https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • i

    icy-london-58403

    02/18/2020, 8:27 AM
    I followed the guide on dynamic providers and I have it working fairly well. I am making a dynamic provider for IPAM (IP Address Management). I've wrapped Netbox with typescript and I my dynamic provider calls my wrapper for CRUD. Everything creates and updates great and everything destroys if I use the
    pulumi destroy
    command. But if I comment out one of my custom resources, it tries to connect to it with default provider values. I pass the provider a token and a url. I can tell by the errors that it is defaulting to localhost port 80 with no token. So it seems the provider doesn't hold onto these values in the state and it needs the code to know these values during deletions. Is this normal behaviour or is there something I can do to enhance my setup?
    • 1
    • 5
  • h

    handsome-actor-1155

    02/18/2020, 2:50 PM
    Looking at your backlog, I saw: • Overhaul
    cloud
    for true cross-cloud infrastructure definition This seems really exciting and I'm just curious to what level you're wanting to take it? A single
    cloud
    provider for all common cloud components like k8s, storage, compute, etc? If so, that seems like it would be a game changer
  • l

    loud-whale-26029

    02/18/2020, 4:12 PM
    Hello Everyone, Im having an issue when trying to deploy a new HorizontalPodAutoscaler. we are using Aws EKS version 1.14.7. I have imported the library '@pulumi/kubernetes/autoscaling/v2beta2' and also at the class definition I stated the desired apiVersion ('autoscaling/v2beta2'). The deploy succeeded but when im examining the result, i notice that the apiVersion used is autoscaling/v1, But ... at the metadata section I can see that the last applied configurations gets the correct configuration. any suggestions on why it happens would be appreciated.
    g
    • 2
    • 3
  • l

    limited-rainbow-51650

    02/18/2020, 4:16 PM
    Call to Pulumi (the company) to have this issue fixed: https://github.com/pulumi/pulumi/issues/3747 As a company using Pulumi (the product) for our end customers, I work with the different Pulumi state setups of our customers. But the need to login/logout each time prevents me from running Pulumi concurrently for multiple customers. As a result, Pulumi (the product) decreases my productivity at the moment. 😢
    q
    • 2
    • 3
  • c

    cool-egg-852

    02/18/2020, 5:04 PM
    Does pulumi need any specific configuration to be able to create a pubsub topic in GCP? Trying to figure out why only topics are not able to be created but the serviceaccount I use can do everything else. It has the owner role.
    g
    • 2
    • 13
  • t

    thankful-gpu-3329

    02/18/2020, 6:54 PM
    Hey all
  • t

    thankful-gpu-3329

    02/18/2020, 6:54 PM
    message has been deleted
    👋 2
  • t

    thankful-gpu-3329

    02/18/2020, 6:55 PM
    I'm trying to use
    pulumi login <gs://name-of-my-relevant-bucket>
    but am running into issues. I created a new service account and have set
    GOOGLE_CREDENTIALS
    with the contents of the associated/generated key in my shell, but the cli is still showing the same warning it was prior to creating the service account.
    b
    • 2
    • 5
  • t

    thankful-gpu-3329

    02/18/2020, 6:55 PM
    warning: Pulumi will not be able to print a statefile permalink using these credentials. Neither a GoogleAccessID or PrivateKey are available. Try using a GCP Service Account.
    Logged into MBBlack.local as joeyfigaro (<gs://grpc-dummy-stuff-stack>)
  • t

    thankful-gpu-3329

    02/18/2020, 6:58 PM
    Okay, I'm a dope.
  • t

    thankful-gpu-3329

    02/18/2020, 6:58 PM
    Figured it out.
  • t

    thankful-gpu-3329

    02/18/2020, 6:59 PM
    Didn't actually confirm that
    GOOGLE_CREDENTIALS
    had the expected stuff in it. Turns out it didn't. 😛
    😄 1
  • t

    thankful-gpu-3329

    02/18/2020, 6:59 PM
    in my case I had
    export GOOGLE_CREDENTIALS=$(cat .keystuff/name-of-creds.json)
    instead of
    export GOOGLE_CREDENTIALS=$(cat ./keystuff/name-of-creds.json)
  • v

    victorious-xylophone-55816

    02/18/2020, 8:21 PM
    Does the syntax theme that is shown on the Pulumi site exist? I looked everywhere and could not find it.
    g
    c
    • 3
    • 4
  • v

    victorious-xylophone-55816

    02/18/2020, 8:22 PM
    I want it really bad 👀
  • v

    victorious-xylophone-55816

    02/18/2020, 8:27 PM
    (Also, thank you for the Cloud Run provider you launched recently, super huge fan of Cloud Run and the combo of Pulumi + Cloud Run is incredible)
    🎉 3
  • c

