pulumi-community #general

late-printer-99022

01/11/2020, 6:55 PM

I am looking forward for contribution to Pulumi world.

late-printer-99022

01/11/2020, 7:33 PM

Hi All, I have few questions. we are setting up EKS AWS cluster. 1. What you suggest for monitoring and alerts. 2. What you suggest for Dashboard or generating arch diagrams for cluster. 3. Routing ? example I have cluster with 5 micro-service. earlier each deployed using

'type: 'LoadBalancer'

I got the url using ELB automatically. those urls are very long url. I want to connect using Route53. so, I want to have this kind of urls. https://api.mydomain.com/service1 , https://api.mydomain.com/service2 , after looking some example, I changed type. it is now

type: NodePort

. I may need to create

k8s.networking.v1beta1.Ingress

and use

aws-alb-ingress-controller

and route traffic. I tried and didn't worked because example was not having Route53 specific code. I don't know if it do automatically internally. all micro-services are working fine. deployed successfully. only the routing part is now remaining. So, please help me. 1. All services need

NodePort

LoadBalancer

2. What is good url scheme ? https://api_service1.mydomain.com or https://api.mydomain.com/service1 ? Kindly help and suggest. + Also, people suggest me to add API Gateway. where API Gateway comes into this picture?

fast-dinner-32080

01/11/2020, 9:25 PM

Does Pulumi provide a arbitrary way to call a custom REST api to create custom resources which then can be managed or would this be a good use case to create a dynamic provider in my project?

flat-insurance-25294

01/12/2020, 12:10 AM

@late-printer-99022 I’d suggest CloudWatch insight for monitoring. You can always setup Prometheus and Grafana but that’s one more thing to manage, so I suggest letting AWS manage that.

miniature-grass-95081

01/12/2020, 1:24 AM

Curious if there are any plans to integrate Pulumi with the cost side of resource provisioning? i.e. ways to predict cost changes when rolling out a new infrastructure deployment. I've been thinking about ways to manage this as part of our IaC-based deployments.

flat-insurance-25294

01/12/2020, 2:36 AM

One thing Pulumi needs to do better at that’s a low hanging fruit, is clear up what type of reference arguments are used between objects. Sometimes it uses arn, sometimes the name, and sometimes the id. Like for

BucketPublicAccessBlockArgs

I tested first using the name and then the arn but it expected the id.

flat-insurance-25294

01/12/2020, 2:36 AM

It’s unclear with stringly typed references.

flat-insurance-25294

01/12/2020, 3:46 AM

@white-balloon-205 I found a bug. awscloudfront/distributionDistribution Is always pending. I can’t tear down my resources without exporting and manually removing the pending.

flat-insurance-25294

01/12/2020, 3:48 AM

-  aws:cloudfront:Distribution s3Distribution deleting

always fails

orange-ghost-99337

01/12/2020, 11:17 AM

Hello there, is there a way to store certs in pulumi project without exposing a file with plaintext?

bright-orange-69401

01/12/2020, 7:34 PM

I'm a bit confused about Pulumi's role in "refreshing" resources : for example updating a Lambda, its LambdaLayer or redeploying an API Gateway Isn't that what a CI/CD system is supposed to do ? Where does Pululmi's role stop here ? In my case, I'd like Pulumi to configure Machine Learning services like SageMaker, which involve complex, intertwined configuration (S3 bucket for training data, S3 bucket for outputs, etc.) Should I also use a hashing system in order to determine wether Pulumi should refresh resources, same as the hash uses for Lambda ?

elegant-dress-88912

01/13/2020, 7:01 AM

Hello, I'm trying to import existing helm chart resources into Pulumi with:

Copy code

const redis = new k8s.helm.v2.Chart(
...
    transformations: [
      addNamespace(redisNamespace.metadata.name),
      args => {
        if (args.props.metadata && args.props.metadata.name) {
          return {
            props: args.props,
            opts: pulumi.mergeOptions(args.opts, {
              import: args.props.metadata.name
            })
          };
        }
        return undefined;
      }
    ]
  }
);

