prehistoric-shoe-5168
11/05/2020, 12:17 AMbroad-dog-22463
11/05/2020, 12:18 AMtall-needle-56640
11/05/2020, 2:34 AMencryptionsalt
making that config inaccessible, because the passphrases are different. How can I get around this?nutritious-shampoo-16116
11/05/2020, 9:42 AMnutritious-shampoo-16116
11/05/2020, 9:47 AMripe-xylophone-26538
11/05/2020, 10:23 AMhallowed-cat-56281
11/05/2020, 1:10 PM<http://gcr.io/cloudrun/hello|gcr.io/cloudrun/hello>
) if the service doesn’t exist, or the actual GCR image otherwise).
3. Trigger the pipeline manually so that the GCR image is generated.
4. When running pulumi up
later on, I obviously don’t want to override the last revision of the service with the dummy image if the service is already created and using the proper image.
The solutions I was thiking of are the following:
1. Checking if the service already exists with GetService
-> the issue is that it’s requiring an ID, so I can’t get the service until it’s created.
2. Using an input variable to differentiate the first time I run `pulumi up`` from the later “updates” -> I used this solution with Terraform but I find it a bit dangerous and error-prone.
Any idea what the best way to do something like this would be?
Thanksnutritious-shampoo-16116
11/05/2020, 2:21 PMnutritious-shampoo-16116
11/05/2020, 3:34 PMmammoth-caravan-51104
11/05/2020, 7:31 PMred-area-47037
11/05/2020, 7:32 PMHelm
) and to ClusterIssuer CRs for LetsEncrypt (via k8s.yaml.ConfigFile
).
const certmanagerChart = new k8s.helm.v3.Chart(
'cert-manager',
{
chart: 'cert-manager',
version: 'v1.0.3',
namespace: 'cert-manager',
fetchOpts: {
repo: '<https://charts.jetstack.io>'
},
values: {
installCRDs: true
}
},
{
provider: cluster.provider,
dependsOn: [contourChart]
}
)
const certManagerClusterIssuerLetsEncrypt = new k8s.yaml.ConfigFile(
'cert-manager-clusterissuer-letsencrypt',
{
file: './templates/cert-manager-clusterissuer-letsencrypt.yaml'
},
{
provider: cluster.provider,
dependsOn: [certmanagerChart]
}
)
In more then 50% of the cases the first pulumi up
run fails, as the cert-manager-webhook is not available:
kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer> (cert-manager/letsencrypt-staging):
error: resource cert-manager/letsencrypt-staging was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>": Post <https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s>: no endpoints available for service "cert-manager-webhook"
Running pulumi up
will successfully install the ClusterIssuers as expected. I think there should be a better way, or?tall-needle-56640
11/05/2020, 10:10 PM/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi stack select poc
error: failed to load checkpoint: blob (key ".pulumi/stacks/poc.json") (code=Unknown): -> github.com/Azure/azure-pipeline-go/pipeline.NewError, /Users/runner/go/pkg/mod/github.com/!azure/azure-pipeline-go@v0.2.2/pipeline/error.go:154
HTTP request failed
Get "https://***.blob.core.windows.net/state/.pulumi/stacks/poc.json?timeout=61": dial tcp: lookup OaIuuJpkrLyaAqo6veQ9HtuX6gabZQsrkUil9FoTycAUzL on 127.0.0.53:53: server misbehaving
##[debug]Exit code 255 received from tool '/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi'
##[debug]STDIO streams have closed for tool '/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi'Obviously, the stack is not there because the storage account was just created. But the Pulumi task should create it (since
createStack
is set to true
).
Here's my pipeline
steps:
- task: AzureCLI@2
inputs:
azureSubscription: $(azureServiceConnection)
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
az group create --location westus --name $(resourceGroupName)
az storage account create --name $(storageName) --resource-group $(resourceGroupName) --location westus --sku Standard_LRS
az storage container create --name $(containerName)
- task: AzurePowerShell@5
inputs:
azureSubscription: $(azureServiceConnection)
ScriptType: 'InlineScript'
Inline: |
$key=(Get-AzStorageAccountKey -ResourceGroupName $(resourceGroupName) -Name $(storageName)).Value[0]
Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_ACCOUNT]$key"
Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_KEY]$key"
azurePowerShellVersion: 'LatestVersion'
pwsh: true
- task: Pulumi@1
displayName: 'Preview Infrastructure Changes'
inputs:
azureSubscription: '$(azureServiceConnection)'
command: 'preview'
loginArgs: 'azblob://$(containerName)'
args: '--diff --refresh --non-interactive --logtostderr'
stack: '$(stackName)'
createStack: true
- task: Pulumi@1
displayName: 'Deploy Infrastructure Changes'
inputs:
azureSubscription: $(azureServiceConnection)
command: 'up'
loginArgs: 'azblob://$(containerName)'
args: '--yes --diff --refresh --non-interactive --skip-preview'
stack: $(stackName)
shy-football-10348
11/06/2020, 3:07 AMshy-football-10348
11/06/2020, 3:07 AMjupyterhub-ecs-infra > pulumi up
Enter your passphrase to unlock config/secrets
(set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember):
Previewing update (jupyterhub-ecs-infra):
Type Name Plan Info
+ pulumi:pulumi:Stack jupyterhub-ecs-infra-jupyterhub-ecs-infra create 2 errors
└─ pulumi:pulumi:StackReference notebook-ecs-infra 1 error
Diagnostics:
pulumi:pulumi:StackReference (notebook-ecs-infra):
error: Preview failed: decrypting secret value: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase
pulumi:pulumi:Stack (jupyterhub-ecs-infra-jupyterhub-ecs-infra):
error: preview failed
error: Program failed with an unhandled exception:
shy-football-10348
11/06/2020, 3:08 AMnotebook-ecs-infra
is being referenced when i am clearly on the stack jupyterhub-ecs-infra
when you run pulumi stack ls
shy-football-10348
11/06/2020, 3:08 AMjupyterhub-ecs-infra
stackshy-football-10348
11/06/2020, 3:10 AMshy-football-10348
11/06/2020, 3:10 AMshy-football-10348
11/06/2020, 3:16 AMbillions-waitress-26583
11/06/2020, 4:37 AMbillowy-laptop-45963
11/06/2020, 5:08 AMbillowy-laptop-45963
11/06/2020, 5:12 AMearly-kite-86569
11/06/2020, 6:04 AMpulumi
isn't installed but it should be installed as a part of my build setup.
Link to project deps
Link to workflow file
Link to the build log (go to pulumi-preview
job)
Any help would be greatly appreciated!nutritious-shampoo-16116
11/06/2020, 9:40 AMproud-afternoon-49521
11/06/2020, 11:06 AMnice-postman-4638
11/06/2020, 12:55 PMexport DATABASE_PASSWORD=$(pulumi config get dbPassword)
but how to I stop this from printing into it:
warning: A new version of Pulumi is available. To upgrade from version '2.12.1' to '2.13.0', visit <https://pulumi.com/docs/reference/install/> for manual instructions and release notes.
red-keyboard-36959
11/06/2020, 1:00 PMlemon-tomato-90786
11/06/2020, 4:31 PMhundreds-toddler-20724
11/06/2020, 7:06 PMpanic: interface conversion: interface {} is nil, not map[string]interface {}
cool-egg-852
11/06/2020, 8:09 PMcool-egg-852
11/06/2020, 8:09 PMbroad-dog-22463
11/06/2020, 9:05 PMcool-egg-852
11/06/2020, 10:02 PMSshFile
or something. Basically what would happen is that pulumi would ssh to the server, and update the contents, and or create the file given a specific path.