Or do you use “tricks” to keep the implementation of such abstractions between the various programming languages in sync?

Hi. I’m trying to initialize the k8s provider's

kubeconfig

parameter with the output of a Azure

KubernetesCluster

resource. But for some reason, when I run

pulumi up

before even provisioning anything, it fails because the

k8s

resource already tries to connect to the cluster (which doesn't exist at this point in time). I thought that a missing dependency was the issue, but even when I specify the dependency explicitly, it will fail with the connection error. Any ideas? Basically I just want to provision a cluster (with azure provider) and then configure that same cluster (with k8s provider).

When doing development with Pulumi, How many state files do you have? One for Local and One for CI/CD? Or create the stacks on local PC for all CICD Pipeline in backend state file?

Can you delete a default VPC in AWS with pulumi? Trying to do this with Python.

Is there a way to change the S3 backend URL, so we can use MinIO instead?

I have a stack with ~1000 resources. Adding a single route53 record resource to this stack and

pulumi up

takes 6 to 7 minutes. Is this typical? Seems a bit long....

is it possible to set pulumi config option (e.g. pulumi:noSyncCalls) globally for all stacks?

Had a question similar to: https://pulumi-community.slack.com/archives/C84L4E3N1/p1572604898043200?thread_ts=1572604898.043200 where I would like to assign tags to all aws resources that are created through Pulumi. Started down the path of doing this:

runtime.registerStackTransformation(args => {
    return {
        ...args,
        props: {
            ...args.props,
            tags: {
                owner: "stewartnoll"
            }
        }
    }
});

but ran into the problem pointed out in the question's thread where not all aws resources support a tag resulting in a failure at

pulumi up

. Followed up by moving to a more explicit approach that sets tags on those things I specifically care about:

runtime.registerStackTransformation(args => {
    if (args.type === 'aws:lambda/function:Function' || args.type === '<ANOTHER TYPE HERE>') {
        return {
            ...args,
            props: {
                ...args.props,
                tags: {
                    owner: "stewartnoll"
                }
            }
        }
    }
    return undefined;
});

Although this has the benefit of reducing cognitive load on future devs adding functions to the stack, there's still the issue of adding a different resource to the stack that supports tags but isn't captured in the condition. If this were dot net I'd use reflection to map

args.type

to the dot net Type and check if the Type has the property

Tags

which would cover all resource types (including those that haven't been created by aws yet). I've been Googling a bunch on how to do something similar in TypeScript but haven't had any luck. Does anyone know of a way to do this or a better approach?

Is there any chance the pulimi team would rethink stacks? I mean, why can’t a stack be created as part of pulimi itself? Why is it an outside resource? Let me run pulumi up and define/create/use a stack directly before creating all the AWS resources. I feel like this is a missed opportunity. Now I gotta wrap all my Pulumi call in a CI build script (in Ruby) before actually calling pulimi up, would be nicer to do that as part of pulimi (in TS/Go whatever)

can anybody give me a pointer on how to best deploy a yaml.ConfigFile then wait until a particular deployment has replicas ready? i can see how to do it for a pod but that pod's autonamed so not sure how best to query for it. it's for cert-manager and I keep getting an error creating a DNS issuer because the webhook hasnt become ready so I want to try and wait until that's done

It appears that pulumi has started disregarding my local changes to a stack. Instead, it appears to be stuck at the head of our teams integration branch. Any tips on how to resolve this would be greatly appreciated

Hey, I’m trying to do some unit testing for a small pulumi module we are making for our apps in our compagnie. Just wondering how that is possible. We are using jasmine + typescript. We always getting this error when running it

