https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
getting-started
  • a

    ancient-night-64850

    05/20/2021, 4:28 PM
    I am having a problem creating a CDN rule for a Microsoft standard CDN profile. The Pulumi api wants a ruleset name but one isn't needed for rules (based on the ARM template). And trying to create a ruleset via pulumi fails with "That action isn’t allowed in this profile." How can I create a basic CDN rule?
  • w

    wide-holiday-45783

    05/20/2021, 5:26 PM
    Hi folks. I've searched through this slack & github workspace for a similar issue and couldn't find anything. I suspect my problem is something trivial. Basically running pulumi (preview|up) hits the error below. This seems to be a problem within pulumi as it happens whether or not my index.ts file exists. I'm adding logs in thread:
    • 1
    • 6
  • m

    magnificent-scientist-71902

    05/20/2021, 5:59 PM
    Hi all. I'm just getting started using Pulumi, and part of my project is using Helm resources to deploy apps into our cluster. I'm using a config secrets to pass into the some of the chart values (passwords for apps). Everytime I do a 'pulumi preview' or 'pulumi up', the value changes, resulting in the k8s Secret to be replaced along with the deployments. What am I doing wrong?
  • m

    magnificent-scientist-71902

    05/20/2021, 6:07 PM
    For example, here is a config.ts that I use to represent my config:
  • m

    magnificent-scientist-71902

    05/20/2021, 6:10 PM
    import * as pulumi from "@pulumi/pulumi";
    import * as k8s from "@pulumi/kubernetes";
    
    let pulumiConfig = new pulumi.Config();
    
    export type LagoonCoreConfig = {
        kubeconfig: any;
        gitlab: {
            token: pulumi.Output<string>;
        }
        elasticsearch: {
            install: boolean;
            adminUsername: string;
            adminPassword: pulumi.Output<string>; 
        }
        kibana: {
            install: boolean;
            externalHost: pulumi.Output<string>;
            accountUsername: string;
            accountPassword: pulumi.Output<string>;
        },
        registry: {
            hostname: pulumi.Output<string>;
            harborAdminPassword: pulumi.Output<string>;
        },
        dnsBaseName: any;
    }
    
    const clusterStackRef = new pulumi.StackReference(pulumiConfig.require("clusterStackRef"));
    
    const dnsBaseName = pulumiConfig.get("dnsBaseName") || clusterStackRef.getOutput("clusterDnsName");
    
    
    export const lagoonconfig: LagoonCoreConfig = {
        // Infrastructure / Networking
        kubeconfig: clusterStackRef.getOutput("kubeconfig"),
        gitlab: {
            token: pulumiConfig.requireSecret("gitlabToken"),
        },
        elasticsearch: {
            install: true,
            adminUsername: 'admin',
            adminPassword: pulumiConfig.requireSecret("elasticsearchAdminPassword")
        },
        kibana: {
            install: true,
            externalHost: pulumi.interpolate `kibana.${dnsBaseName}`,
            accountUsername: "kibanaserver",
            accountPassword: pulumiConfig.requireSecret("kibanaPassword")
        },
        registry: {
            hostname: pulumi.interpolate `registry.${dnsBaseName}`,
            harborAdminPassword: pulumiConfig.requireSecret("harborAdminPassword")
        },
        dnsBaseName: dnsBaseName
    };
    
    // Create the k8s provider with the kubeconfig.
    export const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: lagoonconfig.kubeconfig });
    
    
    export default lagoonconfig;
    And the file that deploys the chart for Harbor below. Every time I so a pulumi up, the secret in the 'harborAdminPassword' is different.
    import * as k8s from "@pulumi/kubernetes";
    import { k8sProvider, lagoonconfig } from "../config";
    
    const hostname = lagoonconfig.registry.hostname;
    const url = `https://${hostname}`;
    
    export type HarborOutput = {
        chart: k8s.helm.v3.Chart;
        registryUrl: string;
    };
    
