Errr got an error locally. Guessing I have to figure out how to bootstrap a project from the Automation API

" you have not created a project yet,"

SaveProjectSettings 🙂

Hey guys! Is it possible to configure base directory for the pulumi program, per-stack? We would like to use self-managed GCS for our state, the setup we would like to roll with is the following:

$ pulumi stack ls
NAME                          LAST UPDATE  RESOURCE COUNT
1_base                        n/a          n/a
2_organization_envs.dev*      n/a          n/a
2_organization_envs.pre-prod  n/a          n/a
2_organization_envs.prod      n/a          n/a

$ ls -la
total 56
drwxr-xr-x  13 robin.opletal  1380609156  416  8 Mar 11:46 .
drwxr-xr-x  19 robin.opletal  1380609156  608  7 Mar 12:33 ..
-rw-r--r--   1 robin.opletal  1380609156   12  8 Mar 11:12 .gitignore
drwxr-xr-x   2 robin.opletal  1380609156   64  8 Mar 11:35 1_base
drwxr-xr-x   3 robin.opletal  1380609156   96  8 Mar 11:46 2_organization_envs
-rw-r--r--   1 robin.opletal  1380609156   85  8 Mar 11:14 Pulumi.1_base.yaml
-rw-r--r--   1 robin.opletal  1380609156  112  8 Mar 11:45 Pulumi.2_organization_envs.dev.yaml
-rw-r--r--   1 robin.opletal  1380609156  123  8 Mar 11:38 Pulumi.2_organization_envs.pre-prod.yaml
-rw-r--r--   1 robin.opletal  1380609156  122  8 Mar 11:43 Pulumi.2_organization_envs.prod.yaml
-rw-r--r--   1 robin.opletal  1380609156  126  8 Mar 11:12 Pulumi.yaml
drwxr-xr-x   3 robin.opletal  1380609156   96  8 Mar 11:46 __pycache__
-rw-r--r--   1 robin.opletal  1380609156   46  8 Mar 11:12 requirements.txt
drwxr-xr-x   6 robin.opletal  1380609156  192  8 Mar 11:12 venv

I have tried adding:

main: 2_organization_envs/

to the stack config yaml file, but that hasn’t resulted in any changes Thanks! P.S. The goal is to have all the code for all

2_organization_envs

stacks in

2_organization_envs/

, for example

$ ls 2_organization_envs/
__main__.py

Another question: how am I supposed to reference a repository for a template list? I am trying to do this over git SSH, but am getting a “template not found” error. Here is the git command I am trying to use:

pulumi new git@gitlab.<redacted>.<redacted>:infrastructure/testing/pulumi-test/-/tree/master/aws-go-appsync.git

Hi guys is it possible to deploy infra on Azure via Github Actions using OpenID Connect (federated identity access)? I would really like to avoid storing secrets in GitHub. This is the action file:

name: Pulumi
on:
  push:
    branches:
      - main

permissions:
  id-token: write
  contents: read

jobs:
  up:
    name: Update
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 14.x
      - name: 'Azure login via CLI (Federated access)'
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} 
      - run: npm install
      - uses: pulumi/actions@v3
        with:
          command: up
          stack-name: dev
          cloud-url: <azblob://state>       
        env:
          PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
          AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
          AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
          AZURE_KEYVAULT_AUTH_VIA_CLI: true

action

azure/login@v1

finishes without any issues, but

pulumi/actions@v3

fails with the following error

failed with an unhandled exception:
azure-native:resources:ResourceGroup aks-test  error: building auth config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).

Hi Folks, not sure if this is the right channel to ask but I'm trying to use Pulumi on AWS to create Fargate container and came across the problem when deploying multiple times from GH action. I'm getting:

TargetGroupAssociationLimit: The following target groups cannot be associated with more than one load balancer

when running

const listener = new awsx.lb.NetworkLoadBalancer(nameFor("lb"))
        .createTargetGroup(nameFor("group"), { port: 80, protocol: "TCP" })
        .createListener(nameFor("listener"), { port: 443, protocol: "TLS", certificateArn: certificate.arn})

It work locally when ran pulumi up but not via GH action with same command. GH Action version: 3.15.0 Pulumi version on GH action: v3.25.1 Local Pulumi version: v3.25.1

hi all. shared this in #general but wondering if anyone can help me out here?

