I’m having trouble with stack references, but I can’t understand what I’m doing wrong. The VPC is pre-existing, and the shared-infra stack `pulumi up`s just fine `catmeme/shared-infra/develop`:

...

const parameterVpcId = config.require("parameterVpcId");
export const privateSubnetIds: [] = config.requireObject("privateSubnetIds");
export const publicSubnetIds: [] = config.requireObject("publicSubnetIds");

export const vpcId: pulumi.Output<string> = pulumi.output(aws.ssm.getParameter({
  name: parameterVpcId,
})).value;

const vpc = awsx.ec2.Vpc.fromExistingIds(`${appName}-local-vpc`, {
  vpcId,
  privateSubnetIds,
  publicSubnetIds,
});

...

`catmeme/application/develop-test`:

...

const stackDevelop = new pulumi.StackReference("catmeme/shared-infra-develop/develop");

const vpc = awsx.ec2.Vpc.fromExistingIds("bvt", {
  vpcId: stackDevelop.getOutput("vpcId"),
  // @ts-ignore
  privateSubnetIds: stackDevelop.getOutput("privateSubnetIds") as pulumi.Output<string[]>,
  // @ts-ignore
  publicSubnetIds: stackDevelop.getOutput("publicSubnetIds") as pulumi.Output<string[]>,
});

...

I get an error:

error: Preview failed: resource 'vpc-03489fb5e3c04080d' does not exist

But the VPC with that ID does exist. For all intents and purposes, shared-infra declared the VPC the same way and there isn’t a problem. What am I missing?

Is it possible to have some shared configuration that applies to all stacks?

StackReference is one way

How can I get an existing ApplicationLoadBalancer?

// has missing properties error when I try to use it
const alb = pulumi.output(<http://aws.lb|aws.lb>.getLoadBalancer({
  // @ts-ignore
  arn: stackSandbox.getOutput("albArn")
}));

// declares a new ALB
const alb = new <http://awsx.lb|awsx.lb>.ApplicationLoadBalancer("test-default-lb", {
  // @ts-ignore
  arn: stackSandbox.getOutput("albArn"),
  subnets: stackSandbox.getOutput("publicSubnetIds").apply(v => v),
  vpc
});

Using

@pulumi/kubernetes/helm/v2

, how do I add another repo? Using helm I would run

helm repo add jetstack <https://charts.jetstack.io>

for example

When I run 

pulumi up

 I get this error:

Exception: invocation of aws:iam/getPolicyDocument:getPolicyDocument returned an error: grpc: error while marshaling: proto: repeated field Values has nil element

This is the code from a 

policy_document

that is causing the error:

"resources": [ds_key.arn.apply(lambda arn: f'{arn}')]

I've tried adding the 

depends_on

 option to the 

policy_document

 resource, but it didn't help.

opts=pulumi.ResourceOptions(depends_on=[ds_key])

This is one of several places in my pulumi code where I need to access the

arn

of another resource to create a

policy_document

. I used the

apply

function as shown in this code for the key, and added the

depends_on

option, but I haven't been able to get any of them to work. I've resorted to "build" functions that create

arns

from resource names - a hack I'd like to get rid of and not something that works in the case of keys. Any instructions/suggestions or sample python code you can share would be much appreciated - thanks!

Hi! can complex types be used int Pulumi.<stack>.yml? I’d like to assign some specific tags for each stack — eg:

config:
  aws:region: us-east-2
  tsdb:tags:
    Name: tsdb-dev
    Foo: bar
  tsdb:instanceSize: t2.micro

I’ve changed the names of my github repositories, and they aren’t reflected in the pulumi app. I’ve tried renaming via

pulumi stack rename organization/new-project-name/stack

but the proj-group-name in the pulumi app still shows the old name. Is this solveable?

Trying to reference nested configuration objects directly, and not having much luck. I'm using C#. For example, given the following configuration:

config:
  proj:data:
    nonProductionStart: 10.1.0.0
    productionStart: 10.2.0.0
    stacks:
    - name: Sandbox
      peerConnectionName: peerConnectionId
      stackName: org/Sandbox/mono

I can indeed follow the docs and get a JsonElement first, then get the sub-element as a string using something like

var data = Configuration.GetObject<JsonElement>("data");
var stacksAsString = data.GetProperty("stacks");

But what I really am trying to do is something like:

var stacks = Configuration.GetObject<List<StackReferenceInfo>>("data.stacks");

But, this does not appear to work. Is there no way to achieve this without jumping through the JsonElement hoop? I have reviewed https://www.pulumi.com/docs/intro/concepts/config/#structured-configuration and it shows the JsonElement method - perhaps that's the only way?

