https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • r

    rhythmic-finland-36256

    08/19/2019, 10:23 AM
    General understanding on
    pulumi preview
    (delete-replace vs. in-place-update)
    b
    • 2
    • 24
  • b

    best-xylophone-83824

    08/19/2019, 11:32 AM
    did anybody managed to use
    pulumi.Config().getObject<T>()
    ? I get
    error: getting secrets manager: could not unmarshal map: yaml: unmarshal errors:
      line 4: cannot unmarshal !!map into string
    all the time 😞 Config is valid YAML:
    config:
      gcp-gke:region: europe-west2
      gcp-gke:nodePools:
        ingress:
          roles: ["ingress"]
          nodeConfig:
            machineType: "g1-small"
            preemptible: true
    Code:
    type NodePoolConfig = Omit<
        gcp.container.NodePoolArgs,
        "cluster" | "location" | "name"
    > & { roles: string[] };
    
    const nodepools = new pulumi.Config().getObject<{
        [name: string]: NodePoolConfig;
    }>("nodePools");
    w
    • 2
    • 3
  • h

    high-translator-22614

    08/19/2019, 3:05 PM
    TIL that
    StackReference
    exists (why is it in the JS/TS API docs but not the Python ones?)
    r
    • 2
    • 1
  • b

    best-xylophone-83824

    08/19/2019, 3:08 PM
    despite all the effort, TS is language of choice for pulumi
  • b

    best-xylophone-83824

    08/19/2019, 3:09 PM
    everything else looks more like attempt to attract devs
    h
    • 2
    • 1
  • t

    thankful-optician-22583

    08/19/2019, 4:11 PM
    Hi, I have a question I want to provide a K8s provider that contains a roleArn. the secret & access key that are in the env vars only can assume roles. When I set them however I see this error
    error: could not validate provider configuration: 1 error occurred:
        	* : invalid or unknown key: role_arn
    This is my configuration
    new k8s.Provider("myk8s", {
            kubeconfig: new terraform.state.RemoteStateReference("eks", {
                backendType: "s3",
                bucket: "XXXX-tfstate-backend-bucket",
                key: "XXXXXXX",
                workspace: "XXXXXXX",
                region: "us-east-1",
                roleArn: "arn:aws:iam::XXXXXXXXXXX:role/XXXX-XXXX-gitlab-terraform"
            }).getOutput("kubectl_config")});
    Has anyone encountered this before?
    b
    • 2
    • 4
  • b

    bitter-dentist-28132

    08/19/2019, 4:22 PM
    if i make a kubernetes namespace, and then want to use that namespace later on resources, is there a way to make it show up in the diff on the resources? it just appears as
    output<string>
    , even though the namespace resource shows the actual string
    b
    g
    • 3
    • 14
  • l

    little-energy-64187

    08/19/2019, 4:46 PM
    Continuing my import experiments
    const serviceAccount = new gcp.serviceAccount.Account("example", {
        displayName: "example",
        accountId: "example-service-account",
        project: "project"
    }, { import: "projects/project/serviceAccounts/example-service-account@project.iam.gserviceaccount.com" })
    
    const roles = new gcp.projects.IAMCustomRole("example", {
        roleId: "example",
        title: "example",
        description: "example roles",
        permissions: [
            'compute.addresses.list',
            'compute.instances.addAccessConfig',
            'compute.instances.deleteAccessConfig',
            'compute.instances.get',
            'compute.instances.list',
            'compute.projects.get',
            'container.clusters.get',
            'container.clusters.list',
            'resourcemanager.projects.get',
            'compute.networks.useExternalIp',
            'compute.subnetworks.useExternalIp',
            'compute.addresses.use',
        ]
    }, { import: "projects/project/roles/example" })
    
    const examplePolicyBinding = new gcp.serviceAccount.IAMBinding("example", {
        serviceAccountId: serviceAccount.accountId,
        members: ["serviceAccount:example-service-account@project.iam.gserviceaccount.com"],
        role: "projects/project/roles/example"
    }, { import: "<mailto:example-service-account@project.iam.gserviceaccount.com|example-service-account@project.iam.gserviceaccount.com>" })
    policy binding fails with
    Wrong number of parts to Binding id [example-service-account@project.iam.gserviceaccount.com]; expected 'resource_name role'.
    • 1
    • 1
  • b

    best-xylophone-83824

    08/19/2019, 5:07 PM
    typescript drives me crazy 😕 what does it want??
    config/gke01-london.ts:6:9 - error TS2322: Type '{ machineType: string; preemptible: boolean; }' is not assignable to type '"nodeConfig"'.
    