    cool-egg-852

    02/18/2020, 10:40 PM
    Is there any way to automatically create the stack when running
    up
    non-interactively?
    g
    g
    w
    • 4
    • 5
  • b

    bright-orange-69401

    02/19/2020, 8:29 AM
    How do you manage multi-step
    Resource
    configuration in Pulumi ? I'm trying to set up an SSO between Okta and AWS using Pulumi, and that requires 3 steps with 2
    Resources
    : 1. Create
    <http://okta.App|okta.App>
    which generates metadata 2. Inject metadata and create
    aws.iam.IdentityProvider
    , which has an ARN 3. Inject
    IdentityProvider
    ARN back into the
    <http://okta.App|okta.App>
    Resource created in step 1 I'm trying to pack this logic into a
    Component
    but I struggle with step 3: can't seem to update a
    Resource
    as part of a
    Component
    Also tried using
    _import
    but there's an URN conflict because the imported resource (step 3) would actually be the same as step 1... Should I try creating a Dynamic Provider for that ? Can't it be done natively ?
    i
    • 2
    • 7
  • q

    quiet-painter-30539

    02/19/2020, 1:16 PM
    I'm new to Pulumi. Is there some way for Pulumi to wait a resource to be completely ready before querying information about the resource? I need to create AWS EKS and then to query the AWS EKS's vpc_config but there is a piece of information that is not available until AWS has completely created the EKS (the master plane security group).
    l
    f
    • 3
    • 32
  • b

    better-rainbow-14549

    02/19/2020, 1:42 PM
    i need to be able to throw an error during the preview step if a particular image tag doesn't exist in a particular docker repo so that we can reject a pull request which will ultimately fail. can anybody suggest a good way of doing this? is it going to be a matter of writing a dynamic provider?
    l
    g
    i
    • 4
    • 18
  • c

    calm-quill-21760

    02/19/2020, 7:38 PM
    I've read and re-read about Output types but it's still not clicking for me. I'm trying to create an array, but keep getting the error about o.apply.
    let vpcList = vpcConfig.map(entry => {
            return new aws.ec2.Vpc(entry.name, {cidrBlock: entry.cidrBlock, tags: {Name: entry.name}});
        });
    
        let vpcNameToId: { [index: string]: any } = {};
        for (let vpc of vpcList) {
            // create a lookup
            const vpcName = vpc.tags.apply(v => v?.Name ?? null);
            vpcName.apply(theName => {
                console.log("Applying " + theName + "=" + vpc.id.apply(v => `${v}`));
                // vpcNameToId[theName] = vpcId;
            });
        }
    Results in:
    Applying vpc0=Calling [toString] on an [Output<T>] is not supported.
        To get the value of an Output<T> as an Output<string> consider either:
        1: o.apply(v => `prefix${v}suffix`)
        2: pulumi.interpolate `prefix${v}suffix`
        See <https://pulumi.io/help/outputs> for more details.
        This function may throw in a future version of @pulumi/pulumi.
    g
    w
    • 3
    • 18
  • i

    icy-london-58403

    02/19/2020, 9:10 PM
    is there an RSS feed for changelog on pulumi? I'd love to subscribe it to my slack
    b
    • 2
    • 6
  • b

    better-actor-92669

    02/20/2020, 9:40 AM
    Hi guys! I want to use this module https://github.com/pulumi/pulumi-postgresql to create roles and grants for GCP CloudPostgre Instances. My SDK is Python and I use
    pulumi-gcp
    module to create a CloudSQL DB Instance https://github.com/pulumi/pulumi-gcp/blob/master/sdk/python/pulumi_gcp/sql/database_instance.py. Since
    pulumi-postgresql
    connects to an instance similarly to pgsql, I define
    PGHOST
    ,
    PGUSER
    , and
    PGPASSWORD
    during Pulumi runtime. Since the CloudSQL Instance is created via the same execution, I define dependencies like:
    opts=ResourceOptions(
                    depends_on=[cloud_pgsql_main_1],
                ),
    Nevertheless, it doesn't seem to work as it tries to connect to the instance immediately, however the instance is obviously not ready, and
    pulumi up
    fails. Do you think it is possible that two separate modules
    pulumi-gcp
    and
    pulumi-postgresql
    do not appropriately share dependencies during runtime?
    l
    • 2
    • 11
  • q

    quiet-wolf-18467

    02/20/2020, 11:14 AM
    Don't suppose someone could help me out with my issue, please? https://github.com/pulumi/pulumi/issues/3919
    g
    • 2
    • 1
  • b