Hello, I am trying to deploy the

aws-py-voting-app

example (https://github.com/pulumi/examples/blob/master/aws-py-voting-app/). It's taking quite long and then failing with this error:

aws:lb:TargetGroup (redis-targetgroup):
    error: 1 error occurred:
        * creating urn:pulumi:dev::voting-app::aws:lb/targetGroup:TargetGroup::redis-targetgroup: 1 error occurred:
        * error modifying Target Group Attributes: ValidationError: 'Stickiness type' must be one of [app_cookie, lb_cookie, source_ip]
        status code: 400, request id: 9995a158-8d9b-4e97-93ed-884389a95f6d

Resources:
    + 17 created

Duration: 45m20s

I can not make sense of this error message because 'lb_cookie' is used as type, as far as I can tell: https://github.com/pulumi/examples/blob/master/aws-py-voting-app/__main__.py#L130 Any hints what the problem could be?

Hey, I new to this If I dont want to use Pulumi managed service, then how is this work? Is it Pulumi produce some yaml or some kind of files, so I use this file to deploy it to my cloud provider?

Hi Everyone, I was working through the getting started guide for non cloud Kubernetes and had an issue I'm hoping someone is able to help with. The first deployment of nginx went fine, but after updating the stack to expose an IP address it failed with:

kubernetes:core/v1:Service (nginx):
    error: 2 errors occurred:
    	* resource default/nginx-qyb8bpd9 was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: 'nginx-qyb8bpd9' timed out waiting to be Ready
    	* Service was not allocated an IP address; does your cloud provider support this?

The Kubernetes cluster is microk8s, so it's highly likely I've not enabled a required addon, but I don't know where to start. Any help would be appreciated. Thanks

I should have mentioned the microk8s Kubernetes cluster is not on my Mac, it's on another machine

👋 Quick question, is it possible to use a k8s secret to get a vault token and use that in a provider? In theory it seems to be yes, but vault is giving 403 during the preview step (which makes sense as that secret likely hasn't been fetched yet)

Hi, some questions about pulumi with AWS Cognito Userpool,

does anyone know how to change the verification option from no verification to email? can't find it in documentation! (https://www.pulumi.com/registry/packages/aws/api-docs/cognito/userpool/)

Hello Pulumi Team, A Quick question, I'm using the package K8S for OVH provider. How can I get the externalIP of my nodes as

kukectl get node -o wide

Hi, Question about Pulumi Appsync functions. I want to disable the request/response mapping template in the case of the lambda function data source. but mapping template is a required field. any other option for this?

Hi, I am trying to use Pulumi .NET to create an Azure Function, however, I do not seem to find how to add a function to the Function App programatically. Any ideas?

Couldn't find this info in the docs.. In Python, my

__main__.py

simply imports other modules and the project contains other modules still. However, Pulumi seems to require all the

__init__.py

to import modules, or else Pulumi doesn't import them. Is this correct? I need to explicitly import all modules and packages in each package's

__init__.py

? If so, is there a better / more standardized way?

If I am using a self-managed backend, when using stack references where can I find / set the organization that is used in the reference? Edit: There is a non-zero chance that reading the docs will tell you exactly what you want to know, looks like you need to set the

org

config

Hi Pulumi peeps We are trying to use the tf2pulumi plugin to migrate our terraform into a pulumi project. When we run 'pulumi plugin install resource azurerm' we are getting the error: pulumi plugin install resource azurerm [resource plugin azurerm-1.60.0] installing error: [resource plugin azurerm-1.60.0] downloading from : 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-azurerm-v1.60.0-darwin-amd64.tar.gz I have logged in using pulumi login with an access token from the portal. We had no issue using the google plugin 'pulumi plugin install resource google' Are you able to point me in the right direction?

noob question that I couldn't find in the documentation or searching slack: What's the difference between: •

update

•

replace

•

create-replacement

•

delete-replaced

I imagine the end result is the same, but these look like important concepts to understand when using Pulumi. (currently getting all 3 when doing

pulumi up --diff

).

👋 Hello, team!

I created a pulumi stack and used

ctx.Export("elasticache", elasticacheURN)

in my code to export the URN. When i run the command

pulumi stack output

from my terminal, I see the expected output. My question is: How can I access these outputs from different pulumi stack programatically (I am using Go). I need this output to install service that needs the above output to work. Can anyone please help me get started? Thanks

Hey team. I am trying to create a ManagedCluster in Azure using Pulumi Azure native library and attach it to a pre-existing VNET subnet This is how I get the subscriptionId:

const subscriptionId = azure.core.getSubscription({});

