https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    busy-dusk-74339

    01/17/2020, 2:32 PM
    when i run
    pulumi preview --diff
    it highlights
    securityGroups
    as having changes, but the contents of the object are identical to the instance above that it wants to delete …
  • b

    busy-dusk-74339

    01/17/2020, 2:33 PM
    - aws:ec2/instance:Instance: (delete)
        [id=i-0b024d1ad4cb75dba]
        [urn=urn:pulumi:dev::talend_poc::aws:ec2/instance:Instance::talend_poc_instance]
        [provider=urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334]
        ami                  : "ami-04bfa3d65c8508b02"
        disableApiTermination: true
        getPasswordData      : false
        iamInstanceProfile   : "talend_poc_profile-1f0f54b"
        instanceType         : "m4.xlarge"
        keyName              : "ops"
        rootBlockDevice      : {
            deleteOnTermination: true
            volumeSize         : 300
        }
        securityGroups       : [
            [0]: "sg-095e0af0371379410"
            [1]: "sg-078d2ef15a737ac03"
        ]
        sourceDestCheck      : true
        subnetId             : "subnet-08d1f41a5bd97f622"
        tags                 : {
            Name       : "talend-poc"
            application: "talend-poc"
        }
        userData             : "IyEvYmluL2Jhc2gKCnN..."
  • b

    busy-dusk-74339

    01/17/2020, 2:33 PM
    pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:Stack::talend_poc-dev]
        > pulumi:pulumi:StackReference: (read)
            [id=PLOS/iam/dev]
            [urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:StackReference::PLOS/iam/dev]
            name: "PLOS/iam/dev"                                                                                                                                                                                                                                                                                                                                      +-aws:ec2/instance:Instance: (replace)
            [id=i-099b9ef2206465ee3]
            [urn=urn:pulumi:dev::talend_poc::aws:ec2/instance:Instance::talend_poc_instance]
            [provider: urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334 => urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_18_0::output<string>]
          ~ securityGroups: [
              + [0]: "sg-095e0af0371379410"
              + [1]: "sg-078d2ef15a737ac03"
            ]
  • h

    helpful-kitchen-78641

    01/17/2020, 7:44 PM
    is it possible to read the value of the aws config keys? i.e. I have this in my
    Pulumi.stack.yaml
    config:
      aws:profile: StagingAdmin
    and in my
    index.ts
    code I would like to do something like:
    const prof = config.require('aws:profile');
  • h

    helpful-kitchen-78641

    01/17/2020, 7:50 PM
    ah, found it:
    const prof = aws.config.profile;
    g
    • 2
    • 1
  • b

    busy-dusk-74339

    01/17/2020, 10:39 PM
    any ideas how to troubleshoot changes to a stack?
  • b

    busy-dusk-74339

    01/17/2020, 10:40 PM
    pulumi is convinced that it needs to add 2 security groups to my ec2 instance, but when i view the instance in the console, both of the SGs it wants to add are already there
    g
    • 2
    • 26
  • l

    loud-nest-15724

    01/18/2020, 1:41 PM
    Hi all, I've been digging into how Pulumi stores secrets when using S3 for state management It seems like secret values are being store in plain text in the outputs section of the state. here's a example of the program I am running - https://gist.github.com/Jmen/27f1eaafe3660f384c34b65af6b13d4f and an example of what is stored in the state - https://gist.github.com/Jmen/343468cfe680e12d3613bda9b8378b2b is there currently a limitation in the .net implementation, or the S3 support?
    w
    • 2
    • 4
  • m

    mysterious-egg-7415

    01/18/2020, 4:27 PM
    Can we get the Terraform ACME provider added to Pulumi: https://www.terraform.io/docs/providers/acme/index.html
    b
    • 2
    • 1
  • s

    steep-toddler-94095

    01/19/2020, 3:17 AM
    `docker.Image`'s
    build.cacheFrom
    parameter does not seem to allow me to use an image with a different name as the cache source. It's different from how
    docker --cache-from
    works. Am I out of luck on this if i want to use another image for the build cache?
    b
    • 2
    • 2
  • b

