Security reviewing Pulumi SaaS, and one question came up re: DRP (disaster recovery planning) strategy if/when Pulumi SaaS goes down. I was thinking of saving the intermediary yaml files somewhere, so we can still deploy our stuff when the Pulumi SaaS becomes unavailable (down for maintenance or looses network connectivity) Using a GCP or Azure bucket for state management can help too, but doesn't cover the network connectivity scenario Anyone here has put a DRP strategy in place?

Hello! would anyone be able to point me to the definitions of these operations shown in the Pulumi console. Specifically interested in what

delete-replaced

means?

Hi Team, I am using the following example on the page to provision a new eks cluster . I use the same code to create 3 different cluster on the same stack . I would like know how I can delete one of the cluster using pulumi cli . https://www.pulumi.com/docs/guides/crosswalk/aws/eks/

package main

import (
	"<http://github.com/pulumi/pulumi-eks/sdk/go/eks|github.com/pulumi/pulumi-eks/sdk/go/eks>"
	"<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create an EKS cluster with the default configuration.
		cluster, err := eks.NewCluster(ctx, "my-cluster1", nil)
		if err != nil {
			return err
		}

		// Export the cluster's kubeconfig.
		ctx.Export("kubeconfig", cluster.Kubeconfig)
		return nil
	})
}

In case for easier debugging and helping with infrastructure problems with pulumi. Have a look at https://www.gitpod.io/

Hello...i have question if i may. I am trying to configure my managed AKS cluster and set the autoupgrade profile as per https://www.pulumi.com/docs/reference/pkg/azure-native/containerservice/managedcluster/#managedclusterautoupgradeprofile But i also need to setup the planned maintenance window as per this Microsoft document - https://docs.microsoft.com/en-us/azure/aks/planned-maintenance I know how to do this using ARM/Azure CLI but not Pulumi & C# - Can anyone help me?

Hi everyone 🙂 I have a question regarding the ECR. Assuming that I have a repository that sets up the infrastructure (including the aws ECR), how can I now create and push images to it from a different repo. I was looking at the

awsx.ecr.Repository

which has a function

buildAndPushImage

but it does not allow a lot of configuration for the image. What is the standard for creating images and pushing them to an ECR. Appreciate if someone can point me in the right direction 🙂

Hi, I would like to create a Resource that contains 1. a k8s service, 2. deployment 3. istio virtual service. This is a fixed combination. And I need to create multiple instances of this resource like that. how do I combine they all together as a single resource, I assume I should write a Dynamic Provider right? Or there could be a easier way to achieve that? can anyone provide some guidance and direction?

Is there yet a way to define project-wide configuration, e.g. in the Pulumi.yaml or is that still an open req?

Hi, is there any workflow integration available with pulumi. need to know more.

I'm using Pulumi with GitHub actions. To authenticate with Azure I'm using a service principal. Locally it works great (I'm using my own user to login to the CLI locally), however when it executes in the GitHub Action it throws a Terraform Error related to the

skip_provider_registration

flag. Any ideas why this behaviour occurs and what is a workaround in Pulumi? Note: This only occurs when I am using a method for Getting an existing registry by name and resource group. If I am creating resources, I am experiencing no issues.

Error: invocation of azure:containerservice/getRegistry:getRegistry returned an error: 1 error occurred:
      	* Error ensuring Resource Providers are registered.
      
      Terraform automatically attempts to register the Resource Providers it supports to
      ensure it's able to provision resources.
      
      If you don't have permission to register Resource Providers you may wish to use the
      "skip_provider_registration" flag in the Provider block to disable this functionality.
      
      Please note that if you opt out of Resource Provider Registration and Terraform tries
      to provision a resource from a Resource Provider which is unregistered, then the errors
      may appear misleading - for example:
      
      > API version 2019-XX-XX was not found for Microsoft.Foo

Hi i am trying to delete eks cluster using urn using following command. however i am getting following error,

pulumi destroy -t urn:pulumi:stk::project1::aws:eks/cluster:Cluster::eks-cluster

I am using same token to create eks cluster, Is there anything i am missing ?

