salmon-beard-79336
08/15/2019, 2:06 PMThe template validation failed: 'The workflow parameters '$connections' are not valid; they are not declared in the definition and therefore cannot be provided. The only declared parameters for this definition are ''.'.
error… and cannot find a way to define $connections
as a parameter for my workflowadamant-dress-73325
08/15/2019, 5:04 PMwarning: A new version of Pulumi is available. To upgrade from version '0.17.28' to '1.0.0-beta.2', run
$ brew upgrade pulumi
or visit <https://pulumi.com/docs/reference/install/> for manual instructions and release notes.
Previewing update (peopleticker/qa):
Type Name Plan Info
pulumi:pulumi:Stack peopleticker-qa 1 error
= └─ aws:ec2:RouteTableAssociation tf-qa-front-0 import 1 error
Diagnostics:
aws:ec2:RouteTableAssociation (tf-qa-front-0):
error: Preview failed: resource 'subnet-098fd854/rtb-ac9d63d0' does not exist
pulumi:pulumi:Stack (peopleticker-qa):
error: preview failed
We are pretty sure the ID of that resource exists and we are using latest pulumi-aws package which has the provider code from terraform to import such a resource.adamant-dress-73325
08/15/2019, 7:35 PMdependsOn
for the containers configs? Not to be confused with the pulumi dependsOn
, I am referring to https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_dependson
It looks like this parameter is not inside the pulumi-aws package either, so not sure how to workaround this, since links
doesn't work with awsvpc
network mode.limited-rainbow-51650
08/15/2019, 8:22 PMpulumi up
again. But the wrong cluster is not replaced by the correct cluster:
Previewing update (production):
Type Name Plan Info
pulumi:pulumi:Stack infra-02-storage-production
+- └─ aws:rds:Cluster safeimage-rds-cluster replace [diff: ~dbClusterParameterGroupName,engine]
Resources:
+-1 to replace
4 unchanged
Do you want to perform this update? yes
Updating (production):
Type Name Status Info
pulumi:pulumi:Stack infra-02-storage-production **failed** 1 error
+- └─ aws:rds:Cluster safeimage-rds-cluster **replacing failed** [diff: ~dbClusterParameterGroupName,engine]; 1 error
Diagnostics:
pulumi:pulumi:Stack (infra-02-storage-production):
error: update failed
aws:rds:Cluster (safeimage-rds-cluster):
error: Plan apply failed: error creating RDS cluster: DBClusterAlreadyExistsFault: DB Cluster already exists
status code: 400, request id: fa019735-d4a7-4ad1-a887-e6fc4c64f761
Resources:
4 unchanged
limited-rainbow-51650
08/15/2019, 8:22 PMorange-tailor-85423
08/15/2019, 10:50 PMorange-tailor-85423
08/15/2019, 10:50 PMorange-tailor-85423
08/15/2019, 10:50 PMorange-tailor-85423
08/15/2019, 10:50 PMlittle-energy-64187
08/16/2019, 11:40 AMnew k8s.apiextensions.CustomResource("service-dev-certificate", {
apiVersion: "<http://networking.gke.io/v1beta1|networking.gke.io/v1beta1>",
kind: "ManagedCertificate",
metadata: {
labels: {
app: "networking",
stage: "service-dev",
},
namespace: "namespace",
name: "service-dev-certificate",
},
spec: {
domains: ["<http://service-dev.example.com|service-dev.example.com>"]
},
}, { provider: k8sProvider, import: "service-dev-certificate" })
but that doesn't seem to find itlittle-energy-64187
08/16/2019, 11:46 AMlittle-energy-64187
08/16/2019, 12:16 PM<mailto:name@project.iam.gserviceaccount.com|name@project.iam.gserviceaccount.com>
wouldn't that be
new gcp.serviceAccount.Account("name", {
displayName: "name",
accountId: "name",
project: "project"
}, { import: "111111111111111111111" }) // id from url of gcp console
? (lemme know if these import questions become annoying ;)helpful-afternoon-80621
08/16/2019, 12:23 PMbest-xylophone-83824
08/16/2019, 2:06 PMprojectNumber`service-${"gke01-london"}@container-engine-robot.iam.gserviceaccount.com`
where project id is replaced by project number without hiding overall value behind functionmodern-bear-85657
08/16/2019, 5:54 PMbitter-dentist-28132
08/16/2019, 6:57 PMbitter-dentist-28132
08/16/2019, 6:57 PMthis.service.metadata.name
, i get nothingbitter-dentist-28132
08/16/2019, 7:00 PMadamant-dress-73325
08/16/2019, 7:38 PMpulumi-docker
when ya'll have a chance, can't wait for https://github.com/pulumi/pulumi-docker/pull/95incalculable-diamond-5088
08/18/2019, 3:15 PMpulumi up
fails with OOM. Is there a way to specify max-old-space-size ?best-xylophone-83824
08/19/2019, 9:23 AMimport * as gcp from "@pulumi/gcp";
const x = {} as gcp.container.NodePoolArgs["nodeConfig"]["labels"];
Then
$ node_modules/.bin/tsc --noEmit --noErrorTruncation test.ts
test.ts:2:58 - error TS2339: Property 'labels' does not exist on type 'Input<{ diskSizeGb?: .....; labels?: Input<{ [key: string]: Input<string>; }>;'
how come? labels
is clearly there 🙂careful-france-37922
08/19/2019, 9:36 AMnginx-ingress
which does basic authentication for one domain.
