https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    bitter-dentist-28132

    09/04/2019, 8:16 PM
    how can i read an output from the previous run of a stack?
    f
    • 2
    • 2
  • s

    salmon-account-74572

    09/04/2019, 8:20 PM
    Looks like Pulumi has hit 1.0, is that correct?
    w
    b
    • 3
    • 2
  • e

    early-musician-41645

    09/04/2019, 8:57 PM
    With the recent news from EKS, I'm wondering if Pulumi has support for the OIDC IdP in the
    eks.Cluster
    https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
    w
    d
    o
    • 4
    • 5
  • q

    quick-action-34599

    09/04/2019, 10:12 PM
    Anyone got an idea why Pulumi would say a certificate could not be found, but the arn exists in AWS?
    c
    h
    i
    • 4
    • 5
  • f

    fast-cricket-95212

    09/05/2019, 12:40 AM
    Is there a plan to add a Twilio module to Pulumi?
    w
    • 2
    • 2
  • f

    fast-cricket-95212

    09/05/2019, 4:44 AM
    Is there a plan to add support for Firebase Cloud Messaging and Firebase Apps?
    w
    a
    • 3
    • 3
  • b

    best-xylophone-83824

    09/05/2019, 9:32 AM
    new documentation styling is much easier to use, thanks!
    b
    • 2
    • 1
  • b

    best-xylophone-83824

    09/05/2019, 10:02 AM
    something is off with new app.pulimi.com, firefox shows "page is slowing down your browser"
    b
    • 2
    • 5
  • s

    salmon-beard-79336

    09/05/2019, 11:54 AM
    Trying to create a certificate on Azure KeyVault, but cannot shake this error
    azure:keyvault:Certificate (test):
        error: Plan apply failed: grpc: error while marshaling: proto: field "google.protobuf.Value.Kind" contains invalid UTF-8
    const testCertificate = new azure.keyvault.Certificate("test", {
      certificatePolicy: {
        issuerParameters: {
          name: "Self",
        },
        keyProperties: {
          exportable: true,
          keySize: 2048,
          keyType: "RSA",
          reuseKey: true,
        },
        lifetimeActions: [{
          action: {
            actionType: "AutoRenew",
          },
          trigger: {
            daysBeforeExpiry: 30,
          },
        }],
        secretProperties: {
          contentType: "application/x-pkcs12",
        },
        x509CertificateProperties: {
          // Server Authentication = 1.3.6.1.5.5.7.3.1
          // Client Authentication = 1.3.6.1.5.5.7.3.2
          extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
          keyUsages: [
            "cRLSign",
            "dataEncipherment",
            "digitalSignature",
            "keyAgreement",
            "keyCertSign",
            "keyEncipherment",
          ],
          subject: `CN=*.${domainName}`,
          subjectAlternativeNames: {
            dnsNames: [
              // "<http://internal.contoso.com|internal.contoso.com>",
              // "domain.hello.world",
            ],
          },
          validityInMonths: 12,
        },
      },
      keyVaultId: keyVault.id,
      name: "generated-cert",
    })
    t
    • 2
    • 3
  • s

    salmon-beard-79336

    09/05/2019, 11:55 AM
    but the weird thing is that the certificate gets generated
    b
    t
    • 3
    • 11
  • b

    big-nail-28315

    09/05/2019, 2:21 PM
    Is there any way to retrieve the subnet id’s of a VPC to pass in to another function as a string? (before pulumi up is finished executing)
    f
    c
    • 3
    • 34
  • q

    quick-action-34599

    09/05/2019, 2:58 PM
    Following up on this thread: https://pulumi-community.slack.com/archives/C84L4E3N1/p1567635167287300 I definitely had the right profile and right region. No idea why Pulumi can’t see it.
  • q

    quick-action-34599

    09/05/2019, 2:58 PM
    I decided to manually delete it and try to get Pulumi to create it again
  • s

    some-doctor-62800

    09/05/2019, 2:59 PM
    do you use the same account on your cli?
  • s

    some-doctor-62800

    09/05/2019, 2:59 PM
    might be permissions or such in that case?
  • q

    quick-action-34599

    09/05/2019, 3:17 PM
    yep same account
  • q

    quick-action-34599

    09/05/2019, 3:17 PM
    My default profile is us-east-2 but I am explicitly using a us-east-1 provider on the certificate I was attempting to import
  • q

