bright-oil-46290
03/08/2022, 12:46 AMbright-oil-46290
03/08/2022, 12:46 AMbright-oil-46290
03/08/2022, 12:57 AMsquare-painter-3449
03/08/2022, 10:53 AM$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT
1_base n/a n/a
2_organization_envs.dev* n/a n/a
2_organization_envs.pre-prod n/a n/a
2_organization_envs.prod n/a n/a
$ ls -la
total 56
drwxr-xr-x 13 robin.opletal 1380609156 416 8 Mar 11:46 .
drwxr-xr-x 19 robin.opletal 1380609156 608 7 Mar 12:33 ..
-rw-r--r-- 1 robin.opletal 1380609156 12 8 Mar 11:12 .gitignore
drwxr-xr-x 2 robin.opletal 1380609156 64 8 Mar 11:35 1_base
drwxr-xr-x 3 robin.opletal 1380609156 96 8 Mar 11:46 2_organization_envs
-rw-r--r-- 1 robin.opletal 1380609156 85 8 Mar 11:14 Pulumi.1_base.yaml
-rw-r--r-- 1 robin.opletal 1380609156 112 8 Mar 11:45 Pulumi.2_organization_envs.dev.yaml
-rw-r--r-- 1 robin.opletal 1380609156 123 8 Mar 11:38 Pulumi.2_organization_envs.pre-prod.yaml
-rw-r--r-- 1 robin.opletal 1380609156 122 8 Mar 11:43 Pulumi.2_organization_envs.prod.yaml
-rw-r--r-- 1 robin.opletal 1380609156 126 8 Mar 11:12 Pulumi.yaml
drwxr-xr-x 3 robin.opletal 1380609156 96 8 Mar 11:46 __pycache__
-rw-r--r-- 1 robin.opletal 1380609156 46 8 Mar 11:12 requirements.txt
drwxr-xr-x 6 robin.opletal 1380609156 192 8 Mar 11:12 venv
I have tried adding:
main: 2_organization_envs/
to the stack config yaml file, but that hasn’t resulted in any changes
Thanks!
P.S. The goal is to have all the code for all 2_organization_envs
stacks in 2_organization_envs/
, for example
$ ls 2_organization_envs/
__main__.py
square-painter-3449
03/08/2022, 1:12 PMpulumi new git@gitlab.<redacted>.<redacted>:infrastructure/testing/pulumi-test/-/tree/master/aws-go-appsync.git
creamy-fall-88031
03/09/2022, 9:02 PMname: Pulumi
on:
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
up:
name: Update
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14.x
- name: 'Azure login via CLI (Federated access)'
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- run: npm install
- uses: pulumi/actions@v3
with:
command: up
stack-name: dev
cloud-url: <azblob://state>
env:
PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
AZURE_KEYVAULT_AUTH_VIA_CLI: true
action azure/login@v1
finishes without any issues, but pulumi/actions@v3
fails with the following error
failed with an unhandled exception:
azure-native:resources:ResourceGroup aks-test error: building auth config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
better-queen-89787
03/10/2022, 7:56 AMTargetGroupAssociationLimit: The following target groups cannot be associated with more than one load balancer
when running
const listener = new awsx.lb.NetworkLoadBalancer(nameFor("lb"))
.createTargetGroup(nameFor("group"), { port: 80, protocol: "TCP" })
.createListener(nameFor("listener"), { port: 443, protocol: "TLS", certificateArn: certificate.arn})
It work locally when ran pulumi up but not via GH action with same command.
GH Action version: 3.15.0
Pulumi version on GH action: v3.25.1
Local Pulumi version: v3.25.1thankful-coat-47937
03/10/2022, 11:47 PMbrave-mouse-27112
03/11/2022, 11:48 AMaws-py-voting-app
example (https://github.com/pulumi/examples/blob/master/aws-py-voting-app/).
It's taking quite long and then failing with this error:
aws:lb:TargetGroup (redis-targetgroup):
error: 1 error occurred:
* creating urn:pulumi:dev::voting-app::aws:lb/targetGroup:TargetGroup::redis-targetgroup: 1 error occurred:
* error modifying Target Group Attributes: ValidationError: 'Stickiness type' must be one of [app_cookie, lb_cookie, source_ip]
status code: 400, request id: 9995a158-8d9b-4e97-93ed-884389a95f6d
Resources:
+ 17 created
Duration: 45m20s
I can not make sense of this error message because 'lb_cookie' is used as type, as far as I can tell:
https://github.com/pulumi/examples/blob/master/aws-py-voting-app/__main__.py#L130
Any hints what the problem could be?quick-engine-41995
03/12/2022, 3:28 PMcrooked-autumn-27958
03/12/2022, 4:56 PMkubernetes:core/v1:Service (nginx):
error: 2 errors occurred:
* resource default/nginx-qyb8bpd9 was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: 'nginx-qyb8bpd9' timed out waiting to be Ready
* Service was not allocated an IP address; does your cloud provider support this?
The Kubernetes cluster is microk8s, so it's highly likely I've not enabled a required addon, but I don't know where to start.
Any help would be appreciated. Thankscrooked-autumn-27958
03/12/2022, 5:00 PMechoing-oil-42947
03/13/2022, 9:20 PMnice-petabyte-37240
03/14/2022, 7:49 AMnice-petabyte-37240
03/14/2022, 7:50 AMquaint-pharmacist-79538
03/14/2022, 1:36 PMkukectl get node -o wide
nice-petabyte-37240
03/15/2022, 3:15 AMagreeable-terabyte-59853
03/15/2022, 1:27 PMaverage-article-76176
03/16/2022, 5:23 PM__main__.py
simply imports other modules and the project contains other modules still. However, Pulumi seems to require all the __init__.py
to import modules, or else Pulumi doesn't import them.
