https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    breezy-lamp-49479

    04/05/2021, 8:07 PM
    I0405 16:06:29.686814 70169 eventsink.go:59] AWS Auth provider used: “EnvProvider” I0405 16:06:29.686888 70169 eventsink.go:62] eventSink::Debug(<{%reset%}>AWS Auth provider used: “EnvProvider”<{%reset%}>) I0405 16:06:29.690785 70169 eventsink.go:59] Trying to get account information via iam:GetUser I0405 16:06:29.690801 70169 eventsink.go:62] eventSink::Debug(<{%reset%}>Trying to get account information via iam:GetUser<{%reset%}>) is where it gets stuck if I don’t skip the checks
  • g

    gentle-monitor-55086

    04/05/2021, 8:08 PM
    How do you do something only when a resource is actually created or destroyed. Like say i'm generating a value and storing it in a db every time an ec2 is created. But i only want to actually store the value if pulumi is actively creating the resource (or dropping it if the resource is being destroyed) Seems like the only place i can do something like that is a dynamic provider, but that also just seems really heavy handed and like i'm missing some sort of ".on('create')" event or something
    g
    b
    • 3
    • 3
  • b

    brave-angle-33257

    04/05/2021, 10:37 PM
    hi - trying to find an example of using automation API with s3 storage backend
    g
    r
    • 3
    • 11
  • e

    enough-leather-70274

    04/06/2021, 5:27 AM
    Hi folks - I'm trying to configure my container-based CI system (Bitbucket pipelines) to deploy my Python3.9-based pulumi project (we're hoping to go to 3.10 soon) I'm using the
    pulumi/pulumi-python:latest
    image, but
    pulumi preview
    is throwing errors as that image uses Python 3.7. What's the best way to resolve this?
    l
    r
    h
    • 4
    • 23
  • s

    stocky-lion-64552

    04/06/2021, 7:51 AM
    Can I use
    upsert
    for the pulumi github action with the
    awskms
    secret provider? I see there's an option to add
    PULUMI_CONFIG_PASSPHRASE
    as env var, but I don't see an env var for the secret-provider
    g
    • 2
    • 3
  • h

    handsome-state-59775

    04/06/2021, 8:49 AM
    is there a way of introducing and consuming stack-agnostic config secrets within or even across projects?
  • b

    better-shampoo-48884

    04/06/2021, 9:19 AM
    I would probably rely on an external secret store which I access "normally" for generic shared secrets.. i.e. vault or keyvault or stuff like that which is accessed programmatically and separately within the pulumi code.. i.e. mySecretVault = (connection to external secret), pulumiConfigNeedingSecret = mySecretVault.getCommonSecret("thing")
    👍 1
  • l

    lemon-monkey-228

    04/06/2021, 12:22 PM
    Say I want to create a re-usable Pulumi (TS) component that generates a Kubernetes
    Deployment
    ,
    Secret
    , and
    Service
  • l

    lemon-monkey-228

    04/06/2021, 12:22 PM
    What’s the best way of allowing alterations to them?
  • l

    lemon-monkey-228

    04/06/2021, 12:23 PM
    If I just generate & return the
    Deployment
    , if I want to make any amendments to the
    spec.template.imagePullSecrets
    , I have do something like
    (((deployment.spec as appsv1.DeploymentSpec).template as corev1.PodTemplateSpec).spec as corev1.PodSpec).imagePullSecrets = []
  • r

    rapid-vr-73761

    04/06/2021, 12:43 PM
    Hey all, I have a client who wants to build in Equinix Metal now but pivot it all quickly to Azure when the local Azure DC is (eventually) built. Are there any specific guidelines/best practices/docs for quickly pivoting between cloud providers using Pulumi and CrossGuard, particularly EM to Azure? I'm lining up Kubes as the best option but any input is appreciated.
    b
    • 2
    • 1
  • j

    jolly-lunch-12979

    04/06/2021, 1:23 PM
    When using
    pulumi state delete
    is there a way to pass in multiple resources to delete from the state? Doing it one at a time is pretty slow.
    b
    h
    • 3
    • 14
  • r

    rich-action-28775

    04/06/2021, 2:11 PM
    Hello everyone! I was wondering, is there any way to initialize and use a Pulumi client from within my code? Meaning that instead of running
    pulumi up
    using the CLI, I'll have something like the following (python): main.py
    from pulumi import client
    from pulumi_aws import s3
    