Error: ENOENT: no such file or directory, open '/Users/alexandrelemieux/tm/pulumi/ticketmaster/node_modules/grpc/node_modules/needle/test/keys/ssl.cert'
    at Object.openSync (fs.js:448:3)
    at Object.readFileSync (fs.js:348:35)
    at Object.<anonymous> (/Users/alexandrelemieux/tm/pulumi/ticketmaster/node_modules/grpc/node_modules/needle/test/helpers.js:9:13)
    at Module._compile (internal/modules/cjs/loader.js:738:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:749:10)
    at Module.load (internal/modules/cjs/loader.js:630:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:570:12)
    at Function.Module._load (internal/modules/cjs/loader.js:562:3)
    at Module.require (internal/modules/cjs/loader.js:667:17)
    at require (internal/modules/cjs/helpers.js:20:18)
npm ERR! Test failed.  See above for more details.

@big-potato-91793 Are you trying to read a file? Try logging your current working dir from pulumi and also try absolute path first.

Having trouble passing in values to a Helm chart via Pulumi. The chart is failing to install because an access id I am passing in as a value isn’t valid. I know it is valid because I can install the helm chart manually, passing in the secret with

--set

. Pulumi looks to be writing these values into a yaml file in tmp, but they’re cleaned up as soon as the command fails: Command failed: helm template /tmp/tmp-2518liO6nRLE4N1X/sumologic --name-template sumobundle --values /tmp/tmp-2518liO6nRLE4N1X/sumologic/values.yaml --values /tmp/tmp-25188Uk68Vj0j9UB.yaml --namespace sumologic I’d like to validate the values in these files and confirm that the secrets are being passed in. Before I do something hacky, is there a better way I could go about troubleshooting this problem or maybe force Pulumi to retain its artifacts from the preview?

Anyone know of Pulumi support for Kafka's Schema Registry?

Hello, I am looking into using Pulumi for our Kubernetes infra and wondered if there is a way to run a script when a node/vm resource is being destroyed? The idea is we would drain and cordon nodes before destroying. Then if possible run a command after the destroy to remove the node from kubernetes. Looking at the docs so far I cannot find any logic that can do this and am thinking it would have to be done manually which defeats one of the purposes 😕

Anyone able to upgrade istio from 1.4.0 to 1.4.3 without failure? Failed for us because a cluster role binding was missing.

pulumi up

shows secure outputs in plain text, is it a known issue? I am using pulumi random:

import * as random from "@pulumi/random";
...
const redisPassword = new random.RandomPassword("redis", {
  length: 10,
  special: false
});

export const redisStgPassword = redisPassword.result;

Per docs, pulumi should display at as`[secret]` : https://www.pulumi.com/docs/intro/concepts/programming-model/#stack-outputs and https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/random/#RandomPassword while in my case it displays it in plaintext every invocation of

pulumi up

or

pulumi stack output

I am using pulumi 1.8.1 and random 1.4.0

The section on

Structured Configuration

shows how to set a secret as part of structured config. But I’m missing what the type should be in my custom TS interface. https://www.pulumi.com/docs/intro/concepts/config/#structured-configuration

General question, has anyone implemented pulumi with Spinnaker? If so any thoughts? My company are keen to use Spinnaker and i've done a lot of AWS provisioning with pulumi (python).

Ugh this is irritating AF right now -> https://github.com/terraform-providers/terraform-provider-aws/issues/8531 Is there anything I can do at pulumi level to eradicate/mitigate this?

you could add the responses into a map and then be able to pull the information out of a map by a key?

thus irridicating the need for the ordering

essentially using a loop and the map

The random ordering means the next

pulumi up

wants to replace the cert. What I'm looking at now is adjusting the ordering in code so it matched what was previsioned previously.

Can we get built-in support for Pulumi to tag everything in AWS? I'm talking standardized, built-in support so that everything that Pulumi creates gets standardized tags. These are essential for tightly targeted IAM policies and for administration purposes. I'm already aware of the transformations support, but I'm hoping for something that's cross-language, debugged and standard.

hey there

I have some troubleshooting questions

what would be the correct channel to post in?

how can i make the pulumi update command return a non 0 status code when it errors