https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • f

    fresh-summer-65887

    08/13/2019, 12:33 PM
    How do I tell Pulumi to not complete a deletion from a previous state? Cloud is AWS and the resource is a aws:acm:Certificate. Deleting / recreating it has ramifications (can't be used until validations pass for example) - I'm not sure why it wanted to delete it in the first place. - I don't want the resource to be deleted (and recreated). It exists, leave it alone. - I've exported, edited and imported the stack to remove the
    pendingOperations
    section. -
    pulumi refresh
    states "No resources will be modified as part of this refresh" -
    pulumi preview
    wants to
    delete
    then
    create
    with a knock effect for other resources -
    pulumi up
    hangs trying to complete the delete operation so I have to do a
    pulimi cancel
    Really scratching my head with this one. Any ideas?
    b
    • 2
    • 30
  • b

    best-xylophone-83824

    08/13/2019, 2:12 PM
    how to debug TF provider? I suspect it makes wrong API calls, but got no proof yet 🙂
    w
    • 2
    • 6
  • t

    thankful-optician-22583

    08/13/2019, 3:21 PM
    Hi, I have registered a gitlab kubernetes runner through their gui (no helm chart so vanilla). My index.ts looks like this:
    const repository = new awsx.ecr.Repository(config.require("ecr-server"));
    const image = repository.buildAndPushImage("../../");
    
    const provider = env == "dev" ?
        new k8s.Provider("myk8s", {context: kubernetesConfig.get("context")}) :
        new k8s.Provider("myk8s", {
            kubeconfig: new terraform.state.RemoteStateReference("eks", {
                backendType: "s3",
                bucket: "XXXXXXXt",
                key: "XXXXXXX",
                workspace: "XXXXX",
                region: "us-east-1"
            }).getOutput("kubectl_config")});
    My Pulumi preview stage looks like this:
    image:
        name: pulumi/pulumi:v0.17.10
        entrypoint:
          - '/usr/bin/env'
          - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
      services:
        - docker:stable-dind
      variables:
        DOCKER_HOST: <tcp://localhost:2375/>
        DOCKER_DRIVER: overlay2
        DOCKER_TLS_CERTDIR: "/certs"
      before_script:
        - printenv
        - docker info
      script:
        - cd $working_dir
        - echo $DOCKER_HOST
        - npm install
        - pulumi stack select staging
        - pulumi preview
      only:
        refs:
          - branches
          - tags
    When I run CI pipeline it fails here:
    Diagnostics:
      awsx:ecr:Repository (<http://XXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/python-building-block|XXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/python-building-block>):
        error: read tcp 127.0.0.1:33706->127.0.0.1:2376: use of closed network connection
        2019/08/13 15:12:14 http2: server: error reading preface from client 127.0.0.1:2376: bogus greeting "Client sent an HTTP requ"
     
        error: Error: 'docker build ../../ -t 7cb86392-container' failed with exit code 1
        
            at /builds/karauctionservices/traderev/python-building-block/python_building_block/pulumi/node_modules/@pulumi/docker.ts:536:15
            at Generator.next (<anonymous>)
            at fulfilled (/builds/karauctionservices/traderev/python-building-block/python_building_block/pulumi/node_modules/@pulumi/docker/docker.js:17:58)
     
    Permalink: <https://app.pulumi.com/calvin.raveenthran/python-building-block/staging/previews/f7fb9ae7-4f1a-4361-b831-56dd49b0c51e>
    Did anyone encounter this error?
    Client sent a http request to a https server
  • b

    best-xylophone-83824

    08/13/2019, 3:23 PM
    yeah, thats 19.03.1 docker problem
    t
    • 2
    • 4
  • o

    orange-policeman-59119

    08/13/2019, 4:01 PM
    I'm not far from answering this question myself, as soon as I deploy this next set of artifacts, but how does
    k8s.scope.resource.get
    behave if the resource specified is absent? Is it a fallible operation? I ask because I would like to deploy an operator in one (shared) place, which defines CRDs. Then, if and only if the CRDs exist, in other stacks use them to deploy additional components. Example: Prometheus Operator chart defines a ServiceMonitor CRD, the service monitor object defines a set of targets to scrape for metrics. Other stacks should deploy ServiceMonitor resources in their namespaces, but only if the CRD exists.
    b
    g
    w
    • 4
    • 17
  • b

    bitter-dentist-28132

    08/13/2019, 5:05 PM
    if i install the nginx ingress controller by using
    k8s.helm.v2.Chart
    , what's the "best" way to grab the ip for the service?
    g
    • 2
    • 1
  • b