Is this correct?
I need to explicitly import all modules and packages in each package's __init__.py
?
If so, is there a better / more standardized way?echoing-oil-42947
03/16/2022, 5:52 PMorg
configboundless-policeman-48078
03/17/2022, 5:54 AMaverage-article-76176
03/17/2022, 7:32 PMupdate
• replace
• create-replacement
• delete-replaced
I imagine the end result is the same, but these look like important concepts to understand when using Pulumi. (currently getting all 3 when doing pulumi up --diff
).ambitious-doctor-78865
03/18/2022, 8:58 PMambitious-doctor-78865
03/18/2022, 9:01 PMctx.Export("elasticache", elasticacheURN)
in my code to export the URN. When i run the command pulumi stack output
from my terminal, I see the expected output. My question is:
How can I access these outputs from different pulumi stack programatically (I am using Go). I need this output to install service that needs the above output to work.
Can anyone please help me get started?
Thankscreamy-fall-88031
03/20/2022, 11:10 PMconst subscriptionId = azure.core.getSubscription({});
This is the code snippet where I create my VNET:
const virtualNetwork = new azure_native.network.VirtualNetwork(`vnet-${pulumi.getStack()}-${randomNo}`, {
addressSpace: {
addressPrefixes: ["10.0.0.0/8"],
},
resourceGroupName: resourceGroup.name,
subnets: [{
addressPrefix: "10.0.2.0/24",
name: `snet-postgres-${pulumi.getStack()}-${randomNo}`,
serviceEndpoints: [{
service: "Microsoft.Sql",
}],
},{
addressPrefix: "10.0.1.0/24",
name: `snet-aks-${pulumi.getStack()}-${randomNo}`,
}],
virtualNetworkName: `vnet-${pulumi.getStack()}-${randomNo}`,
});
This is the code I used for the cluster:
const managedClusterName = config.get("managedClusterName") || `aks-${randomNo}`;
const cluster = new containerservice.ManagedCluster(managedClusterName, {
resourceGroupName: resourceGroup.name,
resourceName: `aks-${randomNo}`,
agentPoolProfiles: [{
count: 2,
maxPods: 110,
mode: "System",
name: "agentpool",
nodeLabels: {},
osDiskSizeGB: 30,
osType: "Linux",
type: "VirtualMachineScaleSets",
vmSize: "Standard_B2s",
vnetSubnetID: `/subscriptions/${subscriptionId}/resourceGroups/rsg-${pulumi.getStack()}-${randomNo}/providers/Microsoft.Network/virtualNetworks/vnet-${pulumi.getStack()}-${randomNo}/subnets/snet-aks-${pulumi.getStack()}-${randomNo}`
}],
dnsPrefix: resourceGroup.name,
enableRBAC: true,
kubernetesVersion: "1.23.3",
linuxProfile: {
adminUsername: "testuser",
ssh: {
publicKeys: [{
keyData: sshKey.publicKeyOpenssh,
}],
},
},
nodeResourceGroup: `MC_azure-go_${managedClusterName}`,
servicePrincipalProfile: {
clientId: adApp.applicationId,
secret: adSpPassword.value,
},
},
{
dependsOn: [virtualNetwork]
});
but I keep getting the following error:
azure-native:containerservice:ManagedCluster (aks-547):
error: Code="LinkedAuthorizationFailed" Message="The client has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on scope '/subscriptions/70340165-1840-xxxx-xxxx-xxxxxxxxxxx/resourceGroups/rsg-dev-547/providers/Microsoft.ContainerService/managedClusters/aks-547', however the linked subscription '[object Promise]' was not found."
Quite frankly I am baffled with what I'm doing wrong here. If I try to create the cluster without dependsOn: [virtualNetwork]
, the deployment fails. If I try to create the cluster after the VNET is created, then I get the above message complaining that the linked subscription cannot be found (???)
BTW, the qualified name (resource path) of the cluster is correct, including the subscriptionId.creamy-fall-88031
03/21/2022, 8:53 PMvnetSubnetId
. I need to invoke getSubnet()
and then pass the resulting id.
But now there is another error popping up. Pulumi complains on invoking getSubnet()
on a virtual network resource which is still not being created.
How can one overcome this issue?ancient-energy-2517
03/21/2022, 11:11 PMbright-horse-50102
03/22/2022, 6:51 PM// We can't create a cluster with no node pool defined, but we want to only use
// separately managed node pools. So we create the smallest possible default
// node pool and immediately delete it.Why do we only want to use seperately managed node pools? The GKE introduction docs don't do this
bright-horse-50102
03/22/2022, 9:29 PMpulumi up
?
I'm working with a typescript monorepo and it would be cool to have my pulumi infrastructure be a package inside of that monorepo like the others - but the monorepo manages dependencies through Yarn PnP (with corepack) which means we need to pass a -r ./.pnp.cjs
flag to node
for dependencies like @pulumi/pulumi
to resolvebright-horse-50102
03/23/2022, 1:50 AMdocker.Image
to build an image and running into some weird behavior, it doesn't seem to be respecting the registry I passed to the image.
with the typescript runtime:
const image = new docker.Image('app', {
imageName: 'org/app:latest',
build: {
context: '...',
dockerfile: '...',
},
registry: {
server: '<http://ghcr.io|ghcr.io>',
username: 'user',
password: 'password',
},
});
this logs:
error: Error: ' docker push org/app:latest-3c7ccbb9189753d00babbc9390eee3fa9ae7594d2b8642241ea7b139898c695c' failed with exit code 1
The push refers to repository [docker.io/org/app]
error: denied: requested access to the resource is denied
it seems to me like the push is being attempted to the <http://docker.io|docker.io>
registry when I've specified <http://ghcr.io|ghcr.io>
as a registry