    const ns = new k8s.core.v1.Namespace("registry", {
        metadata: { name: "registry" },
    }, { provider: k8sProvider })
    
    export const createRegistry = (): HarborOutput  =>  {
        const registryChart = new k8s.helm.v3.Chart("registry",
            {
                namespace: ns.metadata.name,
                chart: "harbor",
                version: "1.5.2",
                fetchOpts: { repo: "<https://helm.goharbor.io>" },
                values: {
                    harborAdminPassword: lagoonconfig.registry.harborAdminPassword,
                    expose: {
                        tls: {
                            enabled: true,
                            certSource: "secret",
                            secret: {
                                secretName: "registry-harbor-tls",
                            }
                        },
                        ingress: {
                            annotations: {
                                "<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "nginx",
                                "<http://kubernetes.io/tls-acme|kubernetes.io/tls-acme>": "true"
                            },
                            hosts: {
                                core: lagoonconfig.registry.hostname
                            }
                        }
                    },
                    externalUrl: url,
                    clair: {
                        enabled: false
                    },
                    notary: {
                        enabled: false
                    },
                    trivy: {
                        enabled: true
                    }
    
                },
            },
            {providers: {kubernetes: k8sProvider}},
        );
    
        return {
            chart: registryChart,
            registryUrl: url
        };
    
    };
  • s

    salmon-egg-38815

    05/21/2021, 4:25 AM
    Hi there, new to Pulumi and first post. I'm having some difficulty getting interpolation (C#) to work with the ID output of an Azure Native Resource Group in order to generate the string required to access a well-known Role Definiiton. Here's a working example using hard-coded references to an existing resource group:
    using System.Threading.Tasks;
    using Pulumi;
    using Azure = Pulumi.AzureNative;
    using AzureAD = Pulumi.AzureAD;
    
    class WorkingStack : Stack
    {
        public MyStack()
        {
            var subscriptionId = "12345678-1234-1234-1234-1234567890ab";
            var existingRgId = $"/subscriptions/{subscriptionId}/resourceGroups/some-existing-rg";
    
            var rgContributorId = $"{existingRgId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c";
            var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);
    
            var globalAdmins = AzureAD.Group.Get("globalAdmins","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
            var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
            {
                PrincipalId      = globalAdmins.Id,
                RoleDefinitionId = contributorRoleDef.Id,
                Scope            = existingRgId
            });
        }
    }
    but if I try to do the same thing with a created resource group:
    class BrokenStack : Stack
    {
            public BrokenStack()
        {
            var rg = new Azure.Resources.ResourceGroup("rg", new Azure.Resources.ResourceGroupArgs
            {
                Location = "UK South"
            });
    
            var rgContributorId = rg.Id.Apply(id => $"{id}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c");
            var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);
    
            var globalAdmins = AzureAD.Group.Get("grp","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
            var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
            {
                PrincipalId      = globalAdmins.Id,
                RoleDefinitionId = contributorRoleDef.Id,
                Scope            = rg.Id
            });
        }
    }
    then it fails:
    Diagnostics:
      azure-native:authorization:RoleDefinition (contributorRoleDef):
        error: azure-native:authorization:RoleDefinition resource 'contributorRoleDef' has a problem: missing required property 'scope'
  • h

    hundreds-kite-52072

    05/24/2021, 12:52 PM
    Hi, I've been experimenting with a small project and want to now move it to an organization that I've just set up. I'm sure I've seen somewhere that you can move a project from a personal account to an organization, but can't find how to do it. Anybody able to help? Thanks.
    c
    • 2
    • 2
  • h

    hundreds-kite-52072

    05/24/2021, 6:33 PM
    I'm trying to run code very similar to this example: https://github.com/pulumi/examples/tree/master/aws-ts-thumbnailer but when doing a
    pulumi up
    I'm getting the following error: error: Error: invocation of aws:ec2/getVpc:getVpc returned an error: invoking aws:ec2/getVpc:getVpc: 1 error occurred: * no matching VPC found Searching for that on line takes me down a rabbit hole of setting up a vpc that I'm nervous about getting into as there's quite a bit of stuff at the next level of abstraction down that I don't understand and I don't want to do anything that will break any existing infrastructure. Any suggestions on how to work around / fix this error?
    b
    • 2
    • 5
  • n

