https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    big-potato-91793

    01/26/2020, 7:32 PM
    Do we have something that could take k8s CRDs and create pulumi code?
    w
    • 2
    • 1
  • m

    mysterious-egg-7415

    01/26/2020, 7:33 PM
    How are folks working with StackReference and complex types (eg, an array/list of Route53 zones, VPC subnets, etc.)?
    f
    w
    • 3
    • 21
  • b

    bright-orange-69401

    01/27/2020, 11:58 AM
    I may be asking something obvious but... is it possible to use Pulumi to manage Pulumi resources ? (inception) I'd like to create a Project, link it to a Repository and create several Stacks as well... and of course tag everything according to my specifications Is that doable within a Pulumi Component ?
    f
    w
    • 3
    • 12
  • n

    nice-guitar-97142

    01/27/2020, 5:58 PM
    i am runnning a
    pulumi stack init
    command with a
    --secrets-provider
    arg and it’s just sitting there with no logging or anything. i attempted to also run with
    -v 4
    arg to no avail. what do i need to do to get some kind of logging to tell me why this command isn’t working? if it helps, I am using azurekeyvault, the key is RSA-2048, and the whole command looks like
    pulumi stack init MyOrganization/dev --secrets-provider="<azurekeyvault://my-kv-name.vault.azure.net/keys/pulumi-secrets>"
  • f

    future-morning-96441

    01/27/2020, 8:07 PM
    Is there a way to efficiently profile memory usage on
    pulumi up
    ? I'm facing long deployment times and the CI ran out of memory at several occations (currently memory is set to 4GB, I believe).
    w
    • 2
    • 1
  • s

    swift-painter-31084

    01/27/2020, 9:28 PM
    the Type property on aws.route53.Record is documented as "`PRIMARY` or 
    SECONDARY
    . A 
    PRIMARY
     record will be served if its healthcheck is passing, otherwise the 
    SECONDARY
     will be served." however all examples I've found show Type indicating the record type, ie "CNAME", "A", etc.
    g
    • 2
    • 3
  • h

    handsome-actor-1155

    01/27/2020, 11:12 PM
    Do you all have any examples of using default complex (read: array or object) configs in a template? I’m wanting to do
    pulumi new <template>
    and instantiate with default complex configs
    w
    • 2
    • 5
  • g

    great-vr-65723

    01/28/2020, 12:19 AM
    Hi All- I'm getting my feet with Pulumi on AWS. We use roles for interacting with AWS APIs, and they have a hard timeout of 1 hour. I'm also using S3 as the backend at the moment. I'm wondering what advice you might have that would help me deal with STS token timeouts during a stack deployment? For example, if I have an STS token that's valid for another 15 minutes, and I run a
    pulumi up
    that might take 30 minutes, about half way through Pulumi will lose access to the S3 bucket backend, and then it gets all sorts of confused. Is there any way to launch asynchronous deployments with a non-SaaS backend? With CloudFormation, it submits the stack to AWS and runs asynchronously, so your token only needs to be valid for the length of time it takes to run
    CreateStack
    or
    UpdateStack
    . I'm kind of hoping for something similar for Pulumi.
    b
    l
    • 3
    • 5
  • a

    able-crayon-21563

    01/28/2020, 9:22 AM
    To anyone wondering how to generate a CA certificate using Pulumi (e.g. to configure a cert-manager CA issuer), here’s an example: https://gist.github.com/EronWright/81d0d016f4fb766074d59e863f132c67
  • a

    able-crayon-21563

    01/28/2020, 9:23 AM
    Am new to Pulumi and am delighted at the potential for developing reusable components, e.g. with
    pulumi.ComponentResource
    .
  • f

