victorious-car-86108
11/04/2020, 2:01 PMError describing created certificate: Expected certificate to be issued but was in state PENDING_VALIDATION
.Ā I've downgraded to Pulumi 2.11.2 with no success. A few issues I've stumbled across:Ā Terraform,Ā Ā interface {} is string, not int,Ā deletion of ACM Certificate. - Any one got any ideas on how to get this running? šbig-account-56668
11/04/2020, 2:53 PM7604 step_executor.go:321] StepExecutor worker(23): step update on urn:pulumi:x::x.cloud::aws:s3/bucket:Bucket::storage-stage failed with an error: transport is closing
7604 step_executor.go:321] StepExecutor worker(23): step update on urn:pulumi:x::x.cloud::aws:s3/bucket:Bucket::storage-stage failed, signalling cancellation
Any ideas? I see other have seen a similar errors transport is closing
often indicating an underlying root cause.hallowed-cat-56281
11/04/2020, 5:51 PMname := fmt.Sprintf("member-%s", member.Username)
args := serviceaccount.IAMMemberArgs{
Role: pulumi.String(member.Role),
Member: pulumi.String(fmt.Sprintf("user:%s", member.EmailAddress)),
}
_, err := serviceaccount.NewIAMMember(ctx, name, &args)
if err != nil {
return err
}
return nil
I get the following error:`missing required argument 'ServiceAccountId'`
However, I do fully understand why itās asking me a ServiceAccountID (and which one) at this point as I was creating IAM Members as follow with Terraform without any issues:
resource "google_project_iam_member" "users" {
role = "roles/viewer"
member = "user:<EMAIL_ADDRESS>"
}
So I understand that itās expecting a fully qualified ServiceAccountID but donāt get why and which one, any ideas?hundreds-musician-51496
11/04/2020, 7:33 PM@pulumi\@pulumi
documentation for typescript on the website. The URL is https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/ but the package does not show up in the sidebar under "API":wet-noon-14291
11/04/2020, 11:05 PMprehistoric-shoe-5168
11/04/2020, 11:13 PMprehistoric-shoe-5168
11/04/2020, 11:14 PMprehistoric-shoe-5168
11/05/2020, 12:14 AMprehistoric-shoe-5168
11/05/2020, 12:16 AMbroad-dog-22463
11/05/2020, 12:16 AMprehistoric-shoe-5168
11/05/2020, 12:17 AMprehistoric-shoe-5168
11/05/2020, 12:17 AMbroad-dog-22463
11/05/2020, 12:18 AMtall-needle-56640
11/05/2020, 2:34 AMencryptionsalt
making that config inaccessible, because the passphrases are different. How can I get around this?nutritious-shampoo-16116
11/05/2020, 9:42 AMnutritious-shampoo-16116
11/05/2020, 9:47 AMripe-xylophone-26538
11/05/2020, 10:23 AMhallowed-cat-56281
11/05/2020, 1:10 PM<http://gcr.io/cloudrun/hello|gcr.io/cloudrun/hello>
) if the service doesnāt exist, or the actual GCR image otherwise).
3. Trigger the pipeline manually so that the GCR image is generated.
4. When running pulumi up
later on, I obviously donāt want to override the last revision of the service with the dummy image if the service is already created and using the proper image.
The solutions I was thiking of are the following:
1. Checking if the service already exists with GetService
-> the issue is that itās requiring an ID, so I canāt get the service until itās created.
2. Using an input variable to differentiate the first time I run `pulumi up`` from the later āupdatesā -> I used this solution with Terraform but I find it a bit dangerous and error-prone.
Any idea what the best way to do something like this would be?
Thanksnutritious-shampoo-16116
11/05/2020, 2:21 PMnutritious-shampoo-16116
11/05/2020, 3:34 PMmammoth-caravan-51104
11/05/2020, 7:31 PMred-area-47037
11/05/2020, 7:32 PMHelm
) and to ClusterIssuer CRs for LetsEncrypt (via k8s.yaml.ConfigFile
).
