Can a stack have several projects? It seems a little odd to see already existing stacks suggested for new projects (my understanding of a project is just an index file and a mapped runtime (i.e. nodejs).

Can someone help me with CI and AWS. I am a bit confused over how to deal with Roles/IAM/RBAC for setting up the infrastructure in such way that staging and dev branches are different from prod in terms of rights

I'm getting an odd error when trying to run `pulumi up`:

error: Missing required configuration variable 'poc-pulumi:aws:region'

. When I do what the error describes and set:

pulumi config set poc-pulumi:aws:region us-east-1

, I get another error telling me the format is invalid: `error: invalid configuration key: could not parse poc-pulumi:aws:region as a configuration key (configuration keys should be of the form

<namespace>:<name>

)`

Digital ocean’s managed k8s service refreshes its certificates every week. I authenticate via my digital ocean access token and can still access my pods, but this isn’t working with Pulumi. I'm unable to make updates to the cluster or to my applications. When I attempt to refresh I get this error:

unable to load schema information from the API server: the server has asked for the client to provide credentials

From what I’ve read Pulumi auths to k8s using either ~/.kube/config or $KUBECONFIG. Given that I have a recently updated kube config and can connect to my cluster I don’t understand why Pulumi is failing. I’m thinking the issue could be with the way I export the provider in the project that creates the basic cluster:

export const kubeconfig = cluster.kubeConfigs[0].rawConfig
const provider = new kubernetes.Provider(project_name, { kubeconfig })

I removed the cluster bootstrapping (container registry login stuff, etc) that was dependent upon the provider and ran

pulumi update -v 5 --debug

. I hoped this would update the kubeconfig being used by the other projects that deploy my apps. All I got from the attempted update was a vague error and an outputted kube config file:

error: an unhandled error occurred: Program exited with non-zero exit code: -1

What is the recommended way to deal with the k8s digitalocean certificate rotation, both from managing the base cluster and for the applications that will deploy to it? I took a look at the Terraform documentation here but am not sure how to translate this to Pulumi: https://www.terraform.io/docs/providers/do/r/kubernetes_cluster.html#kubernetes-terraform-provider-example I’ve been stuck on this for a while, any assistance would be greatly appreciated :-)

When authenticating to Azure with a service principal, I set the required environment variables as stated in the docs, however I get this error when I run

pulumi up

at the stage of creating an AAD application in my pulumi code.

error: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2019-12-23T18:15:51","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":""}}]

Please, is there any additional permission I need to give the service principal in active directory?

Any Windows users out there? I'm running PowerShell on my mac and Pulumi doesn't seem to like how the arrow keys are handled. Pressing up or down after a plan throws this:

Do you want to perform this update?
  yes
> no
  details
error: confirmation cancelled, not proceeding with the update: Unexpected Escape Sequence: ['\x1b' 'O']

Wondering if this is a PowerShell + macOS thing or just PowerShell in general.

I noticed pulumi exposes the node aws-sdk through

new aws.sdk.S3()

like calls. If I have an aws.Provider with set credentials is there a way to use that to create sdk clients? This is for multi-account programs.

The pulumi-command provider I am building breaks if something is a secret. This line returns the error “Could not convert input: cannot convert *structpb.Struct to string”. This makes sense because pulumi secrets in state are objects instead of strings. Is there a way to have pulumi pass the secret in the clear and have it handle the string->object conversion? https://github.com/brandonkal/pulumi-command/blob/master/pkg/structpbconv/structpbconv.go#L119

Why did Pulumi decide to choose Typescript as their language of preference? Python and Go adoption is far ahead for DevOps, Cloud Infrastructure, and backend/platform teams. Part of my job is empowering the more junior engineers to learn languages that will help them advance their careers and I don’t see Typescript doing that.

I'm pretty sure that there are at least a few people hiring node.js developers in the world 😅

Happy Xmas to every one :)

It’s a question of who your biggest audience is. Have you surveyed new Pulumi adoptees on what languages they already know?

I wasn't involved in that decision at all, but FWIW, TypeScript has a strong type system and is concise and expressive at the same time. Combined with the largest ecosystem of libraries and tools of Node.js, I think it's a solid choice.

Probably, TypeScript makes more sense for my background (full stack dev) than for DevOps/platform teams.