    faint-motherboard-95438

    01/28/2020, 10:35 AM
    Hi there, I have a problem with an apiVersion compatibility I can’t find a solution for. I have an
    Ingress
    in my clusters which was working fine before but now when I create/update I got an error like :
    error: creation of resource […] failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind “Ingress” in version “networking.k8s.io/v1beta1”
    I create the resource like
    new pulumi_kubernetes.networking.v1beta1.Ingress()
    I tried to switch to `pulumi_kubernetes.networking.v1.Ingress`but I got a type error that
    Ingress
    does not exist in
    networking.v1
    My versions : “@pulumi/kubernetes”: “1.4.1", “@pulumi/pulumi”: “1.9.0", kubectl version : Client Version: version.Info{Major:“1”, Minor:“17", GitVersion:“v1.17.2”, GitCommit:“59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:“clean”, BuildDate:“2020-01-23T14:21:54Z”, GoVersion:“go1.13.6”, Compiler:“gc”, Platform:“darwin/amd64”} Server Version: version.Info{Major:“1", Minor:“13+“, GitVersion:“v1.13.11-gke.14”, GitCommit:“56d89863d1033f9668ddd6e1c1aea81cd846ef88", GitTreeState:“clean”, BuildDate:“2019-11-07T19:12:22Z”, GoVersion:“go1.12.11b4”, Compiler:“gc”, Platform:“linux/amd64”} I suppose that’s a problem between pulumi packages version and the kubernetes server api but I can’t find a match between them both now. I also tried to downgrade
    @pulumi/kubernetes
    without any success.
    s
    • 2
    • 8
  • b

    bitter-dentist-28132

    01/28/2020, 2:29 PM
    is there a way to do a thing after a kubernetes deployment has successfully deployed? e.g. make http requests against the now-up server?
    g
    • 2
    • 2
  • b

    boundless-monkey-50243

    01/28/2020, 4:11 PM
    Any ETA on the next release? We're waiting on FireLens support for ECS.
    b
    m
    • 3
    • 2
  • s

    sparse-intern-71089

    01/28/2020, 4:29 PM
    This message was deleted.
    n
    • 2
    • 2
  • m

    many-lock-25065

    01/28/2020, 7:23 PM
    Few questions about naming resources: • Am I correct in understanding that the resource name must be unique throughout the program for any resource, not just a resource of that kind? • What can go wrong if we don't? • Do you have any recommended best practices for naming? (e.g.
    <type>-<name>
    ?)
    g
    • 2
    • 8
  • s

    stocky-student-96739

    01/28/2020, 7:41 PM
    Hi, I’m looking to move my team from the legacy pay-per-stack model to the new unlimited stack model, but not all of my Github org users are Pulumi users. Is there a way to configure the number of users that Pulumi bills for under the unlimited stack billing model?
    s
    w
    c
    • 4
    • 5
  • m

    many-lock-25065

    01/28/2020, 7:55 PM
    Is there a way to get the organization within a pulumi program? (We're using stack references, and it helps for testing things.)
  • g

    gentle-bird-84737

    01/28/2020, 8:20 PM
    Hypothetically if I wanted to install in a truly airgapped environment but still gain the benefits of pulumi.com, could I host a central pulumi.air-gapped-dns.internal?
    g
    • 2
    • 3
  • f

    fresh-daybreak-17893

    01/28/2020, 10:29 PM
    What is the officially supported (or at least most commonly recommended) way of downgrading the Pulumi command line tool? Motivation for asking: my team has been hit by the defect addressed in https://github.com/pulumi/pulumi/pull/3798. We would like all team members to have
    pulumi preview
    working on their workstations. This isn't currently the case since some team members have already upgraded to 1.9.1, which is the version exhibiting the unwanted behavior, while some others are on 1.8.1 which still works for our use case.
    g
    w
    • 3
    • 3
  • f

    fresh-daybreak-17893

    01/28/2020, 10:29 PM
    My reading of the docs at https://www.pulumi.com/docs/get-started/install/ suggests that those needing to downgrade should
    rm
    the
    ~/.pulumi
    directory, download the 1.8.1 tarball from https://www.pulumi.com/docs/get-started/install/versions/ then extract the tarball and put extracted binaries somewhere on $PATH. Is there anything else we should watch out for?
  • c

    colossal-ram-89482

    01/29/2020, 12:31 AM
    Other than experimentation, how can I tell which resources are auto-named by default? (Repost due to no response last time around.)
    g
    • 2
    • 4
  • s

    silly-dusk-21491

    01/29/2020, 11:24 AM
    Hello everybody! Would you have any updates on this feature request: https://github.com/pulumi/pulumi/issues/2307? We are looking for some elegant way to load defaults from the template?
    w
    • 2
    • 6
  • a

