I have a task that creates an aws alb. It does this as a "side-effect" of deploying k8s yaml files. So when I do a destroy, the ALB isn't deleted. Is there a way to trigger additional work when a destroy is run?

hello all, anyone here worked with AWS Lambda and Lambda Layers in Pulumi? I think I have found a bug but would like to run it by someone who has worked with this before.

Say I've got a large yaml file / text I don't want to initially convert to pulumi objects. What's the best way to deploy this to k8s as is?

Is there an on-ramp to using kubectl? This would be a nice escape hatch where the details of "shell out" using the generated kubeconfig are taken care of.

On the other hand, I don't suppose there's a tool that converts k8s yaml to pulumi code? 😛

const fluentBit = new k8s.yaml.ConfigFile("fluent-bit.yml", {}, { parent: cluster, provider: cluster.provider });

I had to specify the provider too - I would've thought it could deduce that from the parent?

At least it would be nice if it did that

is anyone using the pulumi CircleCI orb? https://circleci.com/orbs/registry/orb/pulumi/pulumi

what’s the best way to handle specifying config? I want to be able to do

pulumi up --config myAppImageTag=${CIRCLE_SHA}

but that doesn’t seem to be supported. Do

pulumi config set ...

outside the orb first or something?

If an aurora instance has autoMinorVersionUpgrade set to true, and an auto upgrade happens, will that require a pulumi refresh to get the state back in sync? will we also have to update the engineVersion in our pulumi script to match the upgrade that happened outside pulumi?

stable/prometheus-redis-exporter

helm chart fails to install

ServiceMonitor

. Probably because of the following line:

{{- if and ( .Capabilities.APIVersions.Has "<http://monitoring.coreos.com/v1|monitoring.coreos.com/v1>" ) ( .Values.serviceMonitor.enabled ) }}

in https://github.com/helm/charts/blob/master/stable/prometheus-redis-exporter/templates/servicemonitor.yaml Is there a workaruond?

so im an idiot and deleted an EKS cluster from the aws UI and now my pulumi stack is busted. is there any way of recovering this?

it seems that aws.rds.Cluster and aws.rds.ClusterInstance require that engineVersion is set (and set to the same value) when creating an Aurora DB cluster. but when it comes time to upgrade to a new version of aurora, if you set the new version on both the Cluster and the ClusterInstance, pulumi up will fail. But if you only change the version on the Cluster (and leave the Cluster Instance on the older version) the upgrade will happen correctly. Subsequent updates will still succeed even though in the pulumi code the versions are now miss matched. This behavior seems odd, so I was wondering if their was an explanation.

For a dynamic resource, is it possible to prevent a replace operation when the provider (__provider) changes? We are using the dynamic resource tool to create SNS topic subscriptions in AWS, and do not want users to be resubscribed whenever the provider changes e.g. when we upgrade dependencies like pulumi-aws, etc. cc @dazzling-memory-8548

Is there a way to invoke

task.run({ cluster });

on a FargateTaskDefinition at the top-level of our pulumi program during update? We are trying to run a one-off task inside a container, without needing lambda like in https://www.pulumi.com/docs/guides/crosswalk/aws/ecs/#running-fire-and-forget-tasks .

Just deployed some resources (including AKS and CosmosDB) and ran

pulumi preview

right after it successfully deployed the stack and it's now saying that it wants to replace the cosmosDB database. Why is that? Looks like this all starts because the

consistencyPolicy

needs updating?!

cosmos_db_account = Account(
    "cosmosdbaccount",
    consistency_policy={
        "consistencyLevel": "Strong",
        "maxIntervalInSeconds": 5,
        "maxStalenessPrefix": 10
    },
    geo_locations=[
        {
        "location": resource_group.location,
        "failoverPriority":0
        }
    ],
    kind="GlobalDocumentDB",
    location=resource_group.location,
    offer_type="Standard",
    resource_group_name=resource_group.name
)

I check the consistency setting in the Azure portal and it shows that it's set to "Strong", so no idea why pulumi thinks it has to reconfigure it to "Strong" and then replace all the other resources. When I execute

pulumi up

it applies a change to cosmosDB, not to any of the other resources it said it would. Once done, I can run

pulumi preview

again and I get the same output as before where pulumi thinks it has to update and even replace multiple resources.

I am building Elastic Beanstalk environments...every time I run pulumi, even if I don't change anything with the environment settings, pulumi updates the environments...any particular reason why?

Hi guys for pulumi in kubernetes, how do I create a service before the deployment?

My container needs the service to be available before being deployed

Is there dependency field we could add

Is there a way of dealing with circular dependencies such as Create an aws role in account A that can assume a role in account B, create that role in account B and allow it's trust policy to only be assumable by the role created in account A?

Is anyone getting installation errors on pulumi like the below? I am trying to install pulumi deps using yarn, but grpc is not building it seems.

node-pre-gyp ERR! Completion callback never invoked!
node-pre-gyp ERR! System Darwin 18.7.0
node-pre-gyp ERR! command "/usr/local/Cellar/node/12.6.0/bin/node" "/Users/snip/projects/snip/deployment/node_modules/grpc/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build" "--library=static_library"
node-pre-gyp ERR! cwd /Users/snip/projects/snip/deployment/node_modules/grpc
node-pre-gyp ERR! node -v v12.6.0
node-pre-gyp ERR! node-pre-gyp -v v0.13.0

I'm trying out integration testing and getting what seems to be an error due to an upstream api change:

<http://github.com/pulumi/pulumi/pkg/resource/deploy/providers/registry.go:326:30|github.com/pulumi/pulumi/pkg/resource/deploy/providers/registry.go:326:30>: multiple-value uuid.NewV4() in single-value context

Nevermind I reinstalled everything as a go module and it seems to work now

What’s the best way of

.apply

multiple `Output`s ?

/**
 * DevOps Role
 *
 * @description role to be assumed only by IAM entities in the Admin Account.
 */
export const devopsRole = new aws.iam.Role(`${INFRA_CONFIG.ORG_NAME}-devops`, {
  assumeRolePolicy: adminAccount.id.apply(id =>
    JSON.stringify({
      Version: '2012-10-17',
      Statement: [
        {
          Action: 'sts:AssumeRole',
          Principal: {
            AWS: [id]
          },
          Effect: 'Allow',
          Sid: ''
        }
      ]
    })
  )
});

I'm doing the simple

Clusters: EKS - Hello World!

tutorial, I updated my pulumi.yaml to use a profile and getting this error

unable to recognize "/var/folders/xm/_hfzjmqs3571_r9_myjkmstm0000gn/T/tmp-767539RB6eLkfe2Z.tmp": Unauthorized

Hi, I want to run CM tools only if a new instance has been created (not on preview, or 'up' that affects other resources), can it be done via Pulumi?

Is there a way not to append hash after the resource name?

When tearing down an EKS cluster, I need to wait after deleting an alb-ingress for the controller to notice the deletion and remove the associated AWS ALB. Is that possible to do?

If not, are there cleanup handlers or something I can add to accomplish this?