https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
getting-started
  • b

    billions-piano-69192

    03/08/2023, 8:57 PM
    Hello, I am having some issues regarding python's`pulumi.automation` in reference to getting gitlab.com to show the pending changes after a
    preview
    in a merge request pipeline.I have followed the docs and have a sucessful 200 response when running gitlab's test here: I also created a very small sucessful test case where I use pulumi's cli rather than the automation tools: I believe I am missing something with respect to setting up a preview through
    pulumi.automation
    . The preview itself is sucessful, but the webhook does not fire to produce the preview on gitlab ui. Can someone point me in the right direction?
  • d

    dry-journalist-60579

    03/08/2023, 10:49 PM
    I’m trying to follow the instructions here (https://www.pulumi.com/docs/guides/oidc/aws/) to set up OIDC such that Pulumi Deployments can run… but I’m getting:
    Error: fetching AWS credentials: WebIdentityErr: failed to retrieve credentials, caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity, status code: 403
    Any ideas? I’m using Pulumi to create the OIDC configuration and AWS roles:
    import pulumi_aws as aws
    import json
    
    # Create OIDC provider for Pulumi Deployments
    oidc_provider = aws.iam.OpenIdConnectProvider(
        "Pulumi OIDC Provider",
        client_id_lists=["MYORG"],
        # <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html>
        thumbprint_lists=["9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"],
        url="<https://api.pulumi.com/oidc>",
    )
    
    oidc_provider_role = aws.iam.Role(
        "Pulumi OIDC Provider Role",
        name="PulumiOIDC",
        assume_role_policy=oidc_provider.arn.apply(
            lambda arn: json.dumps(
                {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Federated": arn,
                            },
                            "Action": "sts:AssumeRoleWithWebIdentity",
                            "Condition": {
                                "StringEquals": {
                                    "<http://api.pulumi.com/oidc:aud|api.pulumi.com/oidc:aud>": "MYORG",
                                    "<http://api.pulumi.com/oidc:sub|api.pulumi.com/oidc:sub>": "pulumi:deploy:org:MYORG:project:*:*",
                                }
                            },
                        }
                    ],
                }
            )
        ),
    )
    d
    • 2
    • 25
  • i

    icy-controller-6092

    03/09/2023, 9:09 AM
    I’m not sure I understand what ComponentResource’s offer that
    { parent: xyz }
    doesn’t already provide?
    b
    l
    • 3
    • 10
  • b

    bumpy-plastic-18391

    03/09/2023, 3:23 PM
    Hi, I know this is a pulumi only community, i need help with another IaC Provider: Terraform, Could anyone help me? we cold create another channel if necessary
    b
    • 2
    • 1
  • q

    quaint-twilight-92541

    03/09/2023, 6:53 PM
    Can someone point me towards a TypeScript Pulumi example that is spread across multiple
    .ts
    files? I'd like to verify what I think of as idiomatic TypeScript and the preferred approach of the Pulumi community.
    c
    • 2
    • 5
  • d

    dry-journalist-60579

    03/09/2023, 8:17 PM
    I’m trying to reconcile `Error: python projects without a
    virtualenv
    project configuration are not yet supported` I’m getting from Deployments with the fact that we’re using Poetry for our dependencies like this article demonstrates. Any suggestions?
    b
    r
    • 3
    • 32
  • l

    limited-wolf-14679

    03/09/2023, 11:48 PM
    Hi Guys, i am new to pulumi and trying to deploy kubeflow on gcp. I am using pulumi python and GCP...and deployed pulumi kuberntes-gcp-python and now I would like to deploy kubeflow but I am stuck. Any help ?
  • l

    limited-wolf-14679

    03/09/2023, 11:49 PM
    I have tried to run the following code but no success:
    # new kubeflow
    kubeflow = gcp.container.Registry("kubeflow")
    
    deployment = Deployment(
        "kubeflow-deployment",
        spec=DeploymentSpecArgs(
            replicas=1,
            selector=LabelSelectorArgs(
                match_labels={
                    "app": "kubeflow",
                },
            ),
            template=PodTemplateSpecArgs(
                metadata=ObjectMetaArgs(
                    labels={
                        "app": "kubeflow",
                    },
                ),
                spec=PodSpecArgs(
                    containers=[
                        ContainerArgs(
                            name="kubeflow",
                            image="kubeflow",
                            env=[
                                EnvVarArgs(
                                    name="NAMESPACE",
                                    value="kubeflow",
                                ),
                            ],
                            command=["/bin/bash"],
                            args=[
                                "-c",
                                "/opt/deploy.sh",
                            ]
                            
