Hi everyone, transitioning to pulumi and need a little help.. Whenever I do pulumi preview, in preview it show that it wants to delete the resources previously provisioned like a few mins back. When actually there's no change or drift in state of the resources. Any idea why this would be happening?

hi, I'm all new to

pulumi

and I have a question about javascript usage:

// 1.
const image = new docker.Image(...) // promise ?

// 2.
const service = new gcp.cloudrun.Service(, { // promise too
  ...
  image: image.imageName,
  ...
})

I guess 1.

new docker.Image

returns a promise, but how 2.

await

for it ?

Hi community, i'm relatively new using Pulumi and im having troubles trying to execute a Release if the chart link im calling is an "oci://..." stored in a Private AWS ECR (I've read that this is supported on helm.v3.Release() but not on helm.v3.Chart()) , it returns Unauthorized, the question is, How should i pass the ecr credentials into the Release function? I've tried to use the RepositoryOpts argument (with repo, username and password) but couldn't find the workaround. I've tried different variations of the following function (with or without the RepositoryOpts argument):

pulumi_kubernetes.helm.v3.Release(
    "resource_name",
    resource_args_object=pulumi_kubernetes.helm.v3.ReleaseArgs(
            chart="oci://{account}.dkr.ecr.{region}.<http://amazonaws.com/{chart_name}|amazonaws.com/{chart_name}>",
            version={chart_version},
            values=values,
            namespace=namespace,
            create_namespace=True,
            reset_values=True,
            force_update=True,
            dependency_update=True,
            ),
    opts=pulumi.ResourceOptions(provider=provider),
)

Where provider is a pulumi_kubernetes.Provider with the cluster kubeconfig. Does someone have any example of how this should be done?

Hello all (and happy new year), Question I’m asking myself and cannot find online answer. I have a single-tenant product that I want to deploy. This product can have N instances based on customer needs. Can I use one stack per tenant? My idea would be to have the same code for every customer, but manage the number and type of instance through stack-configuration. Does it look a good approach?

Hi there. Does anyone know where I can find the detailed instructions to publish a newly created Pulumi Provider in the registry? Thank you

Hey all, happy new year! Does anyone know how to use the

config-map

option in the Pulumi GitHub action? I'm having trouble injecting secrets into it to create a new stack to access Azure with a

clientId

,

clientSecret

in the config. In my action I have a YAML string similar to the following (I've shortened it a lot here):

config-map: "{azure-native:location: {value: westeurope, secret: false}, azure-native:clientSecret: {value: ${{ secrets.AZURE_DETAILS.clientSecret }}, secret: true}, azure-native:tenantId: {value: my-guid, secret: false}}"
env:
  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
  ARM_CLIENT_ID: ${{ secrets.AZURE_DETAILS.clientId }}
  ARM_CLIENT_SECRET: ${{ secrets.AZURE_DETAILS.clientSecret }}
  ARM_TENANT_ID: ${{ secrets.AZURE_DETAILS.tenantId }}
  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_DETAILS.subscriptionId }}

But I receive an error when the Pulumi step runs, suggesting I've used the wrong `clientSecret`:

azure-native:resources:ResourceGroup rg-myrg- creating (0s) error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to <https://management.azure.com/subscriptions/my-subscription-id-guid/resourcegroups/rg-rg-myrg-a8fcf880?api-version=2019-05-01>: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: ***"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'my-app-guid'.\r\nTrace ID: 8d13de75-afd6-492a-8c0a-aea6ed140801\r\nCorrelation ID: b8fd878d-cbc3-46cf-a1ac-24607590db62\r\nTimestamp: 2023-01-04 11:22:21Z","error_codes":[7000215],"timestamp":"2023-01-04 11:22:21Z","trace_id":"8d13de75-afd6-492a-8c0a-aea6ed140801","correlation_id":"b8fd878d-cbc3-46cf-a1ac-24607590db62","error_uri":"<https://login.microsoftonline.com/error?code=7000215>"*** Endpoint <https://login.microsoftonline.com/my-tenant-id-guid/oauth2/token?api-version=1.0>

If I run the action without

config-map

and just target an existing stack, I can update and destroy the stack just fine. The credentials I'm using are the same in the config and in the

env

, they are from the same GitHub secret. It seems that GitHub secrets are not injected properly into the

config-map

YAML string, using the syntax I am. Though, no syntax is shown in the description and I can't find any examples.

