most-soccer-61646
01/03/2023, 2:38 PMripe-cat-40820
01/03/2023, 3:40 PMpulumi
and I have a question about javascript usage:
// 1.
const image = new docker.Image(...) // promise ?
// 2.
const service = new gcp.cloudrun.Service(, { // promise too
...
image: image.imageName,
...
})
I guess 1. new docker.Image
returns a promise, but how 2. await
for it ?fancy-xylophone-14066
01/03/2023, 3:53 PMpulumi_kubernetes.helm.v3.Release(
"resource_name",
resource_args_object=pulumi_kubernetes.helm.v3.ReleaseArgs(
chart="oci://{account}.dkr.ecr.{region}.<http://amazonaws.com/{chart_name}|amazonaws.com/{chart_name}>",
version={chart_version},
values=values,
namespace=namespace,
create_namespace=True,
reset_values=True,
force_update=True,
dependency_update=True,
),
opts=pulumi.ResourceOptions(provider=provider),
)
Where provider is a pulumi_kubernetes.Provider with the cluster kubeconfig.
Does someone have any example of how this should be done?calm-painter-83041
01/03/2023, 4:29 PMacoustic-tiger-77630
01/03/2023, 8:53 PMacoustic-dress-83560
01/04/2023, 11:31 AMconfig-map
option in the Pulumi GitHub action?
I'm having trouble injecting secrets into it to create a new stack to access Azure with a clientId
, clientSecret
in the config.
In my action I have a YAML string similar to the following (I've shortened it a lot here):
config-map: "{azure-native:location: {value: westeurope, secret: false}, azure-native:clientSecret: {value: ${{ secrets.AZURE_DETAILS.clientSecret }}, secret: true}, azure-native:tenantId: {value: my-guid, secret: false}}"
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
ARM_CLIENT_ID: ${{ secrets.AZURE_DETAILS.clientId }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_DETAILS.clientSecret }}
ARM_TENANT_ID: ${{ secrets.AZURE_DETAILS.tenantId }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_DETAILS.subscriptionId }}
But I receive an error when the Pulumi step runs, suggesting I've used the wrong `clientSecret`:
azure-native:resources:ResourceGroup rg-myrg- creating (0s) error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to <https://management.azure.com/subscriptions/my-subscription-id-guid/resourcegroups/rg-rg-myrg-a8fcf880?api-version=2019-05-01>: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: ***"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'my-app-guid'.\r\nTrace ID: 8d13de75-afd6-492a-8c0a-aea6ed140801\r\nCorrelation ID: b8fd878d-cbc3-46cf-a1ac-24607590db62\r\nTimestamp: 2023-01-04 11:22:21Z","error_codes":[7000215],"timestamp":"2023-01-04 11:22:21Z","trace_id":"8d13de75-afd6-492a-8c0a-aea6ed140801","correlation_id":"b8fd878d-cbc3-46cf-a1ac-24607590db62","error_uri":"<https://login.microsoftonline.com/error?code=7000215>"*** Endpoint <https://login.microsoftonline.com/my-tenant-id-guid/oauth2/token?api-version=1.0>
If I run the action without config-map
and just target an existing stack, I can update and destroy the stack just fine. The credentials I'm using are the same in the config and in the env
, they are from the same GitHub secret.
It seems that GitHub secrets are not injected properly into the config-map
YAML string, using the syntax I am. Though, no syntax is shown in the description and I can't find any examples.modern-school-54566
01/04/2023, 11:48 AMwhite-architect-1595
01/04/2023, 3:11 PMvar standardLogicApp = new Pulumi.AzureNative.Web.WebApp($"Instanda-{sn}-logic-", new()
{
Kind = "functionapp,workflowapp",
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
ServerFarmId = appServicePlace.Id,
SiteConfig = new SiteConfigArgs
{
AppSettings = new[]{
new NameValuePairArgs
{
Name = "FUNCTIONS_EXTENSION_VERSION",
Value = "~4"
},
new NameValuePairArgs
{
Name = "FUNCTIONS_WORKER_RUNTIME",
Value = "node"
},
new NameValuePairArgs
{
Name = "WEBSITE_NODE_DEFAULT_VERSION",
Value = "~14"
},
new NameValuePairArgs
{
Name = "WEBSITE_CONTENTSHARE",
Value = Output.Format($"{workflowfolder}")
},
new NameValuePairArgs
{
Name = "AzureWebJobsStorage",
Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
},
new NameValuePairArgs
{
Name = "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
},
new NameValuePairArgs
{
Name = "AzureFunctionsJobHost__extensionBundle__id",
Value = "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
},
new NameValuePairArgs
{
Name = "AzureFunctionsJobHost__extensionBundle__version",
Value = "[1.*, 2.0.0)",
},
new NameValuePairArgs
{
Name = "APP_KIND",
Value = "workflowapp",
},
},
},
delightful-terabyte-60652
01/04/2023, 3:39 PMnice-butcher-64302
01/04/2023, 4:18 PMtls.PrivateKey
custom resource. The reason why I'm asking this is because we potentially need to generate a new set of keys to sign JSON web tokens on a regular basis for security purposes. I was thinking something along the lines of what the random
package provides. Do you think it's possible somehow? Thanks in advancesparse-soccer-23105
01/04/2023, 7:08 PMerror: Preview failed: unrecognized resource type (Read):
ie: error: Preview failed: unrecognized resource type (Read): aws:rds/dbclustersnapshot:DBClusterSnapshot
From my understanding, the token
is wrong, how and/or where can I get a list of those ?sparse-nail-47035
01/04/2023, 8:01 PMsparse-nail-47035
01/04/2023, 8:02 PMval k8sCluster = new ManagedCluster(...)
