Hello guys, Just started using pulumi for k8s projects, and I am having a hard time creating a custom resources with yaml piped data, for instance: This is my pulumi resource

const albController = new k8s.apiextensions.CustomResource('alb-controller', {
  apiVersion: '<http://argoproj.io/v1alpha1|argoproj.io/v1alpha1>',
  kind: 'Application',
  metadata: {
    name: 'alb-controller',
    namespace: 'argocd',
    finalizers: ['<http://resources-finalizer.argocd.argoproj.io|resources-finalizer.argocd.argoproj.io>'],
  },
  spec: {
    project: 'default',
    source: {
      repoURL: '<https://bitbucket.org/mycharts/infra.git>',
      targetRevision: 'main',
      path: 'k8s/charts/alb-controller',
      helm: {
        image: {
          repository: '<http://123456789.dkr.ecr.eu-west-1.amazonaws.com/backend|123456789.dkr.ecr.eu-west-1.amazonaws.com/backend>',
          pullPolicy: 'IfNotPresent',
          tag: 'latest',
        },
      },
    },
  },
}, { dependsOn: [argocd] })

And this is what I want to achieve:

apiVersion: <http://argoproj.io/v1alpha1|argoproj.io/v1alpha1>
kind: Application
metadata:
  name: alb-controller
  namespace: argocd
  finalizers:
    - <http://resources-finalizer.argocd.argoproj.io|resources-finalizer.argocd.argoproj.io>
spec:
  project: default
  # Source of the application manifests
  source:
    repoURL: <https://bitbucket.org/mycharts/infra.git>
    targetRevision: main
    path: k8s/charts/alb-controller
    # helm specific config
    helm:
      values: |
        image: 
          repository: <http://123456789.dkr.ecr.eu-west-1.amazonaws.com/backend|123456789.dkr.ecr.eu-west-1.amazonaws.com/backend>
          pullPolicy: IfNotPresent
          tag: latest

Does Pulumi use log4j anywhere when pushing logs to Pulumi Cloud?

Hello I am trying to build my python project and after it downloaded the newest plugins I am getting this:

Type                     Name                   Plan     Info
     pulumi:pulumi:Stack      location-api-wapi-dev           2 messages
     └─ pulumi:providers:aws  default                         1 error

Diagnostics:
  pulumi:pulumi:Stack (location-api-wapi-dev):
    assertion failed [inst.has_value()]: failed to decode instruction: 0x0
    (StateRecovery.cpp:355 determine_state_recovery_action_forward_branches)

  pulumi:providers:aws (default):
    error: could not read plugin [/Users/kylefontaine/.pulumi/plugins/resource-aws-v4.32.0/pulumi-resource-aws] stdout: EOF

I have already removed all the plugins and attempted to reinstall them. I also have reinstalled pulumi using brew. Has anyone else run into this?

does pulumi refresh requires gcloud CLI? I am asking this because of the following error:

2021-12-14T14:04:24.691778750Z ~ kubernetes:core/v1:ServiceAccount hello-world-service-account refreshing warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://x.x.x.x/openapi/v2?timeout=32s>": error executing access token command "gcloud config config-helper --format=json": err=exec: "gcloud": executable file not found in $PATH output= stderr=

I am running pulumi inside the GCP Cloud Build Worker and the container is npm

is

pulumi preview -r && pulumi up -y --diff

same as

pulumi up -y --diff -r

? What's the implication if we run pulumi up without --refresh?

Hello All, I'm new to Pulumi and I'm getting an issue while creating new K8s deployment but I get this issue

error: the current deployment has 1 resource(s) with pending operations:

* urn:pulumi:temp-production::test::kubernetes:apps/v1:Deployment::flagship, interrupted while updating

tried the recommend solution appeared in this error message by applying Pulumi stack export then import after removing pending operation but I get another issue

error: could not import deployment: [503] Service Unavailable

, Can anyone help me, please🙏?