This is the code snippet where I create my VNET:

const virtualNetwork = new azure_native.network.VirtualNetwork(`vnet-${pulumi.getStack()}-${randomNo}`, {
    addressSpace: {
        addressPrefixes: ["10.0.0.0/8"],
    },
    resourceGroupName: resourceGroup.name,
    subnets: [{
        addressPrefix: "10.0.2.0/24",
        name: `snet-postgres-${pulumi.getStack()}-${randomNo}`,
        serviceEndpoints: [{
            service: "Microsoft.Sql",
        }],
    },{
        addressPrefix: "10.0.1.0/24",
        name: `snet-aks-${pulumi.getStack()}-${randomNo}`,
    }],
    virtualNetworkName: `vnet-${pulumi.getStack()}-${randomNo}`,
});

This is the code I used for the cluster:

const managedClusterName = config.get("managedClusterName") || `aks-${randomNo}`;
const cluster = new containerservice.ManagedCluster(managedClusterName, {
    resourceGroupName: resourceGroup.name,
    resourceName: `aks-${randomNo}`,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        nodeLabels: {},
        osDiskSizeGB: 30,
        osType: "Linux",
        type: "VirtualMachineScaleSets",
        vmSize: "Standard_B2s",
        vnetSubnetID: `/subscriptions/${subscriptionId}/resourceGroups/rsg-${pulumi.getStack()}-${randomNo}/providers/Microsoft.Network/virtualNetworks/vnet-${pulumi.getStack()}-${randomNo}/subnets/snet-aks-${pulumi.getStack()}-${randomNo}`
    }],
    dnsPrefix: resourceGroup.name,
    enableRBAC: true,
    kubernetesVersion: "1.23.3",
    linuxProfile: {
        adminUsername: "testuser",
        ssh: {
            publicKeys: [{
                keyData: sshKey.publicKeyOpenssh,
            }],
        },
    },
    nodeResourceGroup: `MC_azure-go_${managedClusterName}`,
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
},
{
    dependsOn: [virtualNetwork]
});

but I keep getting the following error:

azure-native:containerservice:ManagedCluster (aks-547):
    error: Code="LinkedAuthorizationFailed" Message="The client has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on scope '/subscriptions/70340165-1840-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/rsg-dev-547/providers/Microsoft.ContainerService/managedClusters/aks-547', however the linked subscription '[object Promise]' was not found."

Quite frankly I am baffled with what I'm doing wrong here. If I try to create the cluster without

dependsOn: [virtualNetwork]

, the deployment fails. If I try to create the cluster after the VNET is created, then I get the above message complaining that the linked subscription cannot be found (???) BTW, the qualified name (resource path) of the cluster is correct, including the subscriptionId.

Turns out I can't just add a fully qualified resource name string to

vnetSubnetId

. I need to invoke

getSubnet()

and then pass the resulting id. But now there is another error popping up. Pulumi complains on invoking

getSubnet()

on a virtual network resource which is still not being created. How can one overcome this issue?

Hi EveryOne. I am trying to create k8s cluster using this tutorial: https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/#with-a-separately-managed-node-pool-recommended . But when I set nodeCount to 1 or 2, on GCP console I observe 3 node cluster.

The GKE examples do this a lot: https://github.com/pulumi/examples/blob/master/gcp-ts-gke/cluster.ts#L10-#L14

// We can't create a cluster with no node pool defined, but we want to only use

// separately managed node pools. So we create the smallest possible default

// node pool and immediately delete it.

Why do we only want to use seperately managed node pools? The GKE introduction docs don't do this

Is it possible to pass node.js CLI arguments to

pulumi up

? I'm working with a typescript monorepo and it would be cool to have my pulumi infrastructure be a package inside of that monorepo like the others - but the monorepo manages dependencies through Yarn PnP (with corepack) which means we need to pass a

-r ./.pnp.cjs

flag to

node

for dependencies like

@pulumi/pulumi

to resolve

using

docker.Image

to build an image and running into some weird behavior, it doesn't seem to be respecting the registry I passed to the image. with the typescript runtime:

const image = new docker.Image('app', {
  imageName: 'org/app:latest',
  build: {
    context: '...',
    dockerfile: '...',
  },
  registry: {
    server: '<http://ghcr.io|ghcr.io>',
    username: 'user',
    password: 'password',
  },
});

this logs: error: Error: ' docker push org/app:latest-3c7ccbb9189753d00babbc9390eee3fa9ae7594d2b8642241ea7b139898c695c' failed with exit code 1 The push refers to repository [docker.io/org/app] error: denied: requested access to the resource is denied it seems to me like the push is being attempted to the

<http://docker.io|docker.io>

registry when I've specified

<http://ghcr.io|ghcr.io>

as a registry