    # Initialize the Pulumi client
    pulumi_client = PulumiClient()
    
    # Provision a S3 bucket
    web_bucket = s3.Bucket('s3-example-bucket')
    
    pulumi_client.up()
    pulumi_client.destroy()
    Now instead of running
    pulumi up
    followed by a
    pulumi destroy
    , running this piece of code can be done by running:
    python main.py
    This is a very raw example, so please tell me if there's anything else you'd like me to elaborate on. Thanks in advance! :)
    🙌 1
    b
    b
    b
    • 4
    • 5
  • g

    gifted-island-55702

    04/06/2021, 4:33 PM
    Hi! I have a question about Pulumi dynamic providers. I would like to manage some entities in my system (e.g. user accounts) via that system's REST API. I created a sample Pulumi program with dynamic provider implementation: https://gitlab.com/-/snippets/2101279 But I have some issues, for example: • my pulumi preview continuously shows some differences to the outputs (https://gitlab.com/-/snippets/2101279#LC1) - but in the diff there are no properties changed • I cannot see userId and password outputs (specified as outputs of my dynamic resource) to be included in the outputs (https://gitlab.com/-/snippets/2101279#LC20) • I am not sure how I should declare that the User.password output property is a secret - shall I use additionalSecretOutputs in the provider opts to the User super constructor call (at https://gitlab.com/-/snippets/2101279#LC124)?
    • 1
    • 1
  • m

    modern-monkey-67919

    04/06/2021, 7:05 PM
    Hi 👋! I need some help with Pulumi and GitHub actions. So far it's been working fine until recently I've been getting this error:
    Run pulumi/actions@v2
      with:
        command: preview
        stack-name: ***
        work-dir: ./
        comment-on-pr: false
        parallel: 2147483647
        target-dependents: false
        refresh: false
        upsert: false
      env:
        NODE_ENV: production
        PULUMI_ACCESS_TOKEN: ***
        PULUMI_STACK_NAME: ***
        npm_config_yes: true
    pulumi preview on ***
      Error: ENOENT: no such file or directory, open '/tmp/automation-logs-preview-WtufVl/eventlog.txt'
    I looked around in the respective repos for any similar issues reported by the community but I couldn't find it. It looks like the Pulumi bot reports a success after this error.. so that's strange.
    • 1
    • 1
  • f

    flat-chef-39475

    04/06/2021, 10:45 PM
    Hi everyone.
  • f

    flat-chef-39475

    04/06/2021, 10:46 PM
    I was running through the getting started tutorial and decided to change it a bit to add an image into the html:
    "use strict";
    const fs = require("fs");
    const pulumi = require("@pulumi/pulumi");
    const aws = require("@pulumi/aws");
    const awsx = require("@pulumi/awsx");
    const htmlTemplate = `<!DOCTYPE html>
    <html lang="en">
    	<head></head>
    	<body>
    		<h1>Hi from Pulumi!</h1>
    		<img src="{object}"></img>
    	</body>
    </html>`
    
