Any ideas on how to import a regionless (global) static ip? I tried with a custom provider but still hitting this:

Cannot determine region: set in this resource, or set provider-level 'region' or 'zone'

@bitter-island-28909 https://www.pulumi.com/docs/reference/organizing-stacks-projects/

We break up our infrastructure per application (basically per github repo), but contain all of the pulumi projects in a single git repo called

infrastructure

We’re having an issue with a k8s deployment being stuck on updating though it isn’t actually updating anything. This is critically breaking us from being able to deploy updated applications because it’s breaking CI with it being stuck.

we're having weird issues with that too, it constantly wants to redeploy a set of pods but there are no changes so it never completes

How would I get something like this to work, the aws.route53.Records don't seem to get executed:

const cert = new aws.acm.Certificate("cert", {
        domainName             : opts.domainName,
        subjectAlternativeNames: opts.sans,
        validationMethod       : "DNS",
    });
    const certValidations = cert.domainValidationOptions.apply((validationOptions) => {
        return validationOptions.map((validationOption, i) => {
            const resourceName = `cert_validation${i}`;
            return new aws.route53.Record(resourceName, {
                records: [validationOption.resourceRecordValue],
                ttl: 60,
                type: validationOption.resourceRecordType,
                zoneId: zone.id,
            })
        });
    });

    const certValidation = new aws.acm.CertificateValidation("cert", {
        certificateArn: cert.arn,
        validationRecordFqdns: certValidations.apply((validations) => {
            return validations.map(validation => validation.fqdn);
        })
    })

Can anyone recommend the best way to import TypeScript code (i.e. a an Obiect that contains several methods) into a lambda definition?

The graph view on the Pulumi platform is nice, but the Pulumi component view is not what I am (mainly) interested in: I would like to know the dependencies between the individual resources, with only the Pulumi components as a bounding box around the set of resources it contains. As an example, I drew part of an

awsx.ec2.Vpc

component resource. The outer box is the

awsx.ec2.Vpc

, the nested boxes are (left-to-right) an

awsx.ec2.NatGateway

and 2

awsx.ec2.Subnet

components. But the arrows show the dependency over all the individual resources.

Hi,

pulumi up

crashes with

Error: spawnSync /bin/sh ENOBUFS

when provisioning a big chart (prometheus-operator). Is it a known issue?

https://github.com/pulumi/examples/tree/master/azure-ts-aks-helm Trying this example and get the error:

error: update failed
azuread:index:Application (aks):
    error: Plan apply failed: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2019-08-11T21:19:24","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"4d94460c-0c44-42bc-bb90-aa64422d33fa"}}]

There is a high-level diagram of how the pulumi runtime processes fit together on https://www.pulumi.com/docs/reference/how/ Is there any more detailed diagram available somewhere? Just to gain more knowledge on the internals... 😉

What is recommended way to deal with .getOutput("...") result in typescript? For now I do

.getOutput("...") as pulumi.Output<InterfaceIExpect>

which is probably not very change safe. I am not sure it is possible, I am not fluent with TypeScript, but it would be really nice if Pulumi exported type definitions too and did

require

them inside

getOutput

, this way result would by typed and any breaking changes in shape of exported object would be caught at plan stage

Just sharing some typesafety tricks I am learning along the way. Lets say you create resources in a table-driven way. Resources have

*Args

argument some fields of which are mandatory and it just happens so that you want to some mandatory fields come from default set and some to be specified in each row of your "table". There is a

Partial<T>

type in Typescript, but it doesn't allow you to assemble 2 partials back into

T

, because it can't verify at compile time that all required fields are going to be there. Here is how I solved it with

PartialExcept<T,E>

, where it makes T's fields all partial, except for those listed in `E`:

type PartialExcept<T,E extends keyof T> = Partial<T> & Pick<T,E>;

Hey, Wondered if anyone new a way to actually capture errors from pulumi

try{
      NatGw = aws.ec2.getNatGateway({
        tags: {
          Name: "RCS-CDR"
        }
      });
    } catch(err){
      // Craete a New NAT GW here ... 
    }

The error is not caught but it's thrown in my terminal after pulumi up. I'd like to catch the error and create a new resource if the gatway with the name

RCS-CDR

does not exist

We created trial org and selected "Monthly" payment plan, I'd like to switch to annual billing plan before adding payment info, but "switch to annual billing" gives me 500 error, please help 🙂

X-Pulumi-RequestId: 7fe7fe79-c8ae-4467-8cad-e52b111e09f3

is there any way to debug a 'promise leak' the stack output doesnt show anything interesting

does

pulumi plugins install

call home? we have CI with no internet access it takes 2.5 minutes, while actual file fetch takes <1 second:

+ date
+ pulumi plugin install resource gcp v0.18.15 --server <http://local-proxy.corp:8000/api.pulumi.com/releases/plugins> --verbose --logtostderr
Mon Aug 12 16:09:38 UTC 2019
[resource plugin gcp-0.18.15] installing
[resource plugin gcp-0.18.15] downloading from <http://local-proxy.corp:8000/api.pulumi.com/releases/plugins>

Downloading plugin:  0 B / 27.96 MiB    0.00%[resource plugin gcp-0.18.15] installing tarball ...