    bitter-dentist-28132

    08/13/2019, 5:12 PM
    oh, there's a
    getResource
    function.... i guess that's how 🙂
  • o

    orange-tailor-85423

    08/13/2019, 5:23 PM
    So when’s the first PulumiCon!?
    💯 3
  • o

    orange-tailor-85423

    08/13/2019, 5:23 PM
    I think a 1.0 launch deserves it 🙂
  • b

    bitter-dentist-28132

    08/13/2019, 5:32 PM
    dang,
    getResourceProperty
    results in errors 😞
  • m

    modern-bear-85657

    08/13/2019, 6:02 PM
    I’ve read, and employed, the instructions for unit testing from the recent blog post. That is not a sufficient solution. Especially so when developing custom components and functions. A mock runtime would be a step in the right direction. Requiring us to build a stack when none is needed just to test reusable components is not the answer.
    b
    • 2
    • 2
  • e

    elegant-crayon-4967

    08/13/2019, 6:19 PM
    trying to get a secret from
    aws.secretsmanager
    but the documentation has me confused on how I actually pass the secret into my resource. Anybody have an example?
    w
    • 2
    • 4
  • t

    thankful-optician-22583

    08/13/2019, 7:35 PM
    Hello what permissions in RBAC do I need to create watchers for ReplicaSet’s in pulumi. I am using EKS and I see this error
    Could not create watcher for ReplicaSet objects associated with Deployment
    g
    • 2
    • 2
  • b

    bitter-island-28909

    08/13/2019, 8:44 PM
    Say I have a resource B, that depends on resource A via one of its outputs. Is there any straightforward way to force B to update any time A updates, even if the change in A is not one of the outputs that B depends on?
  • b

    bitter-dentist-28132

    08/13/2019, 8:46 PM
    @bitter-island-28909 I believe you can use
    dependsOn
    for that
    b
    • 2
    • 1
  • b

    bitter-dentist-28132

    08/13/2019, 10:10 PM
    will pulumi reorder resources when importing yaml? i.e. can i simply slurp up https://github.com/jetstack/cert-manager/releases/download/v0.9.1/cert-manager.yaml or will that break?
    g
    • 2
    • 2
  • b

    bitter-dentist-28132

    08/13/2019, 10:10 PM
    i get a bunch of failed creations when i try just importing the yaml 😞
  • w

    worried-engineer-33884

    08/13/2019, 11:16 PM
    I moved all of our resources to other modules imported by index.ts and pulumi wants to delete everything 😬 — what am I missing?
    index_ts.ts
    g
    • 2
    • 7
  • s

    square-ability-48831

    08/14/2019, 12:51 AM
    looking for any examples or pointers on how to get a Resource for an existing dynamodb table and then use that in a role+policy pair for a lambda. getting held up on if
    aws.dynamodb.getTable({name: 'mytablename'})
    is what i need to get the resource. tried wrapping in an async function but it seems to just not build the resource at all.
    b
    w
    • 3
    • 7
  • c

    cool-egg-852

    08/14/2019, 4:53 AM
    Is there any way to always have a resource imported if it doesn’t exist? The scenario is that we have the GKE Istio addon enabled. We want to be able to change the HPA minReplicas to 2 (from 1). In order to be able to do this, we have to have the resource in pulumi. The only way I know of being able to do this is to import the resource. However, let’s say we create a new stack, then obviously the resource won’t be created by Pulumi but by GKE. Thus the resource will be attempted to be created by pulumi as well as it doesn’t know to import the created resource created by GKE.
    w
    s
    • 3
    • 26
  • b

    billions-fall-36374

    08/14/2019, 9:50 AM
    Anybody got some more resources on how to get started writing a custom provider? I find the kubernetes one a bit daunting to get started
    b
    • 2
    • 4
  • h