    // Create an AWS resource (S3 Bucket)
    const bucket = new aws.s3.Bucket("my-bucket", {
        website: {
            indexDocument: "index.html"
        }
    });
    const imgObject = new aws.s3.BucketObject("roo.jpg", {
        bucket,
        source: new pulumi.asset.FileAsset("roo.jpg"),
        acl: "public-read",
        contentType: "image/jpeg"
    })
    
    const imgUrl = pulumi.interpolate`http://${bucket.bucketEndpoint}/roo.jpg`
    const html = htmlTemplate.replace("{object}", imgUrl)
    fs.writeFileSync("index.html", html)
    
    const indexObject = new aws.s3.BucketObject("index.html", {
        bucket,
        source: new pulumi.asset.FileAsset("index.html"),
        acl: "public-read",
        contentType: "text/html"
    })
    // Export the name of the bucket
    exports.bucketName = bucket.id;
    exports.bucketEndpoint = pulumi.interpolate`http://${bucket.websiteEndpoint}`;
  • f

    flat-chef-39475

    04/06/2021, 10:46 PM
    This produces the following html:
    <!DOCTYPE html>
    <html lang="en">
    	<head></head>
    	<body>
    		<h1>Hi from Pulumi!</h1>
    		<img src="Calling [toString] on an [Output<T>] is not supported.
    
    To get the value of an Output<T> as an Output<string> consider either:
    1: o.apply(v => `prefix${v}suffix`)
    2: pulumi.interpolate `prefix${v}suffix`
    
    See <https://pulumi.io/help/outputs> for more details.
    This function may throw in a future version of @pulumi/pulumi."></img>
    	</body>
    </html>
  • f

    flat-chef-39475

    04/06/2021, 10:47 PM
    Why is the interpolate for the bucket endpoint not working?
  • f

    flat-chef-39475

    04/06/2021, 11:05 PM
    I changed bucketEndpoint to websiteEndpoint with no change on the output.
  • f

    flat-chef-39475

    04/06/2021, 11:06 PM
    Exporting
    pulumi.interpolate`http://${bucket.websiteEndpoint}/roo.jpg`
    produces the correct result.
  • f

    flat-chef-39475

    04/06/2021, 11:08 PM
    But the html is not correct.
  • f

    flat-chef-39475

    04/06/2021, 11:45 PM
    So I got the image src working by using relative addressing which is a workaround. The interpolate still does not work and I don't really understand why. I suspect it is an async issue with promises.
    l
    r
    • 3
    • 24
  • j

    jolly-vr-53742

    04/07/2021, 3:06 AM
    Let me know if I should redirect this to another channel but I have a quick eks node group question. In typescript, when defining an eks.NodeGroup, I need to define the following but not quite sure where it goes.
    kubeletExtraConfig:
          kubeReserved:
            memory: "64Mi"
          kubeReservedCgroup: "/kube-reserved"
          systemReserved:
            memory: "13Mi"
          evictionHard:
            memory.available:  "25Mi"
          featureGates:
            DynamicKubeletConfig: true
  • j

    jolly-vr-53742

    04/07/2021, 3:12 AM
    I do have this context for the "kubeletExtraArgs"
    No value exists in scope for the shorthand property 'kubeletExtraArgs'. Either declare one or provide an initializer.ts(18004)
  • f

    flat-mechanic-75334

    04/07/2021, 6:13 AM
    Is there a way to prevent accidental deletion of resources created by Pulumi? Also, what happens if the metadata is lost? for example, say I store my Pulumi state at Google Cloud Storage and the storage bucket gets deleted - what happens to the resources created?
    h
    • 2
    • 2
  • b

    bland-lamp-16797

    04/07/2021, 9:52 AM
    If I store password using
    PULUMI_CONFIG_PASSPHRASE_FILE
    , how safe would be so store ciphertext publicly? Didn't look at code/docs, which encryption does it use? This question also applys if i store it with KMS (gcp/aws)?
    b
    • 2
    • 3
  • j

    jolly-lunch-12979

    04/07/2021, 3:24 PM
    Hmm, changing a property on an imported
    Pulumi.AzureNative.Web.WebApp
    is causing
    pulumi preview
    to seemingly hang indefinitely. It prints the resource and shows there's a diff, but then never finishes.
    -v=9
    shows a ton of
    Registering resource monitor end
    at the end of the logs which sounds like it's doing everything it needs to, but just never finishing up the preview. Any ideas on what to do?
  • j

