https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • c

    clever-cartoon-41433

    03/07/2021, 8:37 PM
    It's just with this particular kubeconfig and not the digitalocean provided one, so I suspect I'm doing something wrong, although if I set it locally it seems to work just fine.
  • s

    sticky-match-71841

    03/08/2021, 10:10 AM
    Any ideas on how to debug pulumi being extremely slow when previewing? I am trying to create a trace while also setting verbosity to 10, and I still don't get any output:
    pulumi up --tracing trace.trace -v 10
    Previewing update (<redacted>)
    
    View Live: <redacted>.
    Sometimes a preview takes 20 minutes to complete, where it recently only took a couple of minutes. Been trying to debug this for a few weeks now, but i have been unable to figure out what causes this
    b
    m
    • 3
    • 4
  • c

    chilly-analyst-14900

    03/08/2021, 11:28 AM
    There doesn't seem to be a API to set the SKU family in Azure Cache for Redis. Is it missing, or am I doing something wrong?
  • c

    chilly-analyst-14900

    03/08/2021, 11:29 AM
    Azure Portal:
    "sku": {
                "name": "Standard",
                "family": "C",
                "capacity": 1
            }
    Pulumi using Azure Native:
    public sealed class SkuArgs : Pulumi.ResourceArgs
    {
        /// <summary>
        /// The size of the RedisEnterprise cluster. Defaults to 2 or 3 depending on SKU. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs.
        /// </summary>
        [Input("capacity")]
        public Input<int>? Capacity { get; set; }
    
        /// <summary>
        /// The type of RedisEnterprise cluster to deploy. Possible values: (Enterprise_E10, EnterpriseFlash_F300 etc.)
        /// </summary>
        [Input("name", required: true)]
        public InputUnion<string, Pulumi.AzureNative.Cache.SkuName> Name { get; set; } = null!;
    
        public SkuArgs()
        {
        }
    }
    b
    • 2
    • 2
  • c

    chilly-analyst-14900

    03/08/2021, 11:34 AM
    Isn't it supported it AzureNative, meaning I have to use the classic provider?
  • c

    clever-lawyer-94920

    03/08/2021, 1:05 PM
    I created an AWS ECR repo and the name assigned had some alphanumeric suffix.
    <http://dkr.ecr.ap-south-1.amazonaws.com/microservices-064ef0a|dkr.ecr.ap-south-1.amazonaws.com/microservices-064ef0a>
    Is there a way to avoid this?
    p
    • 2
    • 2
  • c

    clever-plumber-29709

    03/08/2021, 8:30 PM
    Hey guys, I'm setting the following workflow: CI/CD, system build and publish docker images, on a ecr repo pulumi, manages all the infra, it creates the repo, and create the ecs cluster, task, and serivces that run those images. The idea is to not tag the images with
    :latest
    as is stated in multiples sites, is not a best practice. So the CD system, tags an specific version and pushes it to ecr. Then i want to run pulumi to setup all infra. including the task definition, so pulumi needs to define the container image and tag, at this point. So the problem is that i'm not sure how pulumi will now what is the specific tag it needs to use for the task definition. I first thought of getting the repo info, and getting the latest image from it, but seems like the ecr resources, only allow me to get, the specific repo info, or and specific image info (so i have to ask for an specific tag, which pulumi does not know) I could still do this via boto or aws cli, using list-images and parsing the output to get the latest tag, but i'm wondering if this is the best approach, if i should just use
    :latest
    and force a deploy, when pulumi runs. if if there are other options, or ideas i'm overseeing
    b
    a
    l
    • 4
    • 7
  • l

    loud-battery-37784

    03/08/2021, 8:43 PM
    Is there a best way to figure out when a CLI command was added?
  • l

    loud-battery-37784

    03/08/2021, 8:46 PM
    I figured it out by looking at the source, but still curious if there’s a better way. Maybe add that to the docs? “Available in 2.8.0+” type of thing?
    l
    b
    • 3
    • 10
  • s

    shy-oxygen-8874

    03/08/2021, 11:36 PM
    Hey there. I was trying to destroy a stack that failed a deployment, but for many resources I got the following error:
    * missing required configuration key "aws:region": The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.
        Set a value using the command `pulumi config set aws:region <value>`.
    When I check my pulumi config, I have that set:
    >pulumi config 
    KEY         VALUE
    aws:region  us-west-2
    I'm on 2.18.0, is this a known issue or am I doing something wrong?
    l
    b
    • 3
    • 23
  • a

    adorable-musician-67025

    03/09/2021, 10:24 AM
    We are using Pulumi credential providers to configure stack on 3 different accounts. We are using roles on Jenkins to provision resources. With all things being created, if we re-run pulumi up, we encounter a problem that provider changes and pulumi wants to update/replace resources which really haven't changed. We suspect it happens because credentials are different as role based approach doesn't use static ones, so providers serialized in state file aren't the same anymore. Does anyone know how to approach this? Can we tell pulumi to ignore such?
    l
    • 2
    • 5
  • w

