https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • s

    square-coat-62279

    12/29/2021, 3:50 AM
    does anyone try creating IAP brand in GCP before? According to the API doc, we should be able to create an internal user type via the Pulumi API, but it doesn't seem so as I don't see them created in the OAuth consent screen
  • a

    able-honey-93860

    12/29/2021, 4:30 AM
    Can please help me break down stacks vs projects? My current understanding is that a Project should be high level like Prod and Dev environments then a stack would be smaller cases of the managed environments. Here's the structure I am going for, is this best practice? Project: AWS_Prod Stack: ◦ s3 ◦ ec2 Project: AWS_Dev Stack: ◦ s3 ◦ ec2 Project: Okta_Prod Stack: ◦ users ◦ authentication
    l
    c
    • 3
    • 9
  • b

    bumpy-agent-19616

    12/29/2021, 8:29 AM
    Could someone help me with the issue that says
    error: an unhandled error occurred: Problem executing program (could not run language executor): fork/exec /usr/local/bin/node: argument list too long
    during
    pulumi up
    ? We have stacks for test, stage and prod of which
    pulumi up
    works with no problem in stage and prod environments but it doesn't in test and test stack in turn hosts environments like test01, test02, test03, test04 and test05.
    b
    • 2
    • 4
  • e

    echoing-activity-32278

    12/29/2021, 9:06 AM
    Is there a custom timeout setting but on a k8s provider level ? The current only supports per-resource level: https://www.pulumi.com/docs/intro/concepts/resources/#customtimeouts
    b
    q
    • 3
    • 6
  • e

    echoing-activity-32278

    12/29/2021, 10:24 AM
    Sounds like a bug: https://www.pulumi.com/registry/packages/kubernetes/api-docs/core/v1/service/#:~:text=The%20endpoints%20objects[…]e%20number%20of%20living%20objects. Creating a headless service with the example on the statefulset page: https://www.pulumi.com/registry/packages/kubernetes/api-docs/apps/v1/statefulset/#create-a-statefulset-with-auto-naming on AKS will always be stuck in: Finding available pods.
    q
    f
    • 3
    • 14
  • h

    happy-gpu-24908

    12/29/2021, 11:39 AM
    Hello everyone, when I run
    pulumi up
    everything works fine. But when I run
    pulumi refresh
    I get an error
    error: could not load plugin for docker provider 'urn:pulumi:dev::testing::pulumi:providers:docker::example-service_docker_provider': no resource plugin 'docker' found in the workspace or on your $PATH
    . What could be the reason? I get the same error when I run
    pulumi up --refresh
    .
    • 1
    • 1
  • e

    echoing-activity-32278

    12/29/2021, 1:25 PM
    Anyone has success with installing cert-manager in k8s? For me, Pulumi always get stuck in the middle, hanging there forever.
    w
    q
    • 3
    • 13
  • p

    purple-megabyte-83002

    12/29/2021, 2:06 PM
    hello is there a way to run
    pulumi
    local on CI/CD pipeline ? it’s not finding my stack
    w
    • 2
    • 2
  • e

    echoing-activity-32278

    12/29/2021, 4:12 PM
    Instead of specifying all the possible backends in the ctor of FrontDoor, is it possible to add the backends AFTER the frontdoor object has been created? see https://www.pulumi.com/registry/packages/azure-native/api-docs/network/frontdoor/#create-or-update-specific-front-door
    w
    • 2
    • 4
  • h

