https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • t

    thousands-hairdresser-72380

    03/11/2022, 4:05 PM
    I’m getting an error for a duplicate security group for a static ingress array that never changes. The source code:
    const loadBalancerSecurityGroup = new aws.ec2.SecurityGroup(name + '-load-balancer-sg', {
      tags,
      vpcId: vpc.id,
      egress: [
        {
          protocol: 'tcp',
          fromPort: port,
          toPort: port,
          cidrBlocks: ['0.0.0.0/0']
        }
      ],
      ingress: [
        {
          protocol: 'tcp',
          fromPort: 80,
          toPort: 80,
          cidrBlocks: ['0.0.0.0/0']
        },
        {
          protocol: 'tcp',
          fromPort: 443,
          toPort: 443,
          cidrBlocks: ['0.0.0.0/0']
        }
      ]
    })
    The errors:
    * [WARN] A duplicate Security Group rule was found on (sg-XYZ). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port: 80, ALLOW" already exists
    	status code: 400, request id: d1bceeb0-9183-4877-9018-539e1bd6835d
    
    error: 1 error occurred:
    	* [WARN] A duplicate Security Group rule was found on (sg-XYZ). This may be
    a side effect of a now-fixed Terraform issue causing two security groups with
    identical attributes but different source_security_group_ids to overwrite each
    other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
    information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
    	status code: 400, request id: e69a1967-7418-42d7-8c71-39061f4db122
    Any ideas? I’ve reviewed the issue that was linked but it seems unrelated as I’m not specifying any security groups in the rules.
  • f

    fast-easter-23401

    03/11/2022, 5:23 PM
    Hello folks, @future-nail-59564 While decrypting sensitive outputs some unicode characters are converted into UTF-16 encoding. For instance,
    <
    becomes
    \003c
    when I run
    pulumi stack output --show-secrets
    . My value comes originally from my stack config. Is there a way to prevent this from happening, maybe a CLI flag or arg if you want to proceed programmatically? Many thanks,
  • f

    freezing-umbrella-80278

    03/11/2022, 5:56 PM
    Is it possible to perform a
    kubectl apply
    with
    pulumi
    . I'm trying to install GitLab Agent on a Kubernetes cluster and the "recommended method of installation" is the following.
    docker run --pull=always --rm \
        <http://registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable|registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable> generate \
        --agent-token=REDACTED \
        --kas-address=<wss://kas.gitlab.com> \
        --agent-version stable \
        --namespace gitlab-kubernetes-agent | kubectl apply -f -
    I was thinking I can probably run the Docker container via
    pulumi
    and get the output of the logs as a string. But then how can I apply that YAML with
    kubectl
    ? I guess I could you the command package? https://www.pulumi.com/registry/packages/command/ But not very nice as it relies on my host's installation of
    kubectl
    and that it has access to the right cluster.
    b
    • 2
    • 20
  • p

    prehistoric-shoe-5168

    03/11/2022, 6:35 PM
    my pulumi code file is starting to get quite large. can someone point me to best practices here? 🧵
    b
    g
    • 3
    • 10
  • f

    fast-spoon-69536

    03/11/2022, 9:50 PM
    Hi, question about outputs and strings. I have been reading over the docs. Not finding a good example of of what I need. I created a python function which calls some apis after the aws cloud resources is created. The 'endpoint' is the dns name for the resource I'm calling. I cannot figure out how to make this work. please give me some advice
    esa.create_app_role(example.endpoint.apply(lambda endpoint: f"{endpoint}"),admin_username,admin_password,app_role_payload,role_name)
    b
    • 2
    • 2
  • f

    fast-arm-63150

    03/12/2022, 12:38 AM
    Hi good people! Apologies for the cross-posting but this is a basic question about pulumi that I'm hoping has been addressed before: I have renamed the resource name (the first argument in a resource constructor) and pulumi up complains with a Error 409 that the resource already exists - what is the best practice on dealing with this? I have already: 1. used an alias 2. used delete_before_replace = True So I'm not sure why I would still get this issue? Would really love some insight into this!
    q
    • 2
    • 3
  • g

    gifted-room-26715

    03/12/2022, 8:38 AM
    Hi - Is there support for GCP in Automation API?
    e
    • 2
    • 1
  • f

    future-window-78560

    03/12/2022, 1:33 PM
    Hey team! Any example, way, or API doc for mounting filestore to GCE through pulumi???
    p
    e
    • 3
    • 4
  • b

    bitter-eve-53295

    03/13/2022, 5:19 PM
    Anyone here have much experience with tf2pulumi? I'm hitting a golang exception... something about fastfail and contracts. I'd found an issue that looked related but it seems to have been merged already. That said, I also see a call to tf12.something (0.12.x) in the stack trace and I have ga (1.x.x)). Maybe it's not up to date with ga state?
    • 1
    • 1
  • l

    late-chef-72896

    03/14/2022, 8:23 AM
    https://www.pulumi.com/registry/packages/kubernetes/api-docs/apiregistration/v1/serviceaccount is returning:
    e
    b
    w
    • 4
    • 8
  • a

    adorable-gpu-98268

    03/14/2022, 11:01 AM
    How does the Pulumi GitHub App communicate with pulumi? I am using GitHub Actions, however I am running pulumi inside docker containers to have a reproducible build environmen.
    q
    m
    • 3
    • 15
  • r

    rich-tiger-43483

    03/14/2022, 3:44 PM
    Hi there, I just released and published my provider last Friday. Seems that is correctly in the registry but I get this error when I try to use it with the JS SDK (published on NPM)
    error: could not load plugin for checkly provider 'urn:pulumi:dev::pulumi-sample::pulumi:providers:checkly::default_0_0_1_alpha_1': no resource plugin 'checkly-v0.0.1-alpha.1' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource checkly v0.0.1-alpha.1`
    What is weird is that I am using the version
    checkly-v0.0.1-alpha.3
    but for some reason it tries to find
    checkly-v0.0.1-alpha.1
    . Any ideas what could be wrong?
    p
    q
    • 3
    • 31
  • b

    bored-ability-11314

    03/14/2022, 7:25 PM
    Hello I’m brand new to Pulumi and am stuck trying to create an IAM role that needs the ARN of a SSM Parameter. Any guidance for me? 🙂
    q
    • 2
    • 2
  • b

    bored-ability-11314

    03/14/2022, 7:26 PM
    oh I see the message now.
    apply(v => v.toJSON())
    s
    • 2
    • 1
  • b

    bored-ability-11314

    03/14/2022, 7:27 PM
    nope. didn’t work either
  • b

    busy-lion-51883

    03/14/2022, 8:05 PM
    Hi chris - I think what you want to do is create the resource within the apply - so for example: const myNewResource = myPreviousResource.arn.apply(myArn => (new Resource(‘my resource’, {arn: myArn}))
    b
    • 2
    • 5
  • w

    worried-lifeguard-96134

    03/14/2022, 8:23 PM
    HI, does when I use Pulumi I must use the
    pulumi.Run(func(ctx *pulumi.Context) error {
    or there is option to use the SDK directly/other option
    s
    • 2
    • 1
  • w

    worried-lifeguard-96134

    03/14/2022, 8:23 PM
    ? I dont need state...
    l
    • 2
    • 1
  • a

    acceptable-byte-95884

    03/15/2022, 12:06 AM
    Hey Everyone, I'm using Github Actions to show previews on my pull requests, and the entirety of the output is quite verbose making the output really messy. On console, it's very concise and clean. There is any way to reduce the verbosity of
    preview
    the command on pull-request? Or even suppress everything except the result and errors? Here is my workflow on Github
    pull_request.yml
    .
    name: Pulumi
    on:
      - pull_request
    jobs:
      preview:
        name: Preview
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v2
          - uses: actions/setup-node@v2
            with:
              node-version: 14.x
          - name: Configure AWS Credentials
            uses: aws-actions/configure-aws-credentials@v1
            with:
              aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
              aws-region: ${{ secrets.AWS_REGION }}
              aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          - run: npm install
          - uses: pulumi/actions@v3
            with:
              command: preview
              work-dir: applications
              stack-name: production
              comment-on-pr: true
              github-token: ${{ secrets.GITHUB_TOKEN }}
            env:
              PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
    Size comparison of output, an example of the output in the thread. And comparison of github/action and cli in image. Thank you very much for any help
    l
    • 2
    • 11
  • a

    able-dentist-35553

    03/15/2022, 12:10 AM
    👋 Hi everyone!
    👋 1
  • a

    able-dentist-35553

    03/15/2022, 12:14 AM
    hopefully this is a quick one, i have setup auth0 tenant configuration with pulumi, and each time i run "up" it says a property has been removed
  • a

    able-dentist-35553

    03/15/2022, 12:14 AM
    i execute the update
  • a

    able-dentist-35553

    03/15/2022, 12:14 AM
    run "up" again and it says the same properties have been removed
  • a

