I am making a stack of vpc then eks cluster then install helm charts. It messed up at some point, i manually deleted some resources and now pulumi destroy doesn't work, pulumi up doesn't work, i don't understand how pulumi state edit works - it seems to be a tangled mess of dependencies that are impossible to navigate. What should I do? The infra is not in production so I can delete anything

here's some output

Do you want to perform this destroy? yes Destroying (dev) View Live: https://app.pulumi.com/vorsprung/infrak8/dev/updates/50 Type Name Status Info pulumipulumiStack infrak8-dev failed 1 error - └─ kubernetescore/v1ConfigMap ja-cluster-nodeAccess deleting failed 1 error Diagnostics: kubernetescore/v1ConfigMap (ja-cluster-nodeAccess): error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp: lookup 9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com on 192.168.178.153 no such host If the cluster has been deleted, you can edit the pulumi state to remove this resource pulumipulumiStack (infrak8-dev): error: update failed Resources: Duration: 3s jamess-MBP:pulumi jamesandrews$

and here's an attempt to "edit the pulumi state to remove this resource"

jamess-MBP:pulumi jamesandrews$ pulumi state delete 'urnpulumidev:infrak8eksindex:Cluster$awseks/clusterCluster::ja-cluster-eksCluster' warning: This command will edit your stack's state directly. Confirm? Yes error: This resource can't be safely deleted because the following resources depend on it: * "ja-cluster-eks-k8s" (urnpulumidev:infrak8eksindex:Cluster$pulumiproviderskubernetes::ja-cluster-eks-k8s) * "ja-cluster-nodeAccess" (urnpulumidev:infrak8eksindex:Cluster$kubernetescore/v1ConfigMap::ja-cluster-nodeAccess) Delete those resources first before deleting this one. jamess-MBP:pulumi jamesandrews$ pulumi destroy -t 'urnpulumidev:infrak8eksindex:Cluster$pulumiproviderskubernetes::ja-cluster-eks-k8s' -t 'urnpulumidev:infrak8eksindex:Cluster$kubernetescore/v1ConfigMap::ja-cluster-nodeAccess' Previewing destroy (dev) View Live: https://app.pulumi.com/vorsprung/infrak8/dev/previews/46a872a4-03f0-4181-8e55-77c919d2b6e9 Type Name Plan pulumipulumiStack infrak8-dev - ├─ kubernetescore/v1ConfigMap ja-cluster-nodeAccess delete - └─ pulumiproviderskubernetes ja-cluster-eks-k8s delete Resources: - 2 to delete Do you want to perform this destroy? yes Destroying (dev) View Live: https://app.pulumi.com/vorsprung/infrak8/dev/updates/51 Type Name Status Info pulumipulumiStack infrak8-dev failed 1 error - └─ kubernetescore/v1ConfigMap ja-cluster-nodeAccess deleting failed 1 error Diagnostics: pulumipulumiStack (infrak8-dev): error: update failed kubernetescore/v1ConfigMap (ja-cluster-nodeAccess): error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp: lookup 9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com on 192.168.178.153 no such host If the cluster has been deleted, you can edit the pulumi state to remove this resource Resources:

also can't remove the stack as it hasn't been destroyed. Looks like I am completely blocked

all i want to do is make an EKS cluster and install some stuff on it for a test

I think I have unjammed it. This took an hour of reading docs and trying various commands almost at random

still can't get it to actually make an eks cluster and then install stuff into the cluster. The helm chart phase always fails as the cluster doesn't exist yet

Hi, Im using Pulumi with YAML. How can I make a condition to check if a resource exists to avoid that Pulumi shows me an error telling me that the resource already exists in the AWS Cloud ?. Regards,

So, we're trying the "microstacks" approach, in which each of our back-end services has a Pulumi stack responsible for deploying it. There's a central "environment" stack that includes databases etc. that services deploy into. We'd like our services to manage their credentials in these databases themselves, but unfortunately we're using AWS RDS Proxy, which wants us to declare all the secrets at once (that is, when we create the proxy), whereas we'd like each stack to declare its own credentials piecemeal. FWIW this is the same as pgBouncer and all other connection poolers we've looked at. Is there any way to get around this? E.g. each microstack `getProxy`s a proxy defined by the main/"environment" stack and modifies it (with/without locking as necessary)? Not sure if this makes sense or not; all help appreciated!

I'm curious about per-region, per-zone deployments in pulumi without multiple stacks. All my resources can be prefixed with zone and all my actual resource construction is going through a custom factory method so I'm looking at options like 'ignore changes' but that will only get you so far edit: I guess i want to be able to say "Hey only update, create, and delete objects in this AZ when i do pulumi up".

Are stacks global? I can’t have

dev

or

staging

in multiple projects? If I try, I am told that stack already exists.

For users with large stacks or slow network connections: Pulumi released an experimental optimization to the protocol between Pulumi CLI and the service backend that reduces communication bandwidth. To try it out set

PULUMI_OPTIMIZED_CHECKPOINT_PATCH=true

in the environment.

Anyone know of any resources comparing Pulumi Service with Spacelift? Context: My team is currently considering Atlantis vs Spacelift in the context of improving our (frustrating) Terraform workflow. Want to make the argument that the Pulumi framework has these things integrated and our time would be better spent migrating to Pulumi Thanks!

hey im new to pulumi and subsequently go, and I am learning both for a job that I am currently interning for. is there anyone willing to possibly provide me some private help in learning things necessary to completing a project im working on?

👋 Hi everyone! whats the best place to ask questions about Serverless development with Pulumi

Good morning! I’ve got some databases in Azure, that have child resources that would be deleted if the database instance itself were deleted. However, when I do a deletion in Pulumi, the child resources are deleted first, which is very inefficient. Can I express that these are deleted as part of deleting the parent resource?

Hi , I am new to pulumi and wanted to create an aws AMI From Instance using this code:

const backup = new aws.ec2.AmiFromInstance(`try-AMI`,{
  sourceInstanceId : 'i-0000000000',
  description:`AMI from instance`, 
  snapshotWithoutReboot:1
 
})
 
// Export the name of the bucket
exports.backupName = backup.name;
exports.backupId = backup.id;
 
exports.backupArn = backup.arn;

I got this error :

error: update failed

 aws:ec2:AmiFromInstance (try-AMI -1892022115):
   error: 1 error occurred:
       * error creating EC2 AMI try-AMI -1892022115-a6bdcdd) from EC2 Instance ('i-0000000000'): InvalidInstanceID.NotFound: The instance ID 'i-0000000000'' does not exist
       status code: 400, request id: c8ef283f-2cec-4e95-8439-d03cd3369c9b

in the aws managment console, I see the instance (running) , can anybody help me please ? thank you.

Hi, I have a question regarding to pulum-snowflake. I'm trying to grant SELECT all tables in database to role and it should be done like this in snowflake:

GRANT SELECT ON ALL TABLES IN SCHEMA dbtest.schema1 TO ROLE role_name;

. But in pulumi-snowflake, it seems to be no way to do such thing.

TableGrant

as below:

def TableGrant(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               database_name: Optional[str] = None,
               enable_multiple_grants: Optional[bool] = None,
               on_future: Optional[bool] = None,
               privilege: Optional[str] = None,
               roles: Optional[Sequence[str]] = None,
               schema_name: Optional[str] = None,
               shares: Optional[Sequence[str]] = None,
               table_name: Optional[str] = None,
               with_grant_option: Optional[bool] = None)

table_name

type is string, accepting only one table at a

TableGrant

call. Is there a way to grant privilege on ALL tables to role in pulumi-snowflake? Thank you.

How can I "_hot reload_" my lambda functions using Pulumi? I have been using

aws.lambda.Function

to deploy to my localstack setup and I was hoping I could have a fast way to iterate over local changes, but I couldn't find a way to do so. I noticed that

aws.lambda.Function

zips the code (

pulumi.asset.AssetArchive

), which means that enabling hot swapping in localstack won't make any difference unless we have a way to make Pulumi repack the content of the lambda on demand. • I have tried using pulumi watch, but with no success. It seems that only the pulumi code is being watched, not the code of the lambda functions. • I have also tried running

pulumi up

every time a change was made on the lambda code, but that has extreme bad performance and possibly other side effects. What should I be looking at? Are there workarounds I could be trying?

👋 Hi everyone!

👋 Hi everyone! Pulumi noob here... Pretty impressed by the capabilities with pulumi thus far... but have run into some frustrations. Right now I'm using TS to write pulumi scripts for the AWS Provider. I am having trouble with my particular configuration... which I feel like should be simple enough but I'm having issues! https://www.reddit.com/r/pulumi/comments/y78fqm/how_to_cache_resources_that_havent_changed_rather/

I posted the question to Reddit although I'm not sure if this is the appropriate venue for asking these questions

Basically I'm trying to pull resources from cache if they haven't changed rather than have pulumi rebuild potentially a thousand resources only to then compare them to AWS state and realize there is no change.

Is there any channel for pulumi-eks ? I reported a bug to get some help out of it .

Do you need to maintain a backend for Pulumi, or is it enough to keep stack.json in git, and lock down the secret key/password for Pulumi-$env.yaml? I dont really see a big reason for e.g. introducing azure blob storage for Pulumi state if it can live in git without any problems? Or does it affect any parts of how Pulumi behaves (e.g. between stacks in a mono-repo)?

Hi everyone! Pulumi noob here. I have an existing cert in GCP and I'm trying to do an import of a self managed cert but I always get warnings about a missing private_key. I figure I am running the command incorrectly. Do I need to specify a private key file during the import? pulumi import gcpcompute/sSLCertificateSSLCertificate test_cert my_gcp_project/test_cert Any help appreciated. https://www.pulumi.com/registry/packages/gcp/api-docs/compute/sslcertificate/ Error:

warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `gcp` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: gcp:compute/sSLCertificate:SSLCertificate resource 'test_cert' has a problem: Missing required argument: The argument "private_key" is required, but no definition was found.. Examine values at 'SSLCertificate.PrivateKey'.

Is there a way to tell if code is running in a test? I think there used to be, but I can't find it any more. There's some functionality that's breaking tests, and I'm happy to live without while running my tests, but that means my component resources need to know if they're being constructed in a test stack or a real one...