    hundreds-painter-6367

    12/29/2021, 5:28 PM
    Hello everyone, maybe someone can help me with this, i’m trying to implement the opensearch domain with the aws-native package, but when i’m trying to create the resource this error occurs:
    aws-native:opensearchservice:Domain (merqueo-dev-search):
        error: resource partially created but read failed. read error: reading resource state: operation error CloudControl: GetResource, https response error StatusCode: 400, RequestID: 5dad3d54-4208-49c1-8d6d-5bcb49ffd70f, ResourceNotFoundException: AWS::OpenSearchService::Domain Handler returned status FAILED: Resource of type 'AWS::OpenSearchService::Domain' with identifier 'merqueo-dev-search' was not found. (HandlerErrorCode: NotFound, RequestToken: 3fe72f59-101b-4656-0dad-b9fe51ed0247), create error: operation CREATE failed with "InternalFailure": Internal Failure
    w
    • 2
    • 2
  • s

    some-honey-3067

    12/29/2021, 7:40 PM
    Hello folks, After upgrading the pulumi node packages to max, I am not able to deploy anything in the kubernetes cluster. For eg: I tried to deploy nginx ingress controller using pulumi and I get the following error from the pod:
    -------------------------------------------------------------------------------
    NGINX Ingress controller
    Release: v0.44.0
    Build: f802554ccfadf828f7eb6d3f9a9333686706d613
    Repository: <https://github.com/kubernetes/ingress-nginx>
    nginx version: nginx/1.19.6
    -------------------------------------------------------------------------------
    I1229 11:12:26.402166 7 flags.go:208] "Watching for Ingress" class="nginx"
    W1229 11:12:26.402595 7 flags.go:213] Ingresses with an empty class will also be processed by this Ingress controller
    W1229 11:12:26.403000 7 client_config.go:614] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
    W1229 11:12:26.403049 7 client_config.go:619] error creating inClusterConfig, falling back to default config: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
    F1229 11:12:26.403200 7 main.go:299] Error while initiating a connection to the Kubernetes API server. This could mean the cluster is misconfigured (e.g. it has invalid API server certificates or Service Accounts configuration). Reason: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
    Refer to the troubleshooting guide for more information: <https://kubernetes.github.io/ingress-nginx/troubleshooting/>
    goroutine 1 [running]:
    <http://k8s.io/klog/v2.stacks(0xc000128001|k8s.io/klog/v2.stacks(0xc000128001>, 0xc0003ec000, 0x1b4, 0x1d3)
    <http://k8s.io/klog/v2@v2.4.0/klog.go:1026|k8s.io/klog/v2@v2.4.0/klog.go:1026> +0xb9
    <http://k8s.io/klog/v2.(*loggingT).output|k8s.io/klog/v2.(*loggingT).output>(0x26915e0, 0xc000000003, 0x0, 0x0, 0xc0000a8cb0, 0x25e6c33, 0x7, 0x12b, 0x0)
    <http://k8s.io/klog/v2@v2.4.0/klog.go:975|k8s.io/klog/v2@v2.4.0/klog.go:975> +0x19b
    <http://k8s.io/klog/v2.(*loggingT).printf(0x26915e0|k8s.io/klog/v2.(*loggingT).printf(0x26915e0>, 0xc000000003, 0x0, 0x0, 0x0, 0x0, 0x1a92308, 0x13f, 0xc00006c190, 0x1, ...)
    <http://k8s.io/klog/v2@v2.4.0/klog.go:750|k8s.io/klog/v2@v2.4.0/klog.go:750> +0x191
    <http://k8s.io/klog/v2.Fatalf(...)|k8s.io/klog/v2.Fatalf(...)>
    <http://k8s.io/klog/v2@v2.4.0/klog.go:1502|k8s.io/klog/v2@v2.4.0/klog.go:1502>
    main.handleFatalInitError(...)
    <http://k8s.io/ingress-nginx/cmd/nginx/main.go:299|k8s.io/ingress-nginx/cmd/nginx/main.go:299>
    main.main()
    <http://k8s.io/ingress-nginx/cmd/nginx/main.go:78|k8s.io/ingress-nginx/cmd/nginx/main.go:78> +0x3f4
    goroutine 18 [chan receive]:
    <http://k8s.io/klog/v2.(*loggingT).flushDaemon(0x26915e0)|k8s.io/klog/v2.(*loggingT).flushDaemon(0x26915e0)>
    <http://k8s.io/klog/v2@v2.4.0/klog.go:1169|k8s.io/klog/v2@v2.4.0/klog.go:1169> +0x8b
    created by <http://k8s.io/klog/v2.init.0|k8s.io/klog/v2.init.0>
    <http://k8s.io/klog/v2@v2.4.0/klog.go:417|k8s.io/klog/v2@v2.4.0/klog.go:417> +0xdf
    pulumi about
    CLI
    Version 3.20.0
    Go Version go1.17.5
    Go Compiler gc
    Plugins
    NAME VERSION
    aws 4.32.0
    aws 4.32.0
    docker 3.1.0
    eks 0.36.0
    kubernetes 3.12.1
    nodejs unknown
    Host
    OS darwin
    Version 12.0.1
    Arch arm64
    This project is written in nodejs (/usr/local/bin/node v14.16.0)
    Current Stack: my-org/db1b158c-e815-11ea-97ef-13e6b152ce19
    Found no resources associated with my-org/db1b158c-e815-11ea-97ef-13e6b152ce19
    Found no pending operations associated with my-org/db1b158c-e815-11ea-97ef-13e6b152ce19
    Backend
    Name <http://pulumi.com|pulumi.com>
    URL <https://app.pulumi.com/my-user>
    User my-user
    NAME VERSION
    @pulumi/awsx 0.32.0
    @pulumi/docker 3.1.0
    @pulumi/eks 0.36.0
    @pulumi/kubernetes 3.12.1
    @pulumi/pulumi 3.20.0
    @types/node 17.0.0
    @pulumi/aws 4.32.0
    See my code here: https://gist.github.com/leshibily/13281cf86efc79cdb6cb80e1d24af22f
  • a