    helpful-afternoon-80621

    08/14/2019, 11:13 AM
    Any reason why the example from the typescript ec2.SecurityGroup source fails to typecheck?
    const allowTls = new aws.ec2.SecurityGroup('allowTls', {
      description: 'Allow TLS inbound traffic',
      ingress: [
        {
          cidrBlocks: '', 
          fromPort: 443,
          protocol: 'tcp',
          toPort: 443
        }
      ],
      tags: {
        Name: 'allowAll'
      }
    });
    I'm getting a long cryptic typescript error that isn't much use in indicating what is actually wrong.
    Error:(12, 56) TS2345: Argument of type '{ description: string; ingress: { cidrBlocks: string; fromPort: number; protocol: string; toPort: number; }[]; tags: { Name: string; }; }' is not assignable to parameter of type 'SecurityGroupArgs'.
      Types of property 'ingress' are incompatible.
        Type '{ cidrBlocks: string; fromPort: number; protocol: string; toPort: number; }[]' is not assignable to type 'Input<{ cidrBlocks?: Input<string>[] | Promise<Input<string>[]> | OutputInstance<Input<string>[]> | undefined; description?: string | Promise<string> | OutputInstance<string> | undefined; ... 6 more ...; toPort: Input<...>; }>[] | Promise<...> | OutputInstance<...> | undefined'.
          Type '{ cidrBlocks: string; fromPort: number; protocol: string; toPort: number; }[]' is not assignable to type 'Input<{ cidrBlocks?: Input<string>[] | Promise<Input<string>[]> | OutputInstance<Input<string>[]> | undefined; description?: string | Promise<string> | OutputInstance<string> | undefined; ... 6 more ...; toPort: Input<...>; }>[]'.
            Type '{ cidrBlocks: string; fromPort: number; protocol: string; toPort: number; }' is not assignable to type 'Input<{ cidrBlocks?: Input<string>[] | Promise<Input<string>[]> | OutputInstance<Input<string>[]> | undefined; description?: string | Promise<string> | OutputInstance<string> | undefined; ... 6 more ...; toPort: Input<...>; }>'.
              Type '{ cidrBlocks: string; fromPort: number; protocol: string; toPort: number; }' is not assignable to type '{ cidrBlocks?: Input<string>[] | Promise<Input<string>[]> | OutputInstance<Input<string>[]> | undefined; description?: string | Promise<string> | OutputInstance<string> | undefined; ... 6 more ...; toPort: Input<...>; }'.
                Types of property 'cidrBlocks' are incompatible.
                  Type 'string' is not assignable to type 'Input<string>[] | Promise<Input<string>[]> | OutputInstance<Input<string>[]> | undefined'.
    Running v0.17.28. Thanks
    b
    l
    • 3
    • 3
  • b

    best-xylophone-83824

    08/14/2019, 1:01 PM
    What is analyzers/Policy?
    w
    • 2
    • 3
  • b

    busy-pizza-73563

    08/14/2019, 1:06 PM
    Started getting this since this morning:
    Found incompatible versions of @pulumi/pulumi.  Differing major or minor versions are not supported.
          Version 0.17.28 referenced at node_modules\@pulumi\kubernetes\node_modules\@pulumi\pulumi\package.json
          Version 1.0.0-beta.2 referenced at node_modules\@pulumi\pulumi\package.json
    Is this known / expected?
    b
    w
    l
    • 4
    • 10
  • b

    best-xylophone-83824

    08/14/2019, 1:22 PM
    Our org was renamed per our requests, but now stacks don't work:
    Previewing update ($NEWORG/prod):
    error: could not deserialize deployment: decrypting secret value: [404] Not Found: Organization '$OLDORG' not found
    b
    w
    • 3
    • 7
  • b

    best-xylophone-83824

    08/14/2019, 3:59 PM
    What do I miss?
    pulumi.output(new gcp.compute.Subnetwork("z", {ipCidrRange: "111", network: "zzz"})).name;
    Error on `tsc --noEmit`:
    Property 'name' does not exist on type 'OutputInstance<Subnetwork>'.
    
    16 pulumi.output(new gcp.compute.Subnetwork("z", {ipCidrRange: "111", network: "zzz"})).name;
    w
    • 2
    • 8
  • l

    little-energy-64187

    08/14/2019, 5:55 PM
    ok one more import related:
    const dbUser = new gcp.sql.User("myuser", {
        instance: dbInstance.name,
        name: "project/instancename/myuser"
    }, { import: "project/instancename/myuser" })
    ends up in
    Preview failed: reading resource urn:pulumi:projectname::stackname::gcp:sql/user:User::project/instancename/myuser yielded an unexpected ID; expected project/instancename/myuser, got myuser//instancename
    w
    b
    • 3
    • 6
  • l

    little-energy-64187

    08/14/2019, 5:59 PM
    anyone faced this before?
  • b

    billowy-laptop-45963

    08/14/2019, 6:13 PM
    aws.acm.CertificateValidation deletes the cert after it is issued
    w
    b
    • 3
    • 20
  • a

    adamant-dress-73325

    08/14/2019, 7:48 PM
    I created a new stack for a new project, without using
    pulumi new
    but now the project name is not showing up on the dashboard. I made sure that the project name in Pulumi.yaml was set correct, any reason why
    stack init
    wouldn't name these correctly?
    c
    c
    +2
    • 5
    • 13
Powered by Linen
Title
a

adamant-dress-73325

08/14/2019, 7:48 PM
I created a new stack for a new project, without using
pulumi new
but now the project name is not showing up on the dashboard. I made sure that the project name in Pulumi.yaml was set correct, any reason why
stack init
wouldn't name these correctly?
c

