https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • h

    hundreds-article-77945

    01/07/2022, 4:14 PM
    Does Pulumi SaaS support some form of per-stack locking that would prevent multiple folks from previewing/applying unless they hold that lock?
    b
    • 2
    • 7
  • b

    bulky-kite-69343

    01/07/2022, 4:26 PM
    Hello, I found a issue with the docs for for this resource. https://www.pulumi.com/registry/packages/azure-native/api-docs/cdn/secret/#customercertificateparameters
    az afd secret list --profile-name $PROFILE_NAME --resource-group $RESOURCE_GROUP_NAME
    [
      {
        "deploymentStatus": "NotStarted",
        "id": "/subscriptions/{{subscriptionId}}/resourcegroups/{{resourceGroupName}}/providers/Microsoft.Cdn/profiles/{{profileName}}/secrets/{{secretName}}",
        "name": "name",
        "parameters": {
          "certificateAuthority": "CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US",
          "expirationDate": "2022-05-10T23:59:59+00:00",
          "secretSource": {
            "id": "/subscriptions/{{subscriptionId}}/resourcegroups/{{resourceGroupName}}/providers/Microsoft.KeyVault/vaults/{{keyVaultName}}certificates/{{certificateName}}",
            "resourceGroup": "{{resourceGroupName}}"
          },
          "secretVersion": null,
          "subject": "*.<http://example.com|example.com>",
          "subjectAlternativeNames": [
            "*.<http://example.com|example.com>",
            "<http://example.com|example.com>"
          ],
          "thumbprint": "***",
          "type": "CustomerCertificate",
          "useLatestVersion": true
        },
        "provisioningState": "Succeeded",
        "resourceGroup": "{{resourceGrupName}}",
        "systemData": null,
        "type": "Microsoft.Cdn/profiles/secrets"
      }
    ]
    If you look at
    secretSource: { id: string }
    when getting the output from the CLI on the secret, you can see it outputs it as
    certificates
    when comparing against the docs it has
    certificate
    in the id string for secret source. I am happy to contribute an update, but I am unsure where this needs to be updated at.
    g
    • 2
    • 4
  • f

    full-artist-27215

    01/07/2022, 4:49 PM
    Is there a way to set an object in a stack configuration file in one operation? That is, rather than doing
    pulumi config set --path "obj.one" 1
    and
    pulumi config set --path "obj.two" 2
    , I'd like to do something similar to
    pulumi config set obj '{"one": 1, "two: 2}'
    . However, that ends up setting
    obj
    to a string, rather than an object. There doesn't appear to be any kind of
    --object
    option to
    config set
    that might achieve this. This is made a bit more confusing by the fact that the output of
    pulumi config
    shows actual object values and JSON string values in the same way, while their representation in the raw YAML file is different. Is there any way to achieve this, short of manually iterating through the object structure and adding each leaf value individually?
    b
    • 2
    • 5
  • f

    full-dress-10026

    01/07/2022, 5:08 PM
    Hello. My org is currently on the old user based pricing and we would like to switch to the usage based plan. How can I do that in the Pulumi app?
    b
    • 2
    • 1
  • h

    hundreds-article-77945

    01/07/2022, 6:36 PM
    I’m having issues with Pulumi not sending email verification or org invites to a new user of mine. I’m wondering if it’s tripping up some spam prevention since I have “bot” in the email?
    b
    • 2
    • 2
  • h

    hundreds-article-77945

    01/07/2022, 8:01 PM
    Does the Pulumi GitHub app support the same
    edit-pr-comment
    feature as the GitHub Actions integration?
  • a

    average-school-38756

    01/07/2022, 8:49 PM
    Is there a way to convert/export Pulumi crosswalk code into non-crosswalk code, keeping the state file as-is?
  • s

    sparse-student-54516

    01/08/2022, 3:46 PM
    Hi,
  • s

    sparse-student-54516

    01/08/2022, 3:47 PM
    Can someone help me with setting pulumi backend with s3 compatible storage. In my case I am using wasabi s3 storage.
  • s

    sparse-student-54516

    01/08/2022, 3:48 PM
    ➜  devops-rancher-next git:(develop) ✗ pulumi login <s3://pulumi-testing?endpoint=s3.us-west-1.wasabisys.com/>\&disableSSL=true\&s3ForcePathStyle=true
    
    Output => zsh: no matches found: <s3://pulumi-testing?endpoint=s3.us-west-1.wasabisys.com/&disableSSL=true&s3ForcePathStyle=true>
    p
    • 2
    • 4
  • m

    most-lighter-95902

    01/09/2022, 3:11 AM
    Can you have unlimited number of projects with Pulumi Team plan?
    b
    • 2
    • 2
  • w

    wet-sunset-4939

    01/09/2022, 6:22 AM
    Hi All, as "Dynamic Providers are currently not supported in .NET" is there any workaround solution? 🙏
    g
    • 2
    • 1
  • s

    sticky-exabyte-94099

    01/09/2022, 8:23 AM
    To be able to use a wildcard certificate I need to go through the steps shown in the Azure portal on the image. My question how do I add it to keyVault in Pulumi? I got the following code when importing the cert
    CertificateOrder = new CertificateOrder("mycert", new CertificateOrderArgs
    {
        AutoRenew = true,
        KeySize = 2048,
        Location = "global",
        Name = "mycert",
        ProductType = "WildCard",
        ResourceGroupName ="myresourcegroup",
        ValidityInYears = 1,
    });
    but there is no keyVaultId to be found. But Web.Certificate has KeyVaultId
    var cert= new AzureNative.Web.Certificate("cert", new AzureNative.Web.CertificateArgs
    {
      KeyVaultId = KeyVault.Id,
      ...
    }
    So how can I hook them together? I should probably use https://www.pulumi.com/registry/packages/azure/api-docs/keyvault/certificate/ Correct? But how?
    var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new Azure.KeyVault.CertificateArgs
    {
        KeyVaultId = KeyVault.Id,
        KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
        {
            Contents = "??", //what would go in here? CertificateOrder.?
            Password = "??"
        }
    });
    There is a keyvault connection it seams but how do I set it?
    var thereIsAKeyVaultConnection = CertificateOrder.Certificates.First().Apply(x => x.KeyVaultId);
    g
    g
    • 3
    • 12
  • f

    full-dress-10026

    01/09/2022, 7:49 PM
    Does Pulumi support TypeScript 4.x?
    g
    • 2
    • 1
  • h

    high-grass-3103

    01/10/2022, 7:53 AM
    I don't want to accidentality delete our production website, so I'd rather ask before I do anything involving production stack and protect flag: How do I make my production stack protected and dev stack unprotected by default?
    👀 1
    l
    • 2
    • 2
  • w

    wet-noon-14291

    01/10/2022, 11:25 AM
    Has anyone experienced pulumi reporting that it failed with
    pulumi up
    but all the resources have been created? I just created an issue on it: https://github.com/pulumi/pulumi/issues/8713
    b
    • 2
    • 6
  • f

    future-daybreak-16512

    01/10/2022, 11:38 AM
    Do Pulumi have local-exec & remote-exec like provisioners? Usecase : I want to run ansible playbook after EC2 instance provision using Pulumi. Any suggestion?
    b
    q
    • 3
    • 6
  • f

    future-window-78560

    01/10/2022, 8:25 PM
    Hello there! For me, eks fargate with awsx does not show up with the same issue (nodes not created). But there is a major issue even after successful deployments which is that I am UNABLE TO ACCESS EXTERNAL IP OF SERVICES IN THE BROWSER. The containers and images which are running on localhost built, are not accessible with the external IP of service in the browser after AWS successful deployments using pulumi. That's another debate that I do not prefer awsx module but yes even after the creation of eks fargate, errorless deployments I am unable to access applications on the browser. Even sample Nginx image. And have no idea how to resolve this issue.
  • f

    future-window-78560

    01/10/2022, 8:55 PM
    warning LoggingDisabled fargate-scheduler Disabled logging because aws-logging configmap was not found. configmap "aws-logging" not found. Any assistance with this issue?
  • a

    able-camera-57198

    01/11/2022, 1:31 AM
    Are there any plans to address a lot of the usability issues around state? (See this ticket: https://github.com/pulumi/pulumi/issues/8450#issuecomment-1009519047 , amongst others.)
    e
    • 2
    • 1
  • a

    average-arm-52191

    01/11/2022, 12:17 PM
    Hello, I have auth0 secrete in my Pulumi.yml where I have set auth0 secrete likes this
    pulumi config set --secret auth0Secret S3cr37
    Now I have use case to use Auth0 API (management api) from auth0 SDK,
    import { Config, Output } from '@pulumi/pulumi'
    import * as Auth0 from 'auth0' // This is auth0 management api sdk.
    
    const auth0Config = new Config('auth0')
    
    const auth0 = new Auth0.ManagementClient({
      domain: '<http://test-linktree.us.auth0.com|test-linktree.us.auth0.com>',
      clientId: auth0Config.requireSecret('clientId'),
      clientSecret: auth0Config.requireSecret('clientSecret')
    }) 
    
    await auth0.getClients();
    Issue is output of
    auth0Config.requireSecret('clientId')
    have type Output<T>, Is there way to get plain text out of it. Please help. Thanks
    b
    • 2
    • 1
  • m

    mysterious-australia-14256

    01/11/2022, 5:41 PM
    Hi, I had a deployment fail today and as a result the stack was no longer showing when I did a list. I am using an Azure blob for storing the stacks and looking in there I could see the stack.json.bak file but not the stack.json file. I created a copy of the stack file as stack.json and can now see it from the cli. I need to do a bit of clean-up on it so I exported it and the export is over 200MB in size. This seems crazy big. 90% of the file seems to be aliases for a handful of azure servicebus topics and related subscriptions. Does this seem reasonable ?
    • 1
    • 2
  • s

    square-car-84996

    01/11/2022, 7:23 PM
    what is the difference between pulumi.dynamic.ResourceProvider and pulumi.ProviderResource? I'm trying to create my own set of custom resources on a provider (i.e. a database connection) but the provider needs to be from another Resource that gets created earlier in the run... so i'm trying to figure out how to structure this
    l
    • 2
    • 1
  • s

    square-car-84996

    01/11/2022, 7:24 PM
    and https://dev.to/fllstck/control-your-custom-cloud-resources-with-pulumi-1l4i doesn't help me understand it
  • l

    lively-author-18255

    01/11/2022, 9:03 PM
    Hi, I am trying to migrate from helm charts to using kubernetes manifests directly. But I run into this issue. "some resources have the same name on kubernetes. Pulumi though thinks they are different but unrelated, so it attempts to create the new resources through, which fails as the resource already exists." I tried setting the createBeforeDelete option but it did not work, which I think makes sense since I am adding it to the ConfigFile resource and not the Chart one (which is removed). Any suggestions? Thanks!
    b
    • 2
    • 5
  • w

    wet-noon-14291

    01/11/2022, 9:48 PM
    What is the correct way of retrieving "async" values in a custom
    ComponentResource
    ? We struggle with having a stack hanging if the async requests fails. We are doing something like this:
    export class Team extends pulumi.ComponentResource {
        teamId: pulumi.Output<string>
    
        constructor(name: string, teamSpec: types.TeamSpec) {
            super("something", name, {});
            const azureAdConfig = azuread.getClientConfig({})
    
            const usersIds = pulumi.output(getUsers(teamSpec.members)); // getUsers is something that returns a promise
    
            const adGroup = new azuread.Group(`${teamSpec.teamName}-ad-group`, {
                displayName:  teamSpec.teamName,
                owners: [azureAdConfig.then(c => c.objectId)],
                description: "Created and managed by Automation",
                securityEnabled: true,
                members: usersIds
            });
       ....
    if the call to
    getUsers
    fails everything will just hang. I would expect pulumi to catch that and fail the whole process. Am I doing something wrong or is this a bug?
    l
    • 2
    • 25
  • f

    fancy-egg-38667

    01/12/2022, 12:13 AM
    In Pulumi, I want to target a specific Kubernetes cluster in my kubectx. I have three envs: • local ( local docker ) • dev • stg How do I explicitly target these k8s clusters in code? I am in GoLang.
    s
    b
    • 3
    • 2
  • m

    magnificent-lifeguard-15082

    01/12/2022, 1:53 AM
    Anyone have any idea what might have happened to my stack: an update hung, I canceled, web console still shows it running despite me getting cli confirmation of cancel, repeat cancel calls throw a conflict saying already cancelled, refresh is stuck, if I look at stack it seems to have created everything, updates still going, running more previews just hangs with little to no output - what's the best way to diagnose hangs? (node/typescript)
  • w

    wet-noon-14291

    01/12/2022, 8:22 AM
    When I have an error in pulumi, is there an easy way to extract the error message (using typescript)? The error I get from pulumi has the following structure:
    {
      "commandResult": {
        "stdout": "....",
        "stderr": "....",
        "code": 255
      },
      "name": "CommandError"
    }
    where my internal error message is in the
    stdout
    property as part of a long string. I can use regex on the string, but it should be an easier way as I see it. This isn't an issue when you are running from the CLI, but it is more an issue when you are using automation so you can provide better error messages to the users.
  • q

    quick-fall-21011

    01/12/2022, 8:44 AM
    I have a question regarding pulumi and kubernetes, specifically helm deployments. It's been quite a learning curve, but somehow missed crd2pulumi and was using yaml files with transformations. Beyond changing a few basic parameters with transformations it gets pretty ugly real quick. So switched over to crd2pulumi generated classes and it's a thing of beauty now. I was just wondering if there's a way to get rid of all yaml, including the helm chart values in an elegant strongly-typed way.
    b
    • 2
    • 6
Powered by Linen
Title
q

quick-fall-21011

01/12/2022, 8:44 AM
I have a question regarding pulumi and kubernetes, specifically helm deployments. It's been quite a learning curve, but somehow missed crd2pulumi and was using yaml files with transformations. Beyond changing a few basic parameters with transformations it gets pretty ugly real quick. So switched over to crd2pulumi generated classes and it's a thing of beauty now. I was just wondering if there's a way to get rid of all yaml, including the helm chart values in an elegant strongly-typed way.
Here's what I have in the yaml
volumes: 
  - mountPath: /data
    name: traefik-config
    type: configMap

additionalArguments:
  - --providers.file.filename=/data/traefik-config.yaml
  - --entrypoints.websecure.http.tls.certresolver=le 
  - --entrypoints.websecure.http.tls.domains[0].main=xxx
  - --entrypoints.websecure.http.tls.domains[0].sans=*.xxx

  - --certificatesresolvers.le.acme.dnschallenge.provider=azure
  - --certificatesresolvers.le.acme.email=xxxx
  - --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1
  - --certificatesresolvers.le.acme.storage=/certs/acme.json

  - --certificatesresolvers.le.acme.dnschallenge=true
  - --certificatesresolvers.le.acme.caserver=<https://acme-staging-v02.api.letsencrypt.org/directory>
  - --certificatesresolvers.le.acme.tlschallenge=false

  - --entrypoints.web.address=:80
  - --<http://entrypoints.web.http.redirections.entryPoint.to|entrypoints.web.http.redirections.entryPoint.to>=websecure
  - --entrypoints.web.http.redirections.entryPoint.scheme=https
  - --entrypoints.websecure.address=:443

env: 
  - name: AZURE_CLIENT_ID
    valueFrom:
      secretKeyRef:
        key: client_id
        name: azure-api-credentials
  - name: AZURE_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        key: client_secret
        name: azure-api-credentials
  - name: AZURE_SUBSCRIPTION_ID
    valueFrom:
      secretKeyRef:
        key: subscription_id
        name: azure-api-credentials
  - name: AZURE_TENANT_ID
    valueFrom:
      secretKeyRef:
        key: tenant_id
        name: azure-api-credentials
  - name: AZURE_RESOURCE_GROUP
    valueFrom:
      secretKeyRef:
        key: resource_group
        name: azure-api-credentials

ports:
  web:
    port: 80
    expose: true
    exposedPort: 80
    protocol: TCP
    nodePort: 32080
  websecure:
    port: 443
    expose: true
    exposedPort: 443
    protocol: TCP
    nodePort: 32443

service:
  enabled: true
  type: NodePort

persistence:
  enabled: true
  path: /certs
  size: 128Mi
Oh and forgot to mention this is for c#
I've seen this page describing a Dictionary build up, but would like something strongly typed - https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#set-chart-values
(if possible)
b

billowy-army-68599

01/12/2022, 3:11 PM
@quick-fall-21011 some charts publish a
values.schema.json
which we could use to generate type definitions, but we don't currently support them. I opened https://github.com/pulumi/pulumi-kubernetes/issues/1866 for it
q

quick-fall-21011

01/12/2022, 11:12 PM
@billowy-army-68599 thanks a lot!
View count: 5