    broad-dog-22463

    01/20/2020, 10:50 AM
    Just thought I'd throw this piece of code out there - it's for multiple region deployments of resources in Pulumi - this specific example is for Lambdas
    const providers: {[key: string]: aws.Provider} = {
        "us-east-1": new aws.Provider("us-east-1", {region: "us-east-1"}),
        "us-east-2": new aws.Provider("us-east-2", {region: "us-east-2"}),
        "us-west-2": new aws.Provider("us-west-2", {region: "us-west-2"})
    };
    
    for (const providerKey of Object.keys(providers)) {
        const provider = providers[providerKey];
    
        const lambda = new aws.lambda.Function(`my-lambda-function-${providerKey}`, {
            name: "lambda-for-account-cleanup",
            runtime: aws.lambda.Go1dxRuntime,
            timeout: 900,
            role: iamRoleArn,
            handler: "main",
            code: new pulumi.asset.FileArchive("../deployment.zip"),
            environment: {
                variables: {
                    "DESTROY_ENABLED": "false"
                }
            },
            tags: {
                "Owner": "Stack72",
                "Purpose": "AccountCleanup",
            }
        }, {provider: provider});
    }
    💯 1
    👍 1
    s
    f
    • 3
    • 5
  • l

    limited-rainbow-51650

    01/20/2020, 11:09 AM
    If I’m not mistaken, the provider code for the various languages supported by Pulumi is mostly generated from TF providers by the bridge support, or from e.g. an OpenAPI/Swagger. Am I correct that higher level abstractions (e.g. Crosswalk) are implemented separately by hand each language at a time?
  • l

    limited-rainbow-51650

    01/20/2020, 11:10 AM
    Or do you use “tricks” to keep the implementation of such abstractions between the various programming languages in sync?
    t
    • 2
    • 1
  • c

    cuddly-smartphone-89735

    01/20/2020, 2:03 PM
    Hi. I’m trying to initialize the k8s provider's
    kubeconfig
    parameter with the output of a Azure
    KubernetesCluster
    resource. But for some reason, when I run
    pulumi up
    before even provisioning anything, it fails because the
    k8s
    resource already tries to connect to the cluster (which doesn't exist at this point in time). I thought that a missing dependency was the issue, but even when I specify the dependency explicitly, it will fail with the connection error. Any ideas? Basically I just want to provision a cluster (with azure provider) and then configure that same cluster (with k8s provider).
    b
    l
    w
    • 4
    • 13
  • n

    nutritious-judge-27316

    01/20/2020, 2:12 PM
    When doing development with Pulumi, How many state files do you have? One for Local and One for CI/CD? Or create the stacks on local PC for all CICD Pipeline in backend state file?
    w
    • 2
    • 3
  • r

    red-football-97286

    01/20/2020, 2:47 PM
    Can you delete a default VPC in AWS with pulumi? Trying to do this with Python.
    w
    • 2
    • 3
  • l

    limited-rain-96205

    01/20/2020, 7:18 PM
    Is there a way to change the S3 backend URL, so we can use MinIO instead?
  • f

    fresh-summer-65887

    01/20/2020, 8:57 PM
    I have a stack with ~1000 resources. Adding a single route53 record resource to this stack and
    pulumi up
    takes 6 to 7 minutes. Is this typical? Seems a bit long....
    w
    • 2
    • 3
  • b

    bored-river-53178

    01/20/2020, 9:16 PM
    is it possible to set pulumi config option (e.g. pulumi:noSyncCalls) globally for all stacks?
    w
    • 2
    • 1
  • e

    eager-gold-58845

    01/21/2020, 1:22 AM
    Had a question similar to: https://pulumi-community.slack.com/archives/C84L4E3N1/p1572604898043200?thread_ts=1572604898.043200 where I would like to assign tags to all aws resources that are created through Pulumi. Started down the path of doing this:
    runtime.registerStackTransformation(args => {
        return {
            ...args,
            props: {
                ...args.props,
                tags: {
                    owner: "stewartnoll"
                }
            }
        }
    });
    but ran into the problem pointed out in the question's thread where not all aws resources support a tag resulting in a failure at
    pulumi up
    . Followed up by moving to a more explicit approach that sets tags on those things I specifically care about:
    runtime.registerStackTransformation(args => {
        if (args.type === 'aws:lambda/function:Function' || args.type === '<ANOTHER TYPE HERE>') {
            return {
                ...args,
                props: {
                    ...args.props,
                    tags: {
                        owner: "stewartnoll"
                    }
                }
            }
        }
        return undefined;
    });
    Although this has the benefit of reducing cognitive load on future devs adding functions to the stack, there's still the issue of adding a different resource to the stack that supports tags but isn't captured in the condition. If this were dot net I'd use reflection to map
    args.type
    to the dot net Type and check if the Type has the property
    Tags
    which would cover all resource types (including those that haven't been created by aws yet). I've been Googling a bunch on how to do something similar in TypeScript but haven't had any luck. Does anyone know of a way to do this or a better approach?
  • f

