https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • a

    ambitious-father-68746

    04/09/2022, 12:23 PM
    Hi, is it possible to use different provider versions for different resources?
    b
    • 2
    • 3
  • b

    brave-lizard-56518

    04/09/2022, 9:21 PM
    I’ve written a VPC module written in Golang which uses the Pulumi Automation API, that produces its own stack (with all its metadata, like VPC ID, subnet ID, NAT, etc., exported in a pulumi context), that’s also stored into its own state file in AWS S3. I now need to write several other modules that will be on their separate stacks -- all of which will need the VPC stack metadata, so that they can, for example, be deployed in the subnets of the said VPC. Question: how can I make these other modules load/utilize the VPC stack? Is there a specific method to do this, or do I just have to write a function to load the VPC module’s state file?
    e
    b
    • 3
    • 16
  • g

    gifted-answer-39386

    04/10/2022, 6:46 AM
    How would you manage a single tenant self registered clients infrastructure? Managing files for each deployment is impossible, as each client need a setup of his own (buckets, cloudfront distros etc).
  • b

    billions-rocket-37012

    04/10/2022, 1:40 PM
    Hi, is there an example for how to use external libraries for Python Lambda? Either by pushing a lambda layer or without? All I can find are some guides where someone has already prebuilt a
    .zip
    file with the modules but surely I can automate that since CDK allows building it with Docker as well?
  • f

    future-window-78560

    04/11/2022, 1:08 AM
    error: malformed configuration value '127.0.0.1:9092': invalid character '.' after top-level value
    running into above issue while creating kafka topic Any solution?
    l
    • 2
    • 3
  • f

    future-window-78560

    04/11/2022, 6:15 AM
    Pulumi Team! Is there any way to remove the random string from the name of every resource when it is created through pulumi??
    l
    • 2
    • 8
  • v

    victorious-continent-984

    04/11/2022, 8:32 AM
    Hi, Pulumi Team. Wonderful tool, had fun exploring it’s abilities. Struggled with the helm chart installation, specifically kube-prometheus-stack. Following code fails to create entities based on CRD’s, I guess chart doesn’t install them.
    from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
    
    # ...
    
    def remove_status(obj, opts):
        if obj["kind"] == "CustomResourceDefinition":
            del obj["status"]
    
    prometheus_stack_chart = Chart(
        "prometheus-stack",
        ChartOpts(
            chart="kube-prometheus-stack",
            transformations=[remove_status],
            version="34.8.0",
            fetch_opts=FetchOpts(
                repo="<https://prometheus-community.github.io/helm-charts>",
            ),
            namespace=monitoring_namespace.id,
            values=values,
            skip_await=False
        ),
        pulumi.ResourceOptions(depends_on=[monitoring_namespace, cluster])
    )
    I may notice the
    remove_status
    hack (I’ve found on the Internet), without it installation fails before the beginning, ’cause somewhere inside it tries to pass that
    status
    argument to a function that doesn’t expect it. Am I doing something wrong, or am I just unlucky to need the Chart that is trouble to install with pulumi? Do you have any ideas or suggestions?
    p
    g
    p
    • 4
    • 11
  • c

    cuddly-football-51817

    04/11/2022, 10:21 AM
    Greetings, Is there any way we can dump the context of a C# tuple into a file during the execution? . I am trying to dump the kubeconfig into a file which will be used in Pulumi.Command module.
  • i

    icy-jordan-58549

    04/11/2022, 11:39 AM
    any ideas, why my preview always shows this changes? even if I use
    pulumi.unsecret
    ?
    b
    m
    • 3
    • 18
  • p

    polite-summer-58169

    04/11/2022, 1:38 PM
    Is it possible to write to a stack Config from code? Looks like it only has Require/Get and not Set?
    l
    • 2
    • 2
  • c

    curved-morning-41391

    04/11/2022, 5:17 PM
    Hey is it possible to write a module in say python and then convert it to another language?
    p
    b
    • 3
    • 4
  • a

    ambitious-ambulance-56829

    04/11/2022, 5:27 PM
    Hey is it possible to add billing information to the invoice such as taxpayer ID, company name?
    b
    • 2
    • 10
  • b

    billowy-army-68599

    04/11/2022, 5:39 PM
    hey folks! would love some votes on this: https://twitter.com/briggsl/status/1513572290109186048?s=20&amp;t=Pmr0nLlMSXS0UbG9M7Nffw
    ✅ 1
    a
    • 2
    • 2
  • b

    brave-angle-33257

    04/11/2022, 6:52 PM
    as far as I can tell, the AWS provider has not been updated to support Lambda FunctionURLs yet, is that correct? https://github.com/pulumi/pulumi-aws/issues/1900
    a
    • 2
    • 7
  • q

