Hello - new to Pulumi. Trying to Build a new IAM Policy Statement using the IP Address conditions. Pulumi doesn’t want to assign the array to the ConditionArguments.

Is there a straightforward way to transplant an existing resource to a new provider?

@microscopic-florist-22719 Do you guys plan to have your own tap since https://github.com/Homebrew/homebrew-core/pull/43113 seems like it’s going to be a while before it’s resolved, if they even let you guys stay?

Just started getting this error randomly: error: could not read plugin [/home/vagrant/.pulumi/plugins/resource-kubernetes-v0.24.0/pulumi-resource-kubernetes] stdout: EOF

Has anyone come across this?

Any ideas why though the input for

parameters

says

[key: string]: any;

it won’t take a dictionary? Error:

parameters ($connections): '' expected type 'string', got unconvertible type 'map[string]interface {}'

const processWorkflow = new azure.logicapps.Workflow('process-url', {
    location: resourceGroup.location,
    resourceGroupName: resourceGroup.name,
    parameters: {
        "$connections": {
            "defaultValue": {},
            "type": "Object"
        }
    }
});

Alternatively, I’m trying this too, to try and establish the connection between CosmosDB and a LogicApp (the API Connector is already created) in the following way:

const processWorkflow = new azure.logicapps.Workflow('process-url', {
    location: resourceGroup.location,
    resourceGroupName: resourceGroup.name,
    parameters: {
        "$connections": JSON.stringify({
            // "defaultValue": {},
            // "type": "Object"
            "value": {
                "documentdb": {
                    "connectionId": "/subscriptions/639952d4-dcc0-49f4-a588-d59bfb63cf4b/resourceGroups/shortener-rg0620430b/providers/Microsoft.Web/connections/api-connection-to-cosmosdb",
                    "connectionName": "logicapp-comosdb-connection",
                    "id": "/subscriptions/639952d4-dcc0-49f4-a588-d59bfb63cf4b/providers/Microsoft.Web/locations/westeurope/managedApis/documentdb"
                }
            }
        })
    }
});

But cannot shake the

The template validation failed: 'The workflow parameters '$connections' are not valid; they are not declared in the definition and therefore cannot be provided. The only declared parameters for this definition are ''.'.

error… and cannot find a way to define

$connections

as a parameter for my workflow

Hi, We are trying to use the import feature to import a AWS RouteTableAssociation resource, but are getting the following error:

warning: A new version of Pulumi is available. To upgrade from version '0.17.28' to '1.0.0-beta.2', run 
   $ brew upgrade pulumi
or visit <https://pulumi.com/docs/reference/install/> for manual instructions and release notes.
Previewing update (peopleticker/qa):

     Type                              Name             Plan       Info
     pulumi:pulumi:Stack               peopleticker-qa             1 error
 =   └─ aws:ec2:RouteTableAssociation  tf-qa-front-0    import     1 error
 
Diagnostics:
  aws:ec2:RouteTableAssociation (tf-qa-front-0):
    error: Preview failed: resource 'subnet-098fd854/rtb-ac9d63d0' does not exist
 
  pulumi:pulumi:Stack (peopleticker-qa):
    error: preview failed

We are pretty sure the ID of that resource exists and we are using latest pulumi-aws package which has the provider code from terraform to import such a resource.

@lemon-spoon-91807 I am setting up a awsx.FargateService and it looks like there is no way to pass

dependsOn

for the containers configs? Not to be confused with the pulumi

dependsOn

, I am referring to https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_dependson It looks like this parameter is not inside the pulumi-aws package either, so not sure how to workaround this, since

links

doesn't work with

awsvpc

network mode.

While developing my AWS RDS setup, I forgot a few attributes so it created an Aurora MySQL cluster. I updated the setup to include the Postgres specific and ran

pulumi up

again. But the wrong cluster is not replaced by the correct cluster:

Previewing update (production):

     Type                 Name                         Plan        Info
     pulumi:pulumi:Stack  infra-02-storage-production              
 +-  └─ aws:rds:Cluster   safeimage-rds-cluster        replace     [diff: ~dbClusterParameterGroupName,engine]
 
Resources:
    +-1 to replace
    4 unchanged

Do you want to perform this update? yes
Updating (production):

     Type                 Name                         Status                   Info
     pulumi:pulumi:Stack  infra-02-storage-production  **failed**               1 error
 +-  └─ aws:rds:Cluster   safeimage-rds-cluster        **replacing failed**     [diff: ~dbClusterParameterGroupName,engine]; 1 error
 
Diagnostics:
  pulumi:pulumi:Stack (infra-02-storage-production):
    error: update failed
 
  aws:rds:Cluster (safeimage-rds-cluster):
    error: Plan apply failed: error creating RDS cluster: DBClusterAlreadyExistsFault: DB Cluster already exists
        status code: 400, request id: fa019735-d4a7-4ad1-a887-e6fc4c64f761
 
Resources:
    4 unchanged

Why is the wrong cluster not deleted first?

Having an issue - build the EKS cluster but when deploying helm charts for services that create an ingress (looking at you Istio)…. it appears to fail on creating the ELB’s. Something about permissions to create a load balancer? Or perhaps an underlying issue with tagging?