cool-egg-852

08/14/2019, 8:05 PM
The white space there is not the project name, it’s the repository name IIRC
So if you do not have repository integration, I believe it will be empty like that
The project name is the title in the 2 blocks that are cutoff in your screenshot
c

clever-sunset-76585

08/14/2019, 9:07 PM
So if you do not have repository integration, I believe it will be empty like that
Yes, I believe this is the case. cc @colossal-beach-47527 to keep me honest here.
c

colossal-beach-47527

08/14/2019, 9:12 PM
Yes. There are several pieces of data that power the stacks view. Every stack is associated with various pieces of metadata which we use to render that page. The large “gray background” widgets are how we organize stacks by their repository. The repository information isn’t available when you run
pulumi stack init
, but will be available after you run
pulumi up
. (Since as part of the update, we look if you are running within a
git
repo, and if so, inspect the origin if it is a GitHub repo, etc.) So it makes sense that the repo would be blank for a newly created stack. The project name and stack name should be set when you run
pulumi stack init
. The project name is what is found in
Pulumi.<stack-name>.yaml
, and is at the top of the “card with a white background”. The individual stack name is the label on each of those “purple rectangles” found on the project-card.
a

adamant-dress-73325

08/14/2019, 9:59 PM
I see, does the tool lookup recursively from
Pulumi.yaml
location for the repo? because for 1 of those shown, I've already run an update and it is located inside a git repo
c

colossal-beach-47527

08/14/2019, 10:52 PM
does the tool lookup recursively from
Pulumi.yaml
location for the repo?
Yes, I believe that is the case. Depending on the specific repo is configured though, we may not be pulling your repository information. We only check for a remote named
origin
, and only then IFF the URI matches certain well-known forms. (i.e. we err on the side of only persisting data we can parse/extract rather than just including the raw remote URI.) The specific code is here. If something seems amiss, and we should be pulling the repo information but are not, please file an issue and I can update the logic to detect your specific SCC provider, etc. https://github.com/pulumi/pulumi/blob/952b6d0d89f73c41bba57cf08f81847c0295c22d/cmd/util.go#L424 https://github.com/pulumi/pulumi/blob/952b6d0d89f73c41bba57cf08f81847c0295c22d/pkg/util/gitutil/git.go#L133
b

best-xylophone-83824

08/15/2019, 9:24 AM
interesting information, what do we miss on that page or elsewhere when we use private gitlab ?
a

adamant-dress-73325

08/15/2019, 4:06 PM
Ok, that explains our issues, we are using Phabricator for the
origin
remotes on those. We are switching to github either way so no big deal just have to change our origin remotes there.
c

colossal-beach-47527

08/15/2019, 5:25 PM
@best-xylophone-83824, @adamant-dress-73325 I filed issue https://github.com/pulumi/pulumi/issues/3093, could you do me a huge favor and just add the URL for the
origin
of your
git
remote (change the domain/values if they are sensitive). Knowing the domain and/or URL structure, I can add support for those systems in Pulumi so things “just work” for you in the future. As far as what you are missing out on, only two things come to mind. - Like you called out at the beginning of this thread, we won’t be able to group your Pulumi Projects by their source repo when on your organization’s dashboard. That can be helpful to filter stacks, e.g. just hone in on the projects/stacks within your “website” or “data-tier” repository. - On the “stack activity page”, we link to the repo commit that the update was deployed at in some cases. (Since e.g. for GitHub repos, if we know the branch, repo, and commit we can build the right URL to send you to.) So it’s possible we could do something similar and link to a private GitLab instance or Phabricator instance.
b

best-xylophone-83824

08/15/2019, 5:29 PM
So it’s possible we could do something similar and link to a private GitLab instance or Phabricator instance.
you can see gitlab URL structure on Gitlab itself it matches private Gitlab URLs, for instance
<https://gitlab.com/gitlab-org/gitlab-ce>
. You probably wont be able to reliably detect SCM , so if it was exposed somehow for us to set it can help
maybe most flexible way would be to provide a regexp with named capture groups to match against origin url
a

adamant-dress-73325

08/15/2019, 5:41 PM
I gave our particular remote URL format in the issue for phab, it should be pretty common case for phab. But like Maxim says, reliably detecting SCM might be pretty hard since Phab/Gitlab can be self hosted/configured differently. From UX perspective the dashboard page perhaps can instead, change its info hierarchy from
Repo Name > Project Name > Stack Name
to
Project Name > Stack Name
and keep the repo icon around as a nice to have for common SCMs.
View count: 1