https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • s

    some-chef-79525

    05/18/2020, 1:33 PM
    (I'm trying to deploy to AWS)
  • f

    famous-jelly-72366

    05/18/2020, 1:34 PM
    guess depends on what cloud. in azure there is a location property on most resources, would think AWS has a region property with similar effect?
  • l

    limited-rainbow-51650

    05/18/2020, 2:25 PM
    In an automation setup, I am trying to automate the following sequence with local state backend:
    pulumi login file:///var/pulumi/state
    pulumi stack init production --secrets-provider=passphrase
    pulumi up --diff --yes
    However, in my script, is there a way to have
    pulumi stack init
    not error on the second and subsequent runs? I could silence it with a shell construct, but then I could possibly mask a possible error on the first run.
  • h

    hallowed-rain-9096

    05/18/2020, 2:28 PM
    @limited-rainbow-51650
    pulumi stack select -c stack-name
    will create it only if it doesn't exist. Would that work?
    💯 1
  • h

    hallowed-rain-9096

    05/18/2020, 2:28 PM
    appears that it will work with the
    --secrets-provider
    flag as well
    l
    • 2
    • 3
  • h

    hallowed-rain-9096

    05/18/2020, 2:28 PM
    https://www.pulumi.com/docs/reference/cli/pulumi_stack_select/
  • a

    acceptable-stone-35112

    05/18/2020, 2:47 PM
    One of the main drawbacks of Pulumi is that working with TF after it is not fun anymore
    😛ulumipus-8bit: 2
    ❤️ 3
    😂 9
    g
    w
    • 3
    • 2
  • a

    acceptable-stone-35112

    05/18/2020, 3:38 PM
    Anyone tried deploying Nomad cluster with Pulumi? Any reliable resource to take as example? I need something basic - 3 server nodes, consul can be on same nodes, 10-20 client nodes running containers in batch jobs. Needs to be on Azure
    f
    c
    • 3
    • 6
  • b

    best-lifeguard-91445

    05/18/2020, 4:25 PM
    How do you guys manage environment variables within your stacks? For example, I need to store a connection string to a database. Is this a good candidate for encrypted secrets? https://www.pulumi.com/docs/intro/concepts/config/#secrets
    c
    f
    +2
    • 5
    • 6
  • b

    best-lifeguard-91445

    05/18/2020, 6:07 PM
    Seems like
    pulumi up
    isn't using the profile set in the config? Pulumi.prod.yaml:
    secretsprovider: ....
    encryptedkey: ...
    config:
      aws:profile: prod-pa
      aws:region: us-east-1
    I get this error:
    error: getting secrets manager: secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
            status code: 400, request id: 91f0ea5d-cd55-44b0-8f4f-1413547fb896
    I can describe the KMS successfully using:
    aws kms describe-key --key-id=65500644-e3e5-44be-b3ea-d3928b0af188 --profile=pa-prod
    So this makes me think the profile isn't being provided?
    f
    l
    • 3
    • 30
  • l

    limited-rainbow-51650

    05/18/2020, 6:27 PM
    How much work would it be to publish a true Github Action rather than using the
    uses: <docker://pulumi/actions>
    notation? I am using act (https://github.com/nektos/act/) to test my workflows locally and the
    docker:
    notation does not seem to be supported.
    c
    a
    • 3
    • 4
  • w

    wonderful-dog-9045

    05/18/2020, 8:14 PM
    refusing to delete protected resource
    , how can i override it or remove the protection? I am trying to do
    pulumi destroy
    because
    pulumi up
    is failing to update the vpc, due to another error.
    b
    g
    b
    • 4
    • 10
  • b

    breezy-translator-75142

    05/18/2020, 8:55 PM
    How can I implement
    createVPCAssociationAuthorization
    using Pulumi? Any thoughts/ideas? https://aws.amazon.com/premiumsupport/knowledge-center/private-hosted-zone-different-account/
    b
    • 2
    • 1
  • i

    icy-jordan-58549

    05/18/2020, 9:02 PM
    Hey,
    pulumi
    could you please help me with this?
    pulumi:pulumi:Stack  infra-test1  running...  warning: resource plugin kubernetes is expected to have version >=2.2.0, but has 2.2.0-alpha.1589233905+gcf42dd90; the wrong version may be on your path, or this may be a bug in the plugin
    b
    b
    • 3
    • 7
  • f