                        )
                    ]
    
                )
            )
        ),
        metadata=ObjectMetaArgs(
            labels={
                "app": "kubeflow",
            }
        )
    )
    
    pulumi.export("name", deployment.metadata["name"])
    
    # Allocate an IP to the Deployment.
    app_name = "kubeflow"
    app_labels = { "app": app_name }
    frontend = Service(
        app_name,
        metadata={
            "labels": deployment.spec["template"]["metadata"]["labels"],
        },
        spec={
            "type":  "LoadBalancer",
            "ports": [{ "port": 80, "target_port": 80, "protocol": "TCP" }],
            "selector": app_labels,
        })
    
    # When "done", this will print the public IP.
    result = None
    
    ingress = frontend.status.apply(lambda v: v["load_balancer"]["ingress"][0] if "load_balancer" in v else None)
    if ingress is not None:
        result = ingress.apply(lambda v: v["ip"] if "ip" in v else v["hostname"])
    
    pulumi.export("ip", result)
  • i

    incalculable-rose-91093

    03/10/2023, 4:42 AM
    Hello all, while i was logging into minio bucket using pulumi i was getting below error. can some one suggest me or help to resolve this issue. pulumi login 's3://test-dataplatform-pulumi-state?endpoint=https://obs.vcloud.abc/&amp;disableSSL=true&amp;s3ForcePathStyle=true' Getting below error error: problem logging in: unable to check if bucket s3://test-dataplatform-pulumi-state?endpoint=https://obs.vcloud.abc/&amp;disableSSL=true&amp;s3ForcePathStyle=true is accessible: blob (code=Unknown): RequestError: send request failed caused by: Get "https://obs.vcloud.abc/test-dataplatform-pulumi-state?list-type=2&amp;max-keys=1": x509: certificate signed by unknown authority
    e
    • 2
    • 5
  • d

    dry-journalist-60579

    03/10/2023, 3:01 PM
    Is there any more documentation on setting up Pulumi Deployments beyond https://www.pulumi.com/docs/intro/pulumi-service/deployments/? I can’t seem to get it working for a Python Pulumi project
  • k

    kind-farmer-90323

    03/10/2023, 9:23 PM
    Hey all, trying to understand the self-managed state. I'd use either a GCS or S3 bucket. Does Pulumi handle locking/concurrency on these types of backends automatically? The documentation isn't really clear, and seems to suggest only the Pulumi Service backend does this. If we had GCS/S3 backend could we end up with a broken state if a stack was updated by 2+ instances concurrently? Thanks!
    b
    • 2
    • 2
  • p

    plain-belgium-35196

    03/11/2023, 1:10 AM
    Hi teams, Should I restart argocd-server after updating argocd-rbac-cm.yaml
  • a

    acceptable-lawyer-72941

    03/12/2023, 6:53 PM
    Hi, I am having difficulty understanding how to create a SubnetGroup where the subnet ids are created in the call to
    new awsx.ec2.Vpc("vpc-name", ...)
    I am passing in a list of subnetSpecs:
    const subnetSpecs = [
            {
                type: awsx.ec2.SubnetType.Public,
                name: "public",
                cidrMask: 24,
                tags: {
                    ...publicSubnetTags,
                },
            },
            {
                type: awsx.ec2.SubnetType.Private,
                name: "kubernetes",
                cidrMask: 24,
                tags: {
                    ...privateSubnetTags,
                },
            },
            {
                type: awsx.ec2.SubnetType.Private,
                name: "rds",
                cidrMask: 24,
                tags: {
                    ...rdsSubnetTags,
                },
            },
        ];
    rdsSunetTags is:
    const rdsSubnetTags : {
            Name: "rds",
        };
    Finally, and this is where I am stuck, after the call to
    new awsx.ec2.Vpc("vpc-name", ...)
    I want to create a subnet group for the rds subnets and attempt to do so as follows:
    // Create RDS subnet group
        aws.ec2
            .getSubnets({
                tags: {
                    Name: "rds",
                },
            })
            .then((rdsSubnets) => {
                console.log("rdsSubnets: ", rdsSubnets);
    
