https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • f

    flat-australia-79845

    06/23/2020, 2:48 PM
    Hi there! I am starting with Pulumi. Trying to use the Python wrapper to do a small exercise on GCP. My question is: How do I programmatically access the
    config: gcp:region
    and
    gcp:project
    values from the configuration file?
    w
    • 2
    • 4
  • a

    acoustic-leather-68121

    06/23/2020, 2:58 PM
    Hello everyone. I'm new to Pulumi. I wonder if I could use Pulumi to mange my vps or dedicated server (which is outside of supported clouds)?
    b
    • 2
    • 6
  • c

    calm-pizza-15027

    06/23/2020, 6:37 PM
    I would like to thank every team member of Pulumi. You are building amazing tools and amazing communities.
    💯 3
    ❤️ 5
  • c

    calm-pizza-15027

    06/23/2020, 6:44 PM
    Unfortunately I am not as smart as their dev team nor am i a dev ops ninja ...yet.. and i hit a snaguu, I have a simple issue deploying a java app-engine custom flex environment. I have built wars of the java app and saved them to storage. I believe my config for the deployment section is malconfigured. any advice?
    const myappV1 = new gcp.appengine.FlexibleAppVersion("myappV1", {
      versionId: "v1",
      project: gaeApi.project,
      service: "default",
      runtime: "java",
      servingStatus: "STOPPED",
      deployment: {
        zip: {
          sourceUrl: pulumi.interpolate`<https://storage.googleapis.com/${bucket.name}/${war.name}>`,
        },
      },
      livenessCheck: {
        path: "/v2b/recommendations/liveness_check",
        timeout: "4s",
        checkInterval: "30s",
        failureThreshold: 4,
        successThreshold: 2,
      },
      readinessCheck: {
        path: "/v2b/recommendations/readiness_check",
        timeout: "5s",
        checkInterval: "8s",
        failureThreshold: 3,
        successThreshold: 2,
        appStartTimeout: "300s",
      },
      handlers: [],
      automaticScaling: {
        maxTotalInstances: 1,
        coolDownPeriod: "120s",
        cpuUtilization: {
          targetUtilization: 0.5,
        },
      },
      noopOnDestroy: true,
    });
    f
    • 2
    • 1
  • s

    sticky-kitchen-61063

    06/23/2020, 6:58 PM
    Looking at pulumi examples, I see
    import { config } from "./config";
    and
    const config = new pulumi.Config();
    fairly often. The first seems to be for passing module outputs, and the second is for the stack config. Is there a best practice for how people combine those two? Obviously I could just rename one something else, but I'm curious as to common patterns that other users have found. Should I be loading
    pulumi.Config()
    in my config.ts and combining other modules outputs into a merged config object?
    h
    • 2
    • 3
  • s

    stocky-lion-56153

    06/23/2020, 8:23 PM
    If anyone is interested in GitHub Actions with AWS, I just pushed a first version of a step that creates a temporary session with an assumed role for subsequent steps. https://github.com/mowat27/aws-session-action https://hub.docker.com/r/mowat27/aws-session-action
  • s

    stocky-lion-56153

    06/23/2020, 8:25 PM
    Use it something like this
    name: Provision and deploy
    on: [push]
    
    jobs:
      deployment:
        runs-on: ubuntu-latest
        name: Deploy
        steps:
          - uses: actions/checkout@v2
            with:
              fetch-depth: 1
          - name: Make temp session on AWS
            id: aws-session
            uses: <docker://mowat27/aws-session-action>
            env:
              AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
              AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
              AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
              AWS_DEFAULT_REGION: eu-west-1
          - uses: <docker://pulumi/actions>
            with:
              args: up --yes
            env:
              AWS_ACCESS_KEY_ID: ${{ steps.aws-session.outputs.AWS_ACCESS_KEY_ID }}
              AWS_SECRET_ACCESS_KEY: ${{ steps.aws-session.outputs.AWS_SECRET_ACCESS_KEY }}
              AWS_SESSION_TOKEN: ${{ steps.aws-session.outputs.AWS_SESSION_TOKEN }}
              AWS_REGION: eu-west-1
              PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
              PULUMI_CI: up
    👍 1
  • s

