https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    boundless-coat-60947

    08/14/2019, 8:17 PM
    Hello - new to Pulumi. Trying to Build a new IAM Policy Statement using the IP Address conditions. Pulumi doesn’t want to assign the array to the ConditionArguments.
    -.txt
    l
    • 2
    • 8
  • b

    boundless-monkey-50243

    08/14/2019, 8:19 PM
    Is there a straightforward way to transplant an existing resource to a new provider?
    b
    • 2
    • 6
  • c

    cool-egg-852

    08/14/2019, 8:28 PM
    @microscopic-florist-22719 Do you guys plan to have your own tap since https://github.com/Homebrew/homebrew-core/pull/43113 seems like it’s going to be a while before it’s resolved, if they even let you guys stay?
    w
    b
    f
    • 4
    • 7
  • g

    gifted-engine-92308

    08/15/2019, 1:39 PM
    Just started getting this error randomly: error: could not read plugin [/home/vagrant/.pulumi/plugins/resource-kubernetes-v0.24.0/pulumi-resource-kubernetes] stdout: EOF
  • g

    gifted-engine-92308

    08/15/2019, 1:39 PM
    Has anyone come across this?
  • s

    salmon-beard-79336

    08/15/2019, 2:03 PM
    Any ideas why though the input for
    parameters
    says
    [key: string]: any;
    it won’t take a dictionary? Error:
    parameters ($connections): '' expected type 'string', got unconvertible type 'map[string]interface {}'
    const processWorkflow = new azure.logicapps.Workflow('process-url', {
        location: resourceGroup.location,
        resourceGroupName: resourceGroup.name,
        parameters: {
            "$connections": {
                "defaultValue": {},
                "type": "Object"
            }
        }
    });
  • s

    salmon-beard-79336

    08/15/2019, 2:06 PM
    Alternatively, I’m trying this too, to try and establish the connection between CosmosDB and a LogicApp (the API Connector is already created) in the following way:
    const processWorkflow = new azure.logicapps.Workflow('process-url', {
        location: resourceGroup.location,
        resourceGroupName: resourceGroup.name,
        parameters: {
            "$connections": JSON.stringify({
                // "defaultValue": {},
                // "type": "Object"
                "value": {
                    "documentdb": {
                        "connectionId": "/subscriptions/639952d4-dcc0-49f4-a588-d59bfb63cf4b/resourceGroups/shortener-rg0620430b/providers/Microsoft.Web/connections/api-connection-to-cosmosdb",
                        "connectionName": "logicapp-comosdb-connection",
                        "id": "/subscriptions/639952d4-dcc0-49f4-a588-d59bfb63cf4b/providers/Microsoft.Web/locations/westeurope/managedApis/documentdb"
                    }
                }
            })
        }
    });
  • s

    salmon-beard-79336

    08/15/2019, 2:06 PM
    But cannot shake the
    The template validation failed: 'The workflow parameters '$connections' are not valid; they are not declared in the definition and therefore cannot be provided. The only declared parameters for this definition are ''.'.
    error… and cannot find a way to define
    $connections
    as a parameter for my workflow
  • a

    adamant-dress-73325

    08/15/2019, 5:04 PM
    Hi, We are trying to use the import feature to import a AWS RouteTableAssociation resource, but are getting the following error:
    warning: A new version of Pulumi is available. To upgrade from version '0.17.28' to '1.0.0-beta.2', run 
       $ brew upgrade pulumi
    or visit <https://pulumi.com/docs/reference/install/> for manual instructions and release notes.
    Previewing update (peopleticker/qa):
    
         Type                              Name             Plan       Info
         pulumi:pulumi:Stack               peopleticker-qa             1 error
     =   └─ aws:ec2:RouteTableAssociation  tf-qa-front-0    import     1 error
     
    Diagnostics:
      aws:ec2:RouteTableAssociation (tf-qa-front-0):
        error: Preview failed: resource 'subnet-098fd854/rtb-ac9d63d0' does not exist
     
      pulumi:pulumi:Stack (peopleticker-qa):
        error: preview failed
    We are pretty sure the ID of that resource exists and we are using latest pulumi-aws package which has the provider code from terraform to import such a resource.
    b
    w
    • 3
    • 9
  • a

    adamant-dress-73325

    08/15/2019, 7:35 PM
    @lemon-spoon-91807 I am setting up a awsx.FargateService and it looks like there is no way to pass
    dependsOn
    for the containers configs? Not to be confused with the pulumi
    dependsOn
    , I am referring to https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_dependson It looks like this parameter is not inside the pulumi-aws package either, so not sure how to workaround this, since
    links
    doesn't work with
    awsvpc
    network mode.
    l
    • 2
    • 4
  • l

    limited-rainbow-51650

    08/15/2019, 8:22 PM
    While developing my AWS RDS setup, I forgot a few attributes so it created an Aurora MySQL cluster. I updated the setup to include the Postgres specific and ran
    pulumi up
    again. But the wrong cluster is not replaced by the correct cluster:
    Previewing update (production):
    