    6         nodeConfig: {
              ~~~~~~~~~~
    
      node_modules/@pulumi/gcp/container/nodePool.d.ts:312:14
        312     readonly nodeConfig?: pulumi.Input<{
                         ~~~~~~~~~~
        The expected type comes from property 'nodeConfig' which is declared here on type 'NodePoolConfigArgs'
    all I wanted is to check that provided config matches NodePoolArgs. Everything in
    'NodePoolConfigArgs["nodeConfig"]'
    is optional, yet even
    {}
    cannot be assigned to it.
    l
    o
    • 3
    • 2
  • q

    quick-action-34599

    08/19/2019, 9:54 PM
    Having trouble with the same issue as this: https://github.com/pulumi/pulumi/issues/3063 Switching from node 11 to 8 doesn’t help though
  • q

    quick-action-34599

    08/19/2019, 9:55 PM
    Neither does running
    pulumi up -y || pulumi up -y
    w
    • 2
    • 5
  • b

    best-xylophone-83824

    08/20/2019, 12:43 PM
    terraform providers have a nice property that they can be replaced with a custom compiled binary. Am I right that Pulumi pulls TF providers as a dependency and to achieve same result (== quick local bugfix), I'd need to recompile Pulumi provider ?
    w
    • 2
    • 1
  • q

    quick-action-34599

    08/20/2019, 2:41 PM
    FYI guys most of the google search results for your API now result in 404 errors https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/elasticloadbalancingv2/
    g
    • 2
    • 8
  • q

    quick-action-34599

    08/20/2019, 2:41 PM
    searching for “pulumi addListenerRule”
  • a

    adamant-dress-73325

    08/20/2019, 3:58 PM
    Hello, I am running into a spurious replace issue, is this a known problem? Pulumi believes that it needs to replace an ec2 instance to give it security group, but the instance already has the security group shown. It happens even after a
    pulumi refresh
    .
    ++aws:ec2/instance:Instance: (create-replacement)
            <snip>
          ~ securityGroups: [
              + [0]: "sg-082e7a6e007b182dc"
            ]
        +-aws:ec2/instance:Instance: (replace)
          ~ securityGroups: [
              + [0]: "sg-082e7a6e007b182dc"
            ]
    l
    w
    b
    • 4
    • 13
  • c

    cool-hair-35481

    08/20/2019, 6:16 PM
    Hello everyone. I worked through this example and it was probably the easiest lambda / api gateway deployment (complete with secrets management) that I've done so far: https://github.com/pulumi/examples/tree/master/aws-ts-apigateway-auth0 | However I have a question. Let's say that I wanted to only deploy that authorizer and attach it to an existing API gateway? Can this be done?
    f
    • 2
    • 5
  • b

    bitter-dentist-28132

    08/20/2019, 7:11 PM
    can someone please publish a new version of the docker image, so that
    pulumi/pulumi:latest
    matches what's
    latest
    in npm?
    b
    • 2
    • 1
  • a

    alert-beard-9601

    08/20/2019, 9:54 PM
    Hey everyone, I'm new on the slack. I'm having issues importing an instance because I can't get the userData to match what pulumi expects. seems to not be comparing the same things
    a
    w
    • 3
    • 7
  • b

    best-xylophone-83824

    08/21/2019, 11:08 AM
    How can I tell which of changes causes resource replace?
    +-gcp:container/cluster:Cluster: (replace) 🔒
            [id=gke01-london]
            [urn=urn:pulumi:gke01-london::gcp-gke::gcp:container/cluster:Cluster::gke01-london]
            [provider=urn:pulumi:gke01-london::gcp-gke::pulumi:providers:gcp::default_1_0_0_beta_1::1a4df25a-af6f-4fda-80df-2c8bd047655a]
          + authenticatorGroupsConfig: {
              + securityGroup: "gke-security-groups@$corp"
            }
          + maintenancePolicy        : {
              + dailyMaintenanceWindow: {
                  + startTime : "01:00"
                }
            }
          + podSecurityPolicyConfig  : {
              + enabled   : true
            }
    • 1
    • 1
  • b