    abundant-yacht-50678

    12/29/2021, 11:54 PM
    Hi all - I'm getting the following error when attempting to import a database instance on GCP -
    gcp:sql:DatabaseInstance (app-db):
        error: gcp:sql/databaseInstance:DatabaseInstance resource 'app-db' has a problem: AtLeastOne: "settings": one of `clone,settings` must be specified. Examine values at 'DatabaseInstance.Settings'.
        error: gcp:sql/databaseInstance:DatabaseInstance resource 'app-db' has a problem: AtLeastOne: "clone": one of `clone,settings` must be specified. Examine values at 'DatabaseInstance.Clone'.
        error: one or more inputs failed to validate
    Any ideas on how I resolve this?
    l
    b
    • 3
    • 4
  • r

    rhythmic-lamp-79430

    12/30/2021, 4:01 AM
    Hi everyone, I am trying to get a string representation of the object for an resource that I am generating. For example, I am creating a VPC here
    resource_vpc = aws.ec2.Vpc(
        resource_name=vars['vpc_name'],
        cidr_block=vars['cidr'],
        enable_classiclink_dns_support=True,
        enable_dns_hostnames=True,
        assign_generated_ipv6_cidr_block=True,
        tags={
            "Name": vars['vpc_name'],
        }
    )
    and then would like to use the
    resource_vpc.ipv6_cidr_block
    attribute to assign IPv6 CIDRs to subnets. However, the representation of this attribute is required as string to the network IPNetwork function I am using to create IPv6 Subnets… Any idea how I can obtain the string value? Thanks in advance
    b
    • 2
    • 5
  • e

    echoing-activity-32278

    12/30/2021, 9:47 AM
    How do you use the post_render with pulumi ? https://www.pulumi.com/blog/full-access-to-helm-features-through-new-helm-release-resource-for-kubernetes/#limited-transforms-support.
  • e

    echoing-activity-32278

    12/30/2021, 11:12 AM
    Is it possible to hide the output of the exported variables when running
    pulumi up
    ?
    q
    l
    • 3
    • 5
  • n

