Thanks

I am trying to destroy my stack and I am running into a weird error (on AWS, stack provisioned EKS):

Deleting urn:pulumi:aws-eks-validationm::aws-eks-validation::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::my-cluster-eksClusterInternetEgressRule: No security group with ID "sg-0a887d22a0e34ccc4"

What are my options from here?

For AWS I have created a stack in us-east-1 and then changed region to us-east-2. I am getting the following errors on pulumi refresh:

Preview failed: refreshing urn:pulumi:aws-eks-validationm::aws-eks-validation::aws:s3/bucket:Bucket::my-bucket: error reading S3 Bucket (my-bucket-50e001c): BucketRegionError: incorrect region, the bucket is not in 'us-east-2' region at endpoint ''

How do I recover from this?

Woudnt that stacks state then be for us-east-1? You would want to create a new stack

Inside a GitHub Action I'm now getting this error here:

error: could not load plugin for azure provider 'urn:pulumi:incidentdev::azure-incidents::pulumi:providers:azure::default_2_5_0_alpha_1586239871': no resource plugin 'azure-v2.5.0-alpha.1586239871' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource azure v2.5.0-alpha.1586239871`

Just before that however it is installing the correct azure plugin based on our package.json

Logged into 5a66626ce332 as root (***)

> @pulumi/azure@3.4.0 install /github/workspace/node_modules/@pulumi/azure
> node scripts/install-pulumi-plugin.js resource azure v3.4.0

[resource plugin azure-3.4.0] installing

Downloading plugin: 0 B / 47.81 MiB    0.00%
Downloading plugin: 86.06 KiB / 47.81 MiB    0.18% 1m53s
Downloading plugin: 854.06 KiB / 47.81 MiB    1.74% 22s
Downloading plugin: 3.44 MiB / 47.81 MiB    7.19% 7s
Downloading plugin: 12.08 MiB / 47.81 MiB   25.27% 2s
Downloading plugin: 18.15 MiB / 47.81 MiB   37.95% 1s
Downloading plugin: 25.56 MiB / 47.81 MiB   53.46% 1s
Downloading plugin: 32.87 MiB / 47.81 MiB   68.74%
Downloading plugin: 40.58 MiB / 47.81 MiB   84.88%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00%
Downloading plugin: 47.81 MiB / 47.81 MiB  100.00% 2s
Moving plugin... done.

Locally we've updated to the latest pulumi version already.

I am having fun with pulumi already.. but how can I just push a docker image to ECR on its own.

Hello. I am new to Pulumi Python. I have a small query. How do I search for existing subnets from a VPC and then choose a particular Subnet to the EC2 in the pulumi code? Currently I have to login to the console and then get the Subnet ID from there.

hi, I have a package that depends on @pulumi/aws 2.1.0 and @pulumi/random 2.1.0, and I'm trying to upgrade @pulumi/aws to 2.2.0 or 2.3.0 - when I do so, running

pulumi up

results in an error:

[09:32:47]  pulumi:providers:random (default_2_2_0):
[09:32:47]   error: no resource plugin 'random-v2.2.0' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource random v2.2.0`

it doesn't seem like upgrading @pulumi/aws should change the random plugin version, and running the install command from the error message results in:

[resource plugin random-2.2.0] installing
error: [resource plugin random-2.2.0] downloading from <https://api.pulumi.com/releases/plugins>: 404 HTTP error fetching plugin from <https://api.pulumi.com/releases/plugins/pulumi-resource-random-v2.2.0-darwin-amd64.tar.gz>

anyone else seen this problem?

👋 Hi everyone, I'm new to Pulumi and I am trying to figure out if there is a way to prevent sensitive property values from being saved in the backend state (such as by only storing a cryptographic hash, for example). My use case is that I am trying to setup DigitalOcean droplets in such a way that I can configure them with Ansible without skipping host key checking when connecting to them (

-o StrictHostKeyChecking=no

). One way to achieve this is to generate the Droplet host keys locally on my PC then apply them to the Droplets using the

user_data

droplet property. I could then add the host public keys to the Pulumi stack output and configure Ansible to check the hosts against those public keys when connecting. But, running

pulumi stack export

shows that the original

#cloud-config

file, including the private keys, is being stored in the stack state. Although I understand that the data is encrypted, storing these files is unnecessary and so I would prefer not to store them. Can I tell Pulumi to store the hashes and not the original contents of resource properties? Thank you.

does pulumi play nicely with yarn workspaces? somehow i'm getting quite a few errors

Hey

I have a question about the github actions, how are secrets and configuration values handled inside the github actions? https://github.com/pulumi/actions-example-gke-rails Here there is a few mentions to configurations, but there isn't an indication on where they're passed 🙂

Hi guys! Is it possible to export secrets (config values created with --secret option) in a secure (encrypted) way and import them in another stack by reference? Thx

Hello All! Is there an option to provision an EKS cluster with AWS managed node group (managed by AWS)? E.g., similar to

eksctl create cluster --managed

?