$ pulumi destroy -t urn:pulumi:stk::project1::aws:eks/cluster:Cluster::eks-cluster
Previewing destroy (stk):
     Type                 Name          Plan       
     pulumi:pulumi:Stack  project1-stk             
 -   └─ aws:eks:Cluster   eks-cluster   delete     
 
Resources:
    - 1 to delete

Do you want to perform this destroy? details
- aws:eks/cluster:Cluster: (delete)
    [id=eks-cluster-55e5e55]
    [urn=urn:pulumi:stk::project1::aws:eks/cluster:Cluster::eks-cluster]

Do you want to perform this destroy? yes
Destroying (stk):
     Type                 Name          Status                  Info
     pulumi:pulumi:Stack  project1-stk  **failed**              1 error
 -   └─ aws:eks:Cluster   eks-cluster   **deleting failed**     1 error
 
Diagnostics:
  pulumi:pulumi:Stack (project1-stk):
    error: update failed
 
  aws:eks:Cluster (eks-cluster):
    error: 1 error occurred:
        * error configuring Terraform AWS Provider: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 2 errors occurred:
        * error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
        status code: 403, request id: 40236ffc-d24a-4be8-9069-85ab000ea1c5
        * failed getting account information via iam:ListRoles: InvalidClientTokenId: The security token included in the request is invalid.
        status code: 403, request id: 690d530c-88d9-4999-81f8-962d87739874
 
Resources:

Duration: 5s

Hi, during the pulumi destroy of a stack with an AWS S3 Bucket which has 15K objects takes around 45 minutes to delete the objects before deleting the bucket. Using AWS CLI the deletion takes 2 minutes. Is there any argument which could speed the stack destroy in this case or this is a know issue? Language: go.

Hi, is there an example of attaching a function to an event hub with the new Azure SDK? The classic SDK provides an

onEvent

: https://github.com/pulumi/pulumi-azure/blob/master/examples/eventhub/index.ts - is there an updated example?

Has anyone written a custom provider for cloudfront invalidation commands? What I'd like to do is pass in a hash value for a set of files that I've deployed to an s3 bucket and have an InvalidationCommand be updated any time the hash changes by creating a new CloudFront invalidation recrd.

Is there a way to find out if the 

--skip-preview

 flag was passed in your pulumi application?

Is there an any example to run SSH commands in Dynamic provider's CRUD operation? I'm trying to manage CLI based application through pulumi. For example dynamic provider's create: function will run create command on the server etc.. I looked through ec2-provisioners example, I can't comprehend it well. Here is my

create

function implementation. SSH connection part just doesn't run. Any guidance will be much appreciated.

import * as pulumi from '@pulumi/pulumi';
import { Client } from 'ssh2';

interface MyProviderInputs {
  readonly username: string;
}

export class MyProvider implements pulumi.dynamic.ResourceProvider {
  async create(
    inputs: MyProviderInputs
  ): Promise<pulumi.dynamic.CreateResult> {
    const conn = new Client();

    conn
      .on('ready', () => {
        console.log('Client :: ready');
        conn.exec('./create-user.py', (err, stream) => {
          if (err) throw err;
          stream
            .on('close', (code: any, signal: any) => {
              console.log(
                'Stream :: close :: code: ' + code + ', signal: ' + signal
              );
              conn.end();
            })
            .on('data', (data: any) => {
              console.log('User created ...')
            })
            .stderr.on('data', (data) => {
              console.log('STDERR: ' + data);
            });
        });
      })
      .on('error', (err) => {
        throw err;
      });

    conn.connect({
      host: '10.10.2.2',
      username: 'ubuntu',
      password: '123'
    });

    return {
      id: '1',
      outs: inputs,
    };
  }
}

I want to keep my RDS instance when I destroyed my pulumi changes. I imported my RDS (no problem with that). But whenever I finished my tutorial/experiment, I'd like to destroy everything except for the RDS. Right now, I'm using

pulumi state delete urn:pulumi:production::blog::aws:rds/instance:Instance::blog

After that, I'll uncomment the code rds code and run

pulumi destroy

Is that the way to do this or there's a better way to achieve this?

Hey guys! I have a problem with provisioning ACR, with azure.native package from pulumi. with the classic package there were two output properties for the username and password of the container registry, in the new version it seems that it is moved to

GetRegistryCredentials

https://www.pulumi.com/docs/reference/pkg/azure-native/containerregistry/getregistrycredentials/, but the problem is that it provides only strings and not outputs, and when I try to make them as an output of the stack I get an error indicating the value was not an output, any workarounds? ``````

basically what is the equivalent of this code from

Azure

classic library of pulumi(https://www.pulumi.com/docs/reference/pkg/azure/containerservice/registry/)

var registry = new Azure.ContainerService.Registry(registryName,
                new Azure.ContainerService.RegistryArgs
            {
                AdminEnabled = true,
                Name = registryName,
                ResourceGroupName = resourceGroup.Name,
                Sku = "Standard",
                Tags = 
                {
                    {"scope", "sample scope"}
                },
            });

Url = registry.LoginServer.Apply(loginServer=> $"https://{loginServer}");
Password = registry.AdminPassword;
Username = registry.AdminUsername;

with the new api,

AzureNative

(https://www.pulumi.com/docs/reference/pkg/azure-native/containerregistry/registry/)

Hey team, is it possible to get somehow audit logs being on pro plan? (6 seats) One member leaked token, we need to do some reporting based on this

is there a hook that one can use to be invoked just before an actual update operation (not the preview phase) begins and just after it has (successfully) finished? (Background: I'd like to send out notifications at these points in time)

