Hi folks, by using Pulumi, from program language perspective, are there any differences between Python and Typescript? Does any one provide more features than the other?

👋 Is it possible to specify the

main

field in a stack configuration? Or does that need to be project wide? I've dealt with having multiple stacks per project (that are the same, just env specific), and also having multiple projects per repo, but I was wondering if 1 project can contain stacks with different content somehow

Hi everyone. I’m having difficulties generating a tls.PrivateKey. package.json

{
  "name": "test_k8s_cluster",
  "main": "index.ts",
  "devDependencies": {
    "@types/figlet": "^1.5.5",
    "@types/node": "^16"
  },
  "dependencies": {
    "@pulumi/aws": "^5.37.0",
    "@pulumi/awsx": "^1.0.2",
    "@pulumi/cloudflare": "^5.0.0",
    "@pulumi/eks": "^1.0.1",
    "@pulumi/kubernetes": "^3.25.0",
    "@pulumi/pulumi": "^3.64.0",
    "@pulumi/tls": "^4.10.0",
    "figlet": "^1.6.0"
  }
}

index.ts (imports):

import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
import * as cloudflare from "@pulumi/cloudflare";
import * as pulumi from "@pulumi/pulumi";
import * as tls from "@pulumi/tls";

index.ts (offending code):

const CLUSTER_KEY_GENERATION_ALGORITHM = "ED25519";

    const awsRegion: aws.Region = awsConfig.require("region");
    const awsProvider = new aws.Provider("aws-provider", {
        region: awsRegion,
    });

    // Create a PrivateKey for the Kubernetes cluster
    const clusterPrivateKey = new tls.PrivateKey("cluster-private-key", {
        algorithm: CLUSTER_KEY_GENERATION_ALGORITHM,
    }, { provider: awsProvider });

output:

❯ pulumi up
Previewing update (dev)

View in Browser (Ctrl+O): <https://app.pulumi.com/xxx/xxx/dev/previews/a4>....

     Type                     Name                 Plan       Info
     pulumi:pulumi:Stack      xxxxx-infra-aws-dev             1 error
 ~   ├─ pulumi:providers:aws  aws-provider         update     [diff: ~version]
 +   ├─ aws:ec2:Eip           bastion-eip          create     
 +   ├─ aws:ec2:KeyPair       bastion-key-pair     create     
     └─ tls:index:PrivateKey  cluster-private-key             1 error


Diagnostics:
  tls:index:PrivateKey (cluster-private-key):
    error: unrecognized resource type (Check): tls:index/privateKey:PrivateKey

There seems to be an extra “index” but not sure why. Is this a bug or am I using @pulumi/tls incorrectly? Thank you for your help.

I also tried

import { PrivateKey } from "@pulumi/tls";

and got the same result.

Hey folks, I'm hoping to use Pulumi to deploy an EKS cluster and install a bunch Helm charts on it all in one go. I'm trying to use

@pulumi/kubernetes

helm.v3.Chart

and

@pulumi/eks

Cluster

for this purpose. Looking at the docs, I'm not seeing a way that I can pass the

Cluster

to

helm.v3.Chart

, rather that it will be running the chart against whatever cluster is

helm

default on my system at the time. Is there a way to point it at the cluster I've just created without having to first set up the EKS cluster, then make it default in my shell, and then run the charts deploy? PS One of the charts I want to deploy is the AWS EFS CSI driver, going by the note on https://www.pulumi.com/blog/persisting-kubernetes-workloads-with-amazon-efscsi-volumes-using-pulumi-sdks/ that it's recommended to use the sigs chart for this. Is that still the case?

For my

helm.v3.Chart

, I now have:

{
    providers: { kubernetes: eksCluster.provider },
    dependsOn: [eksCluster, istioIngress],
  },

I'm getting a bunch of this:

error: Error: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: could not get server version from Kubernetes: Get "...": x509: certificate is not valid for any names, but wanted to match ...

