pulumi-community #general

Channels

general

future-refrigerator-88869

04/05/2022, 8:52 PM

Hi all, is there a way to add stack tags via automation API ? Related github issue: https://github.com/pulumi/pulumi/issues/5681 As alternative, can I set tags via pulumi github action ?

helpful-account-44059

04/06/2022, 5:56 AM

Hi, does ec2's keypari suppir ecdsa public keys?

* error importing EC2 Key Pair (infra-deployer-7ef905e): InvalidKey.Format: Key is not in valid OpenSSH public key format

alert-zebra-27114

04/06/2022, 10:09 AM

I would like to move to aws-classic 5.1 as it solves some essential problems around ElasticCache... but as I also use EKS, I cannot do that because the current EKS is not compatible with 5.1, but only <5.0. Two questions: • What is the ETA for EKS (compatible with AWS 5.1)? • Any other solutions to these dependencies issues? I expect this to be become even worse in the future, if we also use the API Gateway plugin!

alert-zebra-27114

04/06/2022, 10:22 AM

AWS classic or AWS native plugins??? Will the crosswalk plugins for EKS, API gateway, etc migrate to the native plugin?

narrow-translator-93508

04/06/2022, 10:46 AM

👋 Hi everyone! Just wonder if someone could point me to a

Production Ready

template of a GKE autopilot cluster using the

Go

SDK?

little-library-54601

04/06/2022, 3:01 PM

For an Azure app service (

AzureNative.Web.WebApp

in Pulumi), how do I set some of the critical setting that show up under Configuration->General Settings in the Azure portal? Specifically: • Stack (want ".NET") • .NET Version (.NET 6 (LTS)) • Platform (64 bit) • FTP state (FTPS Only) I have an app service that was created via the Azure CLI as a reference. In the applicable "az" commands, those settings are

--runtime DOTNET|6.0

--use-32bit-worker-process false

, and

--ftps-state FtpsOnly

. In the ARM template for the reference app service, those settings are

netFrameworkVersion: v6.0

use32BitWorkerProcess: false

, and

ftpsState: FtpsOnly

. I've used

pulumi import

to generate the C# code for that reference app service, but I don't see anything in that code which seems to specify those settings. I've tried searching the Pulumi AzureNative API docs but haven't had any luck. Can anyone point me in the right direction for this? As it stands, my app won't start (not surprisingly). Thanks.

polite-napkin-90098

04/06/2022, 3:19 PM

I'm continually struggling with Outputs and Inputs, which I think may be somewhat to do with being new to Golang, and typed languages in general. I used to write in perl, which is polymorphic, and when I use the ApplyT functions I seem to end up with a lot of type errors and panics which I don't understand. I'm going to explain these, with code examples in a thread and hopefully someone can demystify this for me.

💯 1

stale-orange-47562

04/06/2022, 5:37 PM

Hi All, we've started experimenting one issue using pulumi on Github Actions. the pulumi preview and the pulumi up command showing us the following error when it is trigering automatically

build_result = await build_image(base_image_name, path_or_build, log_resource, cache_from)
        File "/home/runner/work/platform-infrastructure-iac-state/platform-infrastructure-iac-state/stack/engineering/notification-consumer-delivery/venv/lib/python3.7/site-packages/pulumi_docker/docker.py", line 445, in build_image
          f'No digest available for image {image_name}', log_resource)
      pulumi_docker.docker.ResourceError: No digest available for image ***.dkr.ecr.***.<http://amazonaws.com/hc/notification-consumer-delivery:placeholder|amazonaws.com/hc/notification-consumer-delivery:placeholder>
      error: an unhandled error occurred: Program exited with non-zero exit code: 1

But if we running the pulumi preview and pulumi up commands locally or even using the pulumi docker image, It works. We have the same pulumi_cli and pulumi runtime version on Github Actions and locally. Any idea how to solve it or Any tips for what to look for??