Hi all, We’re using custom providers for a couple of things and for some reason on developer machines pulumi finds the plugin when we build and preview on dev machines but doesn’t on our CD machines. I know the plugin binary is there on the CD machine, named the same and is executable in the path because I can run it on the CD machine:

Executing command: pulumi-resource-elasticcloud                                                                                          
error: fatal: could not connect to host RPC; missing argument

However, when pulumi preview is ran on the CD machine it throws the following error, which appears to be looking for the plugin using a binary name that includes the version:

error: could not load plugin for elasticcloud provider 'urn:pulumi:xxx::xxx::pulumi:providers:elasticcloud::elastic': no re
source plugin 'elasticcloud-v0.0.3' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource ela
sticcloud v0.0.3`

Does anyone have any idea about what might be going on here?

I’m trying to do in Pulumi what I have working with Kubernetes API calls. I’m having difficulty identifying parallel methods in Pulumi. Creating the CSR seems straightforward (

create_certificate_signing_request

in the K8s API,

CertificateSigningRequest

in Pulumi). The next step using the K8s API is

V1beta1CertificateSigningRequestCondition

followed by

replace_certificate_signing_request_approval

. I don’t see directly-equivalent methods in Pulumi. I see

CertificateSigningRequestStatusArgs

and

CertificateSigningRequestConditionArgs

but nothing to actually sign the request. I haven’t yet found any example code on this process in Pulumi. Any pointers?

Greetings, anybody having trouble deploying GCP cloud functions today ? The service seems to be up https://status.cloud.google.com/ but getting very unhelpful error message “_Error while updating cloudfunction configuration: %!s(<nil>)_”

having a lot of trouble importing existing lambda resources into pulumi, including errors for missing fields that are clearly defined on the existing resource in aws. this seems super buggy. does anyone have suggestions for working around this?

Has anyone here successfully deployed lambda functions that use prisma.io orm? I can generate my schema just fine, but whenever I try importing the client into one of my lambda functions I get the following error when trying to run

pulumi preview

or

pulumi up

error: Running program '/platform-cloud-services' failed with an unhandled exception:
    Error: Remote object was not 'function': {"type":"object","className":"Function","description":"Function","objectId":"-2560291290870578958.2.6040"}
        at /platform-cloud-services/node_modules/@pulumi/pulumi/runtime/closure/v8_v11andHigher.js:149:23
        at Generator.next (<anonymous>)
        at fulfilled (/platform-cloud-services/node_modules/@pulumi/pulumi/runtime/closure/v8_v11andHigher.js:18:58)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)

Hi, Everybody. I'm starting with Pulumi after launch an Azure environment with TerraformCDK, to compare products. In my Pulumi.dev.yaml I have a "tag" variable declared like this:

azure-test:tags: {
    "ambiente": "dev",
    "centro-de-custo": "10mzbr7h47",
    "centro-custo": "10mzbr7h47",
    "funcao": "AKS",
    "owner": "<mailto:marcelo.prioste@claro.com.br|marcelo.prioste@claro.com.br>",
    "produto": "nbatecnico",
    "projeto": "nbatecnico",
    "diretoria": "ti"
  }

Writing in Python, I'm doing something like this:

tags=config.get("tags"),

Trying to import infrastructure that we already deployed prior to adopting pulumi and I am having trouble importing a few ec2's. Here is the command I am running that should generate the ts file to do the final import:

pulumi import aws:ec2/instance:Instance github-runner-1 <instance-id>

I am met with the error:

Previewing import (dev)

View Live: <https://app.pulumi.com/lwooden/github-runners/dev/previews/d953777e-c02b-4d34-8718-8382479da9e1>

     Type                 Name                Plan       Info
 +   pulumi:pulumi:Stack  github-runners-dev  create     1 error
 =   └─ aws:ec2:Instance  github-runner-1     import     4 errors
 
Diagnostics:
  pulumi:pulumi:Stack (github-runners-dev):
    error: preview failed
 
  aws:ec2:Instance (github-runner-1):
    error: aws:ec2/instance:Instance resource 'github-runner-1' has a problem: AtLeastOne: "launch_template": one of `ami,instance_type,launch_template` must be specified. Examine values at 'Instance.LaunchTemplate'.
    error: aws:ec2/instance:Instance resource 'github-runner-1' has a problem: AtLeastOne: "ami": one of `ami,launch_template` must be specified. Examine values at 'Instance.Ami'.
    error: aws:ec2/instance:Instance resource 'github-runner-1' has a problem: AtLeastOne: "instance_type": one of `instance_type,launch_template` must be specified. Examine values at 'Instance.InstanceType'.
    error: Preview failed: one or more inputs failed to validate