pulumi-community #general

general

square-coat-62279

12/29/2021, 3:50 AM

does anyone try creating IAP brand in GCP before? According to the API doc, we should be able to create an internal user type via the Pulumi API, but it doesn't seem so as I don't see them created in the OAuth consent screen

able-honey-93860

12/29/2021, 4:30 AM

Can please help me break down stacks vs projects? My current understanding is that a Project should be high level like Prod and Dev environments then a stack would be smaller cases of the managed environments. Here's the structure I am going for, is this best practice? Project: AWS_Prod Stack: ◦ s3 ◦ ec2 Project: AWS_Dev Stack: ◦ s3 ◦ ec2 Project: Okta_Prod Stack: ◦ users ◦ authentication

bumpy-agent-19616

12/29/2021, 8:29 AM

Could someone help me with the issue that says

error: an unhandled error occurred: Problem executing program (could not run language executor): fork/exec /usr/local/bin/node: argument list too long

during

pulumi up

? We have stacks for test, stage and prod of which

pulumi up

works with no problem in stage and prod environments but it doesn't in test and test stack in turn hosts environments like test01, test02, test03, test04 and test05.

echoing-activity-32278

12/29/2021, 9:06 AM

Is there a custom timeout setting but on a k8s provider level ? The current only supports per-resource level: https://www.pulumi.com/docs/intro/concepts/resources/#customtimeouts

echoing-activity-32278

12/29/2021, 10:24 AM

Sounds like a bug: https://www.pulumi.com/registry/packages/kubernetes/api-docs/core/v1/service/#:~:text=The%20endpoints%20objects[…]e%20number%20of%20living%20objects. Creating a headless service with the example on the statefulset page: https://www.pulumi.com/registry/packages/kubernetes/api-docs/apps/v1/statefulset/#create-a-statefulset-with-auto-naming on AKS will always be stuck in: Finding available pods.

happy-gpu-24908

12/29/2021, 11:39 AM

Hello everyone, when I run

pulumi up

everything works fine. But when I run

pulumi refresh

I get an error

error: could not load plugin for docker provider 'urn:pulumi:dev::testing::pulumi:providers:docker::example-service_docker_provider': no resource plugin 'docker' found in the workspace or on your $PATH

. What could be the reason? I get the same error when I run

pulumi up --refresh

echoing-activity-32278

12/29/2021, 1:25 PM

Anyone has success with installing cert-manager in k8s? For me, Pulumi always get stuck in the middle, hanging there forever.

purple-megabyte-83002

12/29/2021, 2:06 PM

hello is there a way to run

pulumi

local on CI/CD pipeline ? it’s not finding my stack

echoing-activity-32278

12/29/2021, 4:12 PM

Instead of specifying all the possible backends in the ctor of FrontDoor, is it possible to add the backends AFTER the frontdoor object has been created? see https://www.pulumi.com/registry/packages/azure-native/api-docs/network/frontdoor/#create-or-update-specific-front-door

hundreds-painter-6367

12/29/2021, 5:28 PM

Hello everyone, maybe someone can help me with this, i’m trying to implement the opensearch domain with the aws-native package, but when i’m trying to create the resource this error occurs:

aws-native:opensearchservice:Domain (merqueo-dev-search):
    error: resource partially created but read failed. read error: reading resource state: operation error CloudControl: GetResource, https response error StatusCode: 400, RequestID: 5dad3d54-4208-49c1-8d6d-5bcb49ffd70f, ResourceNotFoundException: AWS::OpenSearchService::Domain Handler returned status FAILED: Resource of type 'AWS::OpenSearchService::Domain' with identifier 'merqueo-dev-search' was not found. (HandlerErrorCode: NotFound, RequestToken: 3fe72f59-101b-4656-0dad-b9fe51ed0247), create error: operation CREATE failed with "InternalFailure": Internal Failure

some-honey-3067

12/29/2021, 7:40 PM

Hello folks, After upgrading the pulumi node packages to max, I am not able to deploy anything in the kubernetes cluster. For eg: I tried to deploy nginx ingress controller using pulumi and I get the following error from the pod:

-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v0.44.0
Build: f802554ccfadf828f7eb6d3f9a9333686706d613
Repository: <https://github.com/kubernetes/ingress-nginx>
nginx version: nginx/1.19.6
-------------------------------------------------------------------------------
I1229 11:12:26.402166 7 flags.go:208] "Watching for Ingress" class="nginx"
W1229 11:12:26.402595 7 flags.go:213] Ingresses with an empty class will also be processed by this Ingress controller
W1229 11:12:26.403000 7 client_config.go:614] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
W1229 11:12:26.403049 7 client_config.go:619] error creating inClusterConfig, falling back to default config: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
F1229 11:12:26.403200 7 main.go:299] Error while initiating a connection to the Kubernetes API server. This could mean the cluster is misconfigured (e.g. it has invalid API server certificates or Service Accounts configuration). Reason: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
Refer to the troubleshooting guide for more information: <https://kubernetes.github.io/ingress-nginx/troubleshooting/>
goroutine 1 [running]:
<http://k8s.io/klog/v2.stacks(0xc000128001|k8s.io/klog/v2.stacks(0xc000128001>, 0xc0003ec000, 0x1b4, 0x1d3)
<http://k8s.io/klog/v2@v2.4.0/klog.go:1026|k8s.io/klog/v2@v2.4.0/klog.go:1026> +0xb9
<http://k8s.io/klog/v2.(*loggingT).output|k8s.io/klog/v2.(*loggingT).output>(0x26915e0, 0xc000000003, 0x0, 0x0, 0xc0000a8cb0, 0x25e6c33, 0x7, 0x12b, 0x0)
<http://k8s.io/klog/v2@v2.4.0/klog.go:975|k8s.io/klog/v2@v2.4.0/klog.go:975> +0x19b
<http://k8s.io/klog/v2.(*loggingT).printf(0x26915e0|k8s.io/klog/v2.(*loggingT).printf(0x26915e0>, 0xc000000003, 0x0, 0x0, 0x0, 0x0, 0x1a92308, 0x13f, 0xc00006c190, 0x1, ...)
<http://k8s.io/klog/v2@v2.4.0/klog.go:750|k8s.io/klog/v2@v2.4.0/klog.go:750> +0x191
<http://k8s.io/klog/v2.Fatalf(...)|k8s.io/klog/v2.Fatalf(...)>
<http://k8s.io/klog/v2@v2.4.0/klog.go:1502|k8s.io/klog/v2@v2.4.0/klog.go:1502>
main.handleFatalInitError(...)
<http://k8s.io/ingress-nginx/cmd/nginx/main.go:299|k8s.io/ingress-nginx/cmd/nginx/main.go:299>
main.main()
<http://k8s.io/ingress-nginx/cmd/nginx/main.go:78|k8s.io/ingress-nginx/cmd/nginx/main.go:78> +0x3f4
goroutine 18 [chan receive]:
<http://k8s.io/klog/v2.(*loggingT).flushDaemon(0x26915e0)|k8s.io/klog/v2.(*loggingT).flushDaemon(0x26915e0)>
<http://k8s.io/klog/v2@v2.4.0/klog.go:1169|k8s.io/klog/v2@v2.4.0/klog.go:1169> +0x8b
created by <http://k8s.io/klog/v2.init.0|k8s.io/klog/v2.init.0>
<http://k8s.io/klog/v2@v2.4.0/klog.go:417|k8s.io/klog/v2@v2.4.0/klog.go:417> +0xdf

pulumi about

CLI
Version 3.20.0
Go Version go1.17.5
Go Compiler gc
Plugins
NAME VERSION
aws 4.32.0
aws 4.32.0
docker 3.1.0
eks 0.36.0
kubernetes 3.12.1
nodejs unknown
Host
OS darwin
Version 12.0.1
Arch arm64
This project is written in nodejs (/usr/local/bin/node v14.16.0)
Current Stack: my-org/db1b158c-e815-11ea-97ef-13e6b152ce19
Found no resources associated with my-org/db1b158c-e815-11ea-97ef-13e6b152ce19
Found no pending operations associated with my-org/db1b158c-e815-11ea-97ef-13e6b152ce19
Backend
Name <http://pulumi.com|pulumi.com>
URL <https://app.pulumi.com/my-user>
User my-user
NAME VERSION
@pulumi/awsx 0.32.0
@pulumi/docker 3.1.0
@pulumi/eks 0.36.0
@pulumi/kubernetes 3.12.1
@pulumi/pulumi 3.20.0
@types/node 17.0.0
@pulumi/aws 4.32.0