    faint-motherboard-95438

    05/18/2020, 10:13 PM
    Hi there, I’m trying to understand how
    dependsOn
    works and if it’s the solution to my problem. From what I understand here https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson it should properly wait for a previous resource to be available for the one I’m referencing it in. In my usecase I provision postgresql with an helm chart and my migration service needs to wait in order to connect to it. Unfortunately, having inputs from the chart nor having it explicitly define in the
    dependsOn
    does not make my service wait for all the services in the chart available and of course it fails since the database service is not available yet. How am I supposed to properly define dependencies when pulumi fails to understand a specific case then ?
    b
    g
    • 3
    • 25
  • k

    kind-mechanic-53546

    05/19/2020, 7:23 AM
    I have a secret that I need to pass as a build arg to a
    docker.Image
    but I cannot get it to pass it decrypted Definition:
    _export_ const sec = pulumiConfig.requireSecret("secKey");
    I've tried
    pulumi.all([sec]).apply(([secString])  => { return { ARG_NAME: secString }; });
    and
    { ARG_NAME: sec.apply(v=>v) }
    Neither of these works, the value is always either
    [secret]
    or
    Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output...
    For what it's worth,
    pulumi.all
    works fine on a secret imported from another stack using a StackReference
    f
    • 2
    • 13
  • b

    billowy-jackal-69220

    05/19/2020, 7:54 AM
    hey there, this gets probably asked a lot, but I couldn't find an answer, so I wanted to try my luck here 🙂 Is there a way to export a plan from an
    preview
    stage to feed that into
    up
    or is there any other way to implement a review stage in CI without the posibility of a drift in the infrastructure in the mean time?
    b
    • 2
    • 9
  • l

    limited-carpenter-34991

    05/19/2020, 8:23 AM
    Hi there, is possible to create with a pulumi stack an azure ressource group and an azure storage to use this as the pulumi state backend and reference this in another stack ?
    b
    • 2
    • 2
  • b

    best-hospital-12760

    05/19/2020, 11:01 AM
    👋 Hi there, new Pulumi user here, great project! It's great to be able to unit test infra code with the same tooling as application code. I have a question regarding structured configuration in
    pulumi.yaml
    and
    pulumi-stackname.yaml
    . starting a thread so I don't turn general into pastebin 😄
    f
    • 2
    • 5
  • m

    millions-furniture-75402

    05/19/2020, 2:03 PM
    I ran into a “feature” that was unfortunate for my use case, and I’m wondering how others have gone about solving it. Problem Statement: I have an RDS instance in a [pre-existing] VPC that I cannot connect to from CI, or locally.  The MySQL Provider needs this connectivity to provision databases on the instance.  I thought the first obvious solution might be to serialize a lambda with the MySQL Provider that can run in the VPC.  This is where I ran into the “feature” that strips out any dependencies that start with 
    @pulumi/
      recursively, so even if I specify 
    pulumi.runtimeDependencies
     in package.json, they’ll be removed. • https://www.pulumi.com/docs/tutorials/aws/serializing-functions/#determining-the-appropriate-node-modules-packages-to-include-with-a-lambda • https://github.com/pulumi/pulumi/blob/master/sdk/nodejs/runtime/closure/codePaths.ts#L296-L300 Being able to run the lambda with the mysql provider would be preferred, but it seems I’m forced to look into other possible solutions, which are more complex. Other Possible Solutions: 1. Publish a lambda with an external tool, and call it as an existing lambda with pulumi (messy, requires more than 
    pulumi up
    ). 2. Use mysql nodejs package to create the database (that stinks, I have a MySQL provider). 3. In addition to GitHub Actions, use AWS Code Services so the pipeline can run in the VPC (redundant). 4. Run either a mysql, or pulumi container in fargate that can provision the databases (seems like a lot more infra and complexity to create databases). Maybe I’m missing something obvious here.  Hoping someone can shed some light on how I should approach this problem, and maybe other opportunities I’ve overlooked.  Thanks, loving Pulumi so far!
    b
    b
    • 3
    • 3
  • b