const certmanagerChart = new k8s.helm.v3.Chart(
'cert-manager',
{
chart: 'cert-manager',
version: 'v1.0.3',
namespace: 'cert-manager',
fetchOpts: {
repo: '<https://charts.jetstack.io>'
},
values: {
installCRDs: true
}
},
{
provider: cluster.provider,
dependsOn: [contourChart]
}
)
const certManagerClusterIssuerLetsEncrypt = new k8s.yaml.ConfigFile(
'cert-manager-clusterissuer-letsencrypt',
{
file: './templates/cert-manager-clusterissuer-letsencrypt.yaml'
},
{
provider: cluster.provider,
dependsOn: [certmanagerChart]
}
)
In more then 50% of the cases the first pulumi up
run fails, as the cert-manager-webhook is not available:
kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer> (cert-manager/letsencrypt-staging):
error: resource cert-manager/letsencrypt-staging was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>": Post <https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s>: no endpoints available for service "cert-manager-webhook"
Running pulumi up
will successfully install the ClusterIssuers as expected. I think there should be a better way, or?tall-needle-56640
11/05/2020, 10:10 PM/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi stack select poc
error: failed to load checkpoint: blob (key ".pulumi/stacks/poc.json") (code=Unknown): -> github.com/Azure/azure-pipeline-go/pipeline.NewError, /Users/runner/go/pkg/mod/github.com/!azure/azure-pipeline-go@v0.2.2/pipeline/error.go:154
HTTP request failed
Get "https://***.blob.core.windows.net/state/.pulumi/stacks/poc.json?timeout=61": dial tcp: lookup OaIuuJpkrLyaAqo6veQ9HtuX6gabZQsrkUil9FoTycAUzL on 127.0.0.5353 server misbehaving
##[debug]Exit code 255 received from tool '/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi'
##[debug]STDIO streams have closed for tool '/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi'Obviously, the stack is not there because the storage account was just created. But the Pulumi task should create it (since
createStack
is set to true
).
Here's my pipeline
steps:
- task: AzureCLI@2
inputs:
azureSubscription: $(azureServiceConnection)
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az group create --location westus --name $(resourceGroupName)
az storage account create --name $(storageName) --resource-group $(resourceGroupName) --location westus --sku Standard_LRS
az storage container create --name $(containerName)
- task: AzurePowerShell@5
inputs:
azureSubscription: $(azureServiceConnection)
ScriptType: 'InlineScript'
Inline: |
$key=(Get-AzStorageAccountKey -ResourceGroupName $(resourceGroupName) -Name $(storageName)).Value[0]
Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_ACCOUNT]$key"
Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_KEY]$key"
azurePowerShellVersion: 'LatestVersion'
pwsh: true
- task: Pulumi@1
displayName: 'Preview Infrastructure Changes'
inputs:
azureSubscription: '$(azureServiceConnection)'
command: 'preview'
loginArgs: 'azblob://$(containerName)'
args: '--diff --refresh --non-interactive --logtostderr'
stack: '$(stackName)'
createStack: true
- task: Pulumi@1
displayName: 'Deploy Infrastructure Changes'
inputs:
azureSubscription: $(azureServiceConnection)
command: 'up'
loginArgs: 'azblob://$(containerName)'
args: '--yes --diff --refresh --non-interactive --skip-preview'
stack: $(stackName)
shy-football-10348
11/06/2020, 3:07 AMshy-football-10348
11/06/2020, 3:07 AMjupyterhub-ecs-infra > pulumi up
Enter your passphrase to unlock config/secrets
(set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember):
Previewing update (jupyterhub-ecs-infra):
Type Name Plan Info
+ pulumi:pulumi:Stack jupyterhub-ecs-infra-jupyterhub-ecs-infra create 2 errors
āā pulumi:pulumi:StackReference notebook-ecs-infra 1 error
Diagnostics:
pulumi:pulumi:StackReference (notebook-ecs-infra):
error: Preview failed: decrypting secret value: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase
pulumi:pulumi:Stack (jupyterhub-ecs-infra-jupyterhub-ecs-infra):
error: preview failed
error: Program failed with an unhandled exception:
shy-football-10348
11/06/2020, 3:08 AMnotebook-ecs-infra
is being referenced when i am clearly on the stack jupyterhub-ecs-infra
when you run pulumi stack ls
shy-football-10348
11/06/2020, 3:08 AMjupyterhub-ecs-infra
stackshy-football-10348
11/06/2020, 3:10 AMshy-football-10348
11/06/2020, 3:10 AMshy-football-10348
11/06/2020, 3:16 AM