Do we have something that could take k8s CRDs and create pulumi code?

How are folks working with StackReference and complex types (eg, an array/list of Route53 zones, VPC subnets, etc.)?

I may be asking something obvious but... is it possible to use Pulumi to manage Pulumi resources ? (inception) I'd like to create a Project, link it to a Repository and create several Stacks as well... and of course tag everything according to my specifications Is that doable within a Pulumi Component ?

i am runnning a

pulumi stack init

command with a

--secrets-provider

arg and it’s just sitting there with no logging or anything. i attempted to also run with

-v 4

arg to no avail. what do i need to do to get some kind of logging to tell me why this command isn’t working? if it helps, I am using azurekeyvault, the key is RSA-2048, and the whole command looks like

pulumi stack init MyOrganization/dev --secrets-provider="<azurekeyvault://my-kv-name.vault.azure.net/keys/pulumi-secrets>"

Is there a way to efficiently profile memory usage on

pulumi up

? I'm facing long deployment times and the CI ran out of memory at several occations (currently memory is set to 4GB, I believe).

the Type property on aws.route53.Record is documented as "`PRIMARY` or 

SECONDARY

. A 

PRIMARY

 record will be served if its healthcheck is passing, otherwise the 

SECONDARY

 will be served." however all examples I've found show Type indicating the record type, ie "CNAME", "A", etc.

Do you all have any examples of using default complex (read: array or object) configs in a template? I’m wanting to do

pulumi new <template>

and instantiate with default complex configs

Hi All- I'm getting my feet with Pulumi on AWS. We use roles for interacting with AWS APIs, and they have a hard timeout of 1 hour. I'm also using S3 as the backend at the moment. I'm wondering what advice you might have that would help me deal with STS token timeouts during a stack deployment? For example, if I have an STS token that's valid for another 15 minutes, and I run a

pulumi up

that might take 30 minutes, about half way through Pulumi will lose access to the S3 bucket backend, and then it gets all sorts of confused. Is there any way to launch asynchronous deployments with a non-SaaS backend? With CloudFormation, it submits the stack to AWS and runs asynchronously, so your token only needs to be valid for the length of time it takes to run

CreateStack

or

UpdateStack

. I'm kind of hoping for something similar for Pulumi.

To anyone wondering how to generate a CA certificate using Pulumi (e.g. to configure a cert-manager CA issuer), here’s an example: https://gist.github.com/EronWright/81d0d016f4fb766074d59e863f132c67

Am new to Pulumi and am delighted at the potential for developing reusable components, e.g. with

pulumi.ComponentResource

.

Hi there, I have a problem with an apiVersion compatibility I can’t find a solution for. I have an

Ingress

in my clusters which was working fine before but now when I create/update I got an error like :

error: creation of resource […] failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind “Ingress” in version “networking.k8s.io/v1beta1”

I create the resource like

new pulumi_kubernetes.networking.v1beta1.Ingress()

I tried to switch to `pulumi_kubernetes.networking.v1.Ingress`but I got a type error that

Ingress

does not exist in

networking.v1

My versions : “@pulumi/kubernetes”: “1.4.1", “@pulumi/pulumi”: “1.9.0", kubectl version : Client Version: version.Info{Major:“1”, Minor:“17", GitVersion:“v1.17.2”, GitCommit:“59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:“clean”, BuildDate:“2020-01-23T14:21:54Z”, GoVersion:“go1.13.6”, Compiler:“gc”, Platform:“darwin/amd64”} Server Version: version.Info{Major:“1", Minor:“13+“, GitVersion:“v1.13.11-gke.14”, GitCommit:“56d89863d1033f9668ddd6e1c1aea81cd846ef88", GitTreeState:“clean”, BuildDate:“2019-11-07T19:12:22Z”, GoVersion:“go1.12.11b4”, Compiler:“gc”, Platform:“linux/amd64”} I suppose that’s a problem between pulumi packages version and the kubernetes server api but I can’t find a match between them both now. I also tried to downgrade

@pulumi/kubernetes

without any success.

is there a way to do a thing after a kubernetes deployment has successfully deployed? e.g. make http requests against the now-up server?

Any ETA on the next release? We're waiting on FireLens support for ECS.