    big-potato-91793

    05/19/2020, 4:03 PM
    Hello seing a lot of this
    node-pre-gyp WARN Using needle for node-pre-gyp https download 
    node-pre-gyp WARN Pre-built binaries not installable for grpc@1.24.2 and node@12.16.3 (node-v72 ABI, glibc) (falling back to source compile with node-gyp) 
    node-pre-gyp WARN Hit error bad download 
    gyp WARN EACCES current user ("pulumi") does not have permission to access the dev dir "/root/.cache/node-gyp/12.16.3"
    That increase the deployment time. I’m using the latest pulumi container image… any idea?
    s
    b
    • 3
    • 11
  • b

    best-lifeguard-91445

    05/19/2020, 5:36 PM
    Hi everyone -- Is there a way to persist comments in the Pulumi.<stack>.yml? I'd like to give context to some of the variables. re-deploying removes the comments.
    w
    f
    • 3
    • 4
  • b

    breezy-hamburger-69619

    05/19/2020, 7:01 PM
    https://pulumi-community.slack.com/archives/C0110AVM89Z/p1589914849034400
  • l

    limited-carpenter-34991

    05/19/2020, 7:28 PM
    Hi there, i didn't find any opportunity yet to debug my pulumi programm (c#). I have visual studio 2019 and also visual studio code. When i start debugging it always tell me to start it via pulumi cli.
    l
    • 2
    • 1
  • b

    best-lifeguard-91445

    05/19/2020, 7:41 PM
    When defining a networkListener for an EC2Service, how do I create a security group rule to only allow inbound traffic coming from the load balancer listener port for the service?
    return new awsx.ecs.EC2Service("myservice", {
        cluster,
        subnets: service.subnets,
        taskDefinitionArgs: {
            vpc,
            networkMode: "awsvpc",
            containers: [ 
               "myContainer": { image: '...',
                 networkListener = {
                     port: 80,
                     sslPolicy: 'ELBSecurityPolicy-TLS-1-2-Ext-2018-06'
                  } 
                } 
            ],
        }
    ...
    }
  • e

    echoing-breakfast-73834

    05/19/2020, 9:01 PM
    Is there any way to have Pulumi target code outside of the current working directory? Something like a
    --code-path "/some/path"
    argument? Didn't see one in the docs.
    l
    • 2
    • 2
  • b

    bland-shoe-75993

    05/19/2020, 11:04 PM
    Hi everyone! I'm curious, does Pulumi offer any "escape hatches" by which I can grab the underlying AWS API client (TypeScript) to perform some post-provisioning fixups on provisioned infrastructure?
    k
    b
    • 3
    • 10
  • v

    victorious-gigabyte-4729

    05/20/2020, 5:49 AM
    I'm not really finding anything on this through docs and after digging through the source a bit. If I don't want to store the config in the repositories but do want to store them with the run, is there a reasonable way to approach that? My current thinking is in CircleCI, running
    pulumi config refresh
    to pull the config down from Pulumi - or maybe
    pulumi config set
    for every value in the config from environment variables. Are there any other approaches?
    f
    • 2
    • 5
  • a

    agreeable-machine-73141

    05/20/2020, 6:43 AM
    Hi, how do I construct s3 bucket using
    Output<string>
    variable? I retrieve the region as type
    Output<string>
    which I want to use as prefix in the bucket name. I want to either convert it to
    string
    or use the
    Output<string>
    directly in the bucket creation. I tried the
    apply
    and
    interpolate
    syntax but I can’t figure out how to use correctly.
    const region = pulumi.output(aws.getRegion()).name;
    `const devDataBucket = new aws.s3.Bucket(
    ${region}-dev-data
    );` Appreciate the help!
    v
    b
    • 3
    • 5
  • f

    full-dress-10026

    05/20/2020, 3:13 PM
    Any idea what would cause these warning to be printed? They have to do with the Datadog helm chart.
    coalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
        coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
        coalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
        coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
Powered by Linen
Title
f

full-dress-10026

05/20/2020, 3:13 PM
Any idea what would cause these warning to be printed? They have to do with the Datadog helm chart.
coalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
    coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
    coalesce.go:199: warning: destination for podLabels is a table. Ignoring non-table value <nil>
    coalesce.go:199: warning: destination for podLabelsAsTags is a table. Ignoring non-table value <nil>
View count: 1