clever-glass-42863

04/06/2022, 9:33 PM

Greetings, we are trying to run a pulumi deploy for dotnet inside of a Gitlab Runner Ci/Cd job. The running container is instanced via the docker+machine executor, and as such, runs a base image mcr.microsoft.com/dotnet/sdk:6.0 since we're building an aspnet service. All the AWS resources are generated correctly, however it seems to hang when publishing the image to ECR. The repository is created, however the pulumi up command just hangs. We've tried adding --verbose, but no other additional information is supplied other than the continuous addition of . for updating.... log. Are there any steps we can take to further diagnose the exact root of the issue? We have confirmed that running thus locally, it all functions as we expect.

acoustic-continent-29968

04/07/2022, 9:51 AM

Hello everyone, hope you're well! I'd very much appreciate your help regarding out issue: When we're trying to create an account with transit gateways and peering we're having problems with peering attachments, as per the documentation, you have to later accept the peering request, thing is, once you create a

PeeringAttachment

the returned output is only the ID of the

request

, when you create a peering, essentially two parameters are created, one in the source account + region, and another in the target account + region. When you run the

approval

you need the ID of the

target

. I've tried pulling it with get_peering_attachment in the target account and filtering by the Transit Gateway (target and source IDs) and it can only accept a

single

result, anything other than one result will fail the execution. I've tried working around this with

boto3

to use describe_transit_gateway_attachment, but I'm having problems with consistency (the values returned from Output) are malformed and it says "<Object at 0x12341234>" instead of the value. Would really appreciate any leads on how to proceed, have a great day!

agreeable-terabyte-59853

04/07/2022, 11:12 AM

Hello all, Has anyone experienced slow deployment and destroy of a cosmos db account? I am using azure-classic.

calm-tent-21096

04/07/2022, 12:07 PM

how slow? CosmosDB does take 15-20 minutes to provision

billowy-area-48390

04/07/2022, 2:23 PM

Hi all! How do you make sure an invocation waits for a particular resource to be created before it’s executed ? When running pulumi up in an empty stack with this Python code:

devBucketServiceAccount = gcp.storage.get_project_service_account(devManagementProject.project_id)

I get the following error because project hasn’t been created yet:

* Error when reading or editing GCS service account not found: googleapi: Error 400: Unknown project id: 'test-dev-management', invalid

Any help would be appreciated!

green-musician-49057

04/07/2022, 3:43 PM

If we wanted to switch the runtime language in a pulumi project, would we port the code and then change the

runtime

in the

Pulumi.yaml

file? Assuming the code is ported correctly, the stack state shouldn't change, is that right? We're using Pulumi's managed state store.

busy-dentist-99842

04/07/2022, 4:21 PM

Hello all, My team is writing a

ResourceValidationPolicy

for CrossGuard that is looking for S3 Bucket Policies that would allow public traffic. We are running into complications with the

PolicyDocument.Statement

being a type of

Input<Input<PolicyStatement>[]>

. How can we get at the

PolicyStatement

fields to verify things like

PolicyStatement.Principal

is not set to

without a

PolicyStatement.Condition

? Thanks in advance for the help.

bitter-psychiatrist-55958

04/07/2022, 5:59 PM

having fun with pulumi for sure! https://twitter.com/leonjza/status/1512127506932977667

❤️ 3

brave-doctor-12316

04/07/2022, 6:48 PM

Can we compress the directory and push to S3 in zip format?

dry-salesmen-32588

04/08/2022, 11:00 AM

So a question about the possibilities (not sure we want to do it, but just want to check if pulumi have that capability). is if its possible to within a pulumi stack perform multiple steps. fx: • step A ◦ deploy various cloud resources ◦ deploy helm chart to k8s • step B, wait for step A to finish, and then continue: ◦ need to perform operational /kubectl calls to the deployed containers • step C, wait for STEP B to finish ◦ configure the deployment since this specific deployment has a pulumi provider • step D, wait for step C to finish ◦ then perform additional steps with fx azure AD SSO integration etc.. it would still be declarative within all the configurations, but would this be a pulumi-anti-pattern? , - ie. would it be recommended to simply have independant stacks and just feed in outputs from the previous stacks - and run it in a bash script.. some other orchestrator.? or can we actually use pulumi as this multistep / wait orchestrator ? the case is that i cannot rely on the helmchart/kubernetes deployment readyness - since i need to perform operations on the deployment, and then with whatever output i get from that, continue the stack deployment I dont mind using kubernetes client libraries for accomplishing the operational steps. but in that case i need pulumi to be executed in waves ie. pulumi up: • applies all initial resources (in parallel) • kubernetes client library / execute stuff • applies additional pulumi resources (in parallel) a pulumi destroy should just ignore the client library calls in this situation