    able-dentist-35553

    03/15/2022, 12:15 AM
    it seems the change doesn't get applied on each "up"
    l
    • 2
    • 12
  • a

    able-dentist-35553

    03/15/2022, 12:15 AM
    how can i either diagnose this, or force the update to occur?
  • a

    acoustic-plumber-33876

    03/15/2022, 1:19 AM
    Hi everyone. Has anyone idea on how to enable billing using the native gcp provider
    You can set or update the billing account associated with a project using the [
    projects.updateBillingInfo
    ] (/billing/reference/rest/v1/projects/updateBillingInfo) method.
    Is the pulumi docs suggesting that we are supposed to use the relevant gcp api to update the billing https://cloud.google.com/billing/docs/reference/rest/v1/projects/updateBillingInfo ? Thank you
    q
    • 2
    • 9
  • a

    adorable-gpu-98268

    03/15/2022, 7:59 AM
    Hi, I have a problem authenticating to an ECR registry using the Docker Provider • I have logged in using the docker CLI, which works! • I have tried running pulumi without DOCKER_HOST and also set it to
    unix:///var/run/docker.sock
    Now when I run
    pulumi up
    , I get an error:
    Diagnostics:
      docker:index:RegistryImage (hello-world):
        error: 1 error occurred:
            * Error pushing docker image: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF
    What this is related to and how do I fix it?
    w
    • 2
    • 4
  • s

    steep-sundown-32599

    03/15/2022, 10:47 AM
    Hello everyone, I often find it difficult to get the connectivity in my Pulumi deployments right. E.g., ensuring that two containerised services in AWS can talk to each other (and nobody else can). I usually end up in iteratively deploying, testing, trying to fix the (network) configuration. How do you go about this? Does anyone have some cool advice, e.g., a testing tool or some methodology that helps me identifying these connectivity issues earlier, reducing the number of needed iterations?
    s
    • 2
    • 3
  • b

    billowy-processor-56040

    03/15/2022, 1:30 PM
    Question: Anyone here know if GCP BQ table schemas are capable of being updated in Pulumi (example to add a new column) ?
    s
    • 2
    • 1
  • a

    agreeable-king-2755

    03/15/2022, 2:27 PM
    Hey all, we're building an open climate policy database, and I've stitched together a AWS/Python-based Pulumi config here: https://github.com/climatepolicyradar/navigator/blob/7b3b941d93ce25bc4b8067900d749daa58def81f/infra/__main__.py However, the last hurdle seems to be Elastic Beanstalk, failing with
    Error: failed to pull docker image
    I'm not sure where to authenticate the docker pull, so any pointers will be appreciated.
    f
    • 2
    • 5
Powered by Linen
Title
a

agreeable-king-2755

03/15/2022, 2:27 PM
Hey all, we're building an open climate policy database, and I've stitched together a AWS/Python-based Pulumi config here: https://github.com/climatepolicyradar/navigator/blob/7b3b941d93ce25bc4b8067900d749daa58def81f/infra/__main__.py However, the last hurdle seems to be Elastic Beanstalk, failing with
Error: failed to pull docker image
I'm not sure where to authenticate the docker pull, so any pointers will be appreciated.
perhaps
Dockerrun.aws.json
is missing something like this:
"Authentication": {
    "Bucket": "mybucket",
    "Key": "docker_hub_auth.json"
  },
does anyone have an example of how to achieve the above?
f

freezing-van-87649

03/15/2022, 3:05 PM
Have you tried the ECR credential helper? https://github.com/awslabs/amazon-ecr-credential-helper
a

agreeable-king-2755

03/15/2022, 3:26 PM
I can get the image into ECR, but the issue is Elastic Beanstalk pulling it. Will ECR Credential Helper help with that? I.e. will it be able to render something I can put in the relevant "Authentication" section in Dockerrun.aws.json ?
hmm, the EB log is not auth-related, but has "invalid reference format". I'll look into that (seems as though the image is in an array, not a string).
2022/03/15 14:59:36.478717 [ERROR] An error occurred during execution of command [app-deploy] - [Docker Specific Build Application]. Stop running the command. Error: failed to pull docker image: Command /bin/sh -c docker pull ['992954656374.dkr.ecr.eu-west-2.amazonaws.com/cpr-container-registry-043f64e:xxxxxxx'] failed with error exit status 1. Stderr:invalid reference format
👍 1
View count: 2