    jolly-lunch-12979

    04/07/2021, 3:44 PM
    Scratch that, entirely my fault. Had some async tasks not completing.
  • b

    bumpy-summer-9075

    04/07/2021, 3:57 PM
    Design question; I have some infrastructure that is going to be quite re-used, for instance I'll have a single VPC for many "stacks". In Terraform I would probably have things like VPC, route53 zones, etc. defined in the root, and "sub-projects" defined as modules with ids as input. In pulumi I'm not sure what the best approach would be. • I could have a stack that creates the common infrastructure and other stacks that refer to its resources using stack reference • I could a single stack with everything combined (and using typescript features to split into logical folders/files) • I could create a component resource that encapsulates "child projects" Any thoughts?
    g
    b
    • 3
    • 13
Powered by Linen
Title
b

bumpy-summer-9075

04/07/2021, 3:57 PM
Design question; I have some infrastructure that is going to be quite re-used, for instance I'll have a single VPC for many "stacks". In Terraform I would probably have things like VPC, route53 zones, etc. defined in the root, and "sub-projects" defined as modules with ids as input. In pulumi I'm not sure what the best approach would be. • I could have a stack that creates the common infrastructure and other stacks that refer to its resources using stack reference • I could a single stack with everything combined (and using typescript features to split into logical folders/files) • I could create a component resource that encapsulates "child projects" Any thoughts?
g

green-musician-49057

04/07/2021, 4:01 PM
I asked a similar question last week and the recommendations were to have multiple Pulumi projects for these different modules
And from there, we're looking at using Pulumi's Automation API to loosely couple the infra projects together
b

billowy-army-68599

04/07/2021, 4:17 PM
In this particular case, I'd do the following: - define the VPC as its own project, output the VPC id as a stack output - encapsulate the rest of your logic into component resources with an input arg of VPC id - you can then either 1) grab the vpc id as a stack output or 2) use
vpc.get()
✨ 1
it gives you a lot of flexibility
my usual advice is to group projects together logically using considerations of "rate of change" or "blast radius" as a consideration. What I mean by that is, if you have a shared VPC for a lot of different stuff, that is likely to change a lot less than the things that live inside it, so it's useful to decouple them into different proijects
b

bumpy-summer-9075

04/07/2021, 5:05 PM
Makes sense, thanks a lot @green-musician-49057 & @billowy-army-68599! The only downside of this is that the subproject is not independant; if I were to start from scratch, but it's a very minor problem compared to the upsides
b

billowy-army-68599

04/07/2021, 5:06 PM
can you elaborate on that a little? not quite followingh
b

bumpy-summer-9075

04/07/2021, 5:31 PM
Let's say I have two stacks:
common
(which has the VPC resource), and another stack
s3-website
which consumes that VPC id. If I were to checkout the stack
s3-website
and try to apply it on a brand new AWS account, it wouldn't work because the VPC would not exist. If they were both in the same stack, this would not happen
b

billowy-army-68599

04/07/2021, 5:33 PM
ahhh got it, yeah I'm following now
yeah that is a trade off, but I think you'll find the pros outweigh the cons 🙂
b

bumpy-summer-9075

04/07/2021, 5:34 PM
For sure! And the fact that it will break if the
common
stack is not deployed is perfect, fail fast!
b

billowy-army-68599

04/07/2021, 5:37 PM
you can even
throw
is the stack output is not resolved 🙂
❤️ 1
b

bumpy-summer-9075

04/07/2021, 5:39 PM
damn that's true! It's cleaner than the way I used to "throw" in TF haha:
locals {
  # Abusing the 'file' function to fail if the specified environment does not match the workspace
  assert_environment_matches_workspace = terraform.workspace != var.environment ? file("ERROR: Environment needs to match the workspace") : null
}
View count: 1