Hi, does anyone have any tips for locking down the permissions needed for a Pulumi program? At the moment I get it working in a dev environment using a role that had broad permissions and then iterate on a new user or role with limited permissions in dev and then production. It’s a slow and painful process that I would like to optimise. I’m AWS but I guess the same problem comes up all clouds.

Hello! Azure question. I want to attach ACR repository to a new AKS cluster. I can do that via

cli

using

--attach-acr <acr_name>

(ex.

az aks ... create --attach-acr <acr_name>

) . How can I do the same via Pulumi? I haven't found anything related to it in

KubernetesCluster

or

KubernetesClusterArgs

. Thanks!

any way to get clearer output for diffs? we'd love for something much more user-readable and comprehensible for reviewers and auditors to look through

Is there a reason to not run a 

pulumi refresh

 before a

pulumi up

?

Hi Team, I'm having issues while pulumi up with the auto generated requirements.txt file, can you please provide solution for this: pulumipulumiStack (Pulumi-latest-dev):     error: an unhandled error occurred: Program exited with non-zero exit code: 3221225781 Installing dependencies... error: installing dependencies via `pip install -r requirements.txt`: exit status 3221225781

Can we get a channel for the Packet provider? 😀

Hi guys, hope everyone is doing well. I'm having stack ls issues while running pulumi (v2.1.6) on windows and using local login (pulumi login --local). Behavior seems to be pretty similar to the one described on this bug: https://github.com/pulumi/pulumi/pull/4094. Is that fix already integrated into 2.1.6? Or should I run a different version. Or what kind of workaround do you suggest?

Is there a way to output cli commands which Pulumi sends to a given cloud provider? I want to see which commands are issued to Azure when I do

pulumi up

. Thanks!

Hi all - I am looking to get started and evaluate Pulumi for a new project. I do not have competency in any of the supported languages and would like to use Rust as my language of choice. While it's straight forward enough to generate code from the protobuf definitions for the sdk, what is unclear to me is how to go about applying this to my cloud provider of choice (GCP). Is it possible to generate something like pulumi-gcp for Rust? Any pointers/suggestions on how to go about doing this? Many thanks in advance! Alex

Has anyone been able to attach a service account as volume on gcp kub

export const secertKub = new k8s.core.v1.Secret("k8ssecert",{data:{
  "key.json": serviceAccountKey.privateKey,
}, metadata:{name:"runtimekey"},apiVersion: "v1", kind:"Secret" },{provider:clusterProvider})





const deployment = new k8s.apps.v1.Deployment(name_c,
    {
        metadata: {
            namespace: namespaceName,
            labels: appLabels,
        },
        spec: {
            replicas: 1,
            selector: { matchLabels: appLabels },
            template: {
                metadata: {
                  
                    labels: appLabels,
                },
                spec: {   
                    volumes:[{name:"runtimekey",secret: {secretName:secertKub.metadata.name}}],
                    serviceAccountName:serviceAccountName,
                    containers: [
                        {
                          env:[{name:"GOOGLE_APPLICATION_CREDENTIALS",value:myProject.projectId},{name:"GOOGLE_CLOUD_PROJECT",value:myProject.projectId},{name:"ENVIRONMENT_TYPE",value:"LOCAL_DEVELOPMENT"}],
                            name: "my-app",
                            image:  dockerCfServices.imageName,
                            ports: [{ name: "http", containerPort: 8080 }],
                            volumeMounts:[{
                              name:"runtimekey",
                              mountPath: "/var/secrets/google"
                            }],
                            
                        },
                    ],
                },
            },
        },
    },
    {
        provider: clusterProvider,
    },
);

If anyone could help me i am willing to pay!

Not being able to use

Output

as part of a resource name is starting to become extremely irritating. Are there no plans to make this possible? Using a StackReference, I have an array of resources (in this case GKE clusters). I need to loop over this and create resources for each one. But I can’t use anything from this because I can’t use an

Output<string>

as a

string

.

When you run

make build

in a Pulumi integration project does it do something weird to your local box. I was attempting to update a terraform provider in the new relic pulumi project and yarn linked the temp module. After reverting that and deleting that project I am seeing these weird errors still.