    worried-knife-31967

    03/09/2021, 12:37 PM
    If I want to create a resource that is managed in the lifecycle of other core resources, is there a guide? my google fu is failing me. There is something I need to create that hits an API endpoint. So if the endpoint fails, I want to the resource creation to fail... so I'm thinking that this is a custom resource that has create/update/delete operations? Any reference material for doing this in .NET?
    l
    • 2
    • 2
  • b

    bitter-river-54082

    03/09/2021, 12:53 PM
    Hello, I have an issue with creating a service linked role in IAM as part of my deployment. I have RDS instance in my deployment, and I add for it the following in my iam.ts :
    new aws.iam.ServiceLinkedRole("analyticsdb", {
        awsServiceName: "<http://rds.amazonaws.com|rds.amazonaws.com>",
    })
    Everything is ok as long as this is the first (or only) deployment in the specific AWS account, but if I do few deployments on the same account all deployments after the first one will fail, because I cannot have more than one RDS service linked role. How should I solve this kind of issue?
  • f

    flat-insurance-25294

    03/09/2021, 12:55 PM
    I need to generate RSA key pairs and send the public one to a Lambda@Edge (AWS) while storing the private one as a secret to later load as a configMap file. How do I ensure that I don’t keep making new keys over and over? It seems like you can’t store secrets with a key, like everything else.
    m
    g
    • 3
    • 6
  • f

    flat-insurance-25294

    03/09/2021, 12:56 PM
    I need something like
    const privateKey = Config.getOrCreateSecret("my_secret", private_key)
  • f

    flat-insurance-25294

    03/09/2021, 1:00 PM
    If I use
    pulimi.secret(value)
    what do I use to fetch it with
    config.getSecret(---?)
    ?
    m
    • 2
    • 14
  • w

    worried-knife-31967

    03/09/2021, 1:15 PM
    How would you go about creating a random value that isn't changed per-deployment? i.e. something like a password that you want to be created on first build then not updated?
    d
    f
    • 3
    • 4
  • a

    acceptable-stone-35112

    03/09/2021, 1:19 PM
    registerStackTransformation fails with following exception. how come that stack is not initialized in my index.ts when console.log(pulumi.getStack()) returns correct stack name? Error: The root stack resource was referenced before it was initialized. at Object.registerStackTransformation (..... \node_modules\@pulumi\pulumi\runtime\stack.js:211:15)
  • f

    flat-insurance-25294

    03/09/2021, 1:26 PM
    So I just noticed
    Note: All attributes including the generated password will be stored in the raw state as plain-text. Read more about sensitive data in state.
    in https://www.pulumi.com/docs/reference/pkg/random/randompassword/ This wasn’t there before, so what is the best approach now to generate a password that isn’t in cleartext? We use this to generate password for RDS.
    b
    • 2
    • 8
  • b

    bulky-continent-73012

    03/09/2021, 1:43 PM
    I am using Pulumi to manage the AWS infra. to create EKS cluster. every time i want to create the EKS i get this error: * error creating EKS Cluster (XXX-XXX-XXX-XXX): AccessDeniedException:        status code: 403, request id: f92ea933-c085-491d-8e52-9234fb53c17f Now my questions are: • What type of identity-based policies and permissions do i need to create the EKS cluster • How can i get more meaningful information from the Pulumi on the missing identity-based policies and permissions
    b
    • 2
    • 1
  • a

    acceptable-stone-35112

    03/09/2021, 2:20 PM
    It seems like this problem happens when trying to run transformations defined in different project (I have them in other repo published as npm, so I can reuse in all projects) registerStackTransformation fails with following exception. how come that stack is not initialized in my index.ts when console.log(pulumi.getStack()) returns correct stack name? Error: The root stack resource was referenced before it was initialized.         at Object.registerStackTransformation (..... \node_modules\@pulumi\pulumi\runtime\stack.js:211:15)
    l
    • 2
    • 11
  • a

    acceptable-forest-23292

    03/09/2021, 2:24 PM
    hey guys i have this step in our GH action
    - name: Select Staging Stack
            uses: <docker://pulumi/actions>
            with:
              args: stack select staging
            env:
              AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
              AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
              PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
              PULUMI_ROOT: ${{ env.PULUMI_ROOT }}
    but when i run it it returns me this error
    error: no Pulumi.yaml project file found (searching upwards from /github/workspace). If you have not created a project yet, use `pulumi new` to do so
    I understand that the workflow can’t find the pulumi folder but I have set the variable
    env.PULUMI_ROOT
    to point to where the project is
    PULUMI_ROOT: apps/.pulumi
    am I missing something?
    l
    • 2
    • 4
  • b

    boundless-airport-99052

    03/09/2021, 2:51 PM
    Hello team, I wrote a Dynamic Providers and I wonder if the resources created this way can be refreshed? I can’t figure it out.
    t
    • 2
    • 15
  • w

