So I got the image src working by using relative addressing which is a workaround. The interpolate still does not work and I don't really understand why. I suspect it is an async issue with promises.

Let me know if I should redirect this to another channel but I have a quick eks node group question. In typescript, when defining an eks.NodeGroup, I need to define the following but not quite sure where it goes.

kubeletExtraConfig:
      kubeReserved:
        memory: "64Mi"
      kubeReservedCgroup: "/kube-reserved"
      systemReserved:
        memory: "13Mi"
      evictionHard:
        memory.available:  "25Mi"
      featureGates:
        DynamicKubeletConfig: true

I do have this context for the "kubeletExtraArgs"

No value exists in scope for the shorthand property 'kubeletExtraArgs'. Either declare one or provide an initializer.ts(18004)

Is there a way to prevent accidental deletion of resources created by Pulumi? Also, what happens if the metadata is lost? for example, say I store my Pulumi state at Google Cloud Storage and the storage bucket gets deleted - what happens to the resources created?

If I store password using

PULUMI_CONFIG_PASSPHRASE_FILE

, how safe would be so store ciphertext publicly? Didn't look at code/docs, which encryption does it use? This question also applys if i store it with KMS (gcp/aws)?

Hmm, changing a property on an imported

Pulumi.AzureNative.Web.WebApp

is causing

pulumi preview

to seemingly hang indefinitely. It prints the resource and shows there's a diff, but then never finishes.

-v=9

shows a ton of

Registering resource monitor end

at the end of the logs which sounds like it's doing everything it needs to, but just never finishing up the preview. Any ideas on what to do?

Scratch that, entirely my fault. Had some async tasks not completing.

Design question; I have some infrastructure that is going to be quite re-used, for instance I'll have a single VPC for many "stacks". In Terraform I would probably have things like VPC, route53 zones, etc. defined in the root, and "sub-projects" defined as modules with ids as input. In pulumi I'm not sure what the best approach would be. • I could have a stack that creates the common infrastructure and other stacks that refer to its resources using stack reference • I could a single stack with everything combined (and using typescript features to split into logical folders/files) • I could create a component resource that encapsulates "child projects" Any thoughts?

Another question, I don't think I understand outputs properly, neither of these work

const vpcId = terraformState.outputs["vpc_id"];
const infraVPC = await aws.ec2.getVpc({ id: vpcId });

const vpcId = terraformState.outputs["vpc_id"];
const infraVPC = await aws.ec2.getVpc({ id: vpcId.get() });

since

getVpc

doesn't accept Inputs/Ouputs, how can I achieve this?

Question about plugins. We are seeing this error, but only in CI. We aren’t using this alpha package anymore and it doesn’t exist in our code anywhere.

stderr: error: could not load plugin for aws provider 'urn:pulumi:development-johnstonbl01::nacelle-services-dilithium::pulumi:providers:aws::default_3_35_0_alpha_1617104857': no resource plugin 'aws-v3.35.0-alpha.1617104857' found in the workspace or on your $PATH, install the plugin using pulumi plugin install resource aws v3.35.0-alpha.1617104857

Is it possible to assert within code if pulumi is running in preview mode?

Just a quick question, say I provision a s3 bucket A using pulumi, and provision another bucket B via web console. If I run

pulumi refresh

, will bucket B reflect in state file? Thanks in advance.

What does a specific pulumi plugin include? How is it related to language specific packages?

When using the OpenStack provider (and possibly other providers?) it seems to be storing both username and password the Pulumi state – how to avoid that? Very unsafe and unnecessary (it also generates a diff depending on who updates the stack) 😅

Hi folks! I'm trying to deploy my infrastructure to AWS China and have an issue during s3 creation. Behavior is same as in the following terraform issue: https://github.com/hashicorp/terraform-provider-aws/issues/15420. That problem was fixed in terraform provider 3.16.0, but looks like is still relevant for pulumi cli 2.24.1 (which is dependent on terraform provider 3.36.0) I'm using the same code which works fine for AWS in eu-central-1, so I'm sure that it's correct. Also, buckets themselves are created, it's related to some post-creation checks, I believe. Can anybody advice some workaround, or shall I open an issue on github?

When setting config values via Pulumi CLI, the .yaml indentation is different from when making manual changes in vs code with format-on-save. Anyone figured out the right .editorconfig or plugin to have the same formatting in VS Code as the Pulumi CLI?