Hello everyone I'm having an issue with my pulumi aws credentials it was working yesterday but 4 some reason 2day it refuses to confirm my aws credentials I have created new I am roles Reconfigured it with my aws cli Added It to my pulumi.stack.yaml as config values I even edited them from my .aws.config and .credentials directory in my root user But it still throws a invalid aws credentials wen I run pulumi up

Does anyone know why when I create a webapp my appsettings are not showing in the JSON for my web app in the portal? Under siteconfigs in the json view the app settings is null here is how I am creating the webapp

var standardLogicApp = new Pulumi.AzureNative.Web.WebApp($"Instanda-{sn}-logic-", new()
    {
        Kind = "functionapp,workflowapp",
        ResourceGroupName = resourceGroup.Name,
        Location = resourceGroup.Location,
        ServerFarmId = appServicePlace.Id,
        SiteConfig = new SiteConfigArgs
        {
            AppSettings = new[]{

                    new NameValuePairArgs
                    {
                        Name = "FUNCTIONS_EXTENSION_VERSION",
                        Value = "~4"

                    },
                    new NameValuePairArgs
                    {
                        Name = "FUNCTIONS_WORKER_RUNTIME",
                        Value = "node"

                    },
                    new NameValuePairArgs
                    {
                        Name = "WEBSITE_NODE_DEFAULT_VERSION",
                        Value = "~14"

                    },
                    new NameValuePairArgs
                    {
                        Name = "WEBSITE_CONTENTSHARE",
                        Value = Output.Format($"{workflowfolder}")

                    },
                    new NameValuePairArgs
                    {
                        Name = "AzureWebJobsStorage",
                        Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
                    },
                    new NameValuePairArgs
                    {
                        Name = "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
                        Value = Output.Format($"DefaultEndpointsProtocol=https;AccountName={storageAccount.Name};AccountKey={primaryStorageKey};EndpointSuffix=<http://core.windows.net|core.windows.net>"),
                    },
                    new NameValuePairArgs
                    {
                        Name = "AzureFunctionsJobHost__extensionBundle__id",
                        Value = "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
                    },
                    new NameValuePairArgs
                    {
                        Name = "AzureFunctionsJobHost__extensionBundle__version",
                        Value = "[1.*, 2.0.0)",
                    },

                    new NameValuePairArgs
                    {
                        Name = "APP_KIND",
                        Value = "workflowapp",
                    },
                },
        },

Hi everyone. I'm trying to implement argocd as a CD main tool. Currently, I have all the k8s definitions (Deployments/svc/ing/ etc ) in pulumi. Is there any documentation or example on how to deploy these k8s objects combining argocd and pulumi? According to the official documentation, I see that Pulumi Kubernetes Operator works with Flux. Important note: I am trying to avoid converting all the typescript code to helm charts or Kustomize files. Thanks in advance.

Hi everyone, I'm trying to understand if there's a way to rotate the private/public keys generated using the

tls.PrivateKey

custom resource. The reason why I'm asking this is because we potentially need to generate a new set of keys to sign JSON web tokens on a regular basis for security purposes. I was thinking something along the lines of what the

random

package provides. Do you think it's possible somehow? Thanks in advance

Hi everyone, really simple question, I'm trying to import existing resources but am facing plenty of:

error: Preview failed: unrecognized resource type (Read):

ie:

error: Preview failed: unrecognized resource type (Read): aws:rds/dbclustersnapshot:DBClusterSnapshot

From my understanding, the

token

is wrong, how and/or where can I get a list of those ?

Dear Pulumians,

I'm trying to set up a simple K8s cluster script in Azure using Scala and I'm wondering what is the correct way to export a kubeconfig from my cluster definition. I have the following:

val k8sCluster = new ManagedCluster(...)

I do not see any function in the ManagedCluster class that I can use to export the KubeConfig object. Is there any mechanism in the API that can be used to build a KubeConfig from a clsuer instance?

Hi teams, Try to create eks addon ebs-csi-controller-sa, but got this conflict error: [conflict with “pulumi-resource-kubernetes” using v1: .metadata.labels.app.kubernetes.io/managed-by](error: resource kube-system/ebs-csi-controller-sa was not successfully created by the Kubernetes API server : use the “pulumi.com/patchForce” annotation if you want to overwrite the existing values: Apply failed with 1 conflict: conflict with “pulumi-resource-kubernetes” using v1: .metadata.labels.app.kubernetes.io/managed-by)

Is the documentation up to date? For example., here in this page the Java how to is missing?