    nutritious-church-27230

    05/24/2021, 7:44 PM
    Hi, I'm trying to test out any linode resource creation but every 'pulumi up' is saying "Configuration 'linode:token' value is a secret; use 'getSecret' instead of 'get' leading to updates failed. I'm aware about cfg.requireSecret() but I don't see where can I actually put this variable, neither input or output. I'm suspecting pulumi is trying to call api using 'get' token instead of 'getSecret' token so where can I actually fix this? Thanks.
    b
    • 2
    • 18
  • i

    important-sandwich-62391

    05/25/2021, 12:17 AM
    I’m trying to use iam.GetPolicyDocumentStatement to reference the ARN of an s3 bucket I created… but the ARN of the bucket is an Output String right? and the Resources part of the iam bit is a bare string? No way to convert Output<String> to string right? Is there a better pattern to use here?
    b
    • 2
    • 1
  • s

    straight-tailor-56799

    05/25/2021, 11:04 PM
    Hi, I have an issue with the basics and would appreciate any help… I have a project running on python on a docker image which runs a shell script using 
    subprocess.Popen
    . This shell script does 
    gcloud auth
     , 
    pulumi login
     and 
    pulumi new
    back in the python application I am trying to use pulumi auto and its complaining about missing google credentials. Note: I am using google storage as my managed backend… Am I doing anything fundamentally wrong ? how to address this ? I want my python application (using Flask) to create and destroy stacks using pulumi auto (using my gs backend url)
    c
    • 2
    • 9
  • m

    many-salesmen-89069

    05/26/2021, 10:04 AM
    Hi, I’m having trouble setting up a Python project. The docs say that Pulumi supports modularized Python programs and setup.py files, but there isn’t any more info provided there and I can’t get it working with my project structure that looks like this:
    my_dir/
      Pulumi.yaml 
      setup.py // calls `setup(packages=find_packages())`
      my_package/
        __init__.py
        __main__.py // does `from .pulumi import *`
        pulumi.py // contains AWS resource created with Pulumi
    Now when I run
    pulumi up
    in
    my_dir
    , I get the following error:
    ImportError: can't find '__main__' module in '.'
    Which tells me that Pulumi tries to import
    my_dir/__main__.py
    and ignores
    setup.py
    . How can I fix this? Is there any documentation that I’m missing?
    b
    • 2
    • 8
  • c

    colossal-vr-62639

    05/26/2021, 7:26 PM
    Anyone seen this before? I'm pretty confident that the AWS creds are correct which is being passed in
    Diagnostics:
      aws:ec2:Vpc (vpc):
        error: 1 error occurred:
        	* error configuring Terraform AWS Provider: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 2 errors occurred:
        	* error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
        	status code: 403, request id: 52427706-bd0f-49de-ae8c-d82b557e5cb5
        	* failed getting account information via iam:ListRoles: InvalidClientTokenId: The security token included in the request is invalid.
        	status code: 403, request id: c2f043c0-16d0-436a-9e5d-65238953123d
    b
    • 2
    • 3
  • p

    prehistoric-london-9917

    05/26/2021, 11:35 PM
    Hi everyone - hoping for some guidance here. I have a k8s Ingress resource I’m creating that ends up provisioning an AWS ALB. I then want to create a Route 53 Alias based on the provisioned ALB. I’m using
    getLoadBalancer
    to retrieve the provisioned ALB, but this seems to be in a race condition for the ALB controller to fully provision it. So I get a “load balancer not found” error. I’ve tried wrapping the Ingress resource in an
    all
    , but that doesn’t seem to help. Any suggestions on what I can do to make the
    getLoadBalancer
    function to wait for the load balancer to provision?
    b
    • 2
    • 16
  • q