Hey guys, just discovered Terraform has "connections" and "provisioner". Is there a way to make a VM with Pulumi, and automatically run some commands on said vm? (I can nicely get/use the ip address, but I'm wondering about provisioning)

I am also interested in dynamic provisioners: I expect them to be very useful every now and then on odd tasks, but I am finding it difficult to understand how they work, how they fit into the graph definition model (?) of Pulumi and what the developer workflow is with them. I am trying to code a dynamic provisioner (to build a

#cloud-config

dynamic resource) and my current workflow is that I am just running

pulumi up

over an over again to see what actions Pulumi would like to take. This is a difficult way to work, it is a lot of trial and error without little insight. I would like to try to understand, in detail what resource graph my program is defining so that I can know, for example: • whether the provisioner is correctly registered on the resource, • whether the

create

resource method will be called when the program-defined graph will be compared to the state-stored graph, • if I succeeded in writing the program such that the provisioner is able to modify the properties of the resource (or add to its output). I am aware that there are documents that can help me with this, namely the dynamic resources section in the programming model documentation and the documentation on testing, but... there is quite a lot of information there to absorb. So, my question is this: what is the recommended workflow for developing dynamic providers? Is it possible to learn useful things about the behaviour of my provisioners code without using the

pulumi

command?

Is there any reason we couldn’t upgrade the default version of typescript that gets installed from the

pulumi new

templates to add typescript 3.8's

export * as ns

syntax?

hi guys, i like what i see with pulumi but i am having an interesting issue: I keep getting

[1/3] Finding Pods to direct traffic to

when in doing a

pulumi up

with my service. the following is my service:

const streamService = new k8s.core.v1.Service(config.appNameStream, {
  metadata: {
    namespace: namespace.metadata.name,
    labels: {
      app: config.appNameStream,
      service: config.appNameStream
    }
  },
  spec: {
    ports: [{name: "grpc", port: 50051}],
    selector: {
      app: config.appNameStream
    }
  }
})

What exactly am i doing wrong?

that error is basically saying that your service doesn’t properly target any pods

hi one more, i am trying to setup kong credentials, but i am unsure what i am doing wrong here. I just cannot access with this setup. I had consumerRef: "develop" as well neither worked.

const kongCustomResourceConsumer = new k8s.apiextensions.CustomResource("developer", {
  apiVersion: "<http://configuration.konghq.com/v1|configuration.konghq.com/v1>",
  kind: "KongConsumer",
  metadata: {
    namespace: namespace.metadata.name
  },
  username: "developer"
});

const kongCustomResourceConsumerKey = new k8s.apiextensions.CustomResource("developer-apikey", {
  apiVersion: "<http://configuration.konghq.com/v1|configuration.konghq.com/v1>",
  kind: "KongCredential",
  metadata: {
    namespace: namespace.metadata.name
  },
  consumerRef: `${kongCustomResourceConsumer.metadata.name}`,
  type: "key-auth",
  config: {
    key: "b362c400-4904-4176-9ae7-74bf03a63619"
  }
});

hello, how can I create a global static address for GKE ingress with Pulumi? gcp.compute.Address requires a region, but what is the equivalent of

gcloud compute addresses create helloweb-ip --global

Hi - I have the postgres helm chart installing fine but I want to wait for it to be fully up and running before I start to run things like migrations - how can i do that?

Any chance https://github.com/pulumi/pulumi-kubernetes/issues/1118 can be given a look at? It’s a bit of a security issue.

Are pulumi stack tags (https://www.pulumi.com/docs/reference/cli/pulumi_stack_tag/) also added as aws tags for each provisioned resource?

How can I get outputs that are nested in some structure?

service.Template.Metadata()

I'm getting an error

applier must have 1 input parameter assignable

I am trying to apply tags automatically as described here: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/#automatically-applying-tags However i get the following error:

Error: The root stack resource was referenced before it was initialized.
        at Object.registerStackTransformation (/home/gsuess/empirica/meteor-deploy/node_modules/@pulumi/pulumi/runtime/stack.js:211:15)

What am I doing wrong?

Hello! What is the correct way to terminate the execution? I found how to send an error with pulumi.error(), but not sure how to exit properly. Should I simply exit with whatever way the language provides me with?

Hi everyone, can we run the same codegen for Istio CRDs? (from https://github.com/pulumi/pulumi-kubernetes) As far as I understood, it can support any OpenAPI, any suggestions on this topic? Thanks

Hello! 👋 Just starting out / testing things, trying to look at existing resources programmatically. Slightly confused on how the getters should work, thanks for your help! Thread ->

I’d be very grateful for help in resolving both a bucket name AND a role arn in a BucketPolicy. My use case closely follows the example given here: https://www.pulumi.com/docs/aws/s3/ Except in the

function publicReadPolicyForBucket

I need access to both the name of the bucket which has just been created created, AND the arn of a role that has just been created. Specifically, my policy needs to look like this (the difference from the example is the

Principal

which in my case needs to interpolate the role, instead of just being

*

function publicReadPolicyForBucket(bucketName: string, roleName: string) {
    return JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: "`${role.arn}`",
            Action: [
                "s3:GetObject"
            ],
            Resource: [
                `arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly
            ]
        }]
    });
}

The error message I get recommends using the

bucket.bucket.apply()

pattern, but I can’t see how this extends to allowing me to interpolate both the bucket name and the role