    quick-airport-30353

    04/11/2022, 7:59 PM
    is there an advantage of running
    pulumi destroy
    before running a
    pulumi up
    ?
    m
    b
    f
    • 4
    • 20
  • n

    nutritious-petabyte-61303

    04/12/2022, 4:24 AM
    Is there any plans to add support for service accounts or scoped auth tokens on the pulumi hosted service?
    s
    • 2
    • 2
  • n

    nutritious-petabyte-61303

    04/12/2022, 4:25 AM
    I find it quite ironic that there's no easy way to scope permissions properly for automation tools with it
  • g

    gifted-cricket-60194

    04/12/2022, 7:54 AM
    hi
    👋🏼 1
  • b

    bored-monitor-99026

    04/12/2022, 8:52 AM
    hi folks, is there a way to manage github PAT with pulumi? including creating, renew, deletion etc.
    r
    l
    • 3
    • 12
  • p

    polite-summer-58169

    04/12/2022, 9:31 AM
    Seems like it's not possible to create Azure Keyvaults with more than one dash (-) in the name. Is that a straight up bug in the regex validation?
  • h

    helpful-account-44059

    04/12/2022, 12:57 PM
    Hi, i follow this guide and write the blew code to create aws eks's aws-ebs-csi-driver addon
    axios.default.get("<https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/master/docs/example-iam-policy.json>")
        .then((response) => {
            const eksEbsCsiDriverPolicy = new aws.iam.Policy("AmazonEKS_EBS_CSI_Driver_Policy", {
                path: "/",
                policy: JSON.stringify(response.data),
            });
    
            const eksEbsCsiDriverPolicyRole = new aws.iam.Role("AmazonEKS_EBS_CSI_Driver_Policy_Role", {
                assumeRolePolicy: `{
                      "Version": "2012-10-17",
                      "Statement": [
                        {
                          "Action": "sts:AssumeRole",
                          "Principal": {
                            "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
                          },
                          "Effect": "Allow",
                          "Sid": ""
                        }
                      ]
                    }`
            });
    
            new aws.iam.RolePolicyAttachment("policy-attach", {
                role: eksEbsCsiDriverPolicyRole.name,
                policyArn: eksEbsCsiDriverPolicy.arn,
            });
    
            const ebsCsiAddon = new aws.eks.Addon("aws-ebs-csi-driver", {
                clusterName: eksCluster.eksCluster.name,
                addonName: "aws-ebs-csi-driver",
                serviceAccountRoleArn: eksEbsCsiDriverPolicyRole.arn,
                resolveConflicts: "OVERWRITE",
            });
        });
    run this command,
    kubectl describe pvc ebs-claim
    , and got the error:
    Name:          ebs-claim
    Namespace:     default
    StorageClass:  ebs-sc
    Status:        Pending
    Volume:        
    Labels:        <none>
    Annotations:   <http://volume.beta.kubernetes.io/storage-provisioner|volume.beta.kubernetes.io/storage-provisioner>: <http://ebs.csi.aws.com|ebs.csi.aws.com>
                   <http://volume.kubernetes.io/selected-node|volume.kubernetes.io/selected-node>: ip-172-28-161-249.ap-southeast-1.compute.internal
    Finalizers:    [<http://kubernetes.io/pvc-protection|kubernetes.io/pvc-protection>]
    Capacity:      
    Access Modes:  
    VolumeMode:    Filesystem
    Used By:       app
    Events:
      Type     Reason              Age   From                                                                                      Message
      ----     ------              ----  ----                                                                                      -------
      Warning  ProvisioningFailed  103s  persistentvolume-controller                                                               <http://storageclass.storage.k8s.io|storageclass.storage.k8s.io> "ebs-sc" not found
      Warning  ProvisioningFailed  98s   ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 08d8c9b1-d5c6-43b6-b0b4-8bcc9ffb0ca6
      Warning  ProvisioningFailed  97s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 294b3cd6-bba8-45b7-a456-bf711ab8c9d4
      Warning  ProvisioningFailed  95s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: e994db08-fb40-40d0-a7ee-5a1bd91f03b1
      Warning  ProvisioningFailed  91s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: e3085d02-4dae-4c8b-bf24-3a082b028544
      Warning  ProvisioningFailed  83s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 7ae3cb86-3fb5-4490-bc96-f3dd40009b99
      Warning  ProvisioningFailed  66s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 5b4f043e-90f0-4e2b-b97e-782416eb7000
      Normal   Provisioning        34s (x7 over 101s)  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  External provisioner is provisioning volume for claim "default/ebs-claim"
      Warning  ProvisioningFailed  34s                 ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
              status code: 403, request id: 743b9abd-b0e8-471a-aa08-9507df6476b8
      Normal  ExternalProvisioning  5s (x9 over 101s)  persistentvolume-controller  waiting for a volume to be created, either by external provisioner "<http://ebs.csi.aws.com|ebs.csi.aws.com>" or manually created by system administrator
    anyone knowns how to fix it ?
    b
    • 2
    • 2
  • s