    nice-beard-3866

    12/30/2021, 11:45 AM
    Hi, I'm struggling a bit with stack references and custom backends, pulumi can't seem to find the stack I'm referencing. I'm using an azure storage container called
    <azblob://pulumi-state>
    all projects live in the same container and I name the stacks
    <project-name>.<stack-name>
    because of the limitations, a solution taken from here I've tried some different forms
    <project-name>/<project-name>.<stack-name>
    ,
    <project-name>-<project-name>.<stack-name>
    ,
    <project-name>.<stack-name>
    but nothing seems to work Any suggestions for how to reference another stack?
    • 1
    • 1
  • r

    rhythmic-lamp-79430

    12/30/2021, 4:33 PM
    Hi everyone, I am hitting a race condition b/w 2 resources. first resources is creating a vpc and the second one is creating subnets. for the second one i have a get_vpc block
    vpc_info = aws.ec2.get_vpc(id=resource_vpc.id, opts=ResourceOptions(depends_on=[resource_vpc]))
    to get the ipv6 subnet… however, if i run the whole stack in one go it fails… if i run it in stages i.e. create just the vpc and then create the subnet in second try it works fine. i have tried the depends_on mechanism but doesnt seem to be working… any idea what I might be doing wrong?
    w
    w
    l
    • 4
    • 26
  • m

    most-lighter-95902

    12/30/2021, 11:26 PM
    Hi, I’m working on two projects that use Pulumi and
    awsx.ecr.buildAndPushImage
    is calling the wrong ECR repo (i.e. the failed push error log shows the wrong aws account ID)
    b
    • 2
    • 23
  • m

    most-lighter-95902

    12/30/2021, 11:26 PM
    How can I make sure it pushes to the right aws account for ECR?
  • m

    most-lighter-95902

    12/30/2021, 11:35 PM
    When I run
    await aws.getCallerIdentity({})
    , I get the right aws account - so aws is obviously correctly configured - this is strange
  • m

    most-lighter-95902

    12/30/2021, 11:40 PM
    const apiImage = awsx.ecr.buildAndPushImage(`api-image`, {
          context: projectRootPath,
          dockerfile: './Dockerfile.dev',
        })
  • c

    careful-vase-44898

    12/30/2021, 11:55 PM
    Hi there. I'm using AzureNative.KeyVault.Vault, and it seems that changes to the
    Properties
    attribute don't trigger a state change, so subsequent calls to
    pulumi up
    don't pick up my changes. As an experiment I added a value to the
    Tags
    property, and that was picked up just fine. Any idea what might be happening?
    b
    • 2
    • 2
  • r

    rhythmic-lamp-79430

    12/31/2021, 2:58 AM
    hi all, is there a way to collect certain export values to lets a dict and then refer them while creating next resource? for instance we create a vpc with subnets, however later I would like to associate a custom route-table with some of those which would require subnet-ids in advance… thanks in advance
  • e

    echoing-activity-32278

    12/31/2021, 3:36 AM
    Is it possible to show the secrets here? This is the standard output of
    pulumi up
    after hitting showing the
    details
    option.
  • m

    mammoth-airline-91759

    12/31/2021, 6:13 AM
    Is there a way to make Pulumi create a resource initially, but then ignore state differences thereafter? For example, I deploy a Helm Chart into Kubernetes which has some mutating webhooks. If those modify the existing resources, Pulumi tries to update them during the next apply. I’d rather just tell it to ignore those completely, since likely I’ll never need Pulumi to update them…
    c
    • 2
    • 4
  • b

    billions-lawyer-5518

    12/31/2021, 10:17 AM
    Hi Folks, I have created a VM instance in GCP using Pulumi. Now I have to install docker in the VM using Ansible and post that I have to run some containers using Pulumi. Is there any example available where using Pulumi and Ansible together ? Thanks for all your awesome work folks !!!
    b
    • 2
    • 2
  • q

