pulumi-community #general

Channels

general

echoing-breakfast-73834

05/20/2020, 3:25 PM

Hey Pulumi team - any chance you could add a "silent" flag to the linux install script (https://get.pulumi.com/) that if set would add

--silent

to the curl tarball download line? I can create a PR for this if it's in a public repo somewhere

abundant-airplane-93796

05/20/2020, 4:31 PM

is there a good example/doc somewhere on keeping Pulumi code in the same repo as an app, and using it to deploy from one environment to the next, ie: 1. dev/feature branch - CI builds image, and then runs Pulumi to deploy the new image to a dev kubernetes cluster (manual trigger of deployment if feature branch) 2. dev merged to staging branch via PR - CI deploys that same set of changes to the stg environment 3. stg branch merged to prd via PR - As above but stg->prd the progression through envs is easy enough for me to grapple with, just figuring out how to sanely only build the image in the dev/feature branches AND sanely add that image tag so the subsequent deploys push the right thing

ancient-mouse-86780

05/20/2020, 5:11 PM

Hey everyone! Quick Pulumi/AWS question. It is possible to have a single Pulumi stack create a resources in multiple AWS accounts? I've seen the docs on assume-role, but don't see if it's possible to use a different AWS account number in the ARN of the resource being created/modified. For example, we want to control DNS from our main pulumi stack, but it's in a different AWS account than our other resources.

sparse-intern-71089

05/20/2020, 5:18 PM

This message was deleted.

brainy-secretary-10332

05/20/2020, 6:29 PM

Hi, I'm new to Pulumi and working on a POC with the Typescript Kubernetes Crosswalk guide for GKE. I'm currently receiving the following error from the Pulumi CLI:

error: resource 'urn:pulumi:dev::<OMITTED>::pulumi:pulumi:StackReference::<OMITTED>/<OMITTED>/dev' registered twice (read and read)

I'm not sure what I would need to do next to remedy this error. Any help would be greatly appreciated.

stocky-motorcycle-65008

05/20/2020, 6:49 PM

Hello, does anyone know what pulumi.InvokeOption are for data sources? ( golang )

incalculable-engineer-92975

05/20/2020, 8:54 PM

How do we handle manipulating resources created as a side-effect? For example, if creating a cluster causes a default security group to be created, how do we reference that security group?

best-lifeguard-91445

05/20/2020, 9:03 PM

How do I add "AmazonEC2ContainerServiceFullAccess" to the ec2 instances created by a cluster / auto-scaling group?

mammoth-night-22453

05/20/2020, 9:31 PM

Hello, just getting started with Pulumi on dotnet for AWS. Creating a VPC, with a NatGateway. Have EIPs created, and trying to reference the AllocationId. However, I'm getting this error: error: aws:ec2/natGateway:NatGateway resource 'Production' has a problem: Missing required property 'allocationId' My code is clearly setting the AllocationId property of the NatGatewayArgs using the EIP.AllocationId output property. Not sure what I'm doing wrong, any thoughts?

best-lifeguard-91445

05/20/2020, 9:35 PM

Will AmazonSSMManagedInstanceCore be added to the "ManagedPolicies" modules output?

incalculable-army-40859

05/21/2020, 1:32 AM

Hello - I am configuring a GKE cluster. It seems the property

useIpAliases

is missing from

ipAllocationPolicy

when creating a

gcp.container.Cluster

. If I leave an empty

ipAllocationPolicy

the cluster is not VPC-native. The property is also missing from the docs. According to the Google documentation, creating a VPC-native cluster can be achieved with:

{
  "name": cluster-name,
  "description": description,
  ...
  "ipAllocationPolicy": {
    "useIpAliases": true,
    "createSubnetwork": true,
    "subnetworkName": subnet-name
  },
  ...
}

where

ipAllocationPolicy

is described in https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters#Cluster.IPAllocationPolicy.

icy-napkin-56528

05/21/2020, 8:44 AM

Does anyone know if creating ipv6 ELBs for EKS is supported? pushing "::/0" into the cidr blocks for public access fails as it wants ipv4 only

broad-dog-22463

05/21/2020, 10:27 AM

Thanks @glamorous-intern-23812 for preseting on Pulumi tonight at Microsoft Automation Melbourne 🙂

😛artypus: 1

millions-furniture-75402

05/21/2020, 1:47 PM

Is there anyway to get pulumi/actions to cache docker layers or plugins for itself? It’s burning minutes just redownloading itself.

astonishing-quill-88807

05/21/2020, 3:15 PM

In the docs I'm not finding any detailed reference to how the state is actually organized. I know that with TF there's a good amount of up-front consideration necessary for how the code base is organized to avoid issues with blast radius when doing different operations (e.g. https://blog.gruntwork.io/how-to-manage-terraform-state-28f5697e68fa?gi=a302ddf41849). Is that still a necessary consideration in Pulumi?

millions-furniture-75402

05/21/2020, 3:59 PM

I’m trying to setup default behavior for a load balancer listener, but I run into an issue with defaulActions. Can someone shed some light on what I might be doing wrong?

ecs-with-lb-default-rules.ts

best-lifeguard-91445

05/21/2020, 4:48 PM

How can I create a

aws.sqs.QueuePolicy

with a dynamic list of statements? I'm getting: Calling [toString] on an [Output<T>] is not supported.

function createQueuePolicyStatement(inboundSqs: aws.sqs.Queue, topicData: TopicData[]): pulumi.Input<string> {
    const statement = (queueArn: Output<string>, topicArn: Output<string>) => {
        return queueArn.apply((qarn) => {
            return topicArn.apply((tarn) => {
                return `
                        {
                            "Effect": "Allow",
                            "Principal": "*",
                            "Action": "SQS:SendMessage",
                            "Resource": "${qarn}",
                            "Condition": {
                                "ArnEquals": {
                                "aws:SourceArn": "${tarn}"
                            }
                        }`
            });
        });
    }
    const policyStatement = `
        "Version": "2012-10-17",
        "Id": "sqspolicy",
        "Statement": [
            ${topicData.map((data) => statement(inboundSqs.arn, data.topic.arn)).join(`,`)}
        ]
    }`;
    return policyStatement;
}

dazzling-memory-8548

05/21/2020, 6:49 PM

I have a question about lambda closure serialization. We're using nodejs with pulumi to deploy our lambdas as callback functions (https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/lambda/#CallbackFunction). We recently pulled in a dependency (

parquetjs

) that has a compiled sub-dependency (

lzo

). We've now noticed that every time we rebuild our

node_modules

directory (with

npm ci

), the hash of the compiled

lzo

module changes, causing pulumi to want to redeploy all of our lambdas (even though no deps have actually changed). Is there an elegant workaround to prevent pulumi from continuously redeploying our lambdas? We've already tried excluding

lzo

codePathOptions

. cc @worried-engineer-33884

wonderful-dog-9045

05/21/2020, 7:01 PM

Are there any URI arguments to https://get.pulumi.com/? Like version, install directory, etc?

cool-egg-852

05/21/2020, 8:05 PM

Does a pulumi ComponentResource not share it’s

provider

with it’s children? I’m having an issue with a setup such as: Monitors (ComponentResource) (provider set) Monitor (ComponentResource) datadog.Monitor The

datadog.Monitor

doesn’t seem to have it’s

provider

set as far as I can tell. I was under the impression that the

provider

should be on it.

best-lifeguard-91445

05/22/2020, 3:15 AM

Does anyone have an example of creating an Aws Aurora cluster with read replicas? I have a cluster, and cluster instance, and cluster end point defined, but I don't see how to tag one of the instances as 'writer' false (it's a readonly output).

kind-mechanic-53546

05/22/2020, 4:42 AM

Is it possible to unsecretify an output? Building a docker image, passing a secret to it, results in the image name then being a secret as well, not necessary and somewhat annoying

green-salesclerk-34937

05/22/2020, 6:19 AM

Does anyone have tried https://github.com/pulumi/examples/tree/master/kubernetes-ts-jenkins ? It looks simple but I’m not getting through it. with some errors like attached image, but I’ve got through prerequite eks-nginx quite smoothly.

green-salesclerk-34937

05/22/2020, 6:20 AM

I’ve set enough

maxSize

in cluster opt

gray-carpet-67751

05/22/2020, 8:12 AM

Hey guys 👋 I am getting issues trying to select my stack

2020-05-22T08:04:50.9212982Z error: no stack named 'dfds-frontend/production' found
2020-05-22T08:04:50.9944971Z error: --yes must be passed in to proceed when running in non-interactive mode
2020-05-22T08:04:51.0637194Z error: --yes must be passed in to proceed when running in non-interactive mode
2020-05-22T08:04:51.5013922Z error: no stack selected; please use `pulumi stack select` to choose one

This stack actually exists and it worked like a week ago but for some reaso it's been failing for a few days. Any pointers you could give me?

prehistoric-gold-59191

05/22/2020, 9:54 AM

Hi, need a little help here. We are looking to build self-service into our app. Does the Pulumi community version has the support for the self-service API?

incalculable-army-40859

05/22/2020, 2:08 PM

Does anyone know what version of Helm Pulumi uses? I am using Typescript and there only seems to be a

helm.v2

module. Does use Helm 3 or Helm 2?

clever-plumber-29709

05/22/2020, 5:26 PM

Hey guys, question about Inter-Stack Dependencies, and somewhat related the stack outputs. where are this values actually stored? or how do pulumi access them? I ask because i'm unsure if they are stored at the state or the config files, or in some way in the environment after the execution. I'm thinking about cases with a Micro-Stacks design, if I haven't run the infra stack on my machine, can i run the services stack that references it? or do i need to run the infra first, even if it doesn't change anything? Or in case one member of the team runs one micro-stack in one end, and another member of the team need to run another micro-stack that depends on it, in another end

best-lifeguard-91445

05/22/2020, 6:03 PM

after after running

pulumi up

successfully, subsequent runs are producing this error:

~   ├─ aws:rds:Cluster              rds-cluster-patient-access-prod  **updating failed**     [diff: ~availabilityZones]; 1 error
     ├─ aws:autoscaling:Group        app-services                     **failed**              1 error
     └─ aws:autoscaling:Group        edge-services                    **failed**              1 error

Diagnostics:
  aws:autoscaling:Group (app-services):
    error: transport is closing

  aws:autoscaling:Group (edge-services):
    error: transport is closing

  aws:rds:Cluster (rds-cluster-patient-access-prod):
    error: transport is closing

  pulumi:pulumi:Stack (aws-prod):
    error: update failed

    panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:prod::aws::aws:rds/cluster:Cluster::rds-cluster-patient-access-prod

I'm not making any changes to the cluster or related resources (availability zones, auto scaling groups).. any ideas?

billowy-nightfall-59212

05/22/2020, 6:48 PM

Hi, I am looking for engineering opportunities. I have built with whole cloud/k8s infrastructure with

pulumi

for more than a year. Please DM, if you are hiring. Thanks

Title

billowy-nightfall-59212

05/22/2020, 6:48 PM

Hi, I am looking for engineering opportunities. I have built with whole cloud/k8s infrastructure with

pulumi

for more than a year. Please DM, if you are hiring. Thanks

View count: 1