cool-glass-63014

04/08/2022, 12:21 PM

Running into a problem with creating some DNS validation records for a domain:

+   ├─ cloudflare:index:Record  _81411d169f123acc0172105edadbc20d.<redacted>.-0  created
 +   ├─ cloudflare:index:Record  _81411d169f123acc0172105edadbc20d.<redacted>.-1  **creating failed**     1 error

It is trying to create the same CNAME twice. How can I find this duplicate before trying to create the record resource? Or can I somehow catch the error and say it's fine and abort the second one?

fancy-spoon-46046

04/08/2022, 1:04 PM

Anyone did encounter this issue with

@pulumi/command

on google cloud platform vm with

tls.PrivateKey

apollo--production--gcp--europe-west4--command-1 (command:remote:Command)
error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Login on aws with same key works. Also login to google cloud platform with terminal works. Anything special here to consider?

bitter-eve-53295

04/08/2022, 2:41 PM

Anyone have experience with the pulumi kubernetes operator? I'm trying to hook it up to azure devops and would love a few pointers and q/a

billowy-army-68599

04/08/2022, 3:07 PM

hey folks, if you have any interest in making any of your Pulumi code multi language, @agreeable-eye-87399 and I will be taking some existing Pulumi ts code and making it multi language in about an hour!

https://www.youtube.com/watch?v=4psf6WVLxtY▾

😛artypus: 4

limited-fish-67957

04/08/2022, 4:31 PM

hey, one issue I am facing using

pulumi

is the my node_modules are not getting uploaded to aws

lambda

. I was wondering if anyone has solved this or point me to some kind of solution of uploading the

node-modules

as my

serverless

function keeps giving me

module not found error

bulky-insurance-47809

04/08/2022, 7:22 PM

Hi, I am working with AWS cloud, I need to create a VPC Endpoint and associate this route table id with subnets, I am using this code for create vpc endpoint

bulky-insurance-47809

04/08/2022, 7:22 PM

const vpcEndpoint = new aws.ec2.VpcEndpoint(`${config.generalTagName}-vpc-endpoint-dynamodb`, {
    vpcId: vpc.id,
    serviceName: "com.amazonaws.sa-east-1.dynamodb",
    tags: {
        Name: `${config.generalTagName}-vpc-endpoint-dynamodb`,
        [config.generalTagName]: "shared",
    }
});

bulky-insurance-47809

04/08/2022, 7:23 PM

someone know how to associate the subnets?

bulky-insurance-47809

04/08/2022, 7:23 PM

I have tried this, but not work

const example1 = new aws.ec2.VpcEndpointSubnetAssociation("example", {
        subnetId: pulumi.output(vpc.publicSubnetIds)[0].apply(x => x.toString()),
        vpcEndpointId: vpcEndpoint.id,
    });

bright-france-6523

04/08/2022, 7:41 PM

Hey @flaky-ghost-73674, @sticky-translator-61903, @flaky-cricket-26098, I'm a product manager for Confluent and I've been following one of your open Github issues about using our Confluent Cloud Terraform Provider. Would you guys be willing to hop on a call to discuss what it would take for you to use our official Terraform provider instead of the community one?

bulky-insurance-47809

04/08/2022, 7:45 PM

if is utils for someone, I have solved this case with this sample https://github.com/pulumi/pulumi-awsx/issues/3

🙌 1

prehistoric-kilobyte-36215

04/09/2022, 6:41 AM

Hello... I am unable to sign in to the pulumi service. My account it is linked to Github, but somehow even after authorizing, I can't sign in. If someone might be able to help?