However, this fails with

Copy code

$ pulumi up

 +   ├─ kubernetes:helm.sh:Chart        redis                  create
 =   │  ├─ kubernetes:core:Service      redis-headless         import     1 error
 =   │  ├─ kubernetes:core:ConfigMap    redis                  import     [diff: +data~metadata]; 1 warning
 =   │  ├─ kubernetes:core:ConfigMap    redis-health           import     1 error
 =   │  ├─ kubernetes:core:Service      redis-master           import     1 error
 =   │  ├─ kubernetes:core:Secret       redis                  import     1 error
 =   │  └─ kubernetes:apps:StatefulSet  redis-master           import     1 error
 =   └─ kubernetes:core:Namespace       redis                  import

Diagnostics:
  kubernetes:core:Service (redis-master):
    error: Preview failed: resource 'redis-master' does not exist

  kubernetes:core:Service (redis-headless):
    error: Preview failed: resource 'redis-headless' does not exist

  kubernetes:core:ConfigMap (redis):
    warning: inputs to import do not match the existing resource; importing this resource will fail
...

Errors stating that resource does not exist are wrong - resources are here. The thing is that pulumi checks resources under

default

namespace - I verified it by creating cm

default/redis

and it shows different error for the resource. Another concern is "warning: inputs to import do not match the existing resource; importing this resource will fail" - how do I force pulumi to take over this resource? For now I have to deploy chart into a different namespace, export stack state into a file, edit it by replacing namespace name, destroy resources, and reimport modified state. I.e. I can't just use this import feature of pulumi.

late-printer-99022

01/13/2020, 9:32 AM

quite frustrated with following problem this is not working

Copy code

--cluster-name=${synPlatformCluster.eksCluster.name}`

this is also not working.

Copy code

--cluster-name=${synPlatformCluster.eksCluster.name.apply((v) => `${v}`)}`

getting following notice.

Copy code

containers                   : [
                        [0]: {
                            args                  : [
                                [0]: "--ingress-class=alb"
                                [1]: "--cluster-name=Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi."
                            ]
                            image                 : "<http://894847497797.dkr.ecr.us-west-2.amazonaws.com/aws-alb-ingress-controller:v1.0.0|894847497797.dkr.ecr.us-west-2.amazonaws.com/aws-alb-ingress-controller:v1.0.0>"
                            imagePullPolicy       : "Always"
                            name                  : "server"
                            terminationMessagePath: "/dev/termination-log"
                        }
                    ]
                    dnsPolicy                    : "ClusterFirst"
                    restartPolicy                : "Always"
                    serviceAccount               : "alb-ingress"
                    serviceAccountName           : "alb-ingress"
                    terminationGracePeriodSeconds: 30
                }
            }

late-printer-99022

01/13/2020, 11:31 AM

Questions: How I can modify subnet tags using Pulumi ? https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/controller/config/#subnet-auto-discovery

late-printer-99022

01/13/2020, 12:33 PM

@ - it is possible that Pulumi forget to remove some resources ? I have tried https://www.pulumi.com/blog/kubernetes-ingress-with-aws-alb-ingress-controller-and-pulumi-crosswalk/ multiple times and removed resources using deletion of code. Today I found there are 2 ALB load-balancer. So, I think. It forget to remove some load-balancer . I assume, If I comment out the code and run pulumi up, it should remove all resources.

late-printer-99022

01/13/2020, 12:35 PM

billowy-secretary-44583

01/13/2020, 2:23 PM

Hello, trying to spin up a digitalocean kubernetes cluster and install a helm chart:

Copy code

"use strict";
const pulumi = require("@pulumi/pulumi");
const digitalocean = require("@pulumi/digitalocean");
const kubernetes = require("@pulumi/kubernetes");

const region = "sfo2";

const kubernetesVersion = "1.16.2-do.2";

const nodeSize = "s-1vcpu-2gb";
const nodeCount = 1;

const cluster = new digitalocean.KubernetesCluster(
    "kubernetes-cluster",
    {
        region: region,
        version: kubernetesVersion,
        nodePool: {name: "default", size: nodeSize, nodeCount: nodeCount}
    }
);

const kubeconfig = cluster.kubeConfigs[0].rawConfig;

const provider = new kubernetes.Provider("kubernetes-provider", {cluster, kubeconfig});

const chart = new kubernetes.helm.v2.Chart(
    "nginx-ingress-chart",
    {
        repo: "stable",
        chart: "nginx-ingress",
        version: "1.28.3"
    },
    {providers: {kubernetes: provider}});

const controllerStatus = chart.getResourceProperty(
    "v1/Service",
    "nginx-ingress-chart-nginx-ingress-controller",
    "status");

const ipAddress = controllerStatus.apply(status => status.loadBalancer.ingress[0].ip);

module.exports = {ipAddress};