I do not see any function in the ManagedCluster class that I can use to export the KubeConfig object. Is there any mechanism in the API that can be used to build a KubeConfig from a clsuer instance?plain-belgium-35196
01/04/2023, 10:55 PMsparse-nail-47035
01/05/2023, 4:39 AMsparse-nail-47035
01/05/2023, 4:39 AMsteep-raincoat-47738
01/05/2023, 7:40 AMsteep-raincoat-47738
01/05/2023, 7:44 AMacoustic-dress-83560
01/05/2023, 8:40 AMremove
option from the Pulumi GitHub action?
When my action runs, it shows a warning that remove
isn't recognised, continues and does not delete the stack from Pulumi after successfully destroying the resources:
Warning: Unexpected input(s) 'remove', valid inputs are ['command', 'stack-name', 'work-dir', 'comment-on-pr', 'comment-on-pr-number', 'github-token', 'cloud-url', 'secrets-provider', 'parallel', 'message', 'config-map', 'expect-no-changes', 'diff', 'replace', 'target', 'target-dependents', 'policyPacks', 'policyPackConfigs', 'refresh', 'upsert', 'edit-pr-comment', 'pulumi-version', 'color']
...
Resources:
- 35 deleted
Duration: 4m7s
The resources in the stack have been deleted, but the history and configuration associated with the stack are still maintained.
If you want to remove the stack completely, run `pulumi stack rm company/infra`.
I'm using @v3
on the action and I can see the remove
option in the docs:
- uses: pulumi/actions@v3
with:
command: destroy
stack-name: company/${{ inputs.environment_name }}
work-dir: ${{ env.working_directory }}
upsert: false
remove: true
clever-painter-96148
01/05/2023, 10:37 AMtf2pulumi
still supported? Apparently I cannot use it because https://github.com/pulumi/pulumi-local doesn't exist.
$ ~/dev/oss/tf2pulumi/tf2pulumi
error: no resource plugin 'pulumi-resource-local' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource local`
$ pulumi plugin install resource local
error: 404 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-local/releases/latest>. If this is a private GitHub repository, try providing a token via the GITHUB_TOKEN environment variable. See: <https://github.com/settings/tokens>
sparse-nail-47035
01/05/2023, 2:08 PMsparse-nail-47035
01/05/2023, 2:10 PMwhite-architect-1595
01/05/2023, 4:26 PMvar clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
{
var data = x.TenantId;
return Output.Create(data);
});
Then in my keyvault definition I say TenantId = tenantID
When I run pulumi up I get the following error
error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)
sparse-nail-47035
01/05/2023, 8:53 PMicy-doctor-13719
01/06/2023, 4:43 AMpulumi up
throwing an error … started about 20m ago … any ideas?
error: an unhandled error occurred: Program exited with non-zero exit code: 137
thankful-judge-75045
01/06/2023, 8:01 AMfuture-refrigerator-88869
01/06/2023, 9:34 AMdry-keyboard-94795
01/06/2023, 9:45 AM{ providers: [clusterProvider] }
Certmanager looks to be a Provider that wraps the kubernetes provider, which would explain why you can't pass in the kubernetes provider directlyrhythmic-sunset-53997
01/06/2023, 10:45 AMvirtualenv
option?
My aim is for the project config to be
• usable by anyone (so there cannot be an absolute path like /Users/myname/foo
), and
• the same virtualenv
to be used by multiple Pulumi projects (I do not want to install the full 1.5-GB venv for every single project)
The following would work, but sadly ~
does not get expanded to the home directory, so the virtualenv is created under /Users/myname/path/project/~/.pulumi/venv
runtime:
name: python
options:
virtualenv: ~/.pulumi/venv
Another option would be to define this via an environment variable, but I have not found any documentation on how that would be possible.sparse-nail-47035
01/06/2023, 11:33 AM