                // create a subnet group for the RDS subnets
                const rdsSubnetGroup = new aws.rds.SubnetGroup("rds-subnet-group", {
                    subnetIds: rdsSubnets.ids,
                    tags: {
                        Environment: env,
                    },
                });
            });
    Not surprisingly, rdsSubnets contains an empty list of subnets because new awsx.ec2.Vpc hasn't completed provisioning resources yet and there, in fact, are no subnets in the VPC. What is the right approach? Is there a way to get a Subnet promise that resolves when the the VPC and all of the subnets have been created? Thank you.
    b
    • 2
    • 5
  • p

    purple-electrician-80135

    03/13/2023, 12:40 AM
    I'm unable to access Config from within a Jupyter notebook cell .. is that a known problem or has anyone been able to do so? I can access from CLI just fine, but running in a cell the config values are never available. Selecting the stack programmatically and then calling stack.get_all_config() will return an empty dictionary.
    e
    • 2
    • 7
  • a

    acceptable-plumber-31485

    03/13/2023, 6:52 PM
    Is there an abstraction library I can use on top of pulumi so that our developers/users won't have to write Pulumi code to build aws resources? I'd like to make it invisible for them.
    b
    • 2
    • 25
  • a

    acceptable-plumber-31485

    03/14/2023, 2:30 AM
    I tried the code from this page yesterday, https://www.pulumi.com/docs/guides/crosswalk/aws/elb/. However, I couldn't get it to work.
    pulumi up
    was complaining about export. I tried creating it as a typescript as well as javascript. Both failed. It does look like it's a javascript code. Any ideas?
    l
    • 2
    • 12
  • a

    acceptable-plumber-31485

    03/14/2023, 4:55 PM
    Good morning. I created a load balancer with ec2 instances behind it. A new security group also got created. I manually updated the security group in EC2 console so I can test if
    pulumi preview
    will see the difference. I would like to see if it works the same as
    terraform plan
    . However, it didn't see the manual change I made. What am I doing wrong?
    b
    • 2
    • 27
  • p

    plain-belgium-35196

    03/15/2023, 6:43 PM
    Hi teams, I always get sync error info, “some workloads already exist”, when I first sync the application. Do you have any suggestion?
  • p

    purple-cat-2685

    03/17/2023, 1:37 PM
    Hey! I can't for the life of me figure out how to use the import functionality for our Pulumi plugin. Looking at the example YAML our resources are named symbiosis:RESOURCE (https://www.pulumi.com/registry/packages/symbiosis/api-docs/cluster/), but trying to import it as symbiosis:RESOURCE yields this error:
    import type "symbiosis:Cluster" is not a valid resource type token. Type tokens must be of the format <package>:&lt;module&gt;:<type>
    What am I missing?:face_with_peeking_eye:
    b
    • 2
    • 2
  • m

    melodic-lion-63741

    03/17/2023, 2:40 PM
    Hi all, relatively new to Pulumi but have been doing IaC with Terraform/Terragrunt for a while. I have a question about inputs/outputs across packages/projects. A concrete example: We have an IaC package in a monorepo where we define a VPC. We wish to use the VPC id in the (TypeScript) configuration of a serverless framework package. Previously we did this by putting the VPC id in an AWS secret and importing it in the serverless config, but I was curious to hear if there are alternatives with Pulumi? I have been browsing the docs, but I have not come across anything similar
    b
    • 2
    • 2
  • h

    hallowed-airport-19484

    03/17/2023, 6:58 PM
    Hello friends, I'm just checking out Pulumi atm. It looks like you have built some very nice tools ❤️ I have a confession to make however. In the demo video on the homepage, it seems that a config with an S3 bucket exposed as a website is queried for a
    bucketUrl
    , but the entire URL is not returned (eg., nothing like "http://" at the beginning). This means it is not a URL, as no scheme is present. I find this a bit troubling... is this loose application of domain terms like "URL" par for the course, or just an outlier?
    m
    • 2
    • 2
  • n