    quick-wolf-8403

    12/31/2021, 5:34 PM
    Hi folks! I'm using the Fastly CDN tool to create a GCS-backed service. Everything works great, aside from one piece: adding a VCL Snippet. (Fastly recommends this in their by-hand instructions.) I want to create a new https://www.pulumi.com/registry/packages/fastly/api-docs/servicedynamicsnippetcontentv1/#inputs --but it looks like I need a snippet ID of an existing snippet to create a new one. Chicken/Egg? Do you folks have some ideas?
    fixCachingVCL, err := fastly.NewServiceDynamicSnippetContentv1(ctx, "X-Http-Method-Override",
    	&fastly.ServiceDynamicSnippetContentv1Args{
    		Content:   pulumi.String("unset req.http.X-Http-Method-Override;"),
    		ServiceId: bitmovincdn.ID(),
    		SnippetId: , // Need a real one. manual?
    	})
    • 1
    • 2
  • m

    most-lighter-95902

    12/31/2021, 8:09 PM
    Hi, when I use docker via Pulumi (i.e.
    awsx.ecr.buildAndPushImage
    ), does it run the build command locally? I’m asking because I keep getting
    The build failed because the process exited too early. This probably means the system ran out of memory
    b
    • 2
    • 2
  • l

    late-energy-66663

    01/01/2022, 6:18 PM
    Hi, Happy New Year. Is there a way to save Project and Stack information other than Pulumi.yaml and Pulumi.<stack>.yaml . Do have any example where I can follow to use some implementation highlighted in red . I am looking for the example in golang. A default implementation of workspace is provided as
    LocalWorkspace
    . This implementation relies on Pulumi.yaml and Pulumi.<stack>.yaml as the intermediate format for Project and Stack settings. Modifying ProjectSettings will alter the Workspace Pulumi.yaml file, and setting config on a Stack will modify the Pulumi.<stack>.yaml file. This is identical to the behavior of Pulumi CLI driven workspaces.
    Custom Workspace implementations can be used to store Project and Stack settings as well as Config in a different format, such as an in-memory data structure, a shared persistent SQL database, or cloud object storage. Regardless of the backing Workspace implementation,
    https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/auto@v3.19.0#NewLocalWorkspace
    a
    • 2
    • 2
  • a

    able-honey-93860

    01/01/2022, 8:32 PM
    Seems like there is a typo with pulumi's Okta provider.
    groups_includeds
    vs
    groups_included
    which the terraform provider shows the latter.
    groups_included = “${<http://data.okta_group.everyone.id|data.okta_group.everyone.id>}”
    so I assume there was either a typo for the
    $
    or the converter didn't accurately handled it. This mishandled conversion causes the documentation to mislead the user into thinking group names and/or id’s can be used but ultimately only group id’s are applicable.
    b
    • 2
    • 5
Powered by Linen
Title
a

able-honey-93860

01/01/2022, 8:32 PM
Seems like there is a typo with pulumi's Okta provider.
groups_includeds
vs
groups_included
which the terraform provider shows the latter.
groups_included = “${<http://data.okta_group.everyone.id|data.okta_group.everyone.id>}”
so I assume there was either a typo for the
$
or the converter didn't accurately handled it. This mishandled conversion causes the documentation to mislead the user into thinking group names and/or id’s can be used but ultimately only group id’s are applicable.
@billowy-army-68599 is it safe to say this is a typo?
b

billowy-army-68599

01/01/2022, 11:44 PM
it's probably a docgen bug, would you mind filing an issue on the provider repo
a

able-honey-93860

01/01/2022, 11:48 PM
Sorry I'm not really good with GitHub nor do I have an account lol😅
b

billowy-army-68599

01/01/2022, 11:51 PM
opened this https://github.com/pulumi/docs/issues/6974
a

able-honey-93860

01/01/2022, 11:54 PM
Thanks!
View count: 1