Hello Pulumians, Is there a way we can host our own custom Resources or collection of Custom resources within Pulumi? Example Use case: I want all developers within my org be default: 1. create S3 buckets which is encrypted with a KMS key 2. Create an EC2 with one of the Golden AMIs

Something similar to Private L3 Constructs in AWS CDK

Hey all, Anyone have experience with the

remove

option from the Pulumi GitHub action? When my action runs, it shows a warning that

remove

isn't recognised, continues and does not delete the stack from Pulumi after successfully destroying the resources:

Warning: Unexpected input(s) 'remove', valid inputs are ['command', 'stack-name', 'work-dir', 'comment-on-pr', 'comment-on-pr-number', 'github-token', 'cloud-url', 'secrets-provider', 'parallel', 'message', 'config-map', 'expect-no-changes', 'diff', 'replace', 'target', 'target-dependents', 'policyPacks', 'policyPackConfigs', 'refresh', 'upsert', 'edit-pr-comment', 'pulumi-version', 'color']

...

  Resources:
      - 35 deleted
  
  Duration: 4m7s
  
  
  The resources in the stack have been deleted, but the history and configuration associated with the stack are still maintained. 
  If you want to remove the stack completely, run `pulumi stack rm company/infra`.

I'm using

@v3

on the action and I can see the

remove

option in the docs:

- uses: pulumi/actions@v3
  with:
    command: destroy
    stack-name: company/${{ inputs.environment_name }}
    work-dir: ${{ env.working_directory }}
    upsert: false
    remove: true

Is

tf2pulumi

still supported? Apparently I cannot use it because https://github.com/pulumi/pulumi-local doesn't exist.

$ ~/dev/oss/tf2pulumi/tf2pulumi
error: no resource plugin 'pulumi-resource-local' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource local`
$ pulumi plugin install resource local
error: 404 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-local/releases/latest>. If this is a private GitHub repository, try providing a token via the GITHUB_TOKEN environment variable. See: <https://github.com/settings/tokens>

Any ideas on how I could test my resources even before I could execute pulumi up? I mean is there some possibilities to do some unit testing?

Is unit testing not available for Java?

Hi all - I created a key vault with Pulumi in Azure and in order to get the tenant ID I have the following code

var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
    var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    {
        var data = x.TenantId;
        return Output.Create(data);
    });

Then in my keyvault definition I say TenantId = tenantID When I run pulumi up I get the following error

error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
    Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
       at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
       at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
       at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
       at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
       at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)

Can someone suggest me some simple to follow guide on how I can configure a AKS cluster? There are different terminologies like RBAC, Resource Quota', Node Pools etc., Is there some documentation available that shows me these configurations in a easy to understand manner?

pulumi up

throwing an error … started about 20m ago … any ideas?

error: an unhandled error occurred: Program exited with non-zero exit code: 137

Hey! I would like my pulumi code to live in a separate repo to my application Just thinking how I can update my stack from my application (e.g build a new image and assign to ECS). Anyone solved this in a neat way?

Hi all - is it possible to get the README text that is filled with the appropriate outputs instead of the template? I am interested if I can get this programmatically somehow. The use case is that I would like to display that readme with the appropriate service urls directly in the github action page in summary.

does it work if you pass it in using the providers list instead?

{ providers: [clusterProvider] }

Certmanager looks to be a Provider that wraps the kubernetes provider, which would explain why you can't pass in the kubernetes provider directly

Hi, a quick question about project configuration. How can I define a global path for the Python

virtualenv

option? My aim is for the project config to be • usable by anyone (so there cannot be an absolute path like

/Users/myname/foo

), and • the same

virtualenv

to be used by multiple Pulumi projects (I do not want to install the full 1.5-GB venv for every single project) The following would work, but sadly

~

does not get expanded to the home directory, so the virtualenv is created under

/Users/myname/path/project/~/.pulumi/venv

runtime:
  name: python
  options:
    virtualenv: ~/.pulumi/venv

Another option would be to define this via an environment variable, but I have not found any documentation on how that would be possible.

Where do I find the API docs for AKS? https://www.pulumi.com/registry/packages/azure-native/api-docs/