    flat-insurance-25294

    01/21/2020, 1:37 AM
    Is there any chance the pulimi team would rethink stacks? I mean, why can’t a stack be created as part of pulimi itself? Why is it an outside resource? Let me run pulumi up and define/create/use a stack directly before creating all the AWS resources. I feel like this is a missed opportunity. Now I gotta wrap all my Pulumi call in a CI build script (in Ruby) before actually calling pulimi up, would be nicer to do that as part of pulimi (in TS/Go whatever)
    a
    t
    • 3
    • 6
  • b

    better-rainbow-14549

    01/21/2020, 10:40 AM
    can anybody give me a pointer on how to best deploy a yaml.ConfigFile then wait until a particular deployment has replicas ready? i can see how to do it for a pod but that pod's autonamed so not sure how best to query for it. it's for cert-manager and I keep getting an error creating a DNS issuer because the webhook hasnt become ready so I want to try and wait until that's done
    g
    • 2
    • 4
  • c

    cold-motorcycle-78950

    01/21/2020, 4:30 PM
    It appears that pulumi has started disregarding my local changes to a stack. Instead, it appears to be stuck at the head of our teams integration branch. Any tips on how to resolve this would be greatly appreciated
    f
    • 2
    • 7
  • b

    big-potato-91793

    01/21/2020, 4:31 PM
    Hey, I’m trying to do some unit testing for a small pulumi module we are making for our apps in our compagnie. Just wondering how that is possible. We are using jasmine + typescript. We always getting this error when running it
    Error: ENOENT: no such file or directory, open '/Users/alexandrelemieux/tm/pulumi/ticketmaster/node_modules/grpc/node_modules/needle/test/keys/ssl.cert'
        at Object.openSync (fs.js:448:3)
        at Object.readFileSync (fs.js:348:35)
        at Object.<anonymous> (/Users/alexandrelemieux/tm/pulumi/ticketmaster/node_modules/grpc/node_modules/needle/test/helpers.js:9:13)
        at Module._compile (internal/modules/cjs/loader.js:738:30)
        at Object.Module._extensions..js (internal/modules/cjs/loader.js:749:10)
        at Module.load (internal/modules/cjs/loader.js:630:32)
        at tryModuleLoad (internal/modules/cjs/loader.js:570:12)
        at Function.Module._load (internal/modules/cjs/loader.js:562:3)
        at Module.require (internal/modules/cjs/loader.js:667:17)
        at require (internal/modules/cjs/helpers.js:20:18)
    npm ERR! Test failed.  See above for more details.
  • f

    flat-insurance-25294

    01/21/2020, 5:06 PM
    @big-potato-91793 Are you trying to read a file? Try logging your current working dir from pulumi and also try absolute path first.
    b
    • 2
    • 6
  • b

    broad-boots-45639

    01/21/2020, 6:21 PM
    Having trouble passing in values to a Helm chart via Pulumi. The chart is failing to install because an access id I am passing in as a value isn’t valid. I know it is valid because I can install the helm chart manually, passing in the secret with
    --set
    . Pulumi looks to be writing these values into a yaml file in tmp, but they’re cleaned up as soon as the command fails: Command failed: helm template /tmp/tmp-2518liO6nRLE4N1X/sumologic --name-template sumobundle --values /tmp/tmp-2518liO6nRLE4N1X/sumologic/values.yaml --values /tmp/tmp-25188Uk68Vj0j9UB.yaml --namespace sumologic I’d like to validate the values in these files and confirm that the secrets are being passed in. Before I do something hacky, is there a better way I could go about troubleshooting this problem or maybe force Pulumi to retain its artifacts from the preview?
    g
    • 2
    • 6
  • i