I get

TypeError: Cannot read property 'status' of undefined

. I think it might have something to do with pulumi trying to install the chart before the cluster/provider is created (?). The resource tree shows the chart but not its "contents":

Copy code

Type                                     Name                 Plan       Info
 +   pulumi:pulumi:Stack                      test-do-k8s-do-k8s   create     1 error
 +   ├─ kubernetes:helm.sh:Chart              nginx-ingress-chart  create     
 +   ├─ digitalocean:index:KubernetesCluster  kubernetes-cluster   create     
 +   └─ pulumi:providers:kubernetes           kubernetes-provider  create

damp-pillow-67781

01/13/2020, 6:13 PM

Hi, I got the error of

no resource plugin 'pulumi-nodejs' found in the workspace or on your $PATH

on my new linux worker, I thought I saw the error before but not sure I fixed it. Any ideas?

fast-dinner-32080

01/13/2020, 8:42 PM

Is there a way to share config between stacks? I know right now there is a per stack config but I am looking to see if there is a way to also have global config that all stacks share in a project.

shy-microphone-28807

01/13/2020, 9:39 PM

Hi. I am having trouble understanding some aspect of the programming model and the way promises work.

shy-microphone-28807

01/13/2020, 9:39 PM

The following code throws an error for calling

id

on undefined

shy-microphone-28807

01/13/2020, 9:40 PM

Copy code

const sourceIds = sourceAccounts.apply(accounts => accounts.map(account => `${account.id}`))

busy-umbrella-36067

01/13/2020, 9:58 PM

Does

awsx.ecs.FargateService

attempt to find an ECS cluster if one is not defined? Or does it always create a cluster name

default-cluster

rhythmic-camera-25993

01/13/2020, 10:01 PM

it creates a default cluster, but you can always pass in a cluster as the

cluster

parameter of the FargateServiceArgs

orange-ghost-99337

01/13/2020, 10:41 PM

i see following error while trying to add RSA Key as a secret using pulumi cli, did any one see this issue?

orange-ghost-99337

01/13/2020, 10:42 PM

pulumi config set --secret --path sat-key.yellow "$(cat sat_key.pub)

An error occurred: bad flag syntax: -----BEGIN PUBLIC KEY----

bright-orange-69401

01/14/2020, 5:09 AM

Is it possible to let the user solve a Captcha as part of a 'pulumi up` ? (for example using Python's

raw_input

function to read from CLI)

cold-coat-35200

01/14/2020, 7:29 AM

hi, what is the proper way to remove old pulumi plugins? I run a

pulumi plugin rm --all

command, then a pulumi up in a repo, expected pulumi to install the necessary plugin, but get:

Copy code

➜  cert-manager (cert-manager) ✗ pulumi up
Previewing update (sbx):
[resource plugin aws-1.17.0] installing
Downloading plugin: 58.95 MiB / 58.95 MiB [========================] 100.00% 11s
Moving plugin... done.
error: could not load plugin for kubernetes provider 'urn:pulumi:sbx::k8s-cert-manager::pulumi:providers:kubernetes::k8s-provider': no resource plugin 'kubernetes' found in the workspace or on your $PATH

looks really strange, that it installed one plugin, but not the others. I assume there is a better way than manually install the correct plugin versions

adventurous-garage-59192

01/14/2020, 7:47 AM

Is there a reason why reading the stackref is considered a resource change?

adorable-sugar-92867

01/14/2020, 9:29 AM

Hello, being new to Pulumi I’m impressed by it’s potential as far as I thing I understand it. So deep diving I set out to create a k8s cluster on digital ocean. Got a long way with by implementing this https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes tutorial in Pulumi code. However the final letsencrypt step is a bit too long to implement to convert. Luckily I found a way to run those yaml’s from Pulumi (

new ConfigFile(name, {file: https://...})

), but unfortunatly that does not seem to be idempotent… Is there a better ‘Pulumi’ way to create the needed k8s resources inside

Copy code

<https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml>