Hi, I am trying to migrate from helm charts to using kubernetes manifests directly. But I run into this issue. "some resources have the same name on kubernetes. Pulumi though thinks they are different but unrelated, so it attempts to create the new resources through, which fails as the resource already exists." I tried setting the createBeforeDelete option but it did not work, which I think makes sense since I am adding it to the ConfigFile resource and not the Chart one (which is removed). Any suggestions? Thanks!

What is the correct way of retrieving "async" values in a custom

ComponentResource

? We struggle with having a stack hanging if the async requests fails. We are doing something like this:

export class Team extends pulumi.ComponentResource {
    teamId: pulumi.Output<string>

    constructor(name: string, teamSpec: types.TeamSpec) {
        super("something", name, {});
        const azureAdConfig = azuread.getClientConfig({})

        const usersIds = pulumi.output(getUsers(teamSpec.members)); // getUsers is something that returns a promise

        const adGroup = new azuread.Group(`${teamSpec.teamName}-ad-group`, {
            displayName:  teamSpec.teamName,
            owners: [azureAdConfig.then(c => c.objectId)],
            description: "Created and managed by Automation",
            securityEnabled: true,
            members: usersIds
        });
   ....

if the call to

getUsers

fails everything will just hang. I would expect pulumi to catch that and fail the whole process. Am I doing something wrong or is this a bug?

In Pulumi, I want to target a specific Kubernetes cluster in my kubectx. I have three envs: • local ( local docker ) • dev • stg How do I explicitly target these k8s clusters in code? I am in GoLang.

Anyone have any idea what might have happened to my stack: an update hung, I canceled, web console still shows it running despite me getting cli confirmation of cancel, repeat cancel calls throw a conflict saying already cancelled, refresh is stuck, if I look at stack it seems to have created everything, updates still going, running more previews just hangs with little to no output - what's the best way to diagnose hangs? (node/typescript)

When I have an error in pulumi, is there an easy way to extract the error message (using typescript)? The error I get from pulumi has the following structure:

{
  "commandResult": {
    "stdout": "....",
    "stderr": "....",
    "code": 255
  },
  "name": "CommandError"
}

where my internal error message is in the

stdout

property as part of a long string. I can use regex on the string, but it should be an easier way as I see it. This isn't an issue when you are running from the CLI, but it is more an issue when you are using automation so you can provide better error messages to the users.

I have a question regarding pulumi and kubernetes, specifically helm deployments. It's been quite a learning curve, but somehow missed crd2pulumi and was using yaml files with transformations. Beyond changing a few basic parameters with transformations it gets pretty ugly real quick. So switched over to crd2pulumi generated classes and it's a thing of beauty now. I was just wondering if there's a way to get rid of all yaml, including the helm chart values in an elegant strongly-typed way.

Hi - I am struggling a little bit with Unions in C#. Specifically I want to map an InputUnion<T0, T1> to a different InputUnion<U0, U1>. I can use an apply, and I can get an Output<Union<U0, U1>> but I'm really struggling to find a nice way to do this. The only solution so far is to use a Match within an Apply to set the InputUnion<U0, U1> to a specific value - ideally I would like to return an Output<Union<U0, U1>> and assign it to a property of type InputUnion<U0, U1>, but that's not possible. Furthermore the Map operation only allows me to map one or the other input (i.e. to InputUnion<T0, U1> or InputUnion<U0, T1>) but not both. Any ideas how I can get around this?

Hey everybody, can someone help me? I'm trying to import an exisiting Route53 HostedZone like that:

const zone = new aws.route53.Zone(
                "www",
                { name: "<http://example.com|example.com>" },
                { import: "ZoneID" }
            );

But during deployment I always get the error that the resource does not exist

aws:route53:Zone (www):
    error: inputs to import do not match the existing resource

What values do I need to provide to properly import the zone? thanks

Hey Good Evening, I am just working my way through a simple AWS VPC setup with Pulumi / aws-go, I was had the following issue though, I can create a “Create New VPC” function with a return type of the ec2.Vpc. I can use this return type and from this return, pass in the ID() method to my other “Create New Subnets” function. This is great and works as expected !  However, I would like my code to be a little more flexible and check if there is an existing vpc passed it as a config item

Vpc:id: "vpcid1234"

If there is a VPC:id set then don’t run the first “Create New VPC” function, instead just use this string value as my VPC id for the “Create New Subnets” function.  The issue I have run into is I am now dealing with a different type. So for the “Create new subnets function to take in the VPC from the ID() method then I can have func like this:

func CreateSubnets(ctx *pulumi.Context, vpcID pulumi.IDOutput) { << vpcID is type pulumi.IDOoutput
   //creates subnet(s)

Now for a string ID taken from the config object I need it to look like this

func CreateSubnets(ctx *pulumi.Context, vpcID string {
   //creates subnet(s)

My question is am I tackling this the wrong way and if so what would be another approach? It feels like I am. I do of course appreciate this is a Go Type issue rather than a strictly Pulumi one :)

Hello everyone, can anyone suggest a valid/proper method for deploying ECS cluster of type EC2 (non-fargate)? I’m having some issues with that and I wasn’t able to find examples for that on Pulumi.com. I’ve spent a decent amount on that already, and defaulted to using CloudFormation which allows me to deploy the ecs ec2 cluster. Having that working, I pasted my CF code to

<https://www.pulumi.com/cf2pulumi/>

so that I can convert it to TypeScript but it fails.

Hello, I'm currently using Terraform, which I have used for maybe 4 years. It seems like recently it has just fallen apart. Plans hang for 20 minutes in the middle, error messages that make no sense. I'm very familiar with HCL, so switching to Pulumi would require learning a new language. Is there any chance

Rust

will be integrated as a supported language?

Hi All, I have been learning Pulumi for a few weeks. I am working with dotnet deploying GCP and Kubernetes resources. I have run into an issue where when running pulumi up, the preview does not display all of the operations that I am trying to create. But when the actual update operation happens, it does the correct thing and creates all the correct items. This started occurring after I wanted to make the stack a bit easier to add DNS items for cloud-dns for GCP. I pulled the details of each record into the pulumi config in a json object, then on start up I parsed the config and generated all of the dns records. When I run Pulumi Up, the preview does not show any of the cloud dns records I am creating. If by chance I have already ran the operation once and created the records, the preview says it wants to delete the records. Does anyone happen to know why the preview would break by doing this? Example: (quick snippet on pulling dns records from config and creating them. )

var data = config.RequireObject<Models.DNS.DNSConfigModel>("dns");

foreach (Models.DNS.ZoneConfigModel zone in data.zones)
            {
                ManagedZone requestedZone = createManagedZone(zone, new List<Resource>() {});

                foreach (Models.DNS.RecordConfigModel record in zone.records)
                {

                    Output.All(requestedZone.Name, ingressIp.Apply(t => t)).Apply(x =>
                    {
                        createRecordSet(x[0], record, new List<Resource>() { requestedZone }, x[1]);
                        return "";
                    });
                }
            }

Example: (config)

<project>:dns:
    zones:
    - name: website-com
      projectKey: networking
      dnsName: <http://website.com|website.com>.
      description: "Zone for website-com"
      protect: true
      records:
      - name: <http://api.website.com|api.website.com>.
        isIngressEndpoint: false
        projectKey: networking
        type: CNAME
        ttl: 300
        protect: true
        rrDatas:
        - website.hosted.com.

Anyone experience issues where pulumi destroy doesn't delete all resources? I'm using the okta provider and consistently resources are being left behind causing issues where I have to manually remove them from the okta console

hey people, we are using Pulumi and indeed all is cool, but right now (with around 140 ressources) we are facing more and more issues (I do not know yet, if this is even related to the amount of ressources we have). One of the errors we get is a BANDWITDH_EXHAUSTED, or another time we get 503 Service Unavailable. I was tending to believe that with the individual plan we are reaching some limits here, but the docs are claiming that this is not really the case? Anyhow, could it be, that the individual plan is simply running on low priority? Or what could be the problem here?

