https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • e

    eager-pilot-57366

    05/26/2022, 5:02 PM
    Hello guys do we have a channel to discuss pulumi policy topics? thanks
  • k

    kind-room-82948

    05/26/2022, 6:06 PM
    Hello, I'm attempting to use stack references with Typescript and I'm having trouble figuring out the best way to get the stack output reference as the correct type. When I do a
    requireOutput()
    from the stack reference it always ends up as
    Output<any>
    type. Is there a way to set the expected type of the output so I can get something like
    pulumi.Output<string>
    or other types?
    o
    • 2
    • 3
  • s

    sticky-salesmen-54387

    05/26/2022, 6:08 PM
    Hello guys. During CDK Day, somebody from Pulumi shared a demo about some “self service” tooling that displays a nice UI, etc. Can somebody point me to that information / project or person? Thanks.
    h
    • 2
    • 7
  • q

    quick-wolf-8403

    05/26/2022, 6:21 PM
    Ack. I just accidentally overwrote a stack file,
    Pulumi.prod.yaml
    , before I had a chance to commit it. Is there any way of getting it back?
    o
    • 2
    • 2
  • r

    red-scooter-62880

    05/26/2022, 11:49 PM
    Hi. Does someone know how to setup Azure SQL Database in Server less mode with Pulumi C#?
  • i

    icy-controller-6092

    05/27/2022, 4:23 AM
    Anyone know why Function Serialization doesn’t include node_modules packages in the uploaded code?
    • 1
    • 1
  • t

    thousands-jordan-32051

    05/27/2022, 7:38 AM
    Hi all, trying to diagnose an issue in production with our Pulumi pipeline. It uses and AzureAD Provider (Terraform under the covers?) with a clientid/secret as follows:
    var userTenantProvider = new Provider("UserTenantProvider", new ProviderArgs
    {
    TenantId = _config.Environment.ActiveDirectory.UserTenantId,
    ClientId = _userTenantProviderConfig.ClientId,
    ClientSecret = _userTenantProviderConfig.ClientSecret
    });
    The secret has been rotated and the new one is passed into the pipeline. However the pipeline still fails with the following message: _building client: unable to obtain access token: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '[secret]'._ The pipeline was working fine before the secret changed, it's as if the old one is cached somewhere. Any ideas?
    • 1
    • 1
  • s

    sparse-intern-71089

    05/27/2022, 11:23 AM
    This message was deleted.
  • w

    white-terabyte-21934

    05/27/2022, 4:13 PM
    Is it possible to do tf2pulumi with OCI terraform code ?
  • q

    quick-airport-30353

    05/27/2022, 4:44 PM
    Does Pulumi's AWS Crosswalk API Gateway generate Swagger? For example, can it generate a JSON if I type in: https://<some aws url>/Stage/swagger/swagger.json?
  • e

    elegant-zoo-39359

    05/27/2022, 4:56 PM
    Hi, has anyone got
    RetainOnDelete
    to work with a Helm v3.Chart? If I delete a chart it continues to delete the associated k8s resources, instead of leaving them unchanged. Namespaces (for example) work as expected, so maybe it is something to do with Helm charts and/or the Go implementation? (Example code in the comments)
    • 1
    • 2
  • c

    curved-fish-7534

    05/27/2022, 5:31 PM
    Hi all, I am new to Pulumi and just wanted to check whether its possible to generate the ARM or CloudFormationTemplate from Pulumi code?
  • r

    red-scooter-62880

    05/27/2022, 7:37 PM
    Hi. I am an avid Pulumi enthusiast. I want to share a project I have been working on that I hope might find someone's interest here. It is cost estimations for Pulumi, such that you always know what your infrastructure code will cost before you deploy it to the cloud. I have built a prototype that works with a couple Azure resources, but it is still under development. If you are interested you can find out more here and sign up to my email list so I know that you find this useful, since it takes a lot of time to develop this : https://cloudcostify.app/ Thanks for your time.
    🤯 3
    b
    h
    +3
    • 6
    • 13
  • l

    lively-painting-61118

    05/27/2022, 9:57 PM
    Is there an integration to manage slack apps (webhooks, etc)? I don’t see one (and the regular slack integration doesn’t have it) but figured I’d ask in case there was something in development.
  • h