Hello, I am getting a

error: autorest/azure: Service returned an error. Status=400 Code="RoleAssignmentUpdateNotPermitted" Message="Tenant ID, application ID, principal ID, and scope are not allowed to be updated."

when trying to create a

azure_native.authorization.RoleAssignment

, I did a full

destroy

and

up

again but got the same results. Also, when I checked the role assignment isn't there, any ideas?

Hi. I just wanted to share my latest blog article about using Pulumi without Pulumi Service: https://www.techwatching.dev/posts/pulumi-azure-backend You will find there an azure cli script to provision the azure storage blob container to store the state and the azure key vault key to encrypt/decrypt the secrets.

While trying to do pulumi refresh, I encountered "Preview failed: error when reading or editing FirebaseProject, Error 403: your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by firebase.goolgeapis.com" How can run pulumi refresh in this case?

Anyone have any thoughts/opinions on kitchen-pulumi?

hey team. I've got a problem when I update a task definition for an ECS service in AWS, Pulumi up indicates changes, which I make however when I run pulumi up again (with no code changes) it again indicates an update to perform. Does anyone know how to diagnose this? Ive compared the AWS json task definitions of before and after and they are exactly the same. 😞

I also ran pulumi refresh, which didn't indicate any differences

Hi All, I use a naming convention of services and servers where it has DEV TSTS PRD etc in the name. When changing stacks do people use automation to get the stack and then change the name from DEV to PRD based on selected stack? This would also be used for selecting our azure subscription if that's the pattern. What's the convention here to do this?

Hey guys, I am trying to create a iam role using eks oidc information, but I keep getting an error that I can't seem to solve

const albPodRole = new aws.iam.Role('alb-service-account-role', {
  assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "${eksCluster.core.oidcProvider?.arn}"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "ForAnyValue:StringEquals": {
          "${eksCluster.core.oidcProvider?.url}:sub": ["system:serviceaccount:kube-system:alb-controller-aws-load-balancer-controller"]
        }
        
      }
    }
  ]
}
`,
}, {
  dependsOn: eksCluster,
})

Keep getting

error: aws:iam/role:Role resource 'alb-service-account-role' has a problem: "assume_role_policy" contains an invalid JSON: invalid character '\n' in string literal. Examine values at 'Role.AssumeRolePolicy'.

If I replace the eksCluster outputs with any other string it works fine

and I know that the arn and the url are available because they output just fine

Hello! I currently cannot install the pulumi packages in a new project because the DNS records for npmjs.pulumi.com seems to have gone away. The same thing happened this weekend, and a few weeks ago. Does anyone know whats going on? 🙂 https://www.nslookup.io/dns-records/npmjs.pulumi.com

In some clouds a resource can be automated even when name is specify Azure does this. How can I query to retrieve that name when I want to use it in another project Example a Managed Identity might name with auto naming and I need to capture that to link the MI to say data factory. How does one find out what name it was provided?

When I try to send SES mail from my eks cluster using nodejs aws-sdk I got the following error:

error: User 'arn:xxxxx:assumed-role/cluster-instanceRole-role-xxxxx' is not authorized to perform 'ses:SendRawEmail' on resource 'arn:aws:ses:us-east-1:xxxxx:identity/<mailto:no-reply@xxxxxx.com|no-reply@xxxxxx.com>'

. But when I try it locally using the same AWS access and secret key and email it works. Does anyone know how I can attach required ses policy to aws eks cluster? My cluster code:

const cluster = new eks.Cluster('cluster', {
  name: 'my-eks-cluster',
  vpcId: vpc.id,
  publicSubnetIds: vpc.publicSubnetIds,
  privateSubnetIds: vpc.privateSubnetIds,
  desiredCapacity: 2,
  minSize: 1,
  maxSize: 3
});

is pulumi offline? seems we can't talk to the API

Yeah, things seem broken, can't load anything any idea when this might be resolved?

Yup, all dead on for me as well

same

🙃

why would the api depend on npm?

oh, it is running on github now, and the status page now mentions github api

fun, that means my CI is down as well 😉