    stocky-lion-56153

    06/23/2020, 8:25 PM
    I’m kinda just finding my feet with Pulumi and GH Actions so any feedback would be greatly appreciated.
  • s

    stocky-lion-56153

    06/23/2020, 8:26 PM
    Apologies for the lack of docs. It’s getting late so I’ll tidy things up tomorrow
  • m

    mysterious-pilot-36551

    06/23/2020, 8:35 PM
    Anyone know of a good way to validate a stack config? The
    require
    is great if your configuration is small, but my configuration has multiple elements that can be nested two or three times. Just curious if there is something provided by the Pulumi library before I go off and write my own.
    f
    s
    • 3
    • 5
  • f

    few-pillow-1133

    06/24/2020, 6:47 AM
    Hi there, Could someone maybe point me in a direction We're trying to import existing aws resources such as vpc and nsg into our project stack and it runs until it eventually time out. I've tried it couple of times with the same result.
    config looks like so
    config:
      aws:profile: ...
      aws:region: eu-west-1
      aws:sharedCredentialsFile: ...
      aws:skipCredentialsValidation: "true"
      aws:skipRequestingAccountId: "true"
      clt-resource-base:data:
        networks:
          virtual_private_cloud:
            name: mmawseuclientdevVPC
            imp_res: true
            id: ....
            owner_id: ...
            cidr_block: ...
            enable_dns_support: true
            enable_dns_hostnames: true
            tags:
              - ...
    and
    the actual code
    import pulumi
    import pulumi_aws as aws
    from pulumi import ResourceOptions
    
    config = pulumi.Config()
    
    config_data = config.require_object("data")
    
    print (f'{config_data}')
    
    mmawseuclientdev_vpc_config = config_data['networks']['virtual_private_cloud']
    mmawseuclientdev_vpc_res_imp = ResourceOptions(import_=mmawseuclientdev_vpc_config['id']) if mmawseuclientdev_vpc_config['imp_res'] else None
    
    mmawseuclientdev_vpc = aws.ec2.Vpc(
        mmawseuclientdev_vpc_config['name'],
        cidr_block=mmawseuclientdev_vpc_config['cidr_block'],
        enable_dns_support=mmawseuclientdev_vpc_config['enable_dns_support'],
        enable_dns_hostnames=mmawseuclientdev_vpc_config['enable_dns_hostnames'],
        tags=mmawseuclientdev_vpc_config['tags'],
        opts=mmawseuclientdev_vpc_res_imp
    )
    • 1
    • 1
  • b

    bitter-australia-87528

    06/24/2020, 7:03 AM
    Anyone know how to recover from a corrupt state file, after running pulumi refresh, a few parent resources were deleted, now pulumi complains about no parent resource for child resource, state file is corrupt. I understand there is an ongoing GitHub issue regarding it, but just wondering if there's a quick workaround for this.
    f
    • 2
    • 1
  • p

    polite-night-3633

    06/24/2020, 8:54 AM
    ===
    rename a pulumi project
    ===
    f
    • 2
    • 2
  • r

    rhythmic-finland-36256

    06/24/2020, 9:33 AM
    I created a
    RandomPassword
    resource, assigned it to a service principal for an ACR but forgot to set
    additionalSecretOutputs
    in the first place. Performing this change afterwards doesn’t have an effect on the output (and thus also not on the pulumi state). Is there a way to trigger this without modifying the resource? (I’m aware that if the password was unencrypted once, it needs to be changed, too). Just wondering if this is intended, that adding the
    additionalSecretOutputs
    doesn’t affect the state…
    b
    • 2
    • 24
  • n