Only similar-ish references I could find:

What's the right way to import a gke managed certificate? I have been trying

new k8s.apiextensions.CustomResource("service-dev-certificate", {
    apiVersion: "<http://networking.gke.io/v1beta1|networking.gke.io/v1beta1>",
    kind: "ManagedCertificate",
    metadata: {
        labels: {
            app: "networking",
            stage: "service-dev",
        },
        namespace: "namespace",
        name: "service-dev-certificate",
    },
    spec: {
        domains: ["<http://service-dev.example.com|service-dev.example.com>"]
    },
}, { provider: k8sProvider, import: "service-dev-certificate" })

but that doesn't seem to find it

fyi https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/serviceAccount is 404

also need some advice on importing service accounts, eg:

<mailto:name@project.iam.gserviceaccount.com|name@project.iam.gserviceaccount.com>

wouldn't that be

new gcp.serviceAccount.Account("name", {
    displayName: "name",
    accountId: "name",
    project: "project"
}, { import: "111111111111111111111" }) // id from url of gcp console

? (lemme know if these import questions become annoying ;)

Is there any equivalent to the terraform 'remote-exec' and 'file' provisioners in pulumi? I want to run a script when I create an ec2 instance and ec2 userData is painful to debug.

I discovered JS tagged templates, quite cool, allows to do things like:

projectNumber`service-${"gke01-london"}@container-engine-robot.iam.gserviceaccount.com`

where project id is replaced by project number without hiding overall value behind function

How should I implement canary deployments for API Gateway?

is there a way to get a resource's kubernetes name? for instance, to glue together a service and an ingress

when i do e.g.

this.service.metadata.name

, i get nothing

oh, i guess it's working, it's just the preview shown was incorrect

Would be cool to get a release of

pulumi-docker

when ya'll have a chance, can't wait for https://github.com/pulumi/pulumi-docker/pull/95

Hi, I suspect the

pulumi up

fails with OOM. Is there a way to specify max-old-space-size ?

What I am doing wrong? test.ts file:

import * as gcp from "@pulumi/gcp";
const x = {} as gcp.container.NodePoolArgs["nodeConfig"]["labels"];

Then

$ node_modules/.bin/tsc --noEmit --noErrorTruncation test.ts
test.ts:2:58 - error TS2339: Property 'labels' does not exist on type 'Input<{ diskSizeGb?: .....; labels?: Input<{ [key: string]: Input<string>; }>;'

how come?

labels

is clearly there 🙂

Hello, I was thrown in the world of Kubernetes, Helm, Google Cloud Engine, and Terraform/Pulumi and so on, so maybe I'm really in the wrong channel now to ask my question, please be nice. 🙂 We have a so called

nginx-ingress

which does basic authentication for one domain. Currently the basic authentication data is done manually via:

htpasswd -c auth <username> && kubectl create secret generic docs-basic-auth --from-file=auth

I want to automate this for the future. The helm chart looks like this:

ingress:
  domain: <domain>
  tlsSecretName: <name>-de-tls
  annotations:
    <http://nginx.ingress.kubernetes.io/auth-type|nginx.ingress.kubernetes.io/auth-type>: basic
    # # The name of the secret which contains the HTTP basic auth configuration
    # # See: <https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md>
    <http://nginx.ingress.kubernetes.io/auth-secret|nginx.ingress.kubernetes.io/auth-secret>: docs-basic-auth
    <http://nginx.ingress.kubernetes.io/auth-realm|nginx.ingress.kubernetes.io/auth-realm>: "Name"
deployment:
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0

I have a file which contains this code where, at least I think, I need to start:

import * as k8s from "@pulumi/kubernetes";
import * as affinities from "../../../affinities";

interface ICreateNginxIngressOpts {
  isPrivateNetworkIngress: boolean;
  tls: { defaultTlsSecretName: string };
  context: {
    provider: k8s.Provider;
  };
}

const createNginxIngress = ({
  isPrivateNetworkIngress,
  tls,
  context: { provider }
}: ICreateNginxIngressOpts) => {
  let annotations: any = {};

  if (isPrivateNetworkIngress) {
    // Only allow traffic from the external subnet
    annotations["<http://cloud.google.com/load-balancer-type|cloud.google.com/load-balancer-type>"] = "Internal";
  }

  return new k8s.helm.v2.Chart(
    "nginx-ingress",
    {
      repo: "stable",
      chart: "nginx-ingress",
      version: "1.6.0",
      values: {
        defaultBackend: {
          affinity: affinities.defaultPool
        },
        controller: {
          extraArgs: {
            "default-ssl-certificate": tls.defaultTlsSecretName
          },
          publishService: { enabled: true },
          affinity: affinities.defaultPool,
          service: {
            annotations
          }
        }
      }
    },
    { dependsOn: [provider], providers: { k8s: provider } }
  );
};

export { createNginxIngress };

Any hints where I have to look at? Basically: I want to automate this steps: https://github.com/kubernetes/ingress-nginx/blob/6d2400ee0fcd29390db24091edef07ccee73c881/docs/examples/auth/basic/README.md