    numerous-alarm-76016

    03/20/2023, 10:26 AM
    Hey all! I had a question about how to structure our cloud resources within pulumi projects. So things that are meant to be shared (only created once), for example, users and groups, shared fargate clusters, VPCs, and so on, should be in a project, called "infra" for example. Then we could have another pulumi project, called MyApp, that manages the resources specific to this app right? So this second project would use the resources created in the first one, correct? I would be very interested in the experience of others and how they structure their cloud resources and their git-ops repositories if someone is willing to share! Thanks in advance for your help! Cheers!
    c
    b
    • 3
    • 5
  • s

    straight-fireman-55591

    03/21/2023, 11:28 AM
    Whats the difference between: Google Cloud (GCP) Classic and Google Cloud Native ? Which one I supposed to be using? Will Google Cloud (GCP) Classic be moving to Google Cloud Native ?
    b
    • 2
    • 4
  • f

    fancy-artist-45287

    03/21/2023, 11:46 AM
    Hi, I am trying to add access policies to an existing key vault in azure from pulumi like described here https://learn.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults/accesspolicies?pivots=deployment-language-bicep but it doesn't seem like pulumi has anything equivalent to this? https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/
    r
    m
    b
    • 4
    • 31
  • c

    careful-summer-45848

    03/21/2023, 7:53 PM
    I have been trying for a ridiculous amount of time now to use an array in config in Pulumi.yaml and cannot get anything to work when I try using pulumi up. How am I meant to get this to work? // Pulumi.yaml
    name: my-site
    runtime: nodejs
    main: ./index.ts
    config:
        aws:region: us-east-1
        domain: <http://robcarr.net|robcarr.net>
        tags:
            type: array
            items:
                - production
                - staging
    // Pulumi.default.yaml
    name: default
    config:
        aws:region: us-east-1
        domain: <http://robcarr.net|robcarr.net>
        tags:
            type: array
            items:
                - production
                - staging
    8 errors occurred: * #/config/tags: oneOf failed * #/config/tags: expected string, but got object * #/config/tags: expected integer, but got object * #/config/tags: expected boolean, but got object * #/config/tags: expected array, but got object * #/config/tags: doesn't validate with '/$defs/configTypeDeclaration' * #/config/tags/items: doesn't validate with '/$defs/configItemsType' * #/config/tags/items: expected object, but got array
    s
    • 2
    • 7
  • b

    brief-car-60542

    03/24/2023, 4:23 AM
    Hi, guys. I have a quick question. how do you build a project that have mutiple
    Pulumi.<cluster>.yaml
    And some yaml file with resource A, some yaml with resource B. Seems each resource will trying to build with all stack files. Here is a example project structure I am going with:
    ├── infrastructure
    │   ├── iac
    │   │   ├── aws
    │   │   │   ├── containers
    │   │   │   │   ├── index.ts
    │   │   │   │   ├── package.json
    │   │   │   │   ├── Pulumi.yaml
    │   │   │   │   ├── Pulumi.foo.yaml
    │   │   │   │   ├── Pulumi.bar.yaml
    │   │   │   │   ├── ecr
    │   │   │   │   │   ├── index.ts
    │   │   │   │   ├── fargate
    │   │   │   │   │   ├── index.ts
    Like a example here
    Pulumi.foo.yaml
    will only have
    ecr
    resource.
    Pulumi.bar.yaml
    will only have
    fargate
    resource. How do I make each resource
    index.ts
    smartly know if there is no config about ecr in the stack yaml file. I will do nothing.
    s
    n
    d
    • 4
    • 43
  • b

    billowy-ability-25334

    03/24/2023, 12:36 PM
    Hi, is pulumi service a proprietary software? Or is it possible to self-host it without license? Thanks
    m
    s
    b
    • 4
    • 4
  • c

    careful-summer-45848

    03/24/2023, 4:09 PM
    Is there anyway of setting a route53 alias to point at another route53 alias? I have the following but the linter is complaining:
    export function setCloudFrontRecordAAAA(
        name: string,
        distribution: aws.cloudfront.Distribution,
        zone: aws.route53.Zone
    ) {
        const record = new aws.route53.Record("AAAA-alias", {
            name,
            type: "AAAA",
            zoneId: zone.zoneId,
            aliases: [
                {
                    evaluateTargetHealth: true,
                    name: distribution.domainName,
                    zoneId: distribution.hostedZoneId,
                },
            ],
        });
    
