It's just with this particular kubeconfig and not the digitalocean provided one, so I suspect I'm doing something wrong, although if I set it locally it seems to work just fine.

Any ideas on how to debug pulumi being extremely slow when previewing? I am trying to create a trace while also setting verbosity to 10, and I still don't get any output:

pulumi up --tracing trace.trace -v 10
Previewing update (<redacted>)

View Live: <redacted>.

Sometimes a preview takes 20 minutes to complete, where it recently only took a couple of minutes. Been trying to debug this for a few weeks now, but i have been unable to figure out what causes this

There doesn't seem to be a API to set the SKU family in Azure Cache for Redis. Is it missing, or am I doing something wrong?

Azure Portal:

"sku": {
            "name": "Standard",
            "family": "C",
            "capacity": 1
        }

Pulumi using Azure Native:

public sealed class SkuArgs : Pulumi.ResourceArgs
{
    /// <summary>
    /// The size of the RedisEnterprise cluster. Defaults to 2 or 3 depending on SKU. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs.
    /// </summary>
    [Input("capacity")]
    public Input<int>? Capacity { get; set; }

    /// <summary>
    /// The type of RedisEnterprise cluster to deploy. Possible values: (Enterprise_E10, EnterpriseFlash_F300 etc.)
    /// </summary>
    [Input("name", required: true)]
    public InputUnion<string, Pulumi.AzureNative.Cache.SkuName> Name { get; set; } = null!;

    public SkuArgs()
    {
    }
}

Isn't it supported it AzureNative, meaning I have to use the classic provider?

I created an AWS ECR repo and the name assigned had some alphanumeric suffix.

<http://dkr.ecr.ap-south-1.amazonaws.com/microservices-064ef0a|dkr.ecr.ap-south-1.amazonaws.com/microservices-064ef0a>

Is there a way to avoid this?

Hey guys, I'm setting the following workflow: CI/CD, system build and publish docker images, on a ecr repo pulumi, manages all the infra, it creates the repo, and create the ecs cluster, task, and serivces that run those images. The idea is to not tag the images with

:latest

as is stated in multiples sites, is not a best practice. So the CD system, tags an specific version and pushes it to ecr. Then i want to run pulumi to setup all infra. including the task definition, so pulumi needs to define the container image and tag, at this point. So the problem is that i'm not sure how pulumi will now what is the specific tag it needs to use for the task definition. I first thought of getting the repo info, and getting the latest image from it, but seems like the ecr resources, only allow me to get, the specific repo info, or and specific image info (so i have to ask for an specific tag, which pulumi does not know) I could still do this via boto or aws cli, using list-images and parsing the output to get the latest tag, but i'm wondering if this is the best approach, if i should just use

:latest

and force a deploy, when pulumi runs. if if there are other options, or ideas i'm overseeing

Is there a best way to figure out when a CLI command was added?

I figured it out by looking at the source, but still curious if there’s a better way. Maybe add that to the docs? “Available in 2.8.0+” type of thing?

Hey there. I was trying to destroy a stack that failed a deployment, but for many resources I got the following error:

* missing required configuration key "aws:region": The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.
    Set a value using the command `pulumi config set aws:region <value>`.

When I check my pulumi config, I have that set:

>pulumi config 
KEY         VALUE
aws:region  us-west-2

I'm on 2.18.0, is this a known issue or am I doing something wrong?

We are using Pulumi credential providers to configure stack on 3 different accounts. We are using roles on Jenkins to provision resources. With all things being created, if we re-run pulumi up, we encounter a problem that provider changes and pulumi wants to update/replace resources which really haven't changed. We suspect it happens because credentials are different as role based approach doesn't use static ones, so providers serialized in state file aren't the same anymore. Does anyone know how to approach this? Can we tell pulumi to ignore such?

If I want to create a resource that is managed in the lifecycle of other core resources, is there a guide? my google fu is failing me. There is something I need to create that hits an API endpoint. So if the endpoint fails, I want to the resource creation to fail... so I'm thinking that this is a custom resource that has create/update/delete operations? Any reference material for doing this in .NET?