What's a good workflow for transferring Pulumi resources from Project A to Project B, within the same org? Would we import the resources into Project B, and then somehow delete Project A without destroying the resources in Project A?

Ok.. I've got a bit of a crazy idea for something. I'll paste more info in the thread of this message - but the gist is: I would like to generate passwords for rabbitmq (which is done with a silly sha256/512 hashing algorithm with a salt converted to base64). To do that, I'd like to use pulumi/random RandomPassword module for the passwords themselves - and put them into azure keyvault. However, I also need to pass those passwords in their rabbitmq-obfuscated-hashed form into a json object as values for rabbitmq config and put into a kubernetes secret (or more likely, throw into keyvault and use keyvault sync to create the secret). The fun begins..

has anyone ever used the datadog provider ? I am in a mouse/cat game where it looks like 'something' (could be our ci/cd pipeine?) is changing the integration all the times, even if I don't see a diff with pulumi up. is that possible? I basically go on the datadog ui and I read

Datadog is not authorized to perform action sts:AssumeRole Account affected:...

I wonder if this snippet:

<https://www.pulumi.com/docs/reference/pkg/datadog/aws/integration/> 

Calls also their APIs messing around stuff, the Role doesn't change at all so I am a bit puzzled on what is breaking the integration

Hi, anyone confirm this is correct cli Pulumi up --yes --config-file Pulumi.oct.yaml , its in the right directory etc, but its saying these are unknown flags

try = between --config-file and the file name

Anyone know if https://www.pulumi.com/docs/guides/continuous-delivery/github-app/ can work with an s3 backend?

Pulumi Kubernetes / Blue-Green Deployment outside scope Pulumi I have created a k8s cluster on GCE, created the Deployment/ClusterIp/Ingress on Pulumi My Dev Team use Codefresh for CI/CD with Blue/Green to deliver/deploy the new feature/bug fixes to the cluster. The question or challenge is, the deployment/cluster ip change in name, labels, matchLabels accordly the plugin/script provided by Codefresh to do this. So my question is: how can I sync this modification made outside Pulumi ?

Modifyng GKE cluster If I modify the machine Type on a GKE cluster using pulumi, which be the expected behaviors? The new cluster is created with the new machine Type while the resources on the old cluster are moved graduately to this new cluster?

I am often struggling to write reusable code and I think im doing something wrong. For example right now im provisioning a second database and migrating the main one to it. Something that could've been 3 lines of code ended up forcing me to copy paste a bunch of methods or add parameters because every resource URN ended up being a duplicate (including passwords). There should be a better way of doing this, but with the length limitations im struggling to find a good convention for URNs that can be done programatically (eg concatenating a couple of parameters).

Hello guys I was using

<https://github.com/pulumi/pulumi-tf-provider-boilerplate>

to setup bridge to yandex.cloud. I was able to generate all the necessary files for sdk and depend on it in my go infra. But it keeps saying that there is not resource found for yandex provider How should I fix that?

I am pulling from this directory

<https://github.com/aladmit/pulumi-yandex>

anyone knows how to get provider related configuration from code (basically from another namespace)? (for example gcp project)

Design question: I have a microservice™️ that will handle SNS topics, for instance posting a message the topic

arn:aws:sns:us-east-1:1234:foo

will send a HTTP call to example.com/myservice/foo-sns-handler Now, I need Pulumi to subscribe to that topic once that service is deployed, something like

new aws.sns.TopicSubscription(
    'my-topic',
    {
      topic: 'arn:aws:sns:us-east-1:1234:foo',
      endpoint: `${myServiceEndpoint}/foo-sns-handler`,
      protocol: 'https',
    },

I would like to avoid having to define the SNS topic in my service and in Pulumi, ideally there would be a single place where the "topic -> handler" relation is defined. Does that make sense? Any ideas? -- In other words, I'm looking for a way to have a service declare the resources it needs, and have pulumi handle those resources during deployment (doesn't have to be an SNS topic, could be S3 buckets or any other pulumi resources)

hello guys, quick question.. he have been running pulumi on a trial version for the last few weeks and we have made the decision to continue using it when the trial is over. for that we need to put a credit card and activate the subscription. issue is, that I do not have access to the company credit card, I need to create a user for the financial department so they can put the credit card and every month download the invoice. I could do this creating a user in the gui, but I don't want to waste a seat on a user that is only gonna be active to put the credit card and once a month download an invoice. so.. is there a way to give access to billing to a user without having to pay for that user ?