https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • i

    incalculable-thailand-44404

    03/28/2023, 6:06 AM
    Hi Folks, we recently started facing the issue mentioned here: https://github.com/pulumi/pulumi-eks/issues/720. I have added details about the error and our dependencies: https://github.com/pulumi/pulumi-eks/issues/720#issuecomment-1486265287. It would be great if anyone can guide me on this,
  • g

    glamorous-secretary-56169

    03/28/2023, 8:37 AM
    Hi Folks, is there any news in deprecating docker bridge CIDR with the upcoming removal of Microsoft Azure Kubernetes Service API? github: https://github.com/Azure/AKS/issues/3534. I can still see the input properties (DockerBridgeCidr) in azure-native https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/ and azure classic https://www.pulumi.com/registry/packages/azure/api-docs/containerservice/kubernetescluster/. Do we need to update our Pulumi code which uses the docker bridge CIDR for earlier version for AKS using Linux node pools? https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#container-runtime-configuration
  • p

    powerful-printer-57241

    03/28/2023, 9:24 AM
    Hi guys, how to you manage stack references? Since stack references are defined by just strings, not verifiable at compile time, it is easy to for example rename a stack output and not realize it breaks some other stacks. How do you deal with that?
    b
    • 2
    • 3
  • p

    powerful-fall-86307

    03/28/2023, 10:40 AM
    Question around the maximum number of Azure VMs and cores managed using Pulumi: The Azure docs say that "The following limits apply when you use Azure Resource Manager and *Azure resource groups*": • VMs per subscription: 25,000 per region. • VM total cores per subscription 20 per region. • VM per series, such as Dv2 and F, cores per subscription 20 per region. There is an option to "Contact support to increase limit", but was wondering whether Pulumi is affected by the mentioned limit?
    b
    • 2
    • 4
  • e

    enough-scooter-58931

    03/28/2023, 11:57 AM
    Hey, looking for some pointers on deployment of a backend REST service and a web app frontend. The goal is to create one IaC flow that could handle aws/azure/gcp it does not need to be a auto scaled production solution. need to host backend and frontend and hook up everything together and end up with a working website. Any suggestions? breadcrumbs i should follow?
    b
    • 2
    • 2
  • g

    great-sunset-355

    03/28/2023, 1:03 PM
    Is my calculation correct that ~20 000 pulumi resources would cost ~$7 500?
    b
    • 2
    • 2
  • i

    incalculable-rose-91093

    03/28/2023, 1:24 PM
    Hi all, How to pass connection object to a python file using pulumi.local Here is the scenario, connection_object=<object created for connecting DB> Query = <query to be executed>
    random = local.Command(resource_name, create=f'''python3 python_test.py "{query}" "{connection_object}"''')
    But I am getting below error /bin/sh: 1: cannot open trino.dbapi.Connection: No such file
  • b

    bland-pharmacist-96854

    03/28/2023, 1:49 PM
    How I am supposed to use and stack existing the pulumi service from my local machine?
    pulumi stack import
    ?
    b
    s
    • 3
    • 8
  • b

    bright-orange-69401

    03/28/2023, 2:28 PM
    Is it possible to alter a resource’s
    parent
    without triggering a replacement, but in a way that can be versioned in Git and automatically deployed ? (I used to
    pulumi stack export
    , manually edit then
    pulumi stack import
    but I wonder if there’s a cleaner way to do this)
    l
    • 2
    • 3
  • s

    stocky-sundown-45608

    03/28/2023, 2:41 PM
    what is the best way in pulumi to fetch a pod spec (service account) that was setup with helm chart, don’t see any way to actively fetch resources
    c
    • 2
    • 2
  • c

    curved-kitchen-24115

    03/28/2023, 6:26 PM
    I don't have a good grasp on providers; I use (typescript)
    @pulumi/kubernetes
    and
    @pulumi/command
    to delete some CRDs when a specific helm chart is deleted. I'd like to be able to write:
    new local.Command("name", {
      delete: "kubectl delete thing"
    }, { provider: k8sProvider});
    However that yields:
    unrecognized resource type: "command:local:Command" for this provider
    The error message suggests that somehow makeKubeProvider can be made aware of other providers - but it's really opaque to me as to how this happens. I'm also pulling a blank searching for docs on how this works. Does anyone have any pointers?
    s
    • 2
    • 7
  • e