    ambitious-crayon-56788

    01/29/2020, 4:41 PM
    Hi. I'm attempting to create an Azure
    ZipBlob
    resource, but without the blob that was previously created being deleted after every run of
    pulumi up
    . Each blob is uniquely named. I have discovered
    CustomResourceOptions
    , and from those options I've used
    deleteBeforeReplace: false
    , assuming this would stop to resource being deleted before it was replaced. However, this is not the case, and the blob previously created by the Pulumi resource is still deleted. How can I keep blobs previously created by the Pulumi resource?
    const zipBlob = new azure.storage.ZipBlob("storageBlob", {
    	name: `MyApp.${version}.zip`,
        storageAccountName: storageAccount.name,
        storageContainerName: storageContainerForReleases.name,
        type: "block",
        content: new pulumi.asset.FileArchive("MyFileArchive"),
    }, {
    	deleteBeforeReplace: false
    });
    I have also tried to use the
    CustomResourceOptions
    of
    protect
    , but this caused the
    pulumi up
    operation to fail because Pulumi still tries to delete the resource, but can't because of the protection.
  • t

    thankful-optician-22583

    01/29/2020, 5:04 PM
    Hey guys I have a genuine question about pulumi and cicd, I currently use gitlab + pulumi and I was wondering how do you guys handle rollbacks, with your deploy. In helm, this is abit more straight forward. Have you guys come up with a good solution to this problem? Specifically with k8s. just an open discussion in a thread would be great.
    👍 6
    m
    g
    • 3
    • 5
  • c

    cuddly-australia-15715

    01/29/2020, 8:20 PM
    Hello I was wondering how I could reference an already existing role in aws without creating one in the typescript aws module.
  • c

    cuddly-australia-15715

    01/29/2020, 8:23 PM
    I tried to use the getRole data source but it seems like using its assumeRolePolicy with the role constructer creates a role in aws
    h
    • 2
    • 2
  • a

    adventurous-park-10099

    01/29/2020, 8:37 PM
    Is there any way to reference terraform state as an input to pulumi? I’m looking at a model where I spin up a minimum infrastructure with terraform and then run pulumi in that infra to plug other components onto it on demand, but to do that I need to know the IDs of everything I’m hooking up to (I can export values and pass them in, but I’m wondering if there’s a more convenient way)
    g
    • 2
    • 2
  • c

    cold-motorcycle-78950

    01/30/2020, 12:40 PM
    In the pulumi docs, I’ve seen “name”, “logical name”, and “resource_name” all used apparently interchangeably (see https://www.pulumi.com/docs/intro/concepts/programming-model/#resources , https://www.pulumi.com/docs/intro/concepts/programming-model/#urns ) which is confusing me and my team when we’re talking about these entities. Is one of these monikers preferred over the others?
    g
    • 2
    • 6
  • c

    calm-parrot-97479

    01/30/2020, 12:49 PM
    Can somebody explain to me options for storing state for Pulumi. I did not find much answers in documentation. It just said either locally or on pulumi server. Terraform obviously has an option to use storage account, ARM does not require it at all. So what are the free, selfhosted options of using Pulumi? Hosting state locally obviously is not a solution since no teams are exactly 1 person.
    b
    b
    • 3
    • 3
  • b

    bitter-dentist-28132

    01/30/2020, 3:18 PM
    can pulumi do automated rollbacks yet?
    ❤️ 1
    g
    t
    +2
    • 5
    • 22
Powered by Linen
Title
b

bitter-dentist-28132

01/30/2020, 3:18 PM
can pulumi do automated rollbacks yet?
❤️ 1
g

green-school-95910

01/30/2020, 5:34 PM
Look at Calvin's message from yesterday https://pulumi-community.slack.com/archives/C84L4E3N1/p1580317469279500
❤️ 1
b

bitter-dentist-28132

01/30/2020, 5:37 PM
thanks!
❤️ 2
t

thankful-optician-22583

01/30/2020, 6:13 PM
Guys this is what I did to handle rollback, I first create an output object called
export const appTag ='your image tag';
before I run pulumi update, I query the output file like this
export PREV_APP_TAG=$(pulumi stack output -j | jq '.appTag')
And then if my update fails, i set this
pulumi config set app:tag $PREV_APP_TAG
and then run a pulumi update again.
💯 1
g

