Are other folks here using Pulumi to manage a few kubernetes resources? When bringing up a new stack, it seems like Pulumi would be a good place to install some prerequisites prior to our CD pipeline taking over. However, if I ever need to update those k8s resources,

pulumi up

seemingly tries to re-create them instead of just `kubectl apply`ing over top (which would just update). Anyone else seen this or have a workaround?

Hi, I'm very familiar with Pulumi, but I'm struggling to find a solution for when I need to have a conditional resource creation. In my specific example I have a domain name which is an Output; I want to create a DNS entry, but based on the suffix of the domain name it can either be an AWS DNS entry or an Azure DNS entry. I can't find a way to query the Output and get the correct information. I've tried to shove all the logic inside a method and then have everything running via a lambda on an Output.apply(): that works when doing pulumi up, but pulumi pre will not show those resources, for whatever reason (probably lack of information during the pre run). Any thoughts on this?

Hello, I’m considering using AWS ECS’s ARM64 support, but it seems Pulumi doesn’t have the parameter AWS uses to define the task definition as an ARM64 task. (That’s fair enough, it was released like last week.) Could I inject that parameter inside Pulumi task definition code despite Pulumi not knowing about it in its own API? Or should I just use AWS console to modify the task definition as an one-off hack?

Hey so our pulumi stack was on a cloud storage bucket, and while it was updating someone did ctrl ^c twice to mess up the state, now we can't find the stack anywhere when we do pulumi refresh, I can see the stack's folder in the cloud storage bucket... how do we proceed to restore the stack?

i'm seeing an issue on Azure where after a ServicePrincipal is created azure-native:containerservice:ManagedCluster still claims it doesn't exist but will succeed on re-run of the stack

Hi, i am trying to figure out how to handle resources not created with pulumi, e.g. i wan't to create some Azure virtual machines in a virtual network and virtual subnet that are already there (managed by another pulumi project). I don't want to import them into my project and i dont want to manage them using my project, just accessing some informations about them (e.g. id, etc.) Is that possible? i am searching for the pulumi equivalent of terraforms

data

stuff. Maybe someone can shed some light how to solve it? Thanks a lot!

Another rando question...so we have been piloting Pulumi for AWS. I just learned of AWS CDK constructs though. Is there any kind of equivalent solution in Pulumi that reduces boilerplate stuff and/or canned common solutions following best practices (ex: CognitoToApiGatewayToLambda is a best practices AWS CDK construct you can easily drop in)

Hi all. I’m using pulumi with a custom state backend (Azure Blob). I want to point pulumi to store state in a blob storage container in Azure US Government cloud. Pulumi login is still pointing at public cloud endpoints — this is even after setting

ARM_ENVIORNMENT

to

usgovernment

. It looks like the env var is only relevant for the stack file, not

pulumi login

. Is there a way to configure pulumi to point to Azure US Government cloud?

Hello 👋 . I’m trying to set up the Pulumi Auth0 provider to manage tenant creation. As part of the configuration I need to provide a

clientId

and a

clientSecret

but I’m having difficulty understanding where to get these from in Auth0. I’ve had a go using the Global Client Information values in the Advanced settings, but the info text suggests I shouldn’t be using them:

"Typically, you will not need these values"

and when I’ve tried to use these values there’s an error saying:

"You need to create a \"client-grant\" associated to this API"

. Is anyone able to tell me where to find the client ID and secret values in auth0?

Hello there! This might be a stupid question, but can I use the Pulumi service to store Terraform statefiles? That would be nice to smooth migration

I think there’s a regression here with the EKS provider? https://github.com/pulumi/pulumi-eks/issues/88 An update to the ami on our nodes in our non production cluster just caused all the nodes to roll. Thankfully I caught this in non-prod but super scary!! You can see the replace strategy on imageId in the plan for our production cluster here:

Previewing update (base.prod):
     Type                                     Name                                               Plan        Info
     pulumi:pulumi:Stack                      yd-base-base.prod
     └─ yd:eks:Cluster                        yd-eks
        └─ eks:index:Cluster                  yd-eks
           ├─ eks:index:NodeGroup             yd-eks-nodes-datomic-http
 +-        │  ├─ aws:ec2:LaunchConfiguration  yd-eks-nodes-datomic-http-nodeLaunchConfiguration  replace     [diff: ~imageId]
 ~         │  └─ aws:cloudformation:Stack     yd-eks-nodes-datomic-http-nodes                    update      [diff: ~templateBody]
           └─ eks:index:NodeGroup             yd-eks-nodes-default
 +-           ├─ aws:ec2:LaunchConfiguration  yd-eks-nodes-default-nodeLaunchConfiguration       replace     [diff: ~imageId]
 ~            └─ aws:cloudformation:Stack     yd-eks-nodes-default-nodes                         update      [diff: ~templateBody]

Hi! I am learning Pulumi while setting up my home lab. Right now I've ran into what appears to be a pretty water tight secrets management. I am using the TLS module to create a SSH key pair, and for now I need to export the private key to file in order to actually use it. If this were a production environment I would be using a proper secrets engine to create and store this, but in my home lab I really just want to either write the key to file or print it as an output. Is there any way I can get the decrypted value?

Is there a default goto write-up/presentation that compares pulumi with CF, TF and CDK. Need to persuade my team to adopt pulumi. Thanks !!