    bitter-dentist-28132

    02/20/2020, 5:42 PM
    i was using pulumi last year to deploy a project, and i was doing
    pulumi.runtime.listResourceOutputs(k8s.apps.v1.Deployment.isInstance)
    to collect information about the currently-deployed deployments. that project was shelved, and when i came back to it recently i discovered that it no longer works. i see that signature now asks for a type, so I gave it
    k8s.apps.v1.Deployment
    but it still fails. does anyone know why this might be?
  • s

    stocky-student-96739

    02/20/2020, 5:58 PM
    ohai, I submitted a Pulumi Support/Contact request like 2-3 weeks ago because I’m interested in migrating our org to the new billing model w/unlimited stacks, but I haven’t yet heard from a Pulumi rep. What do?
    t
    • 2
    • 1
  • i

    incalculable-portugal-13011

    02/20/2020, 6:31 PM
    hey all, having trouble getting an ecs service definition to work using pulumi/awsx in js. my service definition looks like:
    let appVpc = aws.ec2.getVpc({id: "my-vpc-id"});
    
    const webServerLoadBalancer = new awsx.lb.ApplicationLoadBalancer("web-server-lb-" + userEnv, {
        securityGroups: [],
        vpc: appVpc,
        subnets: ["subnet-1", "subnet-2", "subnet-3"]
    });
    
    const webServerLoadBalancerListener = webServerLoadBalancer.createListener("ws-https-" + userEnv, {
        port: 443,
        protocol: "HTTPS",
        certificateArn: "my-cert-arn"
    });
    
    const webServerLoadBalancerRedirectToHttpsListener = webServerLoadBalancer.createListener("ws-redirect-to-https", {
        port: 80,
        protocol: "HTTP",
        defaultAction: {
            type: "redirect",
            redirect: {
                protocol: "HTTPS",
                port: "443",
                statusCode: "HTTP_301"
            }
        }
    });
    
    const webServerCluster = new awsx.ecs.Cluster("web-server-" + userEnv, {
        securityGroups: ["sg-1"],
        vpc: appVpc
    });
    
    const webServerFargateService = new awsx.ecs.FargateService("web-server-" + userEnv, {
        cluster: webServerCluster,
        networkConfiguration: {
            subnets: ["subnet-1", "subnet-2", "subnet-3"]
        },
        taskDefinitionArgs: {
            containers: {
                webServer: {
                    image: "my-org/web-server:" + userEnv,
                    portMappings: [
                        webServerLoadBalancerListener
                    ],
                    healthCheck: {...healthCheckArgs}
                }
            }
        }
    });
    the error I’m receiving is that
    error: aws:ecs/service:Service resource 'web-server-dev' has a problem: "network_configuration.0.subnets": required field is not set
    , which doesn’t make sense to me. per the docs, I’m setting the
    networkConfiguration
    property of the service, and I’m tried both wrapping that property in an array and as an object. no dice either way. any thoughts?
  • a

    able-zoo-58396

    02/20/2020, 8:18 PM
    Hi all. I'm struggling with something that seems like a pretty simple variation on an example from the docs. I'd appreciate any help if you see where I'm going wrong. I'm trying to create a "Fire & Forget" task using a CloudWatch event and a FargateTaskDefinition. I'm basing my attempt on this example: https://www.pulumi.com/docs/guides/crosswalk/aws/ecs/#running-fire-and-forget-tasks So, here's what I have:
    // create  cluster
    const cluster = new awsx.ecs.Cluster(`cluster`, {
      name: `demo-cluster`
    });
    
    // create image
    const img = awsx.ecs.Image.fromDockerBuild(`image`, {
      context: './app',
    });
    
    // create task
    const task = new awsx.ecs.FargateTaskDefinition(`task`, {
      container: {
        image: img,
        memoryReservation: 2048
      }
    });
    
