I am also interested in dynamic provisioners: I expect them to be very useful every now and then on odd tasks, but I am finding it difficult to understand how they work, how they fit into the graph definition model (?) of Pulumi and what the developer workflow is with them. I am trying to code a dynamic provisioner (to build a

#cloud-config

dynamic resource) and my current workflow is that I am just running

pulumi up

over an over again to see what actions Pulumi would like to take. This is a difficult way to work, it is a lot of trial and error without little insight. I would like to try to understand, in detail what resource graph my program is defining so that I can know, for example: • whether the provisioner is correctly registered on the resource, • whether the

create

resource method will be called when the program-defined graph will be compared to the state-stored graph, • if I succeeded in writing the program such that the provisioner is able to modify the properties of the resource (or add to its output). I am aware that there are documents that can help me with this, namely the dynamic resources section in the programming model documentation and the documentation on testing, but... there is quite a lot of information there to absorb. So, my question is this: what is the recommended workflow for developing dynamic providers? Is it possible to learn useful things about the behaviour of my provisioners code without using the

pulumi

command?

Is there any reason we couldn’t upgrade the default version of typescript that gets installed from the

pulumi new

templates to add typescript 3.8's

export * as ns

syntax?

hi guys, i like what i see with pulumi but i am having an interesting issue: I keep getting

[1/3] Finding Pods to direct traffic to

when in doing a

pulumi up

with my service. the following is my service:

const streamService = new k8s.core.v1.Service(config.appNameStream, {
  metadata: {
    namespace: namespace.metadata.name,
    labels: {
      app: config.appNameStream,
      service: config.appNameStream
    }
  },
  spec: {
    ports: [{name: "grpc", port: 50051}],
    selector: {
      app: config.appNameStream
    }
  }
})

What exactly am i doing wrong?

that error is basically saying that your service doesn’t properly target any pods

hi one more, i am trying to setup kong credentials, but i am unsure what i am doing wrong here. I just cannot access with this setup. I had consumerRef: "develop" as well neither worked.

const kongCustomResourceConsumer = new k8s.apiextensions.CustomResource("developer", {
  apiVersion: "<http://configuration.konghq.com/v1|configuration.konghq.com/v1>",
  kind: "KongConsumer",
  metadata: {
    namespace: namespace.metadata.name
  },
  username: "developer"
});

const kongCustomResourceConsumerKey = new k8s.apiextensions.CustomResource("developer-apikey", {
  apiVersion: "<http://configuration.konghq.com/v1|configuration.konghq.com/v1>",
  kind: "KongCredential",
  metadata: {
    namespace: namespace.metadata.name
  },
  consumerRef: `${kongCustomResourceConsumer.metadata.name}`,
  type: "key-auth",
  config: {
    key: "b362c400-4904-4176-9ae7-74bf03a63619"
  }
});

hello, how can I create a global static address for GKE ingress with Pulumi? gcp.compute.Address requires a region, but what is the equivalent of

gcloud compute addresses create helloweb-ip --global

Hi - I have the postgres helm chart installing fine but I want to wait for it to be fully up and running before I start to run things like migrations - how can i do that?

Any chance https://github.com/pulumi/pulumi-kubernetes/issues/1118 can be given a look at? It’s a bit of a security issue.

Are pulumi stack tags (https://www.pulumi.com/docs/reference/cli/pulumi_stack_tag/) also added as aws tags for each provisioned resource?

How can I get outputs that are nested in some structure?

service.Template.Metadata()

I'm getting an error

applier must have 1 input parameter assignable

I am trying to apply tags automatically as described here: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/#automatically-applying-tags However i get the following error:

Error: The root stack resource was referenced before it was initialized.
        at Object.registerStackTransformation (/home/gsuess/empirica/meteor-deploy/node_modules/@pulumi/pulumi/runtime/stack.js:211:15)

What am I doing wrong?

Hello! What is the correct way to terminate the execution? I found how to send an error with pulumi.error(), but not sure how to exit properly. Should I simply exit with whatever way the language provides me with?