I have a quick question regarding multiple k8s clusters. On my local machine my kubeconfig has multiple, so when running

pulumi up --stack dev

I accidentally targeted another cluster since my local context was pointing not to

dev

. Thinking ahead and hoping to avoid this, storing the

kubeconfig

in pulumi config seems like a good move (as described https://www.pulumi.com/registry/packages/kubernetes/installation-configuration/), though I'm not comfortable setting that in plain text and committing to source control. Does the kubernetes provider allow reading the

kubernetes:kubeconfig

as a secret?

hey all, we are trying to integrate pulumi to manage our infra in our github actions workflows. We use a monorepo setup and can have situations where a single commit might trigger multiple workflow files (which work based on path filters to decide what to build and deploy). This inevitably will cause a 409 conflict within Pulumi -

Another update is currently in progress

. I've seen suggestions of using

pulumi cancel
pulumi stack export | pulumi stack import
pulumi up

Is this the best way to handle this sort of scenario? (This can cause the other workflows to fail potentially). Just wondering if there is a more cleaner way like waiting on currently running stack updates before running

up

etc?

With the latest pulumi CLI version 3.22.0 which was released today, we have problems in K8s deployments after pulumi CLI upgrade when we have apps with the environment variables of type integer in your stack yaml file which must be treated as string during pulumi update. It actually coverts them back to integer typed values instead of string typed values. To give an example, we have an app containing the following environment variables whose values must be of type string

secretsprovider: azurekeyvault://************
encryptedkey: ******
config:
  azure:clientId: ************
  azure:clientSecret:
    secure: **************************
  azure:environment: public
  azure:location: ***********
  azure:subscriptionId: ******************
  azure:tenantId: **********
  tre-se-api:container-env-variables:
   - name: SERVER_CACHE_TTL
     value: "10000"
   - name: CACHE_TTL
     value: "10"
   - name: CACHE_CHECK_PERIOD
     value: "60"

When we do

pulumi up

, it changes the above stack config as below,

secretsprovider: azurekeyvault://************
encryptedkey: ******
config:
  azure:clientId: ************
  azure:clientSecret:
    secure: **************************
  azure:environment: public
  azure:location: ***********
  azure:subscriptionId: ******************
  azure:tenantId: **********
  tre-se-api:container-env-variables:
   - name: SERVER_CACHE_TTL
     value: 10000
   - name: CACHE_TTL
     value: 10
   - name: CACHE_CHECK_PERIOD
     value: 60

Due to the change of stack config, we get

cannot convert int64 to string

problem. Solution: we needed to go back to the previous version(v3.21.2) to solve this problem.

Can I use existing terraform template with Pulumi? Usecase : We have number of existing infrastructure template written in terraform. I'm checking the possibility to use the tf template in Pulumi without converting them. Is this possible?

How do I rename a stack if I don't have access to the actual stack (it is part of an automation project). Running

pulumi stack rename <new-name> -s <old-name>

doesn't work. Output from this is: error: no Pulumi project found in the current working directory. If you're using the

--stack

flag, make sure to pass the fully qualified name (org/project/stack) Do I have to be in a project directory to rename a stack?

Hey, I'm having an issue where pulumi overwrites the stack config file on each run (

Pulumi.production.yaml

) it sorts all the keys and removes all comments and whitespace. Is there some way to prevent it from doing this? I have a bunch of comments and logical grouping/ordering that I don't want to get lost

hey all. Im having trouble converting HCL/Terraform into Python. Can anyone lend me a hand?

Hello, I’m trying to import a resource that is inside a

CustomResource

using the pulumi cli. When I execute

pulumi import pulumi-resource-id cloud-provider-resource-id

the resource is successfully imported. However, the resource is then a top-level resource and not a chilled of the Custom Resource. Thank you for your help!