I've tried this with only

dependsOn

and only

providers

as well, thinking there may be a conflict. Based on the speed of the run, I thought maybe this was because it's not waiting for the k8s cluster to come up, but perhaps there's something else going on. Any ideas?

Having some trouble also getting Pulumi to destroy my stack. Right now I'm just testing the deploy on a fresh account and happy to expunge it without much care, but it keeps getting stuck deleting an

aws:ec2:SecurityGroup

. Is there a way to tell it do delete as much as it can so there aren't > 100 things that need to be trashed manually?

Hi everyone. I'm working on a monolithic repo composed of microstacks written in typescript (see folder hierarchy in thread). I'm trying to use path aliases to avoid extensive

../../../

in my imports, so that I can refer to all my

lib

files using an alias from all of my stacks. I've defined the paths in the

tsconfig.json

file in the root of the repository, and have additionally referred to this using

extends

in a

tsconfig.json

file in each stack folder. The aliases aren't resolving, so I'm getting

Cannot find module

. Is this kind of thing supported currently?

Hello. I am using the Pulumi Automation API to automate my infrastructure. Here I have some generative code that creates Resources for me. Now, if I want to create a RabbitMQ Resource, I need to call

new Resource

... with a password, that is auto-generated on the fly. As soon as I hit the same code next time, I don't have that password any longer. I don't want to generate a new password everytime I run the same code, so I'd rather try to see if the resource already exists and load this, instead of creating a new one. Is there a way how to do that? The documentation is not quite clear on this. Also, I have a Dynamic Resource where I do this myself. I see that there is the read() Function for, I assume, this case. But I don't find any way on how to trigger this function during my automation code. Any pointers to documentation, example code, or what to search for would be much appreciated

hello , when will the referral program will open

Got the rest of the deployment up without the

BucketNotification

, but it still doesn't want to come down cleanly—somehow this

SecurityGroup

still doesn't want to go away:

aws:ec2:SecurityGroup (...):
    error: deleting urn:pulumi:dev::...::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::...: 1 error occurred:
    	* deleting Security Group (...): DependencyViolation: resource ... has a dependent object
    	status code: 400, request id: ...

Is there a way to get Pulumi to find the dependent instances, or, failing that bring down the deployment dirty (delete what it can until it's only getting these kind of errors)? I assume if the dependent it's referring to were in the state file then it would be trying to bring it down first anyway, and

pulumi refresh

hasn't brought it in. Would also be happy to have any suggestions on what toggles I should be setting with

helm.v3.Release

so that it upgrades cleanly; after I got the cluster up the first time, I ran

pulumi up

again to see if it would confirm that it's in the desired state, but then got upgrade failures for several of my charts.

Also very interested in getting spot instances into the cluster, but looking for a way to: (a) Mix spot and reserved instances, e.g. there should always be at least N instances dedicated. (b) Set the spot bid dynamically; I'm guessing this will be a separate tool—any recommendations?

This message was deleted.

Hey guys, I've had the opportunity to work the amazing projects Pulumi, and I would like to share some of my experiences. Hopefully, you'll find them insightful. https://www.linkedin.com/posts/wangjx_supercharge-your-tech-stack-with-the-combinatio[…]893294886912-E_ur?utm_source=share&utm_medium=member_desktop

Is there a way to force part of a stack to run again? I have a

Command

I am debugging and bringing everything up and down takes too long

Question on organizations in Pulumi service. Is there a limit on how many organizations can or should be created? And on the same lines, any limits on how many access tokens?

Hey folks, is there now a recommended way to iterate over an

Output<List<T>>

other than

apply(l => l.map(...))