    nice-football-42636

    06/24/2020, 12:02 PM
    Hello guys! 👋 I have a question about security & organizing projects with stacks. In our company, we have 6 different environments, from which 1 is production of course. I've read in docs here (organizing-projects-and-stacks) about possible solutions to organize the projects & stacks.... but I'm wondering if I'm not missing something. Our problem is, that we would like 1 project in which we would have 6 stacks (one per every environment as suggested in docs). As far as I understand, the
    CLI
    itself, the authorization to pulumi service & to azure is targeted for the project. But we want to be absolutely sure, that nobody can touch the production except our deployment pipelines. But we find having 6 different projects in codebase quite ugly to accomplish only that one thing. Am I missing something? Can we achieve the restriction for given stack in some other way? Through some special environment variable or something?
    👍 1
    f
    • 2
    • 2
  • a

    ambitious-father-68746

    06/24/2020, 3:55 PM
    If you have multiple projects and use cloud storage provider as backend, can you use the same location (eg: same S3 bucket) for multiple projects or will you end up having conflicts with stacks that have the same name, even though they are from different projects?
    a
    • 2
    • 2
  • g

    gray-city-50684

    06/24/2020, 5:31 PM
    If I would like to create a Pulumi provider from a Terraform one (I’m thinking about Civo): what would be the correct way to do it?
    b
    • 2
    • 10
  • f

    famous-kite-69533

    06/24/2020, 8:15 PM
    Hi! I am trying to install the nginx ingress helm chart and having problems with the settings for the service monitor. According to https://github.com/helm/charts/tree/master/stable/nginx-ingress for prometheus operator I need to set
    controller.metrics.serviceMonitor.additionalLabels
    to one label in particular, but I don't know in which format. If I try just setting that property to an object with the label as a property, pulumi fails because the manifest is not in the expected format or something like that. If I set is as a string, like
    "{ release: 'prometheus-operator' }"
    it errors with
    error converting YAML to JSON: yaml: line 12: could not find expected ':'
    . You can see how
    additionalLabels
    is used in the service monitor template at https://github.com/helm/charts/blob/master/stable/nginx-ingress/templates/controller-servicemonitor.yaml. Any idea of how to get it working? Thanks!
    g
    • 2
    • 2
  • w

    wet-egg-6347

    06/24/2020, 10:14 PM
    hello! i successfully imported an AWS MSK cluster into my Pulumi stack now whenever i try to update the MSK cluster (eg just changing tags), i get the following error:
    panic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:production::bos::aws:msk/cluster:Cluster::kafka
        goroutine 30 [running]:
        <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)>
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.1.1-0.20200508232528-aa313aecf8a0/go/common/util/contract/failfast.go:23
        <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assertf(0xc0008d3200|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assertf(0xc0008d3200>, 0x69d26e0, 0x48, 0xc00066f728, 0x1, 0x1)
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.1.1-0.20200508232528-aa313aecf8a0/go/common/util/contract/assert.go:33 +0x197
        <http://github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Update(0xc000501680|github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Update(0xc000501680>, 0x73307c0, 0xc000fbd200, 0xc000212000, 0xc000501680, 0x5d1e201, 0xc000282440)
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v2@v2.3.1/pkg/tfbridge/provider.go:825 +0x81d
        <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler.func1(0x73307c0|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler.func1(0x73307c0>, 0xc000fbd200, 0x67272a0, 0xc000212000, 0x671dca0, 0xaec2240, 0x73307c0, 0xc000fbd200)
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.1.1-0.20200508232528-aa313aecf8a0/proto/go/provider.pb.go:1920 +0x89
        <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x73307c0|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x73307c0>, 0xc000fbc1e0, 0x67272a0, 0xc000212000, 0xc000ef8240, 0xc000ef8260, 0x0, 0x0, 0x72785e0, 0xc0003eb220)
        	/home/travis/gopath/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x2f9
        <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler(0x67d2d80|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Update_Handler(0x67d2d80>, 0xc000501680, 0x73307c0, 0xc000fbc1e0, 0xc0004641e0, 0xc000858060, 0x73307c0, 0xc000fbc1e0, 0xc000c7ca80, 0x952)
        	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.1.1-0.20200508232528-aa313aecf8a0/proto/go/provider.pb.go:1922 +0x14b
        <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc0002d56c0|google.golang.org/grpc.(*Server).processUnaryRPC(0xc0002d56c0>, 0x7355b00, 0xc000501b00, 0xc000214300, 0xc00090d860, 0xae94738, 0x0, 0x0, 0x0)
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1082 +0x4fd
        <http://google.golang.org/grpc.(*Server).handleStream(0xc0002d56c0|google.golang.org/grpc.(*Server).handleStream(0xc0002d56c0>, 0x7355b00, 0xc000501b00, 0xc000214300, 0x0)
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:1405 +0xd23
        <http://google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0008dd100|google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0008dd100>, 0xc0002d56c0, 0x7355b00, 0xc000501b00, 0xc000214300)
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:746 +0xbb
        created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
        	/home/travis/gopath/pkg/mod/google.golang.org/grpc@v1.28.0/server.go:744 +0xa1
    