    echoing-address-44214

    03/29/2023, 1:42 AM
    Hi! It might be a stupid question, but how do I validate a
    pulumi.Input<string>
    field in my constructor? Imagine the following code:
    class RuwenTest extends pulumi.ComponentResource {
      constructor(
        name: string,
        text: pulumi.Input<string>,
        opts?: pulumi.ComponentResourceOptions
      ) {
        super("ruwen:index:Test/Test", name, {}, opts);
    
        // validate if text contains foo
        pulumi.output(text).apply((t) => {
          if (t.includes("foo")) {
            throw new Error("text contains foo");
          }
        });
      }
    }
    Since apply is not executed in pulumi preview, I will only see the error if I actually apply the change. I want to see it early. And I struggled to unit test the error. What is the recommended approach?
    l
    • 2
    • 31
  • f

    fresh-spring-82225

    03/29/2023, 2:51 AM
    I’m building a container with
    awsx.ecr.Image
    in a github action. In update mode it works fine, but in preview mode it fails with this message:
    awsx:ecr:Image ([image-name]):
       error: Head "https://***.<http://dkr.ecr.us-east-2.amazonaws.com/v2/[redacted]/manifests/latest|dkr.ecr.us-east-2.amazonaws.com/v2/[redacted]/manifests/latest>": no basic auth credentials
    where the URL is my
    FROM
    image in a private ecr repo. Anyone else seen this peculiar failure mode?
    s
    • 2
    • 7
  • p

    proud-art-41399

    03/29/2023, 8:22 AM
    Hi, can anyone explain me what's the purpose of
    .pulumi/Pulumi.yaml
    in the case of self-managed backend? In my case it's backed by AWS S3 bucket. I've just found out that my builds haven't been passing since 23th March because my fine-grained IAM role for use with GitHub Actions doesn't contain permission to access this object. The builds were passing until that time, though, the last one passing just a couple of hours before. The Pulumi version used by Pulumi GitHub action changed from v3.58.0 to v3.59.0 between the passing and failing job, if that matters. Was that
    .pulumi/Pulumi.yaml
    file/object just introcuded by that time? I haven't found any mentions about it in https://www.pulumi.com/docs/intro/concepts/state/.
    b
    • 2
    • 3
  • w

    wet-noon-14291

    03/29/2023, 9:06 AM
    Is there anything that has happened with the
    pulumi stack export
    command? I can't export any stacks at the moment:
    error: stack names are limited to 100 characters and may only contain alphanumeric, hyphens, underscores, or periods:
    • 1
    • 2
  • b

    better-park-50917

    03/29/2023, 11:02 AM
    Hi, I'm trying to build a docker image but I get the following error:
    error: failed to solve with frontend dockerfile.v0: failed to read dockerfile: open /var/lib/docker/tmp/buildkit-mount1744191223/myapp.api\Dockerfile: no such file or directory
    folder structure
    src
    -- myapp.api
    ----- Dockerfile
    -- myapp.api.contracts
    -- deploy (Pulumi c#)
    ----- Pulumi.yml
    ----- deploy.csproj
    -- myapp.sln
    c# code
    var apiImage = new Image("api-image", new()
    {
       Build = new DockerBuildArgs
       {
          Context = "..",
          Dockerfile = "..\\myapp.api\\Dockerfile",
          Platform = "linux/amd64",
       },
       ImageName = repo.RepositoryUrl,
       Registry = new RegistryArgs
       {
          Server = repo.RepositoryUrl,
          Username = username,
          Password = password
       }
    });
    Any suggestions what's wrong? I'm using Windows machine (powershell)
    m
    • 2
    • 2
  • a

    able-scientist-76283

    03/29/2023, 3:18 PM
    Hi everybody! I'm trying to create new templates on pulumi for AWS and I've ended up in a problem: In the Pulumi.yaml, when I describe the "template" section I can put whatever let's say parameter I want, but I would like even to put conditional clauses in order to execute a specific path if a condition is verified. Is this possible somehow?
  • e

