I was able to fix this by forcing

@pulumi/pulumi

to use the version of

ts-node

I wanted it to,

8.10.2

. I opened a ticket to move

ts-node

to a peer-dependency in the node sdk so that it's easier to "bring my own" version of

ts-node

that I need without needing to much around with yarn resolutions: https://github.com/pulumi/pulumi/issues/8177

@rapid-raincoat-36492 we have similar issues very often - compiling typescript works, ts-node throws weird errors. We tweaked our tsconfig to match ts-node requirements closer, but we still get them. We are now investigating disabling ts-node entirely and running

@pulumi/pulumi

on compiled code. Oddly, a service fails without an error, though it deploys with TS enable and with the CLI … Btw, we’re using ts-node 10.* - had fewer issues than with 8.*

coding up automation API right now.. function just failed.. living on the edge!!

2021-10-08T20:39:52.862Z	7244c1c2-b69c-4f06-8e15-6abfac3ad1a8	INFO	    pulumi:providers:aws default_4_24_0  error: no resource plugin 'aws-v4.24.0' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource aws v4.24.0`

Is there a concept of "modules" in pulumi known from terraform or is that handled by usual programming language with functions and classes ?

pulumi seems frozen in the preview

pulumi up
Enter your passphrase to unlock config/secrets
    (set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember): 
Previewing update (dev):
     Type                 Name            Plan     Info
     pulumi:pulumi:Stack  quickstart-dev           (node:332400) ExperimentalWarning: The http2 module is an experimental API.

     Type                 Name            Plan     Info
     pulumi:pulumi:Stack  quickstart-dev           (node:332400) ExperimentalWarning: The http2 module is an experimental API.

been at that place for at least 5 minutes for what should be a simple program

Anyone have tried to use renovate bot on pulumi setups? Docker image versions, helm chart versions, etc? https://docs.renovatebot.com/configuration-options/#autoreplacestringtemplate

Well that's not fair. The example freezes also.

Hi guys, I am trying to use Pulumi to setup - Ingress for my GKE service - with HTTPS loadbalancer - with Google managed SSL certificate. For some reason, the Ingress creation is stuck forever at "Creating Ingress" Are there any working examples that I can refer to? if you need more info, feel free to ask and I would be happy to provide. Below is a code snippet of I have tried so far (arrived at this state after a zillion trials). What am I missing? #kubernetes #gcp

const authDeploymentService = new k8s.core.v1.Service(authDeploymentName,
            {
                metadata: {
                    name: "auth-svc",
                    labels: authDeploymentAppLabels,
                    namespace: namespaceName,
                },
                spec: {
                    type: "LoadBalancer",
                    ports: [{ port: 80, targetPort: 8080 }],
                    selector: authDeploymentAppLabels,
                },
            },
            {
                provider: clusterProvider,
                dependsOn: [authDeployment]
            }
        );


        const authServiceManagedCert = new gcp.compute.ManagedSslCertificate("auth-cert-001", {
            name: "auth-cert-001",
            project: myGcpProject.projectId,
            description: "Managed SSL Certificate For auth service",
            managed: {
                domains: [
                    "<http://mydomain.com|mydomain.com>"
                ]
            }
        });

        const managedCertConfigMap = new k8s.core.v1.ConfigMap("managed-certificate-config", {
            data: {
                "1": pulumi.interpolate`{"Key":{"Namespace":"${namespaceName}","Name":"${authServiceManagedCert.name}"},"Value":{"ExcludedFromSLO":false,"SoftDeleted":false,"SslCertificateName":"${authServiceManagedCert.id}","SslCertificateBindingReported":true,"SslCertificateCreationReported":true}}}`
            },
            metadata: {
                name: "managed-certificate-config",
                namespace: "kube-system",
            }
        })

        const ingress = new k8s.networking.v1beta1.Ingress(authDeploymentName + "-ingress", {
            metadata: {
                namespace: namespaceName,
                annotations: {
                    "<http://ingress.gcp.kubernetes.io/pre-shared-cert|ingress.gcp.kubernetes.io/pre-shared-cert>": authServiceManagedCert.name,
                    "<http://networking.gke.io/managed-certificates|networking.gke.io/managed-certificates>": authServiceManagedCert.name
                }
            },
            spec: {
                ingressClassName: "gce",
                backend: {
                    serviceName: authDeploymentService.metadata.name,
                    servicePort: 80
                },
                tls: [
                    {
                        hosts: ["<http://mydomain.com|mydomain.com>"],
                    }
                ],
                rules: [
                    {
                        host: "<http://mydomain.com|mydomain.com>",
                        http: {
                            paths: [
                                {
                                    path: "/",
                                    backend: {
                                        serviceName: authDeploymentService.metadata.name,
                                        servicePort: authDeploymentService.spec.ports[0].port,
                                    },
                                }
                            ],
                        },
                    },
                ]
            }
        },
            {
                provider: clusterProvider,
                dependsOn: [managedCertConfigMap]
            });

My first troubleshooting step regarding your ingress problem would be to query the k8s api or cli to see if / what / any ingress configurations have been

deployed

Hi! I have a quick question regarding the AppSync provider. I see in Github issues that some of the AppSync providers have been providing an invalid name about a year ago, but i am currently getting

400:Invalid Name

responses when i try to create

aws.appsync.Resolver

resources. Is anyone here using resolvers successfully?

hi! i'm using the Pulumi REST API to get the state of my stack in another application. Now i need to be able to decrypt secrets too. I am using the default secret provider but i can't seem to find any docs on how to actually reverse the cipher or what cipher is used. Where can i find info on this?

