• n

    nutritious-petabyte-61303

    5 months ago
    Is there any plans to add support for service accounts or scoped auth tokens on the pulumi hosted service?
    n
    s
    2 replies
    Copy to Clipboard
  • b

    bored-monitor-99026

    5 months ago
    hi folks, is there a way to manage github PAT with pulumi? including creating, renew, deletion etc.
    b
    r
    +1
    12 replies
    Copy to Clipboard
  • h

    helpful-account-44059

    5 months ago
    Hi, i follow this guide and write the blew code to create aws eks's aws-ebs-csi-driver addon
    axios.default.get("<https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/master/docs/example-iam-policy.json>")
        .then((response) => {
            const eksEbsCsiDriverPolicy = new aws.iam.Policy("AmazonEKS_EBS_CSI_Driver_Policy", {
                path: "/",
                policy: JSON.stringify(response.data),
            });
    
            const eksEbsCsiDriverPolicyRole = new aws.iam.Role("AmazonEKS_EBS_CSI_Driver_Policy_Role", {
                assumeRolePolicy: `{
                      "Version": "2012-10-17",
                      "Statement": [
                        {
                          "Action": "sts:AssumeRole",
                          "Principal": {
                            "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
                          },
                          "Effect": "Allow",
                          "Sid": ""
                        }
                      ]
                    }`
            });
    
            new aws.iam.RolePolicyAttachment("policy-attach", {
                role: eksEbsCsiDriverPolicyRole.name,
                policyArn: eksEbsCsiDriverPolicy.arn,
            });
    
            const ebsCsiAddon = new aws.eks.Addon("aws-ebs-csi-driver", {
                clusterName: eksCluster.eksCluster.name,
                addonName: "aws-ebs-csi-driver",
                serviceAccountRoleArn: eksEbsCsiDriverPolicyRole.arn,
                resolveConflicts: "OVERWRITE",
            });
        });
    run this command,
    kubectl describe pvc ebs-claim
    , and got the error:
    Name:          ebs-claim
    Namespace:     default
    StorageClass:  ebs-sc
    Status:        Pending
    Volume:        
    Labels:        <none>
    Annotations:   <http://volume.beta.kubernetes.io/storage-provisioner|volume.beta.kubernetes.io/storage-provisioner>: <http://ebs.csi.aws.com|ebs.csi.aws.com>
                   <http://volume.kubernetes.io/selected-node|volume.kubernetes.io/selected-node>: ip-172-28-161-249.ap-southeast-1.compute.internal
    Finalizers:    [<http://kubernetes.io/pvc-protection|kubernetes.io/pvc-protection>]
    Capacity:      
    Access Modes:  
    VolumeMode:    Filesystem
    Used By:       app
    Events:
      Type     Reason              Age   From                                                                                      Message
      ----     ------              ----  ----                                                                                      -------
      Warning  ProvisioningFailed  103s  persistentvolume-controller                                                               <http://storageclass.storage.k8s.io|storageclass.storage.k8s.io> "ebs-sc" not found
      Warning  ProvisioningFailed  98s   ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 08d8c9b1-d5c6-43b6-b0b4-8bcc9ffb0ca6
      Warning  ProvisioningFailed  97s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 294b3cd6-bba8-45b7-a456-bf711ab8c9d4
      Warning  ProvisioningFailed  95s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: e994db08-fb40-40d0-a7ee-5a1bd91f03b1
      Warning  ProvisioningFailed  91s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: e3085d02-4dae-4c8b-bf24-3a082b028544
      Warning  ProvisioningFailed  83s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 7ae3cb86-3fb5-4490-bc96-f3dd40009b99
      Warning  ProvisioningFailed  66s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
               status code: 403, request id: 5b4f043e-90f0-4e2b-b97e-782416eb7000
      Normal   Provisioning        34s (x7 over 101s)  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  External provisioner is provisioning volume for claim "default/ebs-claim"
      Warning  ProvisioningFailed  34s                 ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
    caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
              status code: 403, request id: 743b9abd-b0e8-471a-aa08-9507df6476b8
      Normal  ExternalProvisioning  5s (x9 over 101s)  persistentvolume-controller  waiting for a volume to be created, either by external provisioner "<http://ebs.csi.aws.com|ebs.csi.aws.com>" or manually created by system administrator
    anyone knowns how to fix it ?
    h
    b
    2 replies
    Copy to Clipboard
  • s