One i have now is from @cuddly-scientist-53408. https://cdn.oreillystatic.com/en/assets/1/event/270/Tooling%20in%20the%20age%20of%20serverless%20computing%20Presentation.pdf wondering if there are more similar to this.

Hi all! I'm setting up pulumi with github actions, I installed the pulumi github app but I cannot see any comments on the PR that triggers the workflow nor the checks integration. Any ideas?

Hello 👋 does anyone know if there is a way to create a project with the CLI without generating files? I have existing pulumi project code I want to create a new project for. Like maybe…

pulumi new --skip-template-files

so I could run it in a directory that already has code, and see the new project in the console.

*a rest api endpoint like

POST /api/projects/…

could work as well. I don’t see one in the rest api docs

Hi. We are using automation api for our service using the JavaScript sdk. And after certain intervals it keeps saying the AWS plugin version not found whenever we want to create a stack and a new plugin version is out. Is anyone else facing this issue? Is there a way to fix the AWS plugin version ? We are using the automation api in docker container and there is a ci/cd pipeline in place if that is relevant?

Question about ResourceOpts inheritance: is

custom_timeouts=

inherited from parent objects?

Hello. Trying to use the Terraform Bridge Provider Boilerplate, can someone tell me what to put in

go.mod

for https://registry.terraform.io/providers/scaleway/scaleway/latest? I tried putting

<http://github.com/scaleway/terraform-provider-scaleway/scaleway|github.com/scaleway/terraform-provider-scaleway/scaleway> v2.1.0

but it tells me

version "v2.1.0" invalid: should be v0 or v1, not v2

Hi - Is it possible to create a service-mesh with Pulumi?

Hi All Iam executing the pulumi stack through Az DevOps from docker method. The stack executes successfully when we use "up" command. For example, i delete few resources manually and if they are required to be recreated through pulumi we normally use pulumi up --refresh However with pulumi runner command refresh command is not recognized. How can i cover this scenario to refresh the stack using pulumi runner ?

Hi All, I have a custom terraform provider written in Go that I’d like to attempt to convert using tf2pulumi into a Pulumi Go provider. Will tf2pulumi support this conversion?

hey guys 👋 wonder who is using pulumi with python projects, how do you import packages from the main project for example if you need to use information from models/dataclasses

Hello guys, Just started using pulumi for k8s projects, and I am having a hard time creating a custom resources with yaml piped data, for instance: This is my pulumi resource

const albController = new k8s.apiextensions.CustomResource('alb-controller', {
  apiVersion: '<http://argoproj.io/v1alpha1|argoproj.io/v1alpha1>',
  kind: 'Application',
  metadata: {
    name: 'alb-controller',
    namespace: 'argocd',
    finalizers: ['<http://resources-finalizer.argocd.argoproj.io|resources-finalizer.argocd.argoproj.io>'],
  },
  spec: {
    project: 'default',
    source: {
      repoURL: '<https://bitbucket.org/mycharts/infra.git>',
      targetRevision: 'main',
      path: 'k8s/charts/alb-controller',
      helm: {
        image: {
          repository: '<http://123456789.dkr.ecr.eu-west-1.amazonaws.com/backend|123456789.dkr.ecr.eu-west-1.amazonaws.com/backend>',
          pullPolicy: 'IfNotPresent',
          tag: 'latest',
        },
      },
    },
  },
}, { dependsOn: [argocd] })

And this is what I want to achieve:

apiVersion: <http://argoproj.io/v1alpha1|argoproj.io/v1alpha1>
kind: Application
metadata:
  name: alb-controller
  namespace: argocd
  finalizers:
    - <http://resources-finalizer.argocd.argoproj.io|resources-finalizer.argocd.argoproj.io>
spec:
  project: default
  # Source of the application manifests
  source:
    repoURL: <https://bitbucket.org/mycharts/infra.git>
    targetRevision: main
    path: k8s/charts/alb-controller
    # helm specific config
    helm:
      values: |
        image: 
          repository: <http://123456789.dkr.ecr.eu-west-1.amazonaws.com/backend|123456789.dkr.ecr.eu-west-1.amazonaws.com/backend>
          pullPolicy: IfNotPresent
          tag: latest

Does Pulumi use log4j anywhere when pushing logs to Pulumi Cloud?

Hello I am trying to build my python project and after it downloaded the newest plugins I am getting this:

Type                     Name                   Plan     Info
     pulumi:pulumi:Stack      location-api-wapi-dev           2 messages
     └─ pulumi:providers:aws  default                         1 error

Diagnostics:
  pulumi:pulumi:Stack (location-api-wapi-dev):
    assertion failed [inst.has_value()]: failed to decode instruction: 0x0
    (StateRecovery.cpp:355 determine_state_recovery_action_forward_branches)

  pulumi:providers:aws (default):
    error: could not read plugin [/Users/kylefontaine/.pulumi/plugins/resource-aws-v4.32.0/pulumi-resource-aws] stdout: EOF

I have already removed all the plugins and attempted to reinstall them. I also have reinstalled pulumi using brew. Has anyone else run into this?

does pulumi refresh requires gcloud CLI? I am asking this because of the following error:

2021-12-14T14:04:24.691778750Z ~ kubernetes:core/v1:ServiceAccount hello-world-service-account refreshing warning: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "<https://x.x.x.x/openapi/v2?timeout=32s>": error executing access token command "gcloud config config-helper --format=json": err=exec: "gcloud": executable file not found in $PATH output= stderr=

I am running pulumi inside the GCP Cloud Build Worker and the container is npm