a-service is that you're trusting a 3rd party to be your godbox (this is the same problem that SaltStack has)
c

cool-egg-852

08/06/2019, 9:46 PM
I’m not saying to use a third party, my suggestion is to have an “on-premise/on-cloud” private CI server such as Jenkins or whatever run pulumi, and use whatever other application wherever it is that you want it to be.
h

high-translator-22614

08/06/2019, 9:47 PM
(for the record, I don't consider the single-point-of-failure problem to be that big of a deal for most people--your pulumi/salt server is control plane, not application serving, so if it goes down, it only effects your engineering, not customers)
oh, right
that's easy enough (use drone/jenkins, cirrus has a "bring your own infra" option, i consider this a major feature of gitlab ci, etc)
h

handsome-actor-1155

08/06/2019, 10:41 PM
Ah sorry, wasn't getting notifications. Let me catch up lol
Good insights. I like the idea of GitOps. Have any of you used the Github actions for Pulumi?
c

cool-egg-852

08/06/2019, 10:58 PM
I refuse to due to it being a PITA to configure in my opinion.
Configuring it for a hundred repos does not seem fun.
h

handsome-actor-1155

08/06/2019, 11:14 PM
Good point. Wonder if there is an easier way to configure it like via an API?
c

cool-egg-852

08/07/2019, 1:04 PM
There may be, not sure given that actions is in beta. If the API isn’t there now, it may be there tomorrow after the live stream.
h

high-translator-22614

08/07/2019, 1:59 PM
Also, same problem: Do you trust github with the root of your entire infrastructure?
View count: 1