(⎈ |aws-eks-dev:fieldju-dev) /Users/fieldju/dev/armory-io/pulumi-newrelic-infrastructure (master)
$ p up
Previewing update (prod):
     Type                          Name                                Plan     Info
     pulumi:pulumi:Stack           plumi-newrelic-infrastructure-prod           
     └─ pulumi:providers:newrelic  default_3_0_1                                1 error
 
Diagnostics:
  pulumi:providers:newrelic (default_3_0_1):
    error: rpc error: code = Unknown desc = could not validate provider configuration: 1 error occurred:
        * Internal validation of the provider failed! This is always a bug
    with the provider itself, and not a user issue. Please report
    this bug:
    
    1 error occurred:
        * resource newrelic_nrql_alert_condition: ConflictsWith: critical configuration block reference (term.0) can only be used with TypeList and MaxItems: 1 configuration blocks

but my project still works in CI but somehow I hosed my laptop 🤔 deleting my go path fixed it, the pulumi bin uses go sources on your path?

Is it normal that pulumi executes my code twice? FIrst time to show me what has changed and second when I approve changes.

I'm using the auth0 provider and its failing to destroy because of missing configuration. However, I have the necessary configuration in my YAML file. I think its checking too early, because when I put the necessary configuration into environment variables the operation succeeds.

Do aliases not work on component resources? I'm attempting to rename a resource and preview shows that it and all it's child resources will be replaced. I've tried both the old name and the URN.

Does changing the provider remove the ability to alias? For example, I’m moving some code from the first party provider to 3rd party, and I don’t want the resource to be recreated.

is there a way to force pulumi to continue? it looks like something changed on a lambda function where it wants to delete it, but it won't delete because it's an edge function, and i don't want to wait "a few hours" to continue working

i don't really care if it fails to delete this lambda function, i want to continue

i manually removed it from my stack state, but obviously that's not great because now there's an orphaned resource

If I want to fs.write

Output<string>

, how I can do that? it always gives me this strange output, even if I am using all approaches from here https://www.pulumi.com/docs/intro/concepts/programming-model/#outputs-and-strings (concat, interpolate, apply). Is there a way to do that? My use case, I need to generate xml.config on the fly from Output<string> (storage account) and write to container. Thanks

Just started using pulumi today! Lover how flexible it is, but I have a specific question. i deployed a lambda function in a us-east region, is it possible to easily move it from there to a different region? I was able to change the region in my config and i thought by running pulumi up it would move the lambda for me...that obviously did not work. But at least my config is pointing to the right region now.

How do I create and push to private repo on Docker hub?

Hi all. I have the latest versions of pulumi and the kubernetes etc packages. When I run pulumi update and other commands, it very often fails with

Client.Timeout or context cancellation while reading body

. I don't have any problems interacting with the cluster via kubectl or other tools though. Any suggestions?

Anyone saw the Cloud Development Kit for Terraform (Preview) from AWS? Seems like a lightweight version of Pulumi. Wondering what the @echoing-match-29901 thinks about this https://aws.amazon.com/blogs/developer/introducing-the-cloud-development-kit-for-terraform-preview/

Hi ! I'm trying to use 'pulumi.StackReference' twice in the same pulumi run (different classes) on the same stack, and get the following error:

error: resource 'URN:blabla' registered twice (read and read)

how can I work around it, without passing the "StackReference" result object between the classes? can I check if this resource already exist in the current state? tnx

is it possible to use S3 backed state files hosted on one AWS account, while deploying the resources to another AWS account?

I am trying to update cert manager in K8s using the Helm chart, and Pulumi hangs at updating a CRD. I have also tried uninstalling it and reinstalling. It reinstalled OK, but then I tried to do update to ensure things are OK with Pulumi, and it hangs again at the preview. I am waiting now to see what happens but it's been a while already. Is there a default timeoyt for an update/preview action?

is this an artifact of how pulumi handles plugins? if i run it in a CI job and i have a state that is changing versions, it doesn’t install both versions of the plugin

for example

44 Previewing update (XXXXX):
45 [resource plugin kubernetes-2.1.1] installing
46 Downloading plugin: 20.97 MiB / 20.97 MiB  100.00% 0s
47 Moving plugin... done.
.
.
.
82     pulumi:providers:kubernetes default_2_4_0  1 error
83  
84 Diagnostics:
85   pulumi:providers:kubernetes (default_2_4_0):
86     error: no resource plugin 'kubernetes-v2.4.0' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource kubernetes v2.4.0`