some-chef-79525
05/18/2020, 1:33 PMfamous-jelly-72366
05/18/2020, 1:34 PMlimited-rainbow-51650
05/18/2020, 2:25 PMpulumi login file:///var/pulumi/state
pulumi stack init production --secrets-provider=passphrase
pulumi up --diff --yes
However, in my script, is there a way to have pulumi stack init
not error on the second and subsequent runs? I could silence it with a shell construct, but then I could possibly mask a possible error on the first run.hallowed-rain-9096
05/18/2020, 2:28 PMpulumi stack select -c stack-name
will create it only if it doesn't exist. Would that work?hallowed-rain-9096
05/18/2020, 2:28 PM--secrets-provider
flag as wellhallowed-rain-9096
05/18/2020, 2:28 PMacceptable-stone-35112
05/18/2020, 2:47 PMacceptable-stone-35112
05/18/2020, 3:38 PMbest-lifeguard-91445
05/18/2020, 4:25 PMbest-lifeguard-91445
05/18/2020, 6:07 PMpulumi up
isn't using the profile set in the config?
Pulumi.prod.yaml:
secretsprovider: ....
encryptedkey: ...
config:
aws:profile: prod-pa
aws:region: us-east-1
I get this error:
error: getting secrets manager: secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
status code: 400, request id: 91f0ea5d-cd55-44b0-8f4f-1413547fb896
I can describe the KMS successfully using:
aws kms describe-key --key-id=65500644-e3e5-44be-b3ea-d3928b0af188 --profile=pa-prod
So this makes me think the profile isn't being provided?limited-rainbow-51650
05/18/2020, 6:27 PMuses: <docker://pulumi/actions>
notation? I am using act (https://github.com/nektos/act/) to test my workflows locally and the docker:
notation does not seem to be supported.wonderful-dog-9045
05/18/2020, 8:14 PMrefusing to delete protected resource
, how can i override it or remove the protection? I am trying to do pulumi destroy
because pulumi up
is failing to update the vpc, due to another error.breezy-translator-75142
05/18/2020, 8:55 PMcreateVPCAssociationAuthorization
using Pulumi? Any thoughts/ideas?
https://aws.amazon.com/premiumsupport/knowledge-center/private-hosted-zone-different-account/icy-jordan-58549
05/18/2020, 9:02 PMpulumi
could you please help me with this?
pulumi:pulumi:Stack infra-test1 running... warning: resource plugin kubernetes is expected to have version >=2.2.0, but has 2.2.0-alpha.1589233905+gcf42dd90; the wrong version may be on your path, or this may be a bug in the plugin
faint-motherboard-95438
05/18/2020, 10:13 PMdependsOn
works and if it’s the solution to my problem.
From what I understand here https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson it should properly wait for a previous resource to be available for the one I’m referencing it in.
In my usecase I provision postgresql with an helm chart and my migration service needs to wait in order to connect to it. Unfortunately, having inputs from the chart nor having it explicitly define in the dependsOn
does not make my service wait for all the services in the chart available and of course it fails since the database service is not available yet.
How am I supposed to properly define dependencies when pulumi fails to understand a specific case then ?kind-mechanic-53546
05/19/2020, 7:23 AMdocker.Image
but I cannot get it to pass it decrypted
Definition: _export_ const sec = pulumiConfig.requireSecret("secKey");
I've tried pulumi.all([sec]).apply(([secString]) => { return { ARG_NAME: secString }; });
and { ARG_NAME: sec.apply(v=>v) }
Neither of these works, the value is always either [secret]
or Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output...
For what it's worth, pulumi.all
works fine on a secret imported from another stack using a StackReferencebillowy-jackal-69220
05/19/2020, 7:54 AMpreview
stage to feed that into up
or is there any other way to implement a review stage in CI without the posibility of a drift in the infrastructure in the mean time?limited-carpenter-34991
05/19/2020, 8:23 AMbest-hospital-12760
05/19/2020, 11:01 AMpulumi.yaml
and pulumi-stackname.yaml
.
starting a thread so I don't turn general into pastebin 😄millions-furniture-75402
05/19/2020, 2:03 PM@pulumi/
recursively, so even if I specify pulumi.runtimeDependencies
in package.json, they’ll be removed.
• https://www.pulumi.com/docs/tutorials/aws/serializing-functions/#determining-the-appropriate-node-modules-packages-to-include-with-a-lambda
• https://github.com/pulumi/pulumi/blob/master/sdk/nodejs/runtime/closure/codePaths.ts#L296-L300
Being able to run the lambda with the mysql provider would be preferred, but it seems I’m forced to look into other possible solutions, which are more complex.
Other Possible Solutions:
1. Publish a lambda with an external tool, and call it as an existing lambda with pulumi (messy, requires more than pulumi up
).
2. Use mysql nodejs package to create the database (that stinks, I have a MySQL provider).
3. In addition to GitHub Actions, use AWS Code Services so the pipeline can run in the VPC (redundant).
4. Run either a mysql, or pulumi container in fargate that can provision the databases (seems like a lot more infra and complexity to create databases).
Maybe I’m missing something obvious here. Hoping someone can shed some light on how I should approach this problem, and maybe other opportunities I’ve overlooked. Thanks, loving Pulumi so far!big-potato-91793
05/19/2020, 4:03 PMnode-pre-gyp WARN Using needle for node-pre-gyp https download
node-pre-gyp WARN Pre-built binaries not installable for grpc@1.24.2 and node@12.16.3 (node-v72 ABI, glibc) (falling back to source compile with node-gyp)
node-pre-gyp WARN Hit error bad download
gyp WARN EACCES current user ("pulumi") does not have permission to access the dev dir "/root/.cache/node-gyp/12.16.3"
That increase the deployment time. I’m using the latest pulumi container image… any idea?best-lifeguard-91445
05/19/2020, 5:36 PMbreezy-hamburger-69619
05/19/2020, 7:01 PMlimited-carpenter-34991
05/19/2020, 7:28 PMbest-lifeguard-91445
05/19/2020, 7:41 PMreturn new awsx.ecs.EC2Service("myservice", {
cluster,
subnets: service.subnets,
taskDefinitionArgs: {
vpc,
networkMode: "awsvpc",
containers: [
"myContainer": { image: '...',
networkListener = {
port: 80,
sslPolicy: 'ELBSecurityPolicy-TLS-1-2-Ext-2018-06'
}
}
],
}
...
}
echoing-breakfast-73834
05/19/2020, 9:01 PM--code-path "/some/path"
argument? Didn't see one in the docs.bland-shoe-75993
05/19/2020, 11:04 PMvictorious-gigabyte-4729
05/20/2020, 5:49 AMpulumi config refresh
to pull the config down from Pulumi - or maybe pulumi config set
for every value in the config from environment variables.
Are there any other approaches?agreeable-machine-73141
05/20/2020, 6:43 AMOutput<string>
variable? I retrieve the region as type Output<string>
which I want to use as prefix in the bucket name. I want to either convert it to string
or use the Output<string>
directly in the bucket creation. I tried the apply
and interpolate
syntax but I can’t figure out how to use correctly.
const region = pulumi.output(aws.getRegion()).name;
`const devDataBucket = new aws.s3.Bucket(${region}-dev-data
);`
Appreciate the help!full-dress-10026
05/20/2020, 3:13 PMcoalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
coalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
full-dress-10026
05/20/2020, 3:13 PMcoalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
coalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>