Hi All, I have a question. How would you go about creating users and roles on Azure SQL Databases via Pulumi? I have created my server and database, but at the moment I'm creating users via DevOps release pipeline and Dack Pac but I'm having troubles keeping my password as a secret this way, hence I would like to do it via Pulumi instead. Hope you can help 🙂 FYI: I'm doing an Azure Typescript project

Hi guys , Is there a way to get all the inputs /arguments that can be provided to a resource? We are using typescript pulumi/aws sdk.

In my Pulumi console, under each project I see many stacks that have 0 resources in them (which existed for some branch deploy, but those branches no longer exist). Is there a way I can hide stacks without resources, or otherwise really destroy a stack?

Hey there. I am trying to setup App Mesh and ECS EC2 with Pulumi and I am having the following problem. The pulumi up command executes successfully based on my template. The task definition has 2 containers - one is the envoy container and one is my app container. The envoy container has the environment specified like so environment: [ { name: 'APPMESH_RESOURCE_ARN', value: srv_ext_providers_node.arn }, { name: 'ENVOY_LOG_LEVEL', value: 'DEBUG' } ]," where the APPMESH_RESOURCE_ARN uses the ARN of the virtual node previously created. However, the container continually fails to start with the following error: Anyone have any ideas what this means or how I can fix the environment variable output? It must be the env var which is the probably and reading the ARN from the other virtual node resource.. Also note that the whole container definition is inside a JSON.stringify block as per the example on the task definition page https://www.pulumi.com/docs/reference/pkg/aws/ecs/taskdefinition/#basic-example

Hi All, how can I get ECR repo details using registryID. Another question is there a way to refer the ECR which belongs to other AWS account. In the same pulumi code/stack I want to create resources on AWS Account A and want to push the image on ECR which belongs to another AWS Account B.

export const repository= aws.ecr.Repository.get("ecr-repo", ??? )

Hello Pulumi Comunity. I've a curious aws.ec2.DefaultAcl issue whereby a Route 53 UDP rule doesn't get added while a TCP rule does get added. Here's an example of a route53_egress_nacl not added:

[ { protocol: "udp", ruleNo: 171, action: "allow", cidrBlock: "0.0.0.0/0", fromPort: 53, toPort: 53 }]

. I have an NTP rule exactly like this one that gets added for UDP port 123 - why would that one be OK but no-go for 53? I noticed that the AWS console recognizes port 53 as "DNS (UDP) (53)", so is there another magic protocol I need to specify in the rules for DNS?

Hey team. I'm trying to get the arn of a resource I created, but my template is consistently giving errors - I'm using "service.arn[0].resourceRecordValue" but it is complaining. This seems a straightforward thing.. I also tried "service.arn" but that also did not work 😞

To shed more light on above, I am using JSON.stringify to wrap my container definition in an ECS task container definition. I need to inject the ARN of a resource into an environment variable however this is where the problem arises as JSON.stringify doesn't seem to allow the interpolation of the arn... I'm assuming this is to do with how / when pulumi does this.. Anyone used ECS with container definition and injected env vars?

i think you need apply(). containerDefinitions: service.arn.apply((arn) => JSON.stringify({…. value: arn … })

it acts a bit like promise.then(…) in the way to work with it

I can access my gcp bucket through the gcp cli, but pulumi stack cannot

My account has admin rights over that bucket

Is it safe to have parallel executions of

pulumi up

in different stacks? Managed to find some open issues about enabling parallelism in automation API, wanted to make sure whether it is safe in case of CLI.

Is there anything built into the .NET implementation that allows you to run a list of resources in, using a dependency so that they're all run in series rather than parallel. kinda like a

DependsOn = { previousItem }

but a nice way to do it. It's also a ComponentResource that I want to run in series if that matters. This is likely one of those "I've been looking at this for like 4 hours, and the solution is obvious" kinda situations

currently I'm resorting to

FunctionApp lastApp = null!;

            foreach (var app in apps)
            {
                ComponentResourceOptions options = lastApp == null ? null! : new ComponentResourceOptions {
                    DependsOn = {
                        lastApp
                    }
                };

                var cosmosDbRoles = new CosmosDbRoles($"{StackConstants.ApplicationName.ToLower()}-{app.Key}-cosmosdbroles",
                    new CosmosDbRoleArgs()
                    {
                        ResourceGroupName = globalResourceGroup.Name,
                        FunctionIdentity = app.Value.AppIdentity,
                        CosmosDatabaseAccountName = cosmos.CosmosDatabaseAccountName,
                        CosmosDatabaseAccountId = cosmos.CosmosDatabaseAccountId
                    }, options);
                 lastApp = app.Value;
            }