    some-continent-1577

    04/12/2022, 1:12 PM
    Hi all, I came across the fact that in python pulumi_aws, pulumi_aws.eks.NodeGroupScalingConfigArgs has desired_size as required. Does this make sense somehow? I thought it should be optional; for an autoscaling eks cluster, I’d like some way to be able to update the other scaling configs without changing desired count.
    • 1
    • 4
  • g

    glamorous-australia-52239

    04/12/2022, 2:30 PM
    👋 Hi everyone! was wondering if i could get help related to the pulumi-civo provider here
    m
    • 2
    • 3
  • s

    stocky-petabyte-29883

    04/12/2022, 2:52 PM
    Hi I am using pulumi/eks to create a cluster and nodegroup. We use aws sso to switch between profiles. We logged with sso to the corresponding account and fetched our credentials. We then set the profile using
    export AWS_PROFILE=XXXX
    to set our profile. When we run pulumi up we are getting an error.
    Error: It looks like you're using AWS profiles. Please specify this profile in providerCredentialOpts
    I think this issue only happens when using crossrails EKS and not aws-classic(could be wrong here). I know there is a profile key in providerCredentialOpts I can add, but we can't ensure everyone who uses pulumi uses the same naming for their aws profiles. Am I missing something here?
    b
    • 2
    • 2
  • c

    clever-glass-42863

    04/12/2022, 6:24 PM
    (Resolved) We're having issues automating the creation of new stacks with passphrase secrets-provider. We assign the environment variable
    PULUMI_CONFIG_PASSPHRASE
    ahead of running
    $ pulumi stack select $CI_COMMIT_REF_NAME --create --secrets-provider passphrase --verbose 9
    We see the initial stack get created with the following output
    {
      "version": 3,
      "checkpoint": {
        "stack": "dev"
      }
    }
    But then immediately see the following ouput:
    Created stack 'dev'
    error: incorrect passphrase
    Any ideas on what could be going on?
    • 1
    • 1
  • t

    thankful-coat-47937

    04/12/2022, 7:16 PM
    hi - is there any guidance on how to use multiple typescript files in a sub folder? for example: it seems like only the index file is detected by me specifying "main": "src/index.ts" in my package.json. i am basically looking for a way to separate stuff into different files so it's not just one massive index.ts
    • 1
    • 1
  • h

    helpful-shoe-41967

    04/12/2022, 8:01 PM
    Hello, I'm trying to troubleshotting a stack update. Every time when I run
    pulumi update
    the process want to update my resource (db-instance) on my gcp even when diff operations shows that everything are the same. When I use
    pulumi update --diff --json > diff-file.json
    I can see the newState and oldState for resource is exactly the same but pulumi still want to update it with error like this:
    ... 1 error occurred:
            * Error, failed to update instance settings for : googleapi: Error 412: Condition does not match., staleData
    Could anyone advice me how I could track it down?
  • c

    calm-mechanic-93288

    04/12/2022, 8:03 PM
    Hi All, this is for GCP Cluster deployment using
    masterAuthorizedNetworksConfig
    . Anyone encountered an error below when trying to update the cidrBlocks in
    masterAuthorizedNetworksConfig
    ?
    error: error sending request: googleapi: Error 400: Must provide an update.
    • 1
    • 1
  • i

    incalculable-thailand-44404

    04/13/2022, 12:24 AM
    has anyone come across an error like :
    > [2/2] COPY ./abc/abc_bin.jar app.jar:
        ------
        failed to compute cache key: "./abc/abc_bin.jar" not found: not found
    when trying to build a docker image with Pulumi. My DockerFile (
    ExampleProject/abc/DockerFile
    )looks like this :
    FROM openjdk:8-jdk-alpine
    ARG JAR_FILE=./abc/abc_bin.jar
    COPY ${JAR_FILE} app.jar
    ENTRYPOINT ["java","-jar","/app.jar"]
    My top level Bazel project is named
    ExampleProject
    under which I have
    abc
    as follows :
    ExampleProject/abc
    . When I run
    bazel build //abc/...
    from
    ExampleProject
    it creates a new directory called
    /ExampleProject/bazel-bin/abc
    which has all the jars including
    abc_bin.jar
    a
    l
    • 3
    • 27
  • v

    victorious-tiger-25684

    04/13/2022, 12:34 AM
    Hello, I think I'm missing something basic, but how do we construct an
    IDInput
    , e.g. for https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/#look-up?
Powered by Linen
Title
v

victorious-tiger-25684

04/13/2022, 12:34 AM
Hello, I think I'm missing something basic, but how do we construct an
IDInput
, e.g. for https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/#look-up?
View count: 2