green-school-95910

01/30/2020, 6:15 PM
And you put the commit sha/git tag on that?
❤️ 1
t

thankful-optician-22583

01/30/2020, 6:16 PM
yes exactly @green-school-95910
g

green-school-95910

01/30/2020, 6:17 PM
Clever! Never though of using the output as a flag for successful completion. Way shorter than my solution.
❤️ 1
t

thankful-optician-22583

01/30/2020, 6:21 PM
fam this discussion is good thanks
b

big-caravan-87850

01/30/2020, 6:32 PM
this works for rolling back when only the image changes. does anyone have suggestions for how to handle k8s objects (configmaps, services, etc) changing?
g

green-school-95910

01/30/2020, 6:33 PM
In this case my solution works, it is more general as it uses just git and the platform, I mentioned in the other thread that I linked above
💯 1
Essentially is a script to be run on errors of the pipeline that finds the last successful before the current and starts a new one at that commit
😛artypus-8bit: 1
b

big-caravan-87850

01/30/2020, 7:35 PM
that makes sense. our setup is a bit different. we have multiple pulumi programs in a single git repo and only deploy the programs that have changed -- either a new image (application change) or pulumi code (k8s change) . right now we are thinking of having a stage at the end of each pipeline that allows you to deploy any of the apps in our repo. you normally wouldn't run anything in this stage as it is only for rollbacks and it would only be available for certain users. if you need to roll back you would just go the previous job and invoke the pulumi up step in the stage mentioned above on any applications you want to roll back. its a manual process right not but it's fairly easy to implement.
g

gentle-diamond-70147

01/30/2020, 8:30 PM
More generally - Pulumi does not support rollback, but we advocate for roll forward by reverting to a previous commit/config and then doing a subsequent
up
to achieve rollback. More explanation is at https://www.pulumi.com/docs/troubleshooting/faq/#does-pulumi-support-automatic-rollback-in-the-event-of-an-error-or-failure.
b

bitter-dentist-28132

01/30/2020, 10:19 PM
@gentle-diamond-70147 so pulumi's opinion is that rollbacks should be manual?
g

green-school-95910

01/30/2020, 10:26 PM
IMHO a rollback command would do more harm than good. The environment that it is running in might be the cause of the failure, rolling back from it could be impossible and make the problem worse. For example, if the breaking change was a credential change that is missing some permissions (permission to create and update but not to delete for example) a recreated resource would fail both ways.
Even with systems/platforms that have it (helm or kubernetes deployment) I prefer to use a script to rerun the last successful job instead of rolling back from current state
b

bitter-dentist-28132

01/31/2020, 7:55 PM
The re-running the last job kinda makes sense to me; IIRC in gitlab, when you re-run a job, you're re-running it with the variables that were defined when the job first ran. So you avoid the problem you describe of mismatched credentials (provided they haven't expired, of course).
g

gentle-diamond-70147

01/31/2020, 8:05 PM
@bitter-dentist-28132 re: your question from yesterday, I would put it as "the decision to rollback should be manual". Generally you will want to review what happened before automatically proceeding with a rollback. The changes to achieve the rollback can be automated by doing the roll forward as I described.
I hope that distinction makes sense. :)
b

bitter-dentist-28132

01/31/2020, 8:10 PM
@gentle-diamond-70147 i definitely get the distinction, though if you're relying on manual rollback, aren't you potentially leaving your stack in an inconsistent / unusable state?
i guess a more broad question would be, how do you ensure you don't break prod?
g

gentle-diamond-70147

01/31/2020, 8:13 PM
Potentially, yes, it could be left in an inconsistent/unusable state. Automatic rollback could could also make an inconsistent/unusable state even worse, hence the recommendation for a human to review what caused a deployment to fail and then make a decision on what to do next.
i guess a more broad question would be, how do you ensure you don't break prod?
One of our engineers did a talk on exactly that recently! 🙂 https://twitter.com/PulumiCorp/status/1221843815872499713
😮 1
View count: 1