    helpful-motherboard-25571

    05/28/2022, 2:18 AM
    Hello all! New to Pulumi here, I'm currently looking for a solution that imports all of our AWS infrastructure to IaC. Tried Terracognita and Terraformer as well but Pulumi seems to be the right tool for the job. Will the "pulumi import" tool be able to import the entire infrastructure or will it have to be 1 by 1?
  • s

    sparse-rain-34573

    05/29/2022, 8:52 AM
    Hi all, I have an ApplicationLoadBalancer (awsx.elasticloadbalancingv2.ApplicationLoadBalancer) that I create in my base network stack that listens to all subdomain requests (*.domain.com), in a higher level application stack I want to add a ListenerRule that points to a ApplicationTargetGroup using the ApplicationLoadBalancer but I can't seem to find a way in doing so using the TypeScript SDK. Can anyone point me in the right direction? Thanks. Here is a pseudo code of what i've tried so far and the error I get: *Base network stack
    const alb = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer ........
    const appListenerHttps = alb.createListener.......
    const zone  = aws.route53.getZoneOutput({name:domainAddress})
    const albDomain = new aws.route53.Record(`domain-record`, {
        name: pulumi.interpolate `*.${domainAddress}`,
        zoneId: zone.zoneId,
        type: 'CNAME',
        records: [appListenerHttps.endpoint.hostname]
      });
    export const albListenerArn = appListenerHttps.listener.arn
    export const albArn = alb.loadBalancer.arn
    *Application stack
    const networkingStack = new StackReference(config.require('stack.networking'));
    const alb =   aws.applicationloadbalancing.getLoadBalancerOutput({arn:networkingStack.getOutput('albArn')});
    const targetGroup = new awsx.elasticloadbalancingv2.ApplicationTargetGroup(
          `app-alb-tg`,
          {
            ...............
            loadBalancer: new awsx.elasticloadbalancingv2.ApplicationLoadBalancer('alb',{
               loadBalancer:alb <----error: Type 'GetLoadBalancerResult' is missing the following properties from type 'LoadBalancer': enableCrossZoneLoadBalancing, namePrefix, tagsAll, urn, getProvider
            })
          }
        );
    
    const itoolListener = new aws.lb.ListenerRule(
          `app-alb-lstn`,
          {
            listenerArn: networkingStack.getOutput('albListenerArn'),
            priority: 100,
            actions: [
              {
                type: 'forward',
                targetGroupArn: targetGroup.targetGroup.arn
              }
            ],
            conditions: [
              {
                hostHeader: {
                  values: [pulumi.interpolate`test.${domainAddress}`]
                }
              }
            ]
          }
        );
    .....
  • a

    acoustic-monitor-21868

    05/30/2022, 9:40 AM
    Hi All, does pulumi supports a native way to apply some resources to a specific stack only?. Say I have 3 VM instances that I am preparing to be rolled out on staging stack only, and not yet ready to roll to prod stack, how can I enforce Pulumi to ignore these resources if someone do
    pulumi up
    on prod stack?
    e
    q
    +2
    • 5
    • 8
  • a

    average-cricket-80620

    05/30/2022, 11:25 AM
    Hello, I am using Pulumi and Localstack to run a stack. I'm running into a problem with an ECS cluster. I start it using this code and it starts succesfully.
    const ecsCluster = new aws.ecs.Cluster(
        'test',
        {
          name: 'test',
        },
        {
          provider,
        },
      );
    awslocal ecs describe-clusters --cluster test --region eu-central-1
    shows this
    {
      "clusters": [
        {
          "clusterArn": "arn:aws:ecs:eu-central-1:000000000000:cluster/test",
          "clusterName": "test",
          "status": "ACTIVE",
          "registeredContainerInstancesCount": 0,
          "runningTasksCount": 0,
          "pendingTasksCount": 0,
          "activeServicesCount": 0
        }
      ],
      "failures": []
    }
    But when I do
    pulumilocal down
    I get this error
    error: deleting urn:pulumi:localstack::Development::aws:ecs/cluster:Cluster::test: 1 error occurred:
        	* error waiting for ECS Cluster (arn:aws:ecs:eu-central-1:000000000000:cluster/test) to become Deleted: couldn't find resource (21 retries)
    Even though it does exist. It does however get deleted properly
  • t