    incalculable-engineer-92975

    01/21/2020, 8:21 PM
    Anyone know of Pulumi support for Kafka's Schema Registry?
    b
    • 2
    • 3
  • f

    fast-dinner-32080

    01/21/2020, 8:39 PM
    Hello, I am looking into using Pulumi for our Kubernetes infra and wondered if there is a way to run a script when a node/vm resource is being destroyed? The idea is we would drain and cordon nodes before destroying. Then if possible run a command after the destroy to remove the node from kubernetes. Looking at the docs so far I cannot find any logic that can do this and am thinking it would have to be done manually which defeats one of the purposes 😕
    w
    g
    • 3
    • 4
  • c

    cool-egg-852

    01/21/2020, 9:41 PM
    Anyone able to upgrade istio from 1.4.0 to 1.4.3 without failure? Failed for us because a cluster role binding was missing.
    • 1
    • 1
  • e

    elegant-dress-88912

    01/22/2020, 5:30 AM
    pulumi up
    shows secure outputs in plain text, is it a known issue? I am using pulumi random:
    import * as random from "@pulumi/random";
    ...
    const redisPassword = new random.RandomPassword("redis", {
      length: 10,
      special: false
    });
    
    export const redisStgPassword = redisPassword.result;
    Per docs, pulumi should display at as`[secret]` : https://www.pulumi.com/docs/intro/concepts/programming-model/#stack-outputs and https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/random/#RandomPassword while in my case it displays it in plaintext every invocation of
    pulumi up
    or
    pulumi stack output
    I am using pulumi 1.8.1 and random 1.4.0
    w
    • 2
    • 10
Powered by Linen
Title
e

elegant-dress-88912

01/22/2020, 5:30 AM
pulumi up
shows secure outputs in plain text, is it a known issue? I am using pulumi random:
import * as random from "@pulumi/random";
...
const redisPassword = new random.RandomPassword("redis", {
  length: 10,
  special: false
});

export const redisStgPassword = redisPassword.result;
Per docs, pulumi should display at as`[secret]` : https://www.pulumi.com/docs/intro/concepts/programming-model/#stack-outputs and https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/random/#RandomPassword while in my case it displays it in plaintext every invocation of
pulumi up
or
pulumi stack output
I am using pulumi 1.8.1 and random 1.4.0
w

white-balloon-205

01/22/2020, 5:32 AM
Right now - you need to specifiy
additionalSecretOutputs
to ensure outputs are secret (unless they were also inputs which were provided a secret value). https://github.com/pulumi/pulumi-terraform-bridge/issues/10 will make it so that this additional annotation is not required, and "Sensitive" outputs from upstream providers will automatically be marked as secret.
e

elegant-dress-88912

01/22/2020, 5:33 AM
thanks @white-balloon-205 !
@white-balloon-205, this worked well for
random.RandomPassword
and
tls.PrivateKey
(which are from terraform modules), but didn't work for k8s.Secret. Any idea? Code:
const vaultAuthAccount = new k8s.core.v1.ServiceAccount(
...

// read from created account token secret
export const vaultAuthToken64 = k8s.core.v1.Secret.get(
  "vault-auth-token",
  pulumi.interpolate`${vaultAuthAccount.metadata.namespace}/${vaultAuthAccount.secrets[0].name}`,
  {
      additionalSecretOutputs: ["data"]
  }
).data.apply(d => (d as { token: string }).token);
looks like static method
get
of https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/core/v1/#Secret does not honor this option
mb there is some way to create secure
Output
from non-secure
Output
? I could use this as w/a.
w

white-balloon-205

01/22/2020, 5:53 AM
Hmm - that doesn't sound right. Could you open an issue with a report of that? (
get
not respecting this option).
e

elegant-dress-88912

01/22/2020, 5:53 AM
sure
w

white-balloon-205

01/22/2020, 5:54 AM
mb there is some way to create secure
Output
from non-secure
Output
?
Yeah -
pulumi.secret(output)
should work.
e

elegant-dress-88912

01/22/2020, 5:54 AM
thanks !
https://github.com/pulumi/pulumi-kubernetes/issues/956
👍 1
View count: 1