Hello, I have an issue with creating a service linked role in IAM as part of my deployment. I have RDS instance in my deployment, and I add for it the following in my iam.ts :

new aws.iam.ServiceLinkedRole("analyticsdb", {
    awsServiceName: "<http://rds.amazonaws.com|rds.amazonaws.com>",
})

Everything is ok as long as this is the first (or only) deployment in the specific AWS account, but if I do few deployments on the same account all deployments after the first one will fail, because I cannot have more than one RDS service linked role. How should I solve this kind of issue?

I need to generate RSA key pairs and send the public one to a Lambda@Edge (AWS) while storing the private one as a secret to later load as a configMap file. How do I ensure that I don’t keep making new keys over and over? It seems like you can’t store secrets with a key, like everything else.

I need something like

const privateKey = Config.getOrCreateSecret("my_secret", private_key)

If I use

pulimi.secret(value)

what do I use to fetch it with

config.getSecret(---?)

?

How would you go about creating a random value that isn't changed per-deployment? i.e. something like a password that you want to be created on first build then not updated?

registerStackTransformation fails with following exception. how come that stack is not initialized in my index.ts when console.log(pulumi.getStack()) returns correct stack name? Error: The root stack resource was referenced before it was initialized. at Object.registerStackTransformation (..... \node_modules\@pulumi\pulumi\runtime\stack.js:211:15)

So I just noticed

Note: All attributes including the generated password will be stored in the raw state as plain-text. Read more about sensitive data in state.

in https://www.pulumi.com/docs/reference/pkg/random/randompassword/ This wasn’t there before, so what is the best approach now to generate a password that isn’t in cleartext? We use this to generate password for RDS.

I am using Pulumi to manage the AWS infra. to create EKS cluster. every time i want to create the EKS i get this error: * error creating EKS Cluster (XXX-XXX-XXX-XXX): AccessDeniedException:        status code: 403, request id: f92ea933-c085-491d-8e52-9234fb53c17f Now my questions are: • What type of identity-based policies and permissions do i need to create the EKS cluster • How can i get more meaningful information from the Pulumi on the missing identity-based policies and permissions

It seems like this problem happens when trying to run transformations defined in different project (I have them in other repo published as npm, so I can reuse in all projects) registerStackTransformation fails with following exception. how come that stack is not initialized in my index.ts when console.log(pulumi.getStack()) returns correct stack name? Error: The root stack resource was referenced before it was initialized.         at Object.registerStackTransformation (..... \node_modules\@pulumi\pulumi\runtime\stack.js:211:15)

hey guys i have this step in our GH action

- name: Select Staging Stack
        uses: <docker://pulumi/actions>
        with:
          args: stack select staging
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
          PULUMI_ROOT: ${{ env.PULUMI_ROOT }}

but when i run it it returns me this error

error: no Pulumi.yaml project file found (searching upwards from /github/workspace). If you have not created a project yet, use `pulumi new` to do so

I understand that the workflow can’t find the pulumi folder but I have set the variable

env.PULUMI_ROOT

to point to where the project is

PULUMI_ROOT: apps/.pulumi

am I missing something?

Hello team, I wrote a Dynamic Providers and I wonder if the resources created this way can be refreshed? I can’t figure it out.

has anyone tried calling an Http endpoint from inside pulumi for .NET?

@tall-librarian-49374 would love your thoughts on that ☝️ I was on a call with @worried-knife-31967 and could see some weird behaviour

So, I've created my cluster in digitalocean and I'm directly passing the kubeconfig into the provider. Today, I modified the "shared" pulumi project I"m using between all of my environments (I use the same cluster for dev/staging/prod via Loft's virtual cluster feature), and suddenly I can't make any updates. I"ve made no changes to the provider that I can remember but it's now errorng like this every time it tries to update:

configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

It says this for every pending update to the cluster, even though it can somehow detect that there are diffs?...

Is the preview phase skipped for a new stack? We seem to have an issue where the first

up

doesn’t run code which is checking for

isDryMode()

I literally didn't understand Haskell's monads until I read the docs for Pulumi's outputs and realized "oh wait, these are just monads" Dunno how that happened but thanks