         Type                 Name                         Plan        Info
         pulumi:pulumi:Stack  infra-02-storage-production              
     +-  └─ aws:rds:Cluster   safeimage-rds-cluster        replace     [diff: ~dbClusterParameterGroupName,engine]
     
    Resources:
        +-1 to replace
        4 unchanged
    
    Do you want to perform this update? yes
    Updating (production):
    
         Type                 Name                         Status                   Info
         pulumi:pulumi:Stack  infra-02-storage-production  **failed**               1 error
     +-  └─ aws:rds:Cluster   safeimage-rds-cluster        **replacing failed**     [diff: ~dbClusterParameterGroupName,engine]; 1 error
     
    Diagnostics:
      pulumi:pulumi:Stack (infra-02-storage-production):
        error: update failed
     
      aws:rds:Cluster (safeimage-rds-cluster):
        error: Plan apply failed: error creating RDS cluster: DBClusterAlreadyExistsFault: DB Cluster already exists
            status code: 400, request id: fa019735-d4a7-4ad1-a887-e6fc4c64f761
     
    Resources:
        4 unchanged
  • l

    limited-rainbow-51650

    08/15/2019, 8:22 PM
    Why is the wrong cluster not deleted first?
    w
    • 2
    • 6
  • o

    orange-tailor-85423

    08/15/2019, 10:50 PM
    Having an issue - build the EKS cluster but when deploying helm charts for services that create an ingress (looking at you Istio)…. it appears to fail on creating the ELB’s. Something about permissions to create a load balancer? Or perhaps an underlying issue with tagging?
  • o

    orange-tailor-85423

    08/15/2019, 10:50 PM
    Only similar-ish references I could find:
  • o

    orange-tailor-85423

    08/15/2019, 10:50 PM
    https://github.com/terraform-aws-modules/terraform-aws-eks/issues/183
  • o

    orange-tailor-85423

    08/15/2019, 10:50 PM
    https://medium.com/faun/aws-eks-the-role-is-not-authorized-to-perform-ec2-describeaccountattributes-error-1c6474781b84
    w
    • 2
    • 4
  • l

    little-energy-64187

    08/16/2019, 11:40 AM
    What's the right way to import a gke managed certificate? I have been trying
    new k8s.apiextensions.CustomResource("service-dev-certificate", {
        apiVersion: "<http://networking.gke.io/v1beta1|networking.gke.io/v1beta1>",
        kind: "ManagedCertificate",
        metadata: {
            labels: {
                app: "networking",
                stage: "service-dev",
            },
            namespace: "namespace",
            name: "service-dev-certificate",
        },
        spec: {
            domains: ["<http://service-dev.example.com|service-dev.example.com>"]
        },
    }, { provider: k8sProvider, import: "service-dev-certificate" })
    but that doesn't seem to find it
    b
    • 2
    • 5
  • l

    little-energy-64187

    08/16/2019, 11:46 AM
    fyi https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/serviceAccount is 404
    b
    w
    • 3
    • 5
  • l

    little-energy-64187

    08/16/2019, 12:16 PM
    also need some advice on importing service accounts, eg:
    <mailto:name@project.iam.gserviceaccount.com|name@project.iam.gserviceaccount.com>
    wouldn't that be
    new gcp.serviceAccount.Account("name", {
        displayName: "name",
        accountId: "name",
        project: "project"
    }, { import: "111111111111111111111" }) // id from url of gcp console
    ? (lemme know if these import questions become annoying ;)
    b
    • 2
    • 2
  • h

    helpful-afternoon-80621

    08/16/2019, 12:23 PM
    Is there any equivalent to the terraform 'remote-exec' and 'file' provisioners in pulumi? I want to run a script when I create an ec2 instance and ec2 userData is painful to debug.
    b
    • 2
    • 2
  • b

    best-xylophone-83824

    08/16/2019, 2:06 PM
    I discovered JS tagged templates, quite cool, allows to do things like:
    projectNumber`service-${"gke01-london"}@container-engine-robot.iam.gserviceaccount.com`
    where project id is replaced by project number without hiding overall value behind function
  • m

    modern-bear-85657

    08/16/2019, 5:54 PM
    How should I implement canary deployments for API Gateway?
  • b

    bitter-dentist-28132

    08/16/2019, 6:57 PM
    is there a way to get a resource's kubernetes name? for instance, to glue together a service and an ingress
  • b

    bitter-dentist-28132

    08/16/2019, 6:57 PM
    when i do e.g.
    this.service.metadata.name
    , i get nothing
  • b