Is there a public IP range accessible for accessing the pulumi api? My team is using the pulumi automation api in a hosted service. We would like to do more outbound traffic control so having an ip range for the pulumi api would be helpful in securing our virtual network.

o/ are there any things like that in pulumi ? https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http

hello, i'm running pulumi for the first time. i have setup aws-python project. on running pulumi up i get the following error: quickstart/venv/lib/python3.6/site-packages/pulumi_aws/_inputs.py", line 147 def __init__(self, *, ^ SyntaxError: more than 255 arguments is this a right channel to ask questions?

hi, trying to

pulumi up

my prod environment after not touching it for a while, and it is hanging (100% cpu on python process) in preview. I believe is it related to the large (alb and cert-manager)

k8s.yaml.ConfigFile

resources I have. Everything has been fine for many months, but since the last time I ran it, pulumi, python, pulumi-kubernetes, and my laptop (new m1) have gone through many updates (which I have just applied). I've tried logging as suggested on the troubleshooting page, but can't see anything interesting.

pulumi refresh

seems to work ok.

aws cli

and

kubectl

are connecting. If I comment out the

ConfigFile

resource, then preview completes normally (and offers to delete my resources). I'm out of ideas. This is prod and I don't want to delete anything. Any ideas?. The last line of the log is

I0114 22:12:30.762818   83092 eventsink.go:62] eventSink::Debug(<{%reset%}>resource registration successful: ty=kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition>, urn=urn:pulumi:xxxx.prod::xxxx::kubernetes:yaml:ConfigFile$kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition::certificaterequests.cert-manager.io<{%reset%}>)|apiextensions.k8s.io/v1:CustomResourceDefinition::certificaterequests.cert-manager.io<{%reset%}>)>

Hello guys, I’ve facing issues on

pulimi config set

after the new version

3.22.0

the issue: https://github.com/pulumi/pulumi/issues/8752

Hello All, I am using the pulumi native for azure and was wondering if I can use CertificateBinding option for WebAppHostnameBinding as available in the classic Module https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificatebinding/

Hi all, I have created a GCP - VM instance using pulumi, when I try to ssh into it using pulumi command package I am getting the following error. Can anyone help me with this ? Thank you!

error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Code snippet:

import * as gcp from "@pulumi/gcp";
import { remote, types } from "@pulumi/command";
import { Config } from "@pulumi/pulumi";
import * as fs from "fs";
import * as os from "os";
import * as path from "path";

const config = new Config();
const publicKey = config.get("publicKey");

const privateKeyBase64 = config.get("privateKeyBase64");

const privateKey = privateKeyBase64
  ? Buffer.from(privateKeyBase64, "base64").toString("ascii")
  : fs.readFileSync(path.join(os.homedir(), ".ssh", "id_rsa")).toString("utf8");

const svcAct = new gcp.serviceaccount.Account("my-service-account", {
  accountId: "service-account",
  displayName: "Service account for Pulumi",
});

const svcKey = new gcp.serviceaccount.Key("my-service-key", {
  serviceAccountId: svcAct.name,
  publicKeyType: "TYPE_X509_PEM_FILE",
});

const address = new gcp.compute.Address("my-address", {
  region: "us-central1",
});

// Create a Virtual Machine Instance
const computeInstance = new gcp.compute.Instance("instance", {
  machineType: "n2-standard-2",
  zone: "us-central1-a",
  bootDisk: {
    initializeParams: {
      image: "ubuntu-os-cloud/ubuntu-1804-lts",
      size: 20,
    },
  },
  networkInterfaces: [
    {
      network: "default",
      accessConfigs: [{ natIp: address.address }],
    },
  ],
  advancedMachineFeatures: { enableNestedVirtualization: true },
  serviceAccount: {
    scopes: ["<https://www.googleapis.com/auth/cloud-platform>"],
    email: svcAct.email,
  },
  metadata: {
    "enable-oslogin": "false",
    "ssh-keys": `user:${publicKey}`,
  },
});

const connection: types.input.remote.ConnectionArgs = {
  host: address.address,
  user: "user",
  privateKey: privateKey,
};

const copyFile = new remote.CopyFile("docker-install-file", {
  connection,
  localPath: "./deploy.sh",
  remotePath: "deploy.sh",
});

const execCommand = new remote.Command(
  "exec-docker-shell",
  {
    connection: connection,
    create: "sh deploy.sh",
  },
  { dependsOn: copyFile }
);

// Export the name and IP address of the Instance
export const instanceName = computeInstance.name;

How can I avoid (or redirect) providers (such as Datadog) which use a terraform bridge and end up leaving an untracked

tfplan

and

.terraform

in my source tree?