pulumi-community #general

Docs

Join the conversation Join Slack

Channels

general

steep-beach-52652

11/12/2021, 4:01 PM

in other words, how to code this in pulumi using python,

microscopic-finland-82315

11/12/2021, 4:49 PM

Hi, I'm deploying a chart like cert-manager on a kubernetes cluster via pulumi. The cert-manger after start updates a few secrets but then pulumi see this as a change. Is there a way to tell pulumi to ignore these changes? Many thx. Kind regards, Frederik

boundless-room-95091

11/12/2021, 7:31 PM

Hi, right now we have all our clients based on Terraform and we have a lot of custom modules for all AWS resources (and more) created in Terraform by ourselves, so we can reproduce similar architectures so simply using Terraform + Terragrunt. Now we a looking for a way to migrate the logic of some of our modules to pulumi,for this purpose i'm investigating how to create our custom Python Packages for Pulumi so we can have something more generic that can be reused in multiple clients, there is any recommended way to make somethin like this?.

square-coat-62279

11/13/2021, 2:16 PM

hi all, I am using GCP cloud storage as my Pulumi backend, in my pulumi code, I attempt to create a new project and all the resources will be created in this project. On running pulumi up, the GCP project was created but when I attempt to attach billing to the project, it failed with:

error: 7 PERMISSION_DENIED: The caller does not have permission

I have already run gcloud auth login and I am on the caller project, do I miss anything?

sparse-beach-51011

11/14/2021, 12:34 PM

hi all, im making a GKE cluster which uses secrets encryption and im trying to figure out at the moment how to assign the IAM policy on service account the least-privilege the the SA can access the kms key-ring which was created.. I would imagine this is a very common operation whenever making a GKE cluster, but unfortunately couldnt find it in any guides or docs on Pulumi. I know all references are there which are great, but would be nice to see the "recipes" for this common combo

steep-beach-52652

11/14/2021, 2:16 PM

Hello, Cant replaced aws cloudmap namespace by pulumi due to services and instances in namespace, how to fix this problem in case i need to just update/replace the namespace only?

echoing-activity-32278

11/14/2021, 3:25 PM

Hi. Not familiar with the JS land. But I see only typescript listed in the page: https://www.pulumi.com/registry/packages/azure-native/api-docs/advisor/suppression/ . Does that mean use Pulumi with plain JS is lesser supported?

white-train-9300

11/15/2021, 4:08 AM

Hello! Did someone already had issues updating Kubernetes certificates and refreshing pulumi stack? I’m currently getting the following error

kubernetes:core/v1:PersistentVolume storage-3 refreshing warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

millions-lunch-7967

11/15/2021, 4:06 PM

@here - looking for some examples. I have prod and stage environment and each of these environment will have its own service accounts and here is how I have defined my structure similar to what we currently have in terraform.

millions-lunch-7967

11/15/2021, 4:07 PM

── project
    ├── __main__.py
    ├── Pulumi.yaml
    └── environments
        └──PROD
            ├── Pulumi.prod.yaml
            
        └──STG
            ├── Pulumi.stg.yaml

millions-lunch-7967

11/15/2021, 4:07 PM

is this possible to do with Pulumi. if yes, can someone please give me some example.

millions-lunch-7967

11/15/2021, 4:07 PM

thanks

millions-lunch-7967

11/15/2021, 5:42 PM

@here - have question on gcp.projects.IAMBinding , how do I assign multiple roles to a member. I am using the python version.

polite-keyboard-13683

11/15/2021, 6:46 PM

Hello! Pulumi customer here---I’m trying to do a pulumi preview, and things are just hanging on

pulumi:pulumi:Stack

. Nothing ever goes anywhere or progresses

flaky-area-92692

11/15/2021, 7:54 PM

are we the only one not being able to reach app.pulumi.com ?

faint-tiger-16075

11/15/2021, 8:54 PM

Hello All, I'm previewing Pulumi and I'm really enjoying it so far....running into an issue with secrets however.... I create a secret using

pulumi config set --secret [name] [value]

, but when I attempt to do

cfg.requireSecret('[name]')

I'm getting an error during

pulumi up

(see screenshot). If I hard code my variable (rather than using config) it works....I've tried the suggestions in the error, I've set the config variable to

plaintext

and used

cfg.require('[name]')

and still doesn't work....I've studied the secrets documentation....am I missing something?

gorgeous-minister-41131

11/16/2021, 1:20 AM

is there a way for a kubernetes resource to depend on another (example: a Deployment depending on a successful rollout and run of a batch.v1.Job() for example), before it goes off to even try and update the Deployment?