        return record;
    }
    
    export function setCloudFrontWWWAlias(
        name: string,
        record: aws.route53.Record,
    ) {
        const wwwRecord = new aws.route53.Record("www-alias", {
            name,
            type: "AAAA",
            zoneId: record.zoneId,
            aliases: {
                name: record.name, <--- LINTER DOESN'T LIKE THIS
                zoneId: record.zoneId,
                evaluateTargetHealth: true,
            }
        });
    
        return wwwRecord;
    }
    • 1
    • 1
  • b

    brief-car-60542

    03/28/2023, 3:47 AM
    Is there a way to change Project name in the
    Pulumi.yaml
    file?
    g
    • 2
    • 7
  • i

    incalculable-thailand-44404

    03/28/2023, 8:47 PM
    Hi Folks, we recently started facing the issue mentioned here: https://github.com/pulumi/pulumi-eks/issues/720. I have added details about the error and our dependencies: https://github.com/pulumi/pulumi-eks/issues/720#issuecomment-1486265287. It would be great if anyone can guide me on this.
    c
    q
    • 3
    • 12
Powered by Linen
Title
i

incalculable-thailand-44404

03/28/2023, 8:47 PM
Hi Folks, we recently started facing the issue mentioned here: https://github.com/pulumi/pulumi-eks/issues/720. I have added details about the error and our dependencies: https://github.com/pulumi/pulumi-eks/issues/720#issuecomment-1486265287. It would be great if anyone can guide me on this.
c

creamy-agency-52831

03/28/2023, 8:53 PM
It looks like the version of
pulumi-eks
you're using is fairly old - have you tried updating to
>=v1.0.0
?
i

incalculable-thailand-44404

03/28/2023, 8:58 PM
I tried, it yesterday. Let me try again. Will update in a bit
same error. my
package-lock.json
shows the updated eks package…
Untitled
not sure why its not picking up the
aws-k8s-cni.yaml
that is available in the 1.0.0 version here:
<https://registry.npmjs.org/@pulumi/eks/-/eks-1.0.1.tgz>
Do I need to update other libs? @creamy-agency-52831 . Also, I really appreciate your help on this.
c

creamy-agency-52831

03/28/2023, 10:15 PM
If there are existing resources, they are likely registered with the specific version of the provider used to create them - let me check to see what our options are here 🙂
q

quiet-jackal-96812

03/28/2023, 10:45 PM
Hey @incalculable-thailand-44404! Just did a quick look and it looks like the issue you're facing is slightly different than the one reported in https://github.com/pulumi/pulumi-eks/issues/720. Would you be able to create a new GH Issue from your comment so we can dig deeper into this and track our investigations? Thanks!
i

incalculable-thailand-44404

03/28/2023, 10:47 PM
Thanks a lot @quiet-jackal-96812. will do!
BTW, hwere are my dependencies for quick look (`package.json)`:
{
  "name": "cache-pulumi",
  "devDependencies": {
    "@types/node": "^14",
    "@typescript-eslint/eslint-plugin": "^5.13.0",
    "@typescript-eslint/parser": "^5.13.0",
    "eslint": "^8.10.0",
    "eslint-config-prettier": "^8.4.0",
    "eslint-plugin-prettier": "^4.0.0",
    "husky": "^7.0.4",
    "lint-staged": "^12.4.0",
    "prettier": "^2.5.1",
    "typescript": "^4.5.5"
  },
  "dependencies": {
    "@pulumi/aws": "^5.6.0",
    "@pulumi/awsx": "^0.40.0",
    "@pulumi/eks": "^1.0.0",
    "@pulumi/kubernetes": "^3.21.0",
    "@pulumi/pulumi": "^3.34.0"
  },
  "lint-staged": {
    "*.ts": "eslint --cache --cache-location ./node_modules/.cache/.eslintcache --fix"
  },
  "scripts": {
    "prepare": "husky install"
  }
}
@quiet-jackal-96812, just wanted to check if these look OK.
q

quiet-jackal-96812

03/28/2023, 11:27 PM
@incalculable-thailand-44404 These looks fine! Thanks for checking. Also, for sanity checking, did you try removing your
node_modules
folder and reinstalling your dependencies to see if the error persists?
i

incalculable-thailand-44404

03/28/2023, 11:53 PM
yes, I did. Created the ticket : https://github.com/pulumi/pulumi-eks/issues/870 @quiet-jackal-96812
BTW, I set the version of K8 to 1.21 explicitly and it worked!
View count: 1