    quick-action-34599

    09/05/2019, 3:21 PM
    OK wait
  • q

    quick-action-34599

    09/05/2019, 3:22 PM
    My bad, CloudFront distributions require ACM certificates to be in the us-east-1 region, but other uses (ELB) require the certificate to be in THEIR region.
  • q

    quick-action-34599

    09/05/2019, 3:23 PM
    I thought they all had to be in us-east-1 for validation to work
  • b

    broad-dog-22463

    09/05/2019, 3:23 PM
    👍
  • b

    broad-dog-22463

    09/05/2019, 3:23 PM
    so it's ok?
  • q

    quick-action-34599

    09/05/2019, 3:23 PM
    trying now
  • b

    broad-dog-22463

    09/05/2019, 3:24 PM
    ok
  • q

    quick-action-34599

    09/05/2019, 3:38 PM
    lol nope
  • g

    gentle-diamond-70147

    09/05/2019, 3:39 PM
    Can you share your code?
  • q

    quick-action-34599

    09/05/2019, 3:39 PM
    maybe I need to delete everything, sec
    • 1
    • 1
  • b

    bitter-dentist-28132

    09/05/2019, 3:52 PM
    so i've got an app that consists of a few microservices, each in their own repo. i'm deploying to kubernetes. right now, i've got a single repo with the pulumi code that deploys the entire stack, but i'd like to have the code that defines the resources specific to each microservice live alongside its corresponding code, so that e.g. review apps would work as desired without changing the code that deploys prod. is there a best practices for this? i was thinking of having an npm package inside each microservice repo, and then just `npm link`ing it when running a review app. then the "main code" would just import the various microservice packages. but maybe there's a better way of doing this.
    c
    c
    • 3
    • 16
  • w

    white-balloon-205

    09/05/2019, 5:02 PM
    Cross-posting for those of you who don't yet follow the #announcements channel 😄. https://pulumi-community.slack.com/archives/CB36DSVSA/p1567702858018400
  • b

    best-xylophone-83824

    09/05/2019, 5:26 PM
    The most magical thing about Pulumi, however, is that you get all the same predictability guarantees of an infrastructure as code tool, while still embracing general purpose languages.
    spot on from the blog post. when I spoke about pulumi with colleagues first reaction was that "normal programming language is not declarative" , and therefore it is dangerous to use
    c
    b
    b
    • 4
    • 3
Powered by Linen
Title
b

best-xylophone-83824

09/05/2019, 5:26 PM
The most magical thing about Pulumi, however, is that you get all the same predictability guarantees of an infrastructure as code tool, while still embracing general purpose languages.
spot on from the blog post. when I spoke about pulumi with colleagues first reaction was that "normal programming language is not declarative" , and therefore it is dangerous to use
c

colossal-beach-47527

09/05/2019, 6:05 PM
I’ve been thinking about this aspect a lot myself. I think as an industry we’ve over-emphasized “declarative” as a silver bullet, when in fact it just isn’t well suited for a lot of situations. If you look at the Kubernetes space, there are reems of YAML and configuration files. So much so that even more complex wrappers such as Ksonnet and Cue are built on top of it — trying to simplify the experience, while still being 100% declarative. But at the end of the day, what is the problem you are trying to solve? If your goal is to make it easier to understand how you are setting up your cloud infrastructure, then if you are setting up 100 EC2 VMs, having a “for loop” that executes 100 iterations is sufficiently clear. Of course you can write super-complicated, difficult-to-maintain code using a real programming language. But that’s why we have code reviews, type checking, linters, style guides, etc. It’s easy to make code readable and understandable. When you are using a purely declarative model, you don’t have much flexibility.
👍 1
b

brave-salesmen-42327

09/05/2019, 7:08 PM
Chris said it eloquently, but I think the short rebuttal is, "Declarative doesn't scale well or flat our work in certain cases" The solution in the past has been jamming stuff on top of the declarative language; you end up with amalgamations of the worst traits of both models mixed up and on top of one another. Then there's the intended audience. If someone is really comfortable in modern programming languages and has to write your cloud infrastructure code, and they are not so comfortable with terraform or cloud formation speak, just give them the tool they are most experienced and comfortable with. You will get better results. It's a bit of a fallacy to appeal to Fear to govern policy: imperative languages are dangerous, we should not use them. There's no proof that they are "dangerous" and even if you could make that assertion, discarding a powerful tool out of fear is not wise.
b

bitter-dentist-28132

09/05/2019, 7:30 PM
i'd be pretty surprised if most orgs aren't running a collection of bash scripts on top of their helm/terraform code anyway.
👍 4
View count: 1