gorgeous-minister-41131

11/16/2021, 1:20 AM

it seems like depends_on is what I need, but I’m not sure if the behavior of that means pulumi will wait and require that resource to be healthy or not

millions-lunch-7967

11/16/2021, 4:01 AM

@here - I have enabled bigquery.googleapis.com

Enable Google Biquery api
project = gcp.projects.Service("project",
  project=bureau_data_project.id,
  service="<http://bigquery.googleapis.com|bigquery.googleapis.com>")

millions-lunch-7967

11/16/2021, 4:02 AM

getting the below error

millions-lunch-7967

11/16/2021, 4:07 AM

error: deleting urn:pulumi:stage::ek-data-source::gcp:projects/service:Service::project: 1 error occurred:
	* Error when reading or editing Project Service ek-data-source-stage/bigquery.googleapis.com: Error disabling service "<http://bigquery.googleapis.com|bigquery.googleapis.com>" for project "ek-data-source-stage": googleapi: Error 400: The service <http://bigquery.googleapis.com|bigquery.googleapis.com> is depended on by the following active service(s): <http://bigquerystorage.googleapis.com|bigquerystorage.googleapis.com>; Please specify disable_dependent_services=true if you want to proceed with disabling all services.
Help Token: Ae-hA1P5o6go9HANTZgPEqnXwbDS4C9MI-KVWMAlNhh9dGSJp2l95ver_wdySZRAaAGxDnKXomqspnmQDKXcEojtPgi9MMduRwg5b6zGEy23CkXa
Details:
[
  {
    "@type": "<http://type.googleapis.com/google.rpc.PreconditionFailure|type.googleapis.com/google.rpc.PreconditionFailure>",
    "violations": [
      {
        "subject": "?error_code=100001\u0026service_name=<http://bigquery.googleapis.com|bigquery.googleapis.com>\u0026services=<http://bigquerystorage.googleapis.com|bigquerystorage.googleapis.com>",
        "type": "<http://googleapis.com|googleapis.com>"
      }
    ]
  },
  {
    "@type": "<http://type.googleapis.com/google.rpc.ErrorInfo|type.googleapis.com/google.rpc.ErrorInfo>",
    "domain": "<http://serviceusage.googleapis.com|serviceusage.googleapis.com>",
    "metadata": {
      "service_name": "<http://bigquery.googleapis.com|bigquery.googleapis.com>",
      "services": "<http://bigquerystorage.googleapis.com|bigquerystorage.googleapis.com>"
    },
    "reason": "COMMON_SU_SERVICE_HAS_DEPENDENT_SERVICES"
  }
]
, failedPrecondition

square-coat-62279

11/16/2021, 6:20 AM

hi all, I have a use case here involving a call-back or webhook or whatever it maybe, basically, I am running Pulumi from one GCP project that will spin up a new GCP project along with the cloud resources like VPC, GKE etc. In this deployment, I'd need to grant access compute.imageUser to the child GCP project service account so that the GKE cluster can download docker images from the Container registry in the GCP project where Pulumi is running. Is there any way that I can achieve this as part of the process in deploying the child GCP project along with the other resources? I'd imagine if there's some kind of remote_exec in Terraform that I can use to run some gcloud command to grant the permission, otherwise any idea would be helpful, thanks!

fancy-eve-82724

11/16/2021, 7:38 AM

I'm self-hosting Pulumi with an S3 bucket as storage. The state of my current stack is only about 2.1MB, but the cumulative backups and history are growing to over 400MB. Is there any way via the pulumi CLI line to purge this history? Or will I have to write some scripts to purge this manually?

steep-beach-52652

11/16/2021, 1:09 PM

Hello, the repo link is borken here , need to see the dockerfile in github https://hub.docker.com/r/pulumi/pulumi

steep-beach-52652

11/16/2021, 1:10 PM

<https://github.com/pulumi/pulumi/blob/master/docker/pulumi/Dockerfile>

gorgeous-minister-41131

11/16/2021, 7:06 PM

Is there a good way to handle state / issues when pulumi is forcefully exited in the middle of a run? Having an operator have to manually export, examine and reimport the state seems goofy especially in a CI pipeline for Kubernetes resources. Is there a way to just tell pulumi when --refresh is passed to ignore an inconsistent state and take what it sees out in the cluster/provider as face value?

bitter-island-28909

11/16/2021, 7:47 PM

The pricing docs are not clear in one area. Are Provider resources included in credit utilization?

swift-intern-18856

11/16/2021, 8:54 PM

ugh yikes, just ran into total failure trying to perform an update that required replacing an EKS cluster

error: post-step event returned an error: failed to save snapshot: .pulumi/stacks/base.non-prod.json: snapshot integrity failure; it was already written, but is invalid (backup available at .pulumi/stacks/base.non-prod.json.bak): resource urn:pulumi:base.non-prod::yd-base::yd:eks:Cluster$eks:index:Cluster$kubernetes:core/v1:ConfigMap::yd-eks-nodeAccess refers to unknown provider urn:pulumi:base.non-prod::yd-base::yd:eks:Cluster$eks:index:Cluster$pulumi:providers:kubernetes::yd-eks-eks-k8s::b48893e2-fd53-4bed-9753-c28de972084c

i think i understand the error (the provider was deleted when the cluster was replaced), but unsure how to resolve restoring the backup, any tips?

gifted-salesmen-8201

11/16/2021, 9:12 PM

Hi folks, how do you structure a large pulumi project in go, for example creating s3 buckets, policies and users..? Do you place all our code in a main.go file, or structure it in a pkg directory? Thanks in advance for your advice

limited-electrician-71574

11/16/2021, 9:45 PM

Hi all, are there plans to expand on deploying Databricks resources in the future?