    enough-painter-7423

    03/29/2023, 3:25 PM
    Hi all, I'm working on some refactoring of my Pulumi project. How can I rename the
    name
    field of
    Pulumi.yaml
    gracefully? If I just modify the field in the file with Vim, that results in changing all URNs and recreating all the existing resources
    $ cat Pulumi.yaml            
    name: Infrastructure
    runtime: dotnet
    description: my infrastructure
    V
    name: NetworkInfra
    runtime: dotnet
    description: my network infrastructure
    l
    c
    e
    • 4
    • 12
  • a

    ambitious-continent-10899

    03/30/2023, 12:10 AM
    I am searching for something in Pulumi to do
    az keyvault network-rule add
    . I am attempting to use https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/vault/ However I am getting this error:
    error: cannot create already existing resource
    for the virtualNetworkRule.
    w
    • 2
    • 3
  • d

    delightful-pilot-97750

    03/30/2023, 3:01 AM
    Hi everyone! Anyone is using pulumi <-> Snowflake for multiple people team? We ran into this error recently. The resource and Pulumi JSON file was created by other colleagues, then when we tried to
    destroy
    the resource. It’s showing this issue:
    The user you were trying to authenticate as differs from the user currently logged in at the IDP
    b
    • 2
    • 4
  • r

    refined-printer-82490

    03/30/2023, 7:07 AM
    Hi team, I'm just getting started with Pulumi - experimenting with the container service on AWS template, but running into a problem already. The first time I created the stack, everything ran fine. I deleted it - also fine. However, running it again this morning, it ran for 30 minutes without completing (fargate service didn't complete), and now trying to destroy the resources that were created is also hanging..
    View in Browser (Ctrl+O): <https://app.pulumi.com/markns/my-container-service/dev/updates/9>
    
         Type                      Name                      Status
         pulumi:pulumi:Stack       my-container-service-dev
     -   └─ aws:ec2:SecurityGroup  service-mns-sg            deleting (215s)
    What should I do here? Go and delete the resources manually?
    e
    • 2
    • 5
  • r

    rough-gold-80735

    03/30/2023, 7:35 AM
    👋 Bonjour à tous !
    m
    • 2
    • 2
  • r

    refined-printer-82490

    03/30/2023, 11:56 AM
    Hi, would someone be able to tell me what I'm doing wrong with the role definition below:
    const policy: aws.iam.PolicyDocument = {
        Version: "2012-10-17",
        Statement: [
            {
                Action: "sts:AssumeRole",
                Principal: {
                    Service: "<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>"
                },
                Effect: "Allow",
                Sid: "",
            },
        ],
    };
    const taskPolicy: aws.iam.PolicyDocument = {
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Action: [
                "s3:*",
                "ecs:RegisterTaskDefinition",
            ],
            Resource: "*",
        }],
    }
    const role = new aws.iam.Role("my-role", {
        assumeRolePolicy: policy,
        inlinePolicies: [
            {
                name: "fsdfsd",
                policy: taskPolicy
            }
        ]
    });
    I get the error shown below. I'm not sure how to turn the
    PolicyDocument
    instance into the string that the inline policy is expecting...
    • 1
    • 5
  • s

    strong-helmet-83704

    03/30/2023, 4:27 PM
    Hi friends, usually how long after Terraform publishes a module for a new aws cloud service does it take for this functionality to be available in Pulumi?
    b
    • 2
    • 5
  • w

    witty-vegetable-61961

    03/30/2023, 11:03 PM
    Hi, I want to use Pulumi to configure GitHub repos. The repos are already configured manually. I assume I should do a Pulumi import to get this infra into Pulumi?
    s
    s
    • 3
    • 11
  • a

    alert-helicopter-26131

    03/30/2023, 11:25 PM
    I'm making a change to the infrastructure and ran into an issue: 1. When I do
    pulumi up
    , the CLI shows that a storage bucket is being updated. 2. When I click on the "preview" link and go to the Pulumi website, the storage bucket doesn't show up in the list of resources on the "Summary" tab. 3. When I switch to the "Diff" tab, the storage bucket shows up as expected. I reported this issue (including screenshots) using the support form on the Pulumi website, but then got an email saying that the support form is only for enterprise customers. I don't want to include my preview URL or my screenshots on something public like GitHub. How can I report this issue to Pulumi privately?
    m
    • 2
    • 1
  • d