See my code here: https://gist.github.com/leshibily/13281cf86efc79cdb6cb80e1d24af22f

abundant-yacht-50678

12/29/2021, 11:54 PM

Hi all - I'm getting the following error when attempting to import a database instance on GCP -

gcp:sql:DatabaseInstance (app-db):
    error: gcp:sql/databaseInstance:DatabaseInstance resource 'app-db' has a problem: AtLeastOne: "settings": one of `clone,settings` must be specified. Examine values at 'DatabaseInstance.Settings'.
    error: gcp:sql/databaseInstance:DatabaseInstance resource 'app-db' has a problem: AtLeastOne: "clone": one of `clone,settings` must be specified. Examine values at 'DatabaseInstance.Clone'.
    error: one or more inputs failed to validate

Any ideas on how I resolve this?

rhythmic-lamp-79430

12/30/2021, 4:01 AM

Hi everyone, I am trying to get a string representation of the object for an resource that I am generating. For example, I am creating a VPC here

resource_vpc = aws.ec2.Vpc(
    resource_name=vars['vpc_name'],
    cidr_block=vars['cidr'],
    enable_classiclink_dns_support=True,
    enable_dns_hostnames=True,
    assign_generated_ipv6_cidr_block=True,
    tags={
        "Name": vars['vpc_name'],
    }
)

and then would like to use the

resource_vpc.ipv6_cidr_block

attribute to assign IPv6 CIDRs to subnets. However, the representation of this attribute is required as string to the network IPNetwork function I am using to create IPv6 Subnets… Any idea how I can obtain the string value? Thanks in advance

echoing-activity-32278

12/30/2021, 9:47 AM

How do you use the post_render with pulumi ? https://www.pulumi.com/blog/full-access-to-helm-features-through-new-helm-release-resource-for-kubernetes/#limited-transforms-support.

echoing-activity-32278

12/30/2021, 11:12 AM

Is it possible to hide the output of the exported variables when running

pulumi up

nice-beard-3866

12/30/2021, 11:45 AM

Hi, I'm struggling a bit with stack references and custom backends, pulumi can't seem to find the stack I'm referencing. I'm using an azure storage container called

<azblob://pulumi-state>

all projects live in the same container and I name the stacks

<project-name>.<stack-name>

because of the limitations, a solution taken from here I've tried some different forms

<project-name>/<project-name>.<stack-name>

<project-name>-<project-name>.<stack-name>

<project-name>.<stack-name>

but nothing seems to work Any suggestions for how to reference another stack?

rhythmic-lamp-79430

12/30/2021, 4:33 PM

Hi everyone, I am hitting a race condition b/w 2 resources. first resources is creating a vpc and the second one is creating subnets. for the second one i have a get_vpc block

vpc_info = aws.ec2.get_vpc(id=resource_vpc.id, opts=ResourceOptions(depends_on=[resource_vpc]))

to get the ipv6 subnet… however, if i run the whole stack in one go it fails… if i run it in stages i.e. create just the vpc and then create the subnet in second try it works fine. i have tried the depends_on mechanism but doesnt seem to be working… any idea what I might be doing wrong?

most-lighter-95902

12/30/2021, 11:26 PM

Hi, I’m working on two projects that use Pulumi and

awsx.ecr.buildAndPushImage

is calling the wrong ECR repo (i.e. the failed push error log shows the wrong aws account ID)

most-lighter-95902

12/30/2021, 11:26 PM

How can I make sure it pushes to the right aws account for ECR?

most-lighter-95902

12/30/2021, 11:35 PM

When I run

await aws.getCallerIdentity({})

, I get the right aws account - so aws is obviously correctly configured - this is strange

most-lighter-95902

12/30/2021, 11:40 PM

const apiImage = awsx.ecr.buildAndPushImage(`api-image`, {
      context: projectRootPath,
      dockerfile: './Dockerfile.dev',
    })

careful-vase-44898

12/30/2021, 11:55 PM

Hi there. I'm using AzureNative.KeyVault.Vault, and it seems that changes to the

Properties

attribute don't trigger a state change, so subsequent calls to

pulumi up

don't pick up my changes. As an experiment I added a value to the

Tags

property, and that was picked up just fine. Any idea what might be happening?

rhythmic-lamp-79430

12/31/2021, 2:58 AM

hi all, is there a way to collect certain export values to lets a dict and then refer them while creating next resource? for instance we create a vpc with subnets, however later I would like to associate a custom route-table with some of those which would require subnet-ids in advance… thanks in advance

echoing-activity-32278

12/31/2021, 3:36 AM

Is it possible to show the secrets here? This is the standard output of

pulumi up

after hitting showing the

details

option.