Hi everyone, can we run the same codegen for Istio CRDs? (from https://github.com/pulumi/pulumi-kubernetes) As far as I understood, it can support any OpenAPI, any suggestions on this topic? Thanks

Hello! 👋 Just starting out / testing things, trying to look at existing resources programmatically. Slightly confused on how the getters should work, thanks for your help! Thread ->

I’d be very grateful for help in resolving both a bucket name AND a role arn in a BucketPolicy. My use case closely follows the example given here: https://www.pulumi.com/docs/aws/s3/ Except in the

function publicReadPolicyForBucket

I need access to both the name of the bucket which has just been created created, AND the arn of a role that has just been created. Specifically, my policy needs to look like this (the difference from the example is the

Principal

which in my case needs to interpolate the role, instead of just being

*

function publicReadPolicyForBucket(bucketName: string, roleName: string) {
    return JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: "`${role.arn}`",
            Action: [
                "s3:GetObject"
            ],
            Resource: [
                `arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly
            ]
        }]
    });
}

The error message I get recommends using the

bucket.bucket.apply()

pattern, but I can’t see how this extends to allowing me to interpolate both the bucket name and the role

Hello all! Quick question about pulumi with kubernetes and best practices. If I use pulumi to create a pod in Kubernetes, but also have a service-mesh that is auto-injecting pods, how would I inherit that auto-generated pod in pulumi on creation?

Hello @echoing-match-29901! Where do we send feature suggestions? 😄

Good afternoon everyone! I'm new to Pulumi, and I'm looking for baseline / best practices for organizing stacks within a pulumi project. For example: should I have a "VPC" construct in a separate file, and export the values to be made available elsewhere? I guess I'm looking for a well-architected / modular starter project. (Typescript preferred) or blog/tutorial on organization and modularity.

Based on this doc: https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson I want to get a bit more clarity around

depensdOn

, while I am testing it, it looks like it doesn’t check the health of the dependsOn resource, which means I can’t get

eventual consistency requirement

Is there a quick way for setting secrets in a new stack?

Or perhaps i should write a script for the pulumi cli? 🙂

what is the usage for a security group ingress rule "sourceSecurityGroupId" property?

app_sg.createIngressRule("app_allow_edge_in", {    
    location: { sourceSecurityGroupId: edge_sg.id },
    ports: new awsx.ec2.AllTcpPorts(),
    description: "allow HTTP access from anywhere",
});

This works -- but this doesn't: (doesn't compile)

app_sg.createIngressRule("app_allow_edge_in", {    
    sourceSecurityGroupId: edge_sg.id,
    ports: new awsx.ec2.AllTcpPorts(),
    description: "allow HTTP access from anywhere",
});

error:

No overload matches this call.
  Overload 1 of 2, '(name: string, args: SimpleSecurityGroupRuleArgs, opts?: ComponentResourceOptions | undefined): IngressSecurityGroupRule', gave the following error.
    Argument of type '{ sourceSecurityGroupId: Output<string>; toPort: awsx.ec2.AllTcpPorts; fromPort: awsx.ec2.AllTcpPorts; protocol: string; description: string; }' is not assignable to parameter of type 'SimpleSecurityGroupRuleArgs'.
      Object literal may only specify known properties, and 'sourceSecurityGroupId' does not exist in type 'SimpleSecurityGroupRuleArgs'.ts(2769)

hi all! I've been working on reducing the size of our Docker image and breaking them into language specific images. The github repo is here: https://github.com/jaxxstorm/pulumi-docker and they're on the Docker hub here: https://hub.docker.com/repository/docker/jaxxstorm/pulumi This isn't yet officially support by Pulumi, and you should not use these for anything production related just yet! - the idea is to start gathering feedback for how we might implement this down the line. I'd love people to give these a try where possible and send me feedback. There is an issue open here where this is being discussed https://github.com/pulumi/pulumi/issues/3789#

How do you define '*Service Auto Scaling'* for an ECS service? I see that cluster has a

.createAutoScalingGroup

method -- how do I control the scaling per service?

Is there a way to view a dependency graph of an undeployed stack?

Hello all !

hello! might be a simple question. i'm trying to set a tag on a subnet with an eks cluster name. subnet needs to exist for cluster to be created. how to update a subnet with a new tag?

Hello guys. I have asked this already, just wanted to check if anything has changed. There is a Postgresql Pulumi resource package: https://github.com/pulumi/pulumi-postgresql. How can one provide a cert, a key, and a ca cert to use ssl mode "verify-ca" or "verify-full"? I use Python SDK, but there is a documentation for nodejs https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/postgresql/index.html#ProviderArgs-sslMode. However, I couldn't find any documentation about certificates there.

Just joining, have been using pulumi for awhile though on AWS, DO and lately Azure