Downloading plugin:  6.12 MiB / 27.96 MiB   21.89%
Downloading plugin:  12.03 MiB / 27.96 MiB   43.03%
Downloading plugin:  21.53 MiB / 27.96 MiB   77.01%
Downloading plugin:  27.96 MiB / 27.96 MiB  100.00% 0s
Moving plugin... done.
+ date
Mon Aug 12 16:12:10 UTC 2019

hmm, this one succeeds during plan , but fails during apply where resource is created for the first time 😞 I'd expect it to fail during compilation due to missing field or at least at preview:

const vpc = new gcp.compute.Network("main", {
    autoCreateSubnetworks: false
});

+  gcp:compute:Network main creating 
 +  gcp:compute:Network main creating error: Plan apply failed: project: required field is not set
 +  gcp:compute:Network main **creating failed** error: Plan apply failed: project: required field is not set

is there a way to use a kubernetes service's load balancer ip for creating a dns record? i'm using typescript and i'm getting an

Output<string>

is not an

Input<string>

error.

Hello I am running Pulumi with GitlabCI and I noticed that the pulumi/pulumi:v0.17.10 image does not have a docker daemon. Is this expected? Did anyone encounter the error.

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

I brought down my stack with

pulumi destroy

, and now i can't bring it up any more, i just get

Error: Unexpected struct type.

any idea what the problem might be? diagnostic messages are unhelpful, it only shows points in pulumi libraries.

(it seems to be failing some protobuf stuff)

I'd like to start working Pulumi package for installing Gitlab in kubernetes. I would prefer not to use personal account in case more people would want to join developing it. So that would probably be an NPM org(namespace?), what would be an acceptable name for it? Something like

@pulumi-gitlab

and then package to be

@pulumi-gitlab/kubernetes

? Downside is that

@pulumi

is in the name, which makes it looks somewhat official, on the other hand it have to be there to indicate that it is a package for pulumi as a product 🙂 Any thoughts?

How do I tell Pulumi to not complete a deletion from a previous state? Cloud is AWS and the resource is a awsacmCertificate. Deleting / recreating it has ramifications (can't be used until validations pass for example) - I'm not sure why it wanted to delete it in the first place. - I don't want the resource to be deleted (and recreated). It exists, leave it alone. - I've exported, edited and imported the stack to remove the

pendingOperations

section. -

pulumi refresh

states "No resources will be modified as part of this refresh" -

pulumi preview

wants to

delete

then

create

with a knock effect for other resources -

pulumi up

hangs trying to complete the delete operation so I have to do a

pulimi cancel

Really scratching my head with this one. Any ideas?

how to debug TF provider? I suspect it makes wrong API calls, but got no proof yet 🙂

Hi, I have registered a gitlab kubernetes runner through their gui (no helm chart so vanilla). My index.ts looks like this:

const repository = new awsx.ecr.Repository(config.require("ecr-server"));
const image = repository.buildAndPushImage("../../");

const provider = env == "dev" ?
    new k8s.Provider("myk8s", {context: kubernetesConfig.get("context")}) :
    new k8s.Provider("myk8s", {
        kubeconfig: new terraform.state.RemoteStateReference("eks", {
            backendType: "s3",
            bucket: "XXXXXXXt",
            key: "XXXXXXX",
            workspace: "XXXXX",
            region: "us-east-1"
        }).getOutput("kubectl_config")});

My Pulumi preview stage looks like this:

image:
    name: pulumi/pulumi:v0.17.10
    entrypoint:
      - '/usr/bin/env'
      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
  services:
    - docker:stable-dind
  variables:
    DOCKER_HOST: <tcp://localhost:2375/>
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: "/certs"
  before_script:
    - printenv
    - docker info
  script:
    - cd $working_dir
    - echo $DOCKER_HOST
    - npm install
    - pulumi stack select staging
    - pulumi preview
  only:
    refs:
      - branches
      - tags

When I run CI pipeline it fails here:

Diagnostics:
  awsx:ecr:Repository (<http://XXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/python-building-block|XXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/python-building-block>):
    error: read tcp 127.0.0.1:33706->127.0.0.1:2376: use of closed network connection
    2019/08/13 15:12:14 http2: server: error reading preface from client 127.0.0.1:2376: bogus greeting "Client sent an HTTP requ"
 
    error: Error: 'docker build ../../ -t 7cb86392-container' failed with exit code 1
    
        at /builds/karauctionservices/traderev/python-building-block/python_building_block/pulumi/node_modules/@pulumi/docker.ts:536:15
        at Generator.next (<anonymous>)
        at fulfilled (/builds/karauctionservices/traderev/python-building-block/python_building_block/pulumi/node_modules/@pulumi/docker/docker.js:17:58)
 
Permalink: <https://app.pulumi.com/calvin.raveenthran/python-building-block/staging/previews/f7fb9ae7-4f1a-4361-b831-56dd49b0c51e>

Did anyone encounter this error?

Client sent a http request to a https server

yeah, thats 19.03.1 docker problem

I'm not far from answering this question myself, as soon as I deploy this next set of artifacts, but how does

k8s.scope.resource.get

behave if the resource specified is absent? Is it a fallible operation? I ask because I would like to deploy an operator in one (shared) place, which defines CRDs. Then, if and only if the CRDs exist, in other stacks use them to deploy additional components. Example: Prometheus Operator chart defines a ServiceMonitor CRD, the service monitor object defines a set of targets to scrape for metrics. Other stacks should deploy ServiceMonitor resources in their namespaces, but only if the CRD exists.

if i install the nginx ingress controller by using

k8s.helm.v2.Chart

, what's the "best" way to grab the ip for the service?

oh, there's a

getResource

function.... i guess that's how 🙂