    thankful-coat-47937

    05/30/2022, 7:29 PM
    hi, i'm trying to set up a FargateService with a non-default VPC and I keep running into this error on preview
    Diagnostics:
      pulumi:pulumi:Stack (toronto):
        error: Error: invocation of aws:ec2/getVpc:getVpc returned an error: invoking aws:ec2/getVpc:getVpc: 1 error occurred:
            * no matching EC2 VPC found
        
        
            at Object.callback (/home/julian/betx/infra/node_modules/@pulumi/runtime/invoke.ts:162:33)
            at Object.onReceiveStatus (/home/julian/betx/infra/node_modules/@grpc/grpc-js/src/client.ts:338:26)
            at Object.onReceiveStatus (/home/julian/betx/infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
            at Object.onReceiveStatus (/home/julian/betx//infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
            at /home/julian/betx/infra/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
            at processTicksAndRejections (node:internal/process/task_queues:78:11)
    i am using a custom VPC for an ECS service, but trying to do
    pulumi up -v 4...7
    doesn't seem to show anything useful. how can I debug this? for reference, i deleted the default VPC.
    l
    • 2
    • 1
  • i

    icy-controller-6092

    05/31/2022, 3:14 AM
    Still seems like there’s a good opportunity to abstract away IAM policies in Pulumi, e.g. define a link between a lambda and another lambda, or an S3 bucket, and immediately get generated for you: • sensible and customizable IAM policies (e.g. invokeLambda, getObject) • environment variables in the lambda (ARN of other lambda or s3 bucket name)
  • r

    rich-agency-75207

    05/31/2022, 4:20 AM
    Hi. Does anyone know why one needs to define two environment variables to support the
    google native
    provider and
    Google Cloud Key Management Service (KMS)
    provider? Pulumi uses:
    GOOGLE_CREDENTIALS
    to support:
    Pulumi in a non-interactive setting (for example CI/CD systems, where a person can not complete the normal gcloud auth application-default login flow).
    which I have configured since Day 1. However, I recently changed secrets provider to Google's KMS service and I now must also define the
    GOOGLE_APPLICATION_CREDENTIALS
    envvar with the same creds..? Why the need for 2 x envvars?
  • r

    rich-agency-75207

    05/31/2022, 4:21 AM
    Note: my CICD env does not utilise the gcloud sdk. I am purposefully constructing a GitOps workflow where the gcloud sdk is not a dependency.
    e
    • 2
    • 3
  • a

    adamant-father-26302

    05/31/2022, 9:50 AM
    Is it not possible to run pulumi functions in a pulumi-policy? Do I have to use the normal aws-sdk? When trying i get `Error: Program run without the Pulumi engine available; re-run using the
    pulumi
    CLI`
    e
    • 2
    • 4
  • l

    late-nest-59850

    05/31/2022, 11:00 AM
    Hi, does this work yet? I upgraded to eks provider 0.40 but it doesn't seem to fix it https://pulumi-community.slack.com/archives/C84L4E3N1/p1652470392669989
  • b

    bulky-agent-73210

    05/31/2022, 11:11 AM
    Hey all, is there any parameter I can set so that Pulumi saves stack data to a custom folder, instead of
    .pulumi
    ? Using Pulumi inline programs, if that matters
    q
    e
    • 3
    • 4
  • r

    rich-agency-75207

    05/31/2022, 1:42 PM
    Hi All. Could use some advice on secrets. I have configured my stack to use GCP KMS as the secret provider. I then proceeded to define a GCP service account and key and augmented the key resource with:
    options:
          additionalSecretOutputs:
            - privateKeyData
    This ensured that the corresponding output is
    [secret]
    and the json key is, indeed, obfuscated; however, it has only been base64 encoded as opposed to encrypted using GCP's KMS service. Clearly I've missed a step in this process and/or have too high expectations wrt pulumi's encoding scheme if the secrets provider is changed. Please can someone clarify?
    e
    • 2
    • 38
  • s