    // create the cloudwatch event and lambda function using the "onSchedule" helper function
    aws.cloudwatch.onSchedule(`task-schedule`, 'rate(5 minutes)',
      async (req) => {
        // run the task in our cluster
        const result = await task.run({cluster});
        return { statusCode: 200, body: "OK" };
      }
    );
    Everything seems to build and deploy to AWS correctly. I see the Lambda function, CloudWatch event, logs, task definition, etc. It's all there and linked up. And when I look at my CloudWatch logs for that Lambda function, I see that it's attempting to run every 5 minutes. However, I'm getting this error when it runs:
    {
      "errorType": "Runtime.ImportModuleError",
      "errorMessage": "Error: Cannot find module '@pulumi/awsx/ecs/index.js'\nRequire stack:\n- /var/task/__index.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js",
      "stack": [
        "Runtime.ImportModuleError: Error: Cannot find module '@pulumi/awsx/ecs/index.js'",
        "Require stack:",
        "- /var/task/__index.js",
        "- /var/runtime/UserFunction.js",
        "- /var/runtime/index.js",
        "    at _loadUserApp (/var/runtime/UserFunction.js:100:13)",
        "    at Object.module.exports.load (/var/runtime/UserFunction.js:140:17)",
        "    at Object.<anonymous> (/var/runtime/index.js:43:30)",
        "    at Module._compile (internal/modules/cjs/loader.js:955:30)",
        "    at Object.Module._extensions..js (internal/modules/cjs/loader.js:991:10)",
        "    at Module.load (internal/modules/cjs/loader.js:811:32)",
        "    at Function.Module._load (internal/modules/cjs/loader.js:723:14)",
        "    at Function.Module.runMain (internal/modules/cjs/loader.js:1043:10)",
        "    at internal/main/run_main_module.js:17:11"
      ]
    }
    During the Pulumi "magic" of packaging and building the Lambda handler, it looks like it's telling Lambda to look for some Pulumi modules that aren't installed. Any ideas on why this is happening? Thank you, thank you!!
  • a

    able-zoo-58396

    02/20/2020, 8:29 PM
    Okay, I'm refining my previous issue with what I've learned. The problem seems to be when I reference the
    task
    in the Lamdba callback that I'm creating with
    onSchedule
    . So, this DOES work:
    const task = new awsx.ecs.FargateTaskDefinition(`task`, {
      container: {
        image: img,
        memoryReservation: 2048
      }
    });
    
    aws.cloudwatch.onSchedule(`task-schedule`, 'rate(5 minutes)',
      async (req) => {
        console.log('Is this thing on?')
        return { statusCode: 200, body: "OK" };
      }
    );
    But as soon as I reference the
    task
    in the callback, I get errors about missing modules. Even if I'm not trying to run the task:
    aws.cloudwatch.onSchedule(`task-schedule`, 'rate(5 minutes)',
      async (req) => {
        console.log(task); // just try to log the object -- don't even try to run it
        return { statusCode: 200, body: "OK" };
      }
    );
    This is the error that Lambda throws when it tries to run the callback:
    {
        "errorType": "Runtime.ImportModuleError",
        "errorMessage": "Error: Cannot find module '@pulumi/awsx/ecs/index.js'\nRequire stack:\n- /var/task/__index.js\n- /var/runtime/UserFunction.js\n- /var/runtime/index.js",
        ...
    }
    So, it seems like is's an issue with how Pulumi is packaging the Lambda function, right? I'll add that the container image doesn't contain any references to Pulumi or dependencies, so the error probably isn't related to the image. I'm using the same image on other Fargate Services created by Pulumi, and it's running fine.
  • i

    incalculable-portugal-13011

    02/20/2020, 10:46 PM
    is there any way to use an existing ecr image with awsx fargate? the awsx container definition expects for the
    image
    property something that implements
    ContainerImageProvider
    , but there’s no way in
    awsx.ecr
    to actually pull an existing image – only to create one via
    buildAndPushImage
    . if I use
    aws.ecr.getImage
    , it returns a
    getImageResult
    which is incompatible as it doesn’t implement
    ContainerImageProvider
    r
    • 2
    • 7
Powered by Linen
Title
i

incalculable-portugal-13011

02/20/2020, 10:46 PM
is there any way to use an existing ecr image with awsx fargate? the awsx container definition expects for the
image
property something that implements
ContainerImageProvider
, but there’s no way in
awsx.ecr
to actually pull an existing image – only to create one via
buildAndPushImage
. if I use
aws.ecr.getImage
, it returns a
getImageResult
which is incompatible as it doesn’t implement
ContainerImageProvider
r

rhythmic-camera-25993

02/21/2020, 2:21 AM
you can always pass in a string image name, which is what I do for my own fargate deployments. my other CI builds and pushes the images, so when I deploy I just pass in the image name to set on the task definition.
i

incalculable-portugal-13011

02/21/2020, 7:16 PM
it seems to be attempting to pull that from docker hub, as opposed to my ecr registry
perhaps because I appended a tag to the image name?
r

rhythmic-camera-25993

02/21/2020, 7:21 PM
no, that's because you need the fully-qualified image name. image names are of the form
[REPO]/image[:TAG]
, where the repo and the tag are optional. If no repo is specified, the public docker hub is assumed. Here you need to provide the full ECR repo path
i

incalculable-portugal-13011

02/21/2020, 7:33 PM
yep makes sense
thanks so much for the help, really appreciate it
r

rhythmic-camera-25993

02/21/2020, 7:35 PM
sure thing, good luck!
View count: 3