    delightful-monkey-90700

    03/30/2023, 11:33 PM
    Is there any way to pass secrets to a Docker build ?
    docker.Image
    doesn't appear to expose anything 😕
  • f

    fierce-printer-96056

    03/31/2023, 8:22 AM
    Hi, I've set up an ApiGatewayV2 with a certificate, and I've gotten everything to work. I configured my
    Pulumi.Aws.ApiGatewayV2.DomainName
    to be
    REGIONAL
    , which means I need
    RegionalDomainName
    to set up the certificate. Problem is, there's no way to get the
    RegionalDomainName
    from the
    Pulumi.Aws.ApiGatewayV2.DomainName
    . To fix this, we had to make a lookup on
    Pulumi.Aws.ApiGateway.DomainName
    (not V2), which has the
    RegionalDomainName
    . Am I missing something? Is this just a missing (for now) feature? AWS CDK does have the
    RegionalDomainName
    in
    ApiGatewayV2
    .
  • c

    creamy-monkey-35142

    03/31/2023, 9:12 AM
    @echoing-dinner-19531, currently I’m using Pulumi Action based on your recommendation https://pulumi-community.slack.com/archives/C84L4E3N1/p1675082133113049?thread_ts=1675078507.601099&amp;cid=C84L4E3N1 • is the issue fixed and can I upgrade it to latest version? • how I can suppress output with Action? in CLI I’m using
    pulumi up --suppress-outputs
    but I cannot find this option on https://github.com/pulumi/actions
    e
    • 2
    • 3
  • r

    red-airline-54646

    03/31/2023, 12:54 PM
    We are using Azure Pipeline, Does anyone also seeing this stdout during
    pulumi preview
    Any clue what's the reason why is this showing?
    running 2023/03/31 09:18:43 [DEBUG] POST <https://login.microsoftonline.com/***/oauth2/v2.0/token>
    s
    • 2
    • 8
Powered by Linen
Title
r

red-airline-54646

03/31/2023, 12:54 PM
We are using Azure Pipeline, Does anyone also seeing this stdout during
pulumi preview
Any clue what's the reason why is this showing?
running 2023/03/31 09:18:43 [DEBUG] POST <https://login.microsoftonline.com/***/oauth2/v2.0/token>
s

stocky-restaurant-98004

03/31/2023, 1:01 PM
That output likely comes from the wrapped TF provider. Can you confirm whether it is leaking an actual secret or not?
r

red-airline-54646

03/31/2023, 1:15 PM
the secret is our tenant id so it is expected to be hidden. the problem is it shows
DEBUG
considering we don't enable debug mode anywhere.
s

stocky-restaurant-98004

03/31/2023, 1:35 PM
That's the Azure DevOps provider?
r

red-airline-54646

03/31/2023, 2:06 PM
just the azure native sdk
azure "<http://github.com/pulumi/pulumi-azure-native-sdk|github.com/pulumi/pulumi-azure-native-sdk>"
this is the definition of the provider
azureProvider, err := azure.NewProvider(ctx, fmt.Sprintf("clusters-p.azurenative-(%s)", Subscriptions[subscription]), &azure.ProviderArgs{
		TenantId:       pulumi.StringPtr(os.Getenv("ARM_TENANT_ID")),
		ClientId:       pulumi.StringPtr(os.Getenv("ARM_CLIENT_ID")),
		ClientSecret:   pulumi.StringPtr(os.Getenv("ARM_CLIENT_SECRET")),
		SubscriptionId: pulumi.StringPtr(Subscriptions[subscription]),
	})
	if err != nil {
		return err
	}
Is this a bug in the provider?
s

stocky-restaurant-98004

03/31/2023, 5:41 PM
Oh, I see.
Let me check for an existing issue
I don't see one. Can you file a bug here? https://github.com/pulumi/pulumi-azure-native/issues
View count: 1