    silly-smartphone-71988

    05/31/2022, 2:48 PM
    Hi, I need to add a delay (sleep) when a ressource is deleted by pulumi destroy because Azure native returns but it takes a couple more seconds before the resource is actually deleted on Azure side and it throws error when pulumi trys to delete the depended on ressource. Any way other than using pulumi command (local) to add a dirty wait(1000) ondelete of the ressource?
    e
    • 2
    • 1
  • b

    bitter-army-70832

    05/31/2022, 4:53 PM
    I all, I'm encountering this issue and I'm not able to get past it. Ive put my pulumi code behind an http route, and I'm trying to deploy a gcr.io image from [Project A] into [Project B]. I've tried everything. Creating service accounts, assigning roles (including max roles didn't work for me) This is my code: https://gist.github.com/georgeportillo/982c7e2a5f56d6ad0b14babe7308b367 Any guidance to solve the issue in the screenshot in a programatic way would be helpful
    • 1
    • 1
  • r

    refined-evening-26861

    05/31/2022, 6:41 PM
    Hi Guys, I'm new to Pulumi, trying to understand how pricing works. Am I right the cost per resource is about 0.5 USD per resource per month? 730 hours per month * $0.00075 = 0.5475 USD
    b
    q
    +2
    • 5
    • 10
  • r

    refined-evening-26861

    05/31/2022, 7:38 PM
    Another question, Azure Application Insight allows to create an Alerts, from the Azure point of view, every alert is a separate resource, does Pulumi count them as resources as well and so does billing per Application Insight Alert or it does billing per Application Insights resource (so no matter how many alerts do you have it's just single resource)?
    b
    • 2
    • 10
Powered by Linen
Title
r

refined-evening-26861

05/31/2022, 7:38 PM
Another question, Azure Application Insight allows to create an Alerts, from the Azure point of view, every alert is a separate resource, does Pulumi count them as resources as well and so does billing per Application Insight Alert or it does billing per Application Insights resource (so no matter how many alerts do you have it's just single resource)?
b

billowy-army-68599

05/31/2022, 7:41 PM
yes, each resource is distinct and unique, they are billed separately. Azure bills differently to Pulumi
r

refined-evening-26861

05/31/2022, 7:45 PM
That's clear, but the problem I see here is that the Azure price for the alert, in some cases 5 times smaller than the price for the Pulumi to manage it. E.g. azure alert cost 0.10 USD and 0.5 for Pulumi to manage it.
b

billowy-army-68599

05/31/2022, 7:49 PM
right, but that same principle applies to VM scale sets for example. A VM scale set could cost millions of dollars, but it would cost 0.5 in Pulumi. We don't treat resources any differently based on the cloud provider cost, we don't factor that in. its a flat, predictable fee
r

refined-evening-26861

05/31/2022, 8:30 PM
I see your point but still, it does not look good/right, at least for that concrete scenario, e.g. in our case price for Pulumi might be higher than for Azure. It just does not make sense
b

billowy-army-68599

05/31/2022, 8:36 PM
Pulumi pricing is flat and predictable, we don't evaluate pricing of the resource you're managing. Comparing the price in Azure to the price in Pulumi is going to end up creating a lot of inflection points. The value Pulumi providers to manage those resources doesn't change based on the Azure price. If that doesn't feel comfortable to you, our OSS tiers might be more favourable and palatable, but you'll lost the ease of management, flexibility and rbac options that the service brings
It just does not make sense
I would love to understand why it doesn't make sense, other than "I am expecting the price to be less than Azure"
r

refined-evening-26861

06/01/2022, 9:36 AM
Because when price for managing resource 5 times higher that the price for the resource itself it does not make sense
b

billowy-army-68599

06/01/2022, 9:40 AM
Again, why is that?
r

refined-evening-26861

06/01/2022, 9:50 AM
Sorry don't want to argue here, for me it's obvious, thank you for your answers, in our case because of the pricing policy we cannot use Pulumi unfortunately but I liked it and whole idea
b

billowy-army-68599

06/01/2022, 10:28 AM
Thanks for the feedback
View count: 1