    some-continent-1577

    5 months ago
    Hi all, I came across the fact that in python pulumi_aws, pulumi_aws.eks.NodeGroupScalingConfigArgs has desired_size as required. Does this make sense somehow? I thought it should be optional; for an autoscaling eks cluster, I’d like some way to be able to update the other scaling configs without changing desired count.
    s
    4 replies
    Copy to Clipboard
  • g

    glamorous-australia-52239

    5 months ago
    👋 Hi everyone! was wondering if i could get help related to the pulumi-civo provider here
    g
    m
    3 replies
    Copy to Clipboard
  • s

    stocky-petabyte-29883

    5 months ago
    Hi I am using pulumi/eks to create a cluster and nodegroup. We use aws sso to switch between profiles. We logged with sso to the corresponding account and fetched our credentials. We then set the profile using
    export AWS_PROFILE=XXXX
    to set our profile. When we run pulumi up we are getting an error.
    Error: It looks like you're using AWS profiles. Please specify this profile in providerCredentialOpts
    I think this issue only happens when using crossrails EKS and not aws-classic(could be wrong here). I know there is a profile key in providerCredentialOpts I can add, but we can't ensure everyone who uses pulumi uses the same naming for their aws profiles. Am I missing something here?
    s
    b
    2 replies
    Copy to Clipboard
  • c

    clever-glass-42863

    5 months ago
    (Resolved) We're having issues automating the creation of new stacks with passphrase secrets-provider. We assign the environment variable
    PULUMI_CONFIG_PASSPHRASE
    ahead of running
    $ pulumi stack select $CI_COMMIT_REF_NAME --create --secrets-provider passphrase --verbose 9
    We see the initial stack get created with the following output
    {
      "version": 3,
      "checkpoint": {
        "stack": "dev"
      }
    }
    But then immediately see the following ouput:
    Created stack 'dev'
    error: incorrect passphrase
    Any ideas on what could be going on?
    c
    1 replies
    Copy to Clipboard
  • t

    thankful-coat-47937

    5 months ago
    hi - is there any guidance on how to use multiple typescript files in a sub folder? for example: it seems like only the index file is detected by me specifying "main": "src/index.ts" in my package.json. i am basically looking for a way to separate stuff into different files so it's not just one massive index.ts
    t
    1 replies
    Copy to Clipboard
  • c

    calm-mechanic-93288

    5 months ago
    Hi All, this is for GCP Cluster deployment using
    masterAuthorizedNetworksConfig
    . Anyone encountered an error below when trying to update the cidrBlocks in
    masterAuthorizedNetworksConfig
    ?
    error: error sending request: googleapi: Error 400: Must provide an update.
    c
    1 replies
    Copy to Clipboard
  • i

    incalculable-thailand-44404

    5 months ago
    has anyone come across an error like :
    > [2/2] COPY ./abc/abc_bin.jar app.jar:
        ------
        failed to compute cache key: "./abc/abc_bin.jar" not found: not found
    when trying to build a docker image with Pulumi. My DockerFile (
    ExampleProject/abc/DockerFile
    )looks like this :
    FROM openjdk:8-jdk-alpine
    ARG JAR_FILE=./abc/abc_bin.jar
    COPY ${JAR_FILE} app.jar
    ENTRYPOINT ["java","-jar","/app.jar"]
    My top level Bazel project is named
    ExampleProject
    under which I have
    abc
    as follows :
    ExampleProject/abc
    . When I run
    bazel build //abc/...
    from
    ExampleProject
    it creates a new directory called
    /ExampleProject/bazel-bin/abc
    which has all the jars including
    abc_bin.jar
    i
    a
    +1
    27 replies
    Copy to Clipboard