        error: update failed
    any clue what might be happening?
    b
    • 2
    • 5
  • k

    kind-mechanic-53546

    06/24/2020, 10:56 PM
    am I correct in my understanding that the only way to unwrap? an
    Output<string>
    is to
    apply
    it?
    l
    g
    • 3
    • 42
  • m

    modern-fish-59364

    06/24/2020, 11:26 PM
    Are there any troubleshooting steps or known limitations (private repos?) for the Github App integration? I've added the App and gave access to all repos and added the PR workflow and it is working, but I get no comment or second check from the app.
    w
    c
    • 3
    • 5
  • l

    little-cartoon-10569

    06/24/2020, 11:27 PM
    Is there a way to
    apply
    the entire stack?
    w
    • 2
    • 5
  • m

    many-jordan-46874

    06/25/2020, 12:19 AM
    I have been working on wiring up my pulumi stack to deploy via GitHub actions. I've had this working perfectly locally, but when running pulumi up using the Github Action, I now consistently get the error:
    updating urn:pulumi:dev::infra::awsx:x:ecs:FargateService$aws:ecs/service:Service::backend: timeout while waiting for state to become 'true' (last state: 'false', timeout: 10m0s)
    All other steps run just fine, and ultimately the service does finish deploying in AWS and end up on the right state.
    w
    • 2
    • 1
  • b

    best-lifeguard-91445

    06/25/2020, 12:21 AM
    How do I add a cloudwatch event so that my codepipeline triggers on an ECR image change/upload?
  • c

    cold-iron-6673

    06/25/2020, 12:07 PM
    Just downloaded and installed pulumi 2.5 but the cli is still complaining that 2.4 is installed..
    b
    • 2
    • 1
  • c

    cold-iron-6673

    06/25/2020, 12:10 PM
    b
    • 2
    • 2
  • c

    cold-iron-6673

    06/25/2020, 12:11 PM
    b
    • 2
    • 10
  • s

    sparse-intern-71089

    06/25/2020, 2:12 PM
    This message was deleted.
    c
    b
    • 3
    • 6
  • b

    best-lifeguard-91445

    06/25/2020, 3:10 PM
    New questions: I have a security group with an empty ingress and egress, attached to a load balancer. It appears default rules are being created: How do I prevent this?
    const loadbalancer_sg = new awsx.ec2.SecurityGroup(`lb-${region}-${environment}-${service.name}-sg`, {
                    vpc: vpc,
                    ingress: [],
                    egress: [],
                })
    
     listener = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer(`lb-${region}-${environment}-${service.name}`, {
                    name: `lb-use1-${environment}-${service.name}`,
                    vpc: vpc,
                    subnets: vpc.getSubnetsIds('public'),
                    external: true,
                    securityGroups: [loadbalancer_sg.id]
                })
    g
    • 2
    • 5
  • c