This message was deleted.

Few questions about naming resources: • Am I correct in understanding that the resource name must be unique throughout the program for any resource, not just a resource of that kind? • What can go wrong if we don't? • Do you have any recommended best practices for naming? (e.g.

<type>-<name>

?)

Hi, I’m looking to move my team from the legacy pay-per-stack model to the new unlimited stack model, but not all of my Github org users are Pulumi users. Is there a way to configure the number of users that Pulumi bills for under the unlimited stack billing model?

Is there a way to get the organization within a pulumi program? (We're using stack references, and it helps for testing things.)

Hypothetically if I wanted to install in a truly airgapped environment but still gain the benefits of pulumi.com, could I host a central pulumi.air-gapped-dns.internal?

What is the officially supported (or at least most commonly recommended) way of downgrading the Pulumi command line tool? Motivation for asking: my team has been hit by the defect addressed in https://github.com/pulumi/pulumi/pull/3798. We would like all team members to have

pulumi preview

working on their workstations. This isn't currently the case since some team members have already upgraded to 1.9.1, which is the version exhibiting the unwanted behavior, while some others are on 1.8.1 which still works for our use case.

My reading of the docs at https://www.pulumi.com/docs/get-started/install/ suggests that those needing to downgrade should

rm

the

~/.pulumi

directory, download the 1.8.1 tarball from https://www.pulumi.com/docs/get-started/install/versions/ then extract the tarball and put extracted binaries somewhere on $PATH. Is there anything else we should watch out for?

Other than experimentation, how can I tell which resources are auto-named by default? (Repost due to no response last time around.)

Hello everybody! Would you have any updates on this feature request: https://github.com/pulumi/pulumi/issues/2307? We are looking for some elegant way to load defaults from the template?

Hi. I'm attempting to create an Azure

ZipBlob

resource, but without the blob that was previously created being deleted after every run of

pulumi up

. Each blob is uniquely named. I have discovered

CustomResourceOptions

, and from those options I've used

deleteBeforeReplace: false

, assuming this would stop to resource being deleted before it was replaced. However, this is not the case, and the blob previously created by the Pulumi resource is still deleted. How can I keep blobs previously created by the Pulumi resource?

const zipBlob = new azure.storage.ZipBlob("storageBlob", {
	name: `MyApp.${version}.zip`,
    storageAccountName: storageAccount.name,
    storageContainerName: storageContainerForReleases.name,
    type: "block",
    content: new pulumi.asset.FileArchive("MyFileArchive"),
}, {
	deleteBeforeReplace: false
});

I have also tried to use the

CustomResourceOptions

of

protect

, but this caused the

pulumi up

operation to fail because Pulumi still tries to delete the resource, but can't because of the protection.

Hey guys I have a genuine question about pulumi and cicd, I currently use gitlab + pulumi and I was wondering how do you guys handle rollbacks, with your deploy. In helm, this is abit more straight forward. Have you guys come up with a good solution to this problem? Specifically with k8s. just an open discussion in a thread would be great.

Hello I was wondering how I could reference an already existing role in aws without creating one in the typescript aws module.

I tried to use the getRole data source but it seems like using its assumeRolePolicy with the role constructer creates a role in aws

Is there any way to reference terraform state as an input to pulumi? I’m looking at a model where I spin up a minimum infrastructure with terraform and then run pulumi in that infra to plug other components onto it on demand, but to do that I need to know the IDs of everything I’m hooking up to (I can export values and pass them in, but I’m wondering if there’s a more convenient way)

In the pulumi docs, I’ve seen “name”, “logical name”, and “resource_name” all used apparently interchangeably (see https://www.pulumi.com/docs/intro/concepts/programming-model/#resources , https://www.pulumi.com/docs/intro/concepts/programming-model/#urns ) which is confusing me and my team when we’re talking about these entities. Is one of these monikers preferred over the others?

Can somebody explain to me options for storing state for Pulumi. I did not find much answers in documentation. It just said either locally or on pulumi server. Terraform obviously has an option to use storage account, ARM does not require it at all. So what are the free, selfhosted options of using Pulumi? Hosting state locally obviously is not a solution since no teams are exactly 1 person.