https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • t

    tall-monitor-77779

    11/05/2018, 5:51 PM
    any easy way to run
    pulumi up
    programatically?
    c
    c
    +3
    • 6
    • 12
  • e

    early-musician-41645

    11/05/2018, 7:06 PM
    We had a thread about how a helm-chart I'm installing fails because it's trying to install something that already exists, e.g. ServiceAccount named
    aws-node
    . I thought that it was managed outside the pulumi stack and raising the error, but that's not the case. I've now confirmed that it's failing even if the entire stack is managed by Pulumi. I first destroyed all the resources, then I
    pulumi up
    which creates an EKS cluster and a helm chart. The helm chart has a ServiceAccount and it fails with this:
    Diagnostics:
      kubernetes:core:ServiceAccount (kube-system/aws-node):
        error: Plan apply failed: serviceaccounts "aws-node" already exists
    The expected behavior is that the existing ServiceAccount would not raise an error and instead would get treated as a no-op.
    c
    m
    b
    • 4
    • 92
  • e

    early-musician-41645

    11/05/2018, 7:06 PM
    Is there a workaround for this?
  • e

    early-musician-41645

    11/05/2018, 7:15 PM
    Tracked here: https://github.com/pulumi/pulumi-kubernetes/issues/261
  • c

    cold-train-5848

    11/05/2018, 8:43 PM
    I'm trying to build and push a docker image to a local docker repository. I've started off with the example here: https://blog.pulumi.com/program-kubernetes-with-11-cloud-native-pulumi-pearls#8__Build_and_Deploy_Container_Images_A_longside_Configuration_Updates_322 I've changed the server to
    127.0.0.1:5000
    . It seems to login correctly with the credentials, but when it tries to push the built image, it seems like it's not passing on the servername to the docker push commands.
    const myAppDocker = new docker.Image("myapp", {
        build: {
          context: '../',
          dockerfile: '../docker/myapp/Dockerfile'
        },
        imageName: "myapp",
        registry: {
          server: "127.0.0.1:5000",
          username: config.require("dockerUsername"),
          password: config.require("dockerPassword")
        },
    });
    error: Error: 'docker push myapp:f61cb689da...' failed with exit code 1
        The push refers to repository [<http://docker.io/library/myapp|docker.io/library/myapp>]
    m
    l
    • 3
    • 17
  • e

    early-musician-41645

    11/05/2018, 9:20 PM
    How can I do the equivalent of
    kubectl apply -f $path_to_file
    with Pulumi?
  • a

    agreeable-truck-14797

    11/05/2018, 9:31 PM
    hello
  • a

    agreeable-truck-14797

    11/05/2018, 9:31 PM
    (from france)
    🇫🇷 3
  • a

    agreeable-truck-14797

    11/05/2018, 9:34 PM
    I'm looking how to use assumerole from aws ??
  • a

    agreeable-truck-14797

    11/05/2018, 9:34 PM
    not clear to me
  • a

    agreeable-truck-14797

    11/05/2018, 9:34 PM
    I'm using typescript
  • s

    stocky-spoon-28903

    11/05/2018, 9:35 PM
    Hi @agreeable-truck-14797! I can probably help with that
  • a

    agreeable-truck-14797

    11/05/2018, 9:35 PM
    thank @stocky-spoon-28903
  • s

    stocky-spoon-28903

    11/05/2018, 9:35 PM
    You need to configure the provider to assume a role - are you familiar with how Terraform does this?
  • a

    agreeable-truck-14797

    11/05/2018, 9:36 PM
    not really
  • a

    agreeable-truck-14797

    11/05/2018, 9:37 PM
    I know how to do in powershell 😛
  • s

    stocky-spoon-28903

    11/05/2018, 9:37 PM
    Ah ok! One second, let me put together an example for you
  • a

    agreeable-truck-14797

    11/05/2018, 9:39 PM
    does it go in pulumi-dev.yaml
  • a

    agreeable-truck-14797

    11/05/2018, 9:39 PM
    ?
  • s

    stocky-spoon-28903

    11/05/2018, 9:39 PM
    It could go in as a configuration point, but you need to configure the provider for it
  • s

    stocky-spoon-28903

    11/05/2018, 9:39 PM
    Which is slightly unusual
  • s

    stocky-spoon-28903

    11/05/2018, 9:39 PM
    I’ll put together a demo now (we need that anyway), but it will be a few minutes as I need to create various roles etc for it
  • a

    agreeable-truck-14797

    11/05/2018, 9:40 PM
    cool
  • a

    agreeable-truck-14797

    11/05/2018, 9:40 PM
    something else
  • a

    agreeable-truck-14797

    11/05/2018, 9:40 PM
    we use a MFA
  • e

    early-musician-41645

    11/05/2018, 9:40 PM
    I'd like to update the
    kube-system/aws-auth
    ConfigMap in my EKS kubernetes cluster via Pulumi. What's the route to doing that? I'm looking to add a couple roles into the
    data.mapRoles
  • a

    agreeable-truck-14797

    11/05/2018, 9:41 PM
    I do something like this
    $Creds = (Use-STSRole   -RoleArn $RoleArn -RoleSessionName "SandBoxSession" -SerialNumber $SerialNumber -TokenCode 123456).Credentials
  • s

    stocky-spoon-28903

    11/05/2018, 9:43 PM
    I see. So one option is to give those temporary credentials to Pulumi as
    AWS_ACCESS_KEY_ID
    ,
    AWS_SECRET_ACCESS_KEY
    and
    AWS_SESSION_TOKEN
    in the environment. The provider does have native support for assuming a role though
  • s

    stocky-spoon-28903

    11/05/2018, 9:44 PM
    That’s the example I’ll put together
  • a

    agreeable-truck-14797

    11/05/2018, 9:46 PM
    hum ok
    s
    • 2
    • 8
Powered by Linen
Title
a

agreeable-truck-14797

11/05/2018, 9:46 PM
hum ok
s

stocky-spoon-28903

11/06/2018, 12:03 AM
I’m actually mistaken - with the current AWS provider it’s not possible to use the native AssumeRole functionality of the Terraform provider, so it would be necessary to wrap it.
There’s an issue tracking the root cause here: https://github.com/pulumi/pulumi-terraform/issues/48 - there’s also a workaround noted in this comment on that issue: https://github.com/pulumi/pulumi-terraform/issues/48#issuecomment-340920875
This will hopefully be something we get to fixing soon.
Actually, sorry, I’m wrong again. I have it working now. I’ll put an example in the repository and then link to it here
https://github.com/pulumi/examples/pull/165
This is awaiting review, but I’ve confirmed several times now that it works as expected.
OK, it’s merged now, so the example is available here: https://github.com/pulumi/examples/tree/master/aws-ts-assume-role
a

agreeable-truck-14797

11/06/2018, 9:31 AM
Thanks !
View count: 1