    worried-knife-31967

    03/09/2021, 3:17 PM
    has anyone tried calling an Http endpoint from inside pulumi for .NET?
  • b

    broad-dog-22463

    03/09/2021, 3:24 PM
    @tall-librarian-49374 would love your thoughts on that ☝️ I was on a call with @worried-knife-31967 and could see some weird behaviour
    t
    w
    b
    • 4
    • 26
  • c

    clever-cartoon-41433

    03/09/2021, 9:46 PM
    So, I've created my cluster in digitalocean and I'm directly passing the kubeconfig into the provider. Today, I modified the "shared" pulumi project I"m using between all of my environments (I use the same cluster for dev/staging/prod via Loft's virtual cluster feature), and suddenly I can't make any updates. I"ve made no changes to the provider that I can remember but it's now errorng like this every time it tries to update:
    configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
  • c

    clever-cartoon-41433

    03/09/2021, 9:46 PM
    It says this for every pending update to the cluster, even though it can somehow detect that there are diffs?...
    l
    • 2
    • 37
  • c

    curved-pharmacist-41509

    03/10/2021, 3:21 AM
    Is the preview phase skipped for a new stack? We seem to have an issue where the first
    up
    doesn’t run code which is checking for
    isDryMode()
    w
    • 2
    • 4
  • c

    clever-cartoon-41433

    03/10/2021, 4:45 AM
    I literally didn't understand Haskell's monads until I read the docs for Pulumi's outputs and realized "oh wait, these are just monads" Dunno how that happened but thanks
    👍 2
    t
    • 2
    • 1
  • b

    bulky-continent-73012

    03/10/2021, 9:18 AM
    Dear All, I have a problem with creating EKS cluster using Pulumi. I receive this error:
    accure1/xxxxxx-xxxxx/dev (pulumi:pulumi:Stack)
    error: update failed
    xxxxxx-eks-cluster (aws:eks:Cluster)
    error: 1 error occurred:
    * creating urn:pulumi:dev::xxxxx-xxxxx::aws:eks/cluster:Cluster::xxxxx-eks-cluster: 1 error occurred:
    * AccessDeniedException:
    status code: 403, request id: 4d642e75-03cc-4a60-ab0d-34911e23a39f
    When i looked at the CloudTrail i see no error code. So all resources are created. Moreover, the error indicate creating "urn😛ulumi:dev". Could you pls help me to remove this error I also can not destroy the created resources:
    pulumi:pulumi:Stack (xxxxx-xxxxxx-dev):
    error: update failed
    aws:eks:Cluster (xxxxxx-eks-cluster):
    error: deleting urn:pulumi:dev::xxxxx-xxxx::aws:eks/cluster:Cluster::xxxxx-eks-cluster: 1 error occurred:
    * error waiting for EKS Cluster (xxxxxxx-eks-cluster-c0130d5) deletion: AccessDeniedException:
    status code: 403, request id: f81c9336-3a10-40d2-8c2a-fbc76018ce6f
    m
    b
    • 3
    • 3
Powered by Linen
Title
b

bulky-continent-73012

03/10/2021, 9:18 AM
Dear All, I have a problem with creating EKS cluster using Pulumi. I receive this error:
accure1/xxxxxx-xxxxx/dev (pulumi:pulumi:Stack)
error: update failed
xxxxxx-eks-cluster (aws:eks:Cluster)
error: 1 error occurred:
* creating urn:pulumi:dev::xxxxx-xxxxx::aws:eks/cluster:Cluster::xxxxx-eks-cluster: 1 error occurred:
* AccessDeniedException:
status code: 403, request id: 4d642e75-03cc-4a60-ab0d-34911e23a39f
When i looked at the CloudTrail i see no error code. So all resources are created. Moreover, the error indicate creating "urn😛ulumi:dev". Could you pls help me to remove this error I also can not destroy the created resources:
pulumi:pulumi:Stack (xxxxx-xxxxxx-dev):
error: update failed
aws:eks:Cluster (xxxxxx-eks-cluster):
error: deleting urn:pulumi:dev::xxxxx-xxxx::aws:eks/cluster:Cluster::xxxxx-eks-cluster: 1 error occurred:
* error waiting for EKS Cluster (xxxxxxx-eks-cluster-c0130d5) deletion: AccessDeniedException:
status code: 403, request id: f81c9336-3a10-40d2-8c2a-fbc76018ce6f
m

microscopic-dress-1605

03/10/2021, 10:19 AM
I guess the IAM user or role you are using to provision with Pulumi does not have the right access rights to create an EKS cluster or one of its components.
🙌 1
This is an error returned by the AWS API.
🙌 1
b

brave-planet-10645

03/10/2021, 10:25 AM
So that error message is coming back from AWS. We can only show you what they send us. AWS has docs explaining what you need to set up IAM-wise here: https://docs.aws.amazon.com/eks/latest/userguide/security-iam.html If you're just getting started, you can probably create a user with admin access and that will help you. You'll need to lock down access as you move on though
🙌 1
View count: 1