    bitter-dentist-28132

    08/16/2019, 7:00 PM
    oh, i guess it's working, it's just the preview shown was incorrect
    g
    • 2
    • 1
  • a

    adamant-dress-73325

    08/16/2019, 7:38 PM
    Would be cool to get a release of
    pulumi-docker
    when ya'll have a chance, can't wait for https://github.com/pulumi/pulumi-docker/pull/95
  • i

    incalculable-diamond-5088

    08/18/2019, 3:15 PM
    Hi, I suspect the
    pulumi up
    fails with OOM. Is there a way to specify max-old-space-size ?
    h
    • 2
    • 4
  • b

    best-xylophone-83824

    08/19/2019, 9:23 AM
    What I am doing wrong? test.ts file:
    import * as gcp from "@pulumi/gcp";
    const x = {} as gcp.container.NodePoolArgs["nodeConfig"]["labels"];
    Then
    $ node_modules/.bin/tsc --noEmit --noErrorTruncation test.ts
    test.ts:2:58 - error TS2339: Property 'labels' does not exist on type 'Input<{ diskSizeGb?: .....; labels?: Input<{ [key: string]: Input<string>; }>;'
    how come?
    labels
    is clearly there 🙂
    • 1
    • 3
  • c

    careful-france-37922

    08/19/2019, 9:36 AM
    Hello, I was thrown in the world of Kubernetes, Helm, Google Cloud Engine, and Terraform/Pulumi and so on, so maybe I'm really in the wrong channel now to ask my question, please be nice. 🙂 We have a so called
    nginx-ingress
    which does basic authentication for one domain. Currently the basic authentication data is done manually via:
    htpasswd -c auth <username> && kubectl create secret generic docs-basic-auth --from-file=auth
    I want to automate this for the future. The helm chart looks like this:
    ingress:
      domain: <domain>
      tlsSecretName: <name>-de-tls
      annotations:
        <http://nginx.ingress.kubernetes.io/auth-type|nginx.ingress.kubernetes.io/auth-type>: basic
        # # The name of the secret which contains the HTTP basic auth configuration
        # # See: <https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md>
        <http://nginx.ingress.kubernetes.io/auth-secret|nginx.ingress.kubernetes.io/auth-secret>: docs-basic-auth
        <http://nginx.ingress.kubernetes.io/auth-realm|nginx.ingress.kubernetes.io/auth-realm>: "Name"
    deployment:
      strategy:
        type: RollingUpdate
        rollingUpdate:
          maxSurge: 1
          maxUnavailable: 0
    I have a file which contains this code where, at least I think, I need to start:
    import * as k8s from "@pulumi/kubernetes";
    import * as affinities from "../../../affinities";
    
    interface ICreateNginxIngressOpts {
      isPrivateNetworkIngress: boolean;
      tls: { defaultTlsSecretName: string };
      context: {
        provider: k8s.Provider;
      };
    }
    
    const createNginxIngress = ({
      isPrivateNetworkIngress,
      tls,
      context: { provider }
    }: ICreateNginxIngressOpts) => {
      let annotations: any = {};
    
      if (isPrivateNetworkIngress) {
        // Only allow traffic from the external subnet
        annotations["<http://cloud.google.com/load-balancer-type|cloud.google.com/load-balancer-type>"] = "Internal";
      }
    
      return new k8s.helm.v2.Chart(
        "nginx-ingress",
        {
          repo: "stable",
          chart: "nginx-ingress",
          version: "1.6.0",
          values: {
            defaultBackend: {
              affinity: affinities.defaultPool
            },
            controller: {
              extraArgs: {
                "default-ssl-certificate": tls.defaultTlsSecretName
              },
              publishService: { enabled: true },
              affinity: affinities.defaultPool,
              service: {
                annotations
              }
            }
          }
        },
        { dependsOn: [provider], providers: { k8s: provider } }
      );
    };
    
    export { createNginxIngress };
    Any hints where I have to look at? Basically: I want to automate this steps: https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md
    b
    • 2
    • 4
  • b

    best-xylophone-83824

    08/19/2019, 10:16 AM
    https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/container/#NodePoolArgs-nodeConfig has no optional fields, yet example shows many fields omitted: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/container/#example-usage-with-a-separately-managed-node-pool-recommended , how does it work?
    • 1
    • 1
Powered by Linen
Title
b

best-xylophone-83824

08/19/2019, 10:16 AM
https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/container/#NodePoolArgs-nodeConfig has no optional fields, yet example shows many fields omitted: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/container/#example-usage-with-a-separately-managed-node-pool-recommended , how does it work?
Something is off with documentation generator, opened https://github.com/pulumi/docs/issues/1578
View count: 1