    quiet-architect-74241

    05/27/2021, 3:51 PM
    How do I set CORS settings for 2 (Azure) webapps that are allowed to call each other? So, Webapp1 allows calls from Webapp2 and vice versa.
    var webapp1 = new WebApp(name,
           new WebAppArgs
           {
               Kind = "app,linux",
               SiteConfig = new SiteConfigArgs
               {
                    Cors = new CorsSettingsArgs
                    {
                        AllowedOrigins = {
                          // how do I specify WebApp2 here?
                        },
                        SupportCredentials = false
                     }
                },
              });
  • h

    hundreds-kite-52072

    05/28/2021, 6:24 PM
    I have a test project that is virtually identical to https://www.pulumi.com/docs/tutorials/aws/video-thumbnailer/ when the container runs I'm getting access denied errors for accessing the S3 buckets. The only key difference I have is that I'm referring to existing S3 buckets rather than creating them in the pulumi project. What do I have to do to give permissions for the container to access the buckets?
    m
    • 2
    • 15
  • m

    mammoth-doctor-29598

    05/31/2021, 1:06 AM
    I'm trying to connect a Fargate container with an EFS filesystem. I've tried a setup very similar to this AWS Lambda with EFS example, but after having solved an (apparently new) requirement of transit encryption in the efsVolumeConfiguration, the task fails to build with:
    ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: b'mount.nfs4: Connection reset by peer' : unsuccessful EFS utils command execution; code: 32
    I googled, and some people suggested creating a security group with ingress on 2049/tcp, but this doesn't seem to fix the error. I've tried many setups, but no matter how I configure the VPC, targets or mount points, it doesn't seem to work. Any idea of what I could try?
  • m

    mammoth-doctor-29598

    05/31/2021, 1:14 AM
    This is my setup: https://gist.github.com/agucova/272337b17a2797ba36d250ff0e8e823b
  • m

    mammoth-doctor-29598

    05/31/2021, 1:38 AM
    Moments after posting this I realized one of the targets was on the wrong security group. It seems the right fix was to use the ingress rule.
  • c

    colossal-vr-62639

    05/31/2021, 5:49 PM
    Hey everyone, all the pulumi operations i'm trying to perform is stuck at
    Registering resource monitor end: t=pulumi:pulumi:Stack, name=axiom.saas-manage-dev, custom=False, remote=False
  • a

    adorable-continent-4073

    05/31/2021, 10:18 PM
    hello! just getting started with pulumi. i got a cloudrun (ruby) app with cloudsql (pg) up and going with a little effort, but i'm stuck on how to use GCP secrets with Pulumi.
  • b

    brash-airline-37413

    06/01/2021, 4:53 AM
    Anyone know how to cast an Output<string> to a string? https://github.com/pulumi/pulumi/issues/7179
    g
    • 2
    • 2
  • n

    narrow-battery-21100

    06/01/2021, 11:13 AM
    Any idea why Pulumi skips an update??? The preview shows that WebApp needs an update which is correct: SiteConfig>AppSettings>code blob URL has changed. However, as you can see, Pulumi does not actually execute this update:
    Type             Name   Plan    Info
       pulumi:pulumi:Stack     psrc-dev       
     +- ├─ azure-native:storage:Blob zip   replace  [diff: ~source]
     ~ └─ azure-native:web:WebApp  fnapp57 update   [diff: ~siteConfig]
    
    Resources:
      ~ 1 to update
      +-1 to replace
      2 changes. 8 unchanged
    
    Do you want to perform this update? yes
    Updating (dev)
    
    View Live: <https://app.pulumi.com/markymark/psrc/dev/updates/3>
    
       Type             Name   Status   Info
       pulumi:pulumi:Stack     psrc-dev       
     +- └─ azure-native:storage:Blob zip   replaced  [diff