mammoth-airline-91759

12/31/2021, 6:13 AM

Is there a way to make Pulumi create a resource initially, but then ignore state differences thereafter? For example, I deploy a Helm Chart into Kubernetes which has some mutating webhooks. If those modify the existing resources, Pulumi tries to update them during the next apply. I’d rather just tell it to ignore those completely, since likely I’ll never need Pulumi to update them…

billions-lawyer-5518

12/31/2021, 10:17 AM

Hi Folks, I have created a VM instance in GCP using Pulumi. Now I have to install docker in the VM using Ansible and post that I have to run some containers using Pulumi. Is there any example available where using Pulumi and Ansible together ? Thanks for all your awesome work folks !!!

quick-wolf-8403

12/31/2021, 5:34 PM

Hi folks! I'm using the Fastly CDN tool to create a GCS-backed service. Everything works great, aside from one piece: adding a VCL Snippet. (Fastly recommends this in their by-hand instructions.) I want to create a new https://www.pulumi.com/registry/packages/fastly/api-docs/servicedynamicsnippetcontentv1/#inputs --but it looks like I need a snippet ID of an existing snippet to create a new one. Chicken/Egg? Do you folks have some ideas?

fixCachingVCL, err := fastly.NewServiceDynamicSnippetContentv1(ctx, "X-Http-Method-Override",
	&fastly.ServiceDynamicSnippetContentv1Args{
		Content:   pulumi.String("unset req.http.X-Http-Method-Override;"),
		ServiceId: bitmovincdn.ID(),
		SnippetId: , // Need a real one. manual?
	})

most-lighter-95902

12/31/2021, 8:09 PM

Hi, when I use docker via Pulumi (i.e.

awsx.ecr.buildAndPushImage

), does it run the build command locally? I’m asking because I keep getting

The build failed because the process exited too early. This probably means the system ran out of memory

late-energy-66663

01/01/2022, 6:18 PM

Hi, Happy New Year. Is there a way to save Project and Stack information other than Pulumi.yaml and Pulumi.<stack>.yaml . Do have any example where I can follow to use some implementation highlighted in red . I am looking for the example in golang. A default implementation of workspace is provided as

LocalWorkspace

. This implementation relies on Pulumi.yaml and Pulumi.<stack>.yaml as the intermediate format for Project and Stack settings. Modifying ProjectSettings will alter the Workspace Pulumi.yaml file, and setting config on a Stack will modify the Pulumi.<stack>.yaml file. This is identical to the behavior of Pulumi CLI driven workspaces.

Custom Workspace implementations can be used to store Project and Stack settings as well as Config in a different format, such as an in-memory data structure, a shared persistent SQL database, or cloud object storage. Regardless of the backing Workspace implementation,

https://pkg.go.dev/github.com/pulumi/pulumi/sdk/v3/go/auto@v3.19.0#NewLocalWorkspace

able-honey-93860

01/01/2022, 8:32 PM

Seems like there is a typo with pulumi's Okta provider.

groups_includeds

groups_included

which the terraform provider shows the latter.

groups_included = “${<http://data.okta_group.everyone.id|data.okta_group.everyone.id>}”

so I assume there was either a typo for the

or the converter didn't accurately handled it. This mishandled conversion causes the documentation to mislead the user into thinking group names and/or id’s can be used but ultimately only group id’s are applicable.

Title

able-honey-93860

01/01/2022, 8:32 PM

Seems like there is a typo with pulumi's Okta provider.

groups_includeds

groups_included

which the terraform provider shows the latter.

groups_included = “${<http://data.okta_group.everyone.id|data.okta_group.everyone.id>}”

so I assume there was either a typo for the

@billowy-army-68599 is it safe to say this is a typo?

billowy-army-68599

01/01/2022, 11:44 PM

it's probably a docgen bug, would you mind filing an issue on the provider repo

able-honey-93860

01/01/2022, 11:48 PM

Sorry I'm not really good with GitHub nor do I have an account lol😅

billowy-army-68599

01/01/2022, 11:51 PM

opened this https://github.com/pulumi/docs/issues/6974

able-honey-93860

01/01/2022, 11:54 PM

Thanks!

View count: 1