    best-xylophone-83824

    08/21/2019, 12:55 PM
    Whats the reason URN doesn't include parent resource name, just a type? Including name would remove following requirement for users to think of:
    Resources constructed as children of a component should make sure that their names will be unique across multiple instances of the component. In general, the name of the component instance itself (the name parameter passed in to the component constructor) shoud be used as part of the name of the child resources.
  • s

    some-doctor-62800

    08/21/2019, 2:30 PM
    Is there some way to unprotect all resources for a specific
    pulumi up
    run?
  • s

    some-doctor-62800

    08/21/2019, 2:31 PM
    We're basically trying to make an elevated process for CD that's different from the normal case when there are resources to be deleted
  • s

    some-doctor-62800

    08/21/2019, 2:31 PM
    but having to unprotect resources one by one isn't ideal, having to leave them unprotected isn't awesome either
    w
    b
    • 3
    • 2
  • a

    abundant-airplane-93796

    08/21/2019, 3:02 PM
    I'm having an issue with a GCP UptimeCheckConfig that wants to replace itself EVERY time I run pulumi. anyone got tips on how to debug this one?
  • a

    abundant-airplane-93796

    08/21/2019, 3:02 PM
    nothing in the config should be dynamic
    w
    b
    • 3
    • 3
  • i

    incalculable-angle-91273

    08/21/2019, 5:28 PM
    Hello, I’m seeing this error from the kubernetes provider:
    kubernetes:extensions:Deployment (istio-system/istio-pilot):
        error: Plan apply failed: 1 error occurred:
            * resource istio-system/istio-pilot was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: Timeout occurred for 'istio-pilot'
    But the api shows 2/2 up. It showed this before the timeout too:
    istio-pilot                     2/2     2            2           10m
    does anyone have any thoughts on how I can further debug this? It appeared to deploy everything fine but pulumi timed out. @gorgeous-egg-16927 maybe?
  • e

    early-intern-90238

    08/21/2019, 6:23 PM
    @incalculable-angle-91273 I have been seeing those lately as well, and when I run again they seem to go away. It seems like a check of some sort was missed because my cluster will show it as done but Pulumi thinks it's still pending. It also might be a timing thing where it's a race issue. I didn't dig too deep because on my third attempt it worked as expected. But I have seen it occur again here and there, especially on a full-stack creation.
    i
    c
    • 3
    • 2
  • b

    brave-angle-33257

    08/21/2019, 10:56 PM
    having hard time again with outputs.. in my VPC stack, i output the aws zones being used from a simple object property, it’s defined as:
    subnet_zone_letters:string[] = ['a', 'b', 'c', 'd'];
    I want to make sure the other stack uses the same values, so I pass them as an output:
    export let vpc_subnet_zone_letters = vpc.subnet_zone_letters;
    that shows up in my outputs like:
    vpc_subnet_zone_letters: [
                    [0]: "a"
                    [1]: "b"
                    [2]: "c"
                    [3]: "d"
                ]
    Finally, in another stack I want to load them and use them as part of a string input to another stack, and so far for the life of me I can’t get it to work:
    var vpc_subnet_zone_letters = vpc.getOutput('vpc_subnet_zone_letters');
        ...
        availabilityZones: [
            `us-east-2${vpc_subnet_zone_letters.apply(x=>`${x[0]}`)}`,
            `us-east-2${vpc_subnet_zone_letters.apply(x=>`${x[1]}`)}`,
        ],
    b
    • 2
    • 8
  • s

    straight-jordan-23612

    08/22/2019, 12:43 AM
    have a question relating to Gitlab for this group
  • s

    straight-jordan-23612

    08/22/2019, 12:44 AM
    I am using stack references in a lambda deploy but keep getting the same outputs error undefined from the Gitlab runner. If run the same command locally it does not occur
Powered by Linen
Title
s

straight-jordan-23612

08/22/2019, 12:44 AM
I am using stack references in a lambda deploy but keep getting the same outputs error undefined from the Gitlab runner. If run the same command locally it does not occur
View count: 1