Currently the basic authentication data is done manually via: htpasswd -c auth <username> && kubectl create secret generic docs-basic-auth --from-file=auth
I want to automate this for the future.
The helm chart looks like this:
ingress:
domain: <domain>
tlsSecretName: <name>-de-tls
annotations:
<http://nginx.ingress.kubernetes.io/auth-type|nginx.ingress.kubernetes.io/auth-type>: basic
# # The name of the secret which contains the HTTP basic auth configuration
# # See: <https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md>
<http://nginx.ingress.kubernetes.io/auth-secret|nginx.ingress.kubernetes.io/auth-secret>: docs-basic-auth
<http://nginx.ingress.kubernetes.io/auth-realm|nginx.ingress.kubernetes.io/auth-realm>: "Name"
deployment:
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
I have a file which contains this code where, at least I think, I need to start:
import * as k8s from "@pulumi/kubernetes";
import * as affinities from "../../../affinities";
interface ICreateNginxIngressOpts {
isPrivateNetworkIngress: boolean;
tls: { defaultTlsSecretName: string };
context: {
provider: k8s.Provider;
};
}
const createNginxIngress = ({
isPrivateNetworkIngress,
tls,
context: { provider }
}: ICreateNginxIngressOpts) => {
let annotations: any = {};
if (isPrivateNetworkIngress) {
// Only allow traffic from the external subnet
annotations["<http://cloud.google.com/load-balancer-type|cloud.google.com/load-balancer-type>"] = "Internal";
}
return new k8s.helm.v2.Chart(
"nginx-ingress",
{
repo: "stable",
chart: "nginx-ingress",
version: "1.6.0",
values: {
defaultBackend: {
affinity: affinities.defaultPool
},
controller: {
extraArgs: {
"default-ssl-certificate": tls.defaultTlsSecretName
},
publishService: { enabled: true },
affinity: affinities.defaultPool,
service: {
annotations
}
}
}
},
{ dependsOn: [provider], providers: { k8s: provider } }
);
};
export { createNginxIngress };
Any hints where I have to look at?
Basically: I want to automate this steps: https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.mdbest-xylophone-83824
08/19/2019, 10:16 AMrhythmic-finland-36256
08/19/2019, 10:23 AMpulumi preview
(delete-replace vs. in-place-update)best-xylophone-83824
08/19/2019, 11:32 AMpulumi.Config().getObject<T>()
? I get
error: getting secrets manager: could not unmarshal map: yaml: unmarshal errors:
line 4: cannot unmarshal !!map into string
all the time 😞
Config is valid YAML:
config:
gcp-gke:region: europe-west2
gcp-gke:nodePools:
ingress:
roles: ["ingress"]
nodeConfig:
machineType: "g1-small"
preemptible: true
Code:
type NodePoolConfig = Omit<
gcp.container.NodePoolArgs,
"cluster" | "location" | "name"
> & { roles: string[] };
const nodepools = new pulumi.Config().getObject<{
[name: string]: NodePoolConfig;
}>("nodePools");
high-translator-22614
08/19/2019, 3:05 PMStackReference
exists (why is it in the JS/TS API docs but not the Python ones?)best-xylophone-83824
08/19/2019, 3:08 PMbest-xylophone-83824
08/19/2019, 3:09 PMthankful-optician-22583
08/19/2019, 4:11 PMerror: could not validate provider configuration: 1 error occurred:
* : invalid or unknown key: role_arn
This is my configuration new k8s.Provider("myk8s", {
kubeconfig: new terraform.state.RemoteStateReference("eks", {
backendType: "s3",
bucket: "XXXX-tfstate-backend-bucket",
key: "XXXXXXX",
workspace: "XXXXXXX",
region: "us-east-1",
roleArn: "arn:aws:iam::XXXXXXXXXXX:role/XXXX-XXXX-gitlab-terraform"
}).getOutput("kubectl_config")});
Has anyone encountered this before?bitter-dentist-28132
08/19/2019, 4:22 PMoutput<string>
, even though the namespace resource shows the actual string