Hi, We are using statefulset(https://github.com/elastic/helm-charts/blob/7.5.0/elasticsearch/templates/statefulset.yaml) and spinning up eks through Pulumi code. It is creating aws ebs volumes and everything is working fine. Scenario is that, When the perform pulumi destroy (bringing down the cluster) and bring it up again(pulumi up ), statefulset is creating new volumes instead of reusing existing ones. We are in testing phase where we don't want to keep 5 node cluster running all the time and at the same time, we don't want to recreate the data all the time. So, we would like to shutdown and start when ever needed. Is there is any approach you could recommend to re-use existing ebs volumes. Also, in real scenarios, Eks can go down for n number of reasons and it is very important for us to address reusing volumes. Please advise.

HELP! It seems that changing aws:rds:SubnetGroup description (!!!) is causing an aws:rds:ClusterInstace replacement. This is insane! We tried different pulumi/aws versions: 1.7.0 - 1.14.0 - happens on all of them. Note that in pulumi/aws 1.8.0 there is a change to subnetgroup description so we are currently stuck on 1.7.0 due to this breaking change.

Question about stacks - what’s the best way to migrate a stack from my personal account (under my profile) to an organization (so that others can also manage)?

I'm trying to use Pulumi to deploy an instance of Hashicorp Vault in Kubernetes, then connect to it using the pulumi-vault provider and provision a bunch of resources in it. Is there a good way to handle the chicken-and-egg problem this creates for preview? Pulumi can't preview the changes to be made in Vault because the instance of Vault that it would connect to to preview those changes has not been created yet, and won't be until apply time.

Does anyone know how to setup some logging from a containers stdout & stdin using EKS & Fargate and Pulumi? I want to use Prometheus and Loki but not sure how to setup it up with pulumi. I think something missing from Pulumi docs for getting a production ready rollup is something related to capturing metrics and logging from all containers, preferably without changing our app images. We use stdout and stdin.

Posting here rather than #python because I don’t think it’s specific to Python. I have Pulumi installed manually in ~/.pulumi/bin. I have a virtualenv set up and pulumi Python package installed with pip. I start

python3

and try to do the following at the interactive prompt:

>>> import pulumi
>>> config = pulumi.Config()

and I get “Program run without the Pulumi engine available; re-run using the

pulumi

CLI” The pulumi binary is in PATH, I checked with

print(os.environ["PATH"])

What else does it need?

In general what I can do in Pulumi that Terraform cannot do?

@elegant-twilight-2745 you probably want this page: https://www.pulumi.com/docs/intro/vs/

With pulumi then I don’t need Boto3? Could someone explain thanks

@here looking for help with a cloudfront deployment problem (see #aws)

Upgrading to

@pulumi/pulumi=1.8.1

with typescript has introduced this error for me:

stacks/cluster/api.ts(85,8): error TS2345: Argument of type '{ parent: this; }' is not assignable to parameter of type 'CustomResourceOptions'.
      Types of property 'parent' are incompatible.
        Type 'this' is not assignable to type 'Resource | undefined'.
          Type 'this' is not assignable to type 'Resource'

where

this

is a

class API extends pulumi.ComponentResource

Has anyone noticed npm update does not work after updating to the latest version?

Is helm 3 fully supported? I’m experimenting with gloo and so I have a pulumi file like this:

import * as k8s from '@pulumi/kubernetes'

new k8s.helm.v2.Chart('gloo', {
  chart: 'gloo/gloo',
})

Pulumi fails with:

Error: Command failed: helm fetch gloo/gloo --untar --destination /tmp/tmp-12397xMcptBYcaXX7

In gloo docs, it mentions this bug in version 2: https://docs.solo.io/gloo/latest/installation/gateway/kubernetes/#installing-on-kubernetes-with-helm However, I have helm v3 installed in my path: $ helm version version.BuildInfo{Version:“v3.0.2”, GitCommit:“19e47ee3283ae98139d98460de796c1be1e3975f”, GitTreeState:“clean”, GoVersion:“go1.13.5"} Looking through pulumi-kubernetes I was able to find: https://github.com/pulumi/pulumi-kubernetes/pull/882 (Merged)

@rhythmic-hair-33677 I don’t think so, since Helm3 is fully client side.