? I've been looking at (1), which suggests it's best not to create resources in an

.apply

, and (2) which suggests that sometimes this is the only way to do it. 1. https://www.pulumi.com/docs/intro/concepts/inputs-outputs/#apply 2. https://github.com/pulumi/pulumi/issues/5392

I tried running

pulumi state upgrade

after upgrading to Pulumi >=3.61.0, but I get

Upgraded 0 stack(s) to project mode

pulumi state upgrade
This will upgrade the current backend to the latest supported version.
Older versions of Pulumi will not be able to read the new format.
Are you sure you want to proceed?
Please confirm that this is what you'd like to do by typing `yes`: yes
Upgraded 0 stack(s) to project mode

Is that normal? I’m using S3 as my backend, and the project structure still looks the same (Pulumi.yaml is still present in the bucket, and there is no meta.yaml) This has been happening on all my projects, and there are several stacks in each project. Interestingly, I can still seemingly run pulumi commands as usual on newer versions.

Hello! Does anyone know if

pulumi/aws

supports creating "wafv2.WebAclRules" after the creation of the WAF with

new aws.wafv2.WebAcl(...)

? in the AWS-CLI it is supported here "create-rule", and it can be done also from AWS web console, but pulumi doesn't seem to have it... It would allow my team to create the WAF in a shared project while allowing specific domains to add more rules to the WAF afterwards.

Hi there, I’m working on python and AWS identitystore , I have 3 function to create User, Group. and GroupMembership. at the function

GroupMembership

, I want get User.id that was created at the previous function and is there anyway to do that without doing

pulumi.export

?

Do you want to keep your Pulumi Personal Access Token secure in 1Password? You can now! The shell plugin for Pulumi I contributed a few weeks ago landed in 1Password CLI v2.17.0! 🎉 https://app-updates.agilebits.com/product_history/CLI2 https://developer.1password.com/docs/cli/shell-plugins/pulumi/ Posted in #contribute

Hi, i have a c# stack reference a nodejs stack, i stuck at when get the reference the nodejs stack's output, i just write below code to solve the type cast, any better method?

Is there a way to send a Slack notification every time a Pulumi update is triggered?

e.g. if I trigger an update locally, from CI or from somewhere else, I should get a Slack notification. Is this possible?

Hi, does anyone know if there's any plan to create a provider for argocd on pulumi ? I tried following the bridge template with this provider I currently use on terraform https://github.com/oboukili/terraform-provider-argocd but ran into many roadblocks. Or if anyone knows of other ways argocd is used through pulumi?

Hi, I am creating an aws provider to assume a role into another account to get information about an eks cluster (shown below): When I call this function, I get the following exception:

Exception: invoke of aws:eks/getCluster:getCluster failed: invocation of aws:eks/getCluster:getCluster returned an error: error reading from server: EOF

Any suggestions on how to get around this? Thanks Note: I have imported eks as

from pulumi_aws import eks

def generate_cross_account_kubeconfig(cluster_name:str, role_arn: str):
        
        eks_provider = Provider(
            f"assume-role-{role_arn.split('/')[1]}",
            assume_role = [
                role_arn,
            ]
        )



        eks_cluster= eks.get_cluster(
            name=cluster_name,
            opts = pulumi.InvokeOptions(provider = eks_provider)
            )

Trying to get the availability zones out of my

awsx.ec2.Vpc

. Looking at https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/, it seems that the usual "All input properties are implicitly available as output properties." applies, but

vpc.availabilityZoneNames

throws an error. Any ideas?

Any way to force the AWS provider to set the tags on all taggable resources (like

defaultTags

, but including already created resources)?

Hey everyone, I’ve been using pulumi under an

invidual

account and now want to migrate to

organization

is it just as simple as running

pulumi org set-default <NEW ORG NAME>

and then running pulumi up to deploy the services there? what will happen to what was registered with the individual account?

I'm getting a failure converting to a multi-AZ RDS cluster:

+-  ├─ aws:rds:Cluster                postgres   replace     [diff: ~availabilityZones,dbClusterInstanceClass]

Error:

error: 1 error occurred:
    	* creating RDS Cluster (...): DBClusterAlreadyExistsFault: DB Cluster already exists
    	status code: 400, request id: ...

I'm still testing the deployment, so I'm going to bring the whole thing down and go from there, just wondering if this is expected.

deletionProtection

is disabled.