    cool-egg-852

    06/25/2020, 3:23 PM
    https://www.pulumi.com/blog/introducing-new-docker-images/ is missing the example for installing helm in the go based docker image that it mentions.
    b
    b
    • 3
    • 30
Powered by Linen
Title
c

cool-egg-852

06/25/2020, 3:23 PM
https://www.pulumi.com/blog/introducing-new-docker-images/ is missing the example for installing helm in the go based docker image that it mentions.
Also it would be nice if stuff like helm, gcloud, aws, etc. could be bundled in a pre-made image.
A language specific image doesn’t make sense to exclude the tools in the primary image. It’s not just language specific then.
b

broad-dog-22463

06/25/2020, 3:25 PM
Hi @cool-egg-852 Thanks for pointing out the missing code - we will get that fixed up today! The main Pulumi image has all of those dependencies
c

cool-egg-852

06/25/2020, 3:26 PM
I’m aware it does, but it also has every language SDK
Language specific image != slim image
The expectation with these was to remove other languages, not all the tools.
Just because I only need node doesn’t mean I don’t need gcloud, helm, etc.
b

broad-dog-22463

06/25/2020, 3:27 PM
I'm not sure where that expectation was - I didn't ever realise that was the case
We can always open an issue and look at including these
c

cool-egg-852

06/25/2020, 3:27 PM
The name describes the expectation. Everyone asked for language specific images so we wouldn’t have Go, .net, python, etc. included. I’m not aware of people asking to have nothing but pulumi itself included.
b

broad-dog-22463

06/25/2020, 3:29 PM
We did actually use a combination of all of the issues around this - there was actually an ask for containers without the Pulumi entrypoint so people could build on top of them
e.g https://github.com/pulumi/pulumi/issues/2891
c

cool-egg-852

06/25/2020, 3:30 PM
Also, another issue, the
Usage
in the README says that there is no CMD, but the
Dockerfile
does have
CMD
set. Not sure which is correct.
b

broad-dog-22463

06/25/2020, 3:31 PM
the README is incorrect - I will get that fixed up
c

cool-egg-852

06/25/2020, 3:33 PM
https://github.com/pulumi/pulumi/issues/3789 - which is at least one ticket that asked for this never requests to remove all the extra functionality.
The literal goal was to have one image per SDK, but with all the features it has today based on the request.
Everyone shouldn’t have to maintain their own docker image for using pulumi in a reasonable manner IMO
Having
pulumi/pulumi:nodejs
,
pulumi/pulumi:nodejs-slim
makes a lot more sense to me.
pulumi/pulumi:nodejs
then becomes the same as the main image, but with only
nodejs
, not .net and python and such. And the
-slim
variant is what you have currently built.
b

broad-dog-22463

06/25/2020, 3:37 PM
so we can easily do this and publish these as well - it's just a matrix of GHA
c

cool-egg-852

06/25/2020, 3:38 PM
That would be awesome.
b

broad-dog-22463

06/25/2020, 3:42 PM
https://github.com/pulumi/pulumi/issues/4894
Feel free to add any more information you feel would help here
Oh @cool-egg-852 - you said, "missing the example for installing helm" - I don't follow on that one - can you link me to what is missing?
c

cool-egg-852

06/25/2020, 3:45 PM
The last sentence there.
There is no actual example of installing Helm in docker
And I commented on the issue with a use case in case that assists with planning.
b

broad-dog-22463

06/25/2020, 3:48 PM
got it
b

billowy-army-68599

06/25/2020, 4:18 PM
@cool-egg-852 thanks for the feedback, looks like I forgot to push the commit with the changes showing the example Dockerfile, I'll do that now Looks like I also added a
CMD
erroneously, I'll get that fixed up I'll respond to the comment about the extra tooling in the GitHub issue
View count: 1