If I just want to group a bunch of related resources together within a stack, so they show up thusly in the resource hierarchy, is it best practice to form them into a component? Or is there a simpler way of doing that?

hiya, I'm new to Pulumi. Currently getting a high-level overview rather than deep in the details. I like the idea of using a familiar PL to do the declarative infrastructure! I'm curious if each provider for Pulumi needs a "binding" for each language supported? For example, I came across the following provider: https://github.com/pulumi/pulumi-vault/tree/master/sdk It has subdirs for dotnet, go, nodejs, and python. There seem to be a lot of providers so am wondering if that's a barrier to adoption because of the effort required to add (and more importantly maintain) the PL-specific SDK for each provider? Some other PLs I'm thinking of would be: JVM ones (Java, Scala, Kotlin, Clojure, ...), FP ones (Haskell, OCaml, ...), other popular scripting languages (Ruby, Perl, Bash?, ...). Okay, not Bash 😉 .. or Perl.

On a similar line of thought, I'm wondering if say someone releases a great open-source Pulumi library (e.g. for setting up a production-ready k8s cluster with all the awesome sauce). They write this library in TypeScript. Can I reuse it from Go or do I need a similar library that's written in Go?

Given the above, what's the most popular language for community libraries for Pulumi? I'm inclined towards TypeScript (for type-safety) or Go as it's big in the space. However, the Go bindings look a little awkward (maybe any Go would look that way to me as I'm not that familiar with it). I like the look of the F# bindings as I'm a bit of an FP guy, however, it'd be a bit unusual to reach for .NET in my projects.

Sorry for reasking but #aws feels pretty dead. I'm trying to replicate these steps outlined here: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#iam-policy but I get the following error:

time="2020-05-28T13:10:26Z" level=info msg="Assuming role: arn:aws:iam::503405380068:role/k8s-pulumi-instanceRole-role-9e5a01b"
time="2020-05-28T13:12:30Z" level=error msg="AccessDenied: User: arn:aws:sts::503405380068:assumed-role/k8s-pulumi-instanceRole-role-9e5a01b/i-0dcb94de93da90dae is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::503405380068:role/k8s-pulumi-instanceRole-role-9e5a01b\n\tstatus code: 403, request id: 33ba5c26-7b45-4234-a762-b2f1ac4d8a42"

I've put the relevant code here in a gist if you want to check it out: https://gist.github.com/benjick/7c096f5634b34f022adf81469d440d4a Cheers!

Is there a recommended way to use a

.env

file with an ECS task definition? It looks like

environment

supports an array of key value objects, but nothing akin to

--env-file

… should I just read in that file locally, and dynamically build the key values array?

Hi there guys, I'm wondering if it is posible to use

helm_secrets

with Pulumi ?

error: post-step event returned an error: failed to normalize URN references: Two resources ('<urn1>' '<urn2>') aliased to the same: '<urn3>'

this is only detected during execution, could this be made a planning phase detection? Possibly relevant: one of those resources was being imported. It breaks the import, leaving the to-be-imported resources in state ‘unknown’, requiring manual stack edits..

Just started getting a perplexing error. Creating a standard security group, just like I have with Pulumi a dozen times before, and started getting this error:

Error authorizing security group ingress rules: InvalidPermission.Malformed: Unsupported IP protocol "-1"  - supported: [tcp, udp, icmp]

Folks, is there a way, or maybe a workaround that you're aware of, to initialize the contents of a GitLab repository when using the GitLab provider? I'm trying to create GitLab repos from Pulumi, but also "seed" them with an initial structure.

How can I destroy target dependants without the target itself? (This includes the target

pulumi destroy --target-dependents -t  urn:pulumi:dev::leaderboard::aws:ebs/volume:Volume::leaderboard-dev

)

I’m trying to spin up a Cloudformation Stack from a template, and it’s timing out after 20 minutes, even though I’ve set the

timeoutInMinutes

in the args. Am I missing something?

new aws.cloudformation.Stack(`${name}-cfn`, {
  parameters: { ... },
  capabilities: ["CAPABILITY_IAM"],
  timeoutInMinutes: 120
}

The exact error:

aws:cloudformation:Stack (controller-tableau-cfn):
    error: 1 error occurred:
        * creating urn:pulumi:controller::shared-infra-controller::aws:cloudformation/stack:Stack::controller-tableau-cfn: timeout while waiting for state to become 'CREATE_COMPLETE, CREATE_FAILED, DELETE_COMPLETE, DELETE_FAILED, ROLLBACK_COMPLETE, ROLLBACK_FAILED' (last state: 'CREATE_IN_PROGRESS', timeout: 20m0s)

Are there any companies providing SLAs and CTO-in-a-Box like pro services for Pulumi orchestrated infrastructure?

I am having an issue installing Rancher on a freshly created cluster (that was spun up using jaxxstorm/pulumi-rke). I get the following: kubernetes:certmanager.k8s.io:Issuer (rancher/rancher): error: creation of resource rancher/rancher failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind “Issuer” in version “certmanager.k8s.io/v1alpha1”

export function setUpK8sProvider(rkeCluster: rke.Cluster): k8s.Provider {
  return new k8s.Provider("rancherCluster", {
    cluster: rkeCluster.clusterName,
    kubeconfig: rkeCluster.kubeConfigYaml
  }, { dependsOn: rkeCluster })
}

export function createNamespace(clusterProvider: k8s.Provider): k8s.core.v1.Namespace {
  return new k8s.core.v1.Namespace("cert-manager", {
    metadata: {
      name: "cert-manager",
      labels: {"<http://certmanager.k8s.io/disable-validation|certmanager.k8s.io/disable-validation>": "true" }
    }
  }, { provider: clusterProvider, dependsOn: [clusterProvider] })
}

export function createCertManager(certManagerNamespace: k8s.core.v1.Namespace, clusterProvider: k8s.Provider): k8s.helm.v3.Chart {
  return new k8s.helm.v2.Chart(
    'cert-manager',
    {
      chart: 'cert-manager',
      version: 'v0.15.1',
      namespace: certManagerNamespace.metadata.name,
      values: {
        installCRDs: true,
      },
      fetchOpts: {
        repo: '<https://charts.jetstack.io>',
      },
    },
    {
      dependsOn: certManagerNamespace,
      provider: clusterProvider
    },
  );
}

export function createRancherServer(serverName: string, clusterProvider: k8s.Provider, certManager: k8s.helm.v3.Chart): k8s.helm.v3.Chart {
  let namespace = new k8s.core.v1.Namespace("rancher", {
    metadata: {
      name: "rancher",
    }
  }, { provider: clusterProvider, dependsOn: [certManager] })

  return new k8s.helm.v2.Chart(serverName, {
    chart: "rancher",
    namespace: namespace.metadata.name,
    fetchOpts: {
      repo: "<https://releases.rancher.com/server-charts/stable>"
    },
    values: {
      "hostname": "<http://rancher.mydomain.com|rancher.mydomain.com>",
      "ingress.tls.source": "letsEncrypt",
      "letsEncrypt.email": "<mailto:myemail@mydomain.com|myemail@mydomain.com>"
    }
  }, { provider: clusterProvider, dependsOn: [namespace] })
}

Any idea where I’m going wrong perhaps?

Is there any way to specify a retry/timeout for

get()

methods like

k8s.core.v1.Service.get

? Imagine creating an operator with pulumi, and needing some info about a

Service

that it will create as a result.

Fun times, if you change the name of some content of a bucket it will first create the new content then delete the old one, but because these both refer a file at the same location in the bucket it will actually replace and then delete cause the bucket content to be deleted

All my external IPs in k8s are pending, what am I missing?

Is there a resource for community-developed ComponentResources?

How do I create a secret in a namespace other than default in kubernetes? I've tried giving it the name

ns/secretname

like the docs suggest, but it doesn't seem to work

The AWS documentation uses the URL format "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master" when telling you how to install their EFS CSI driver. Using that URL in a

k8s.yaml.ConfigFile

results in a "no such file or directory" error. Visiting that URL in the browser results in a 404. Does anyone have any idea what this URL format is and if/how it could work with Pulumi?

Hello. Is there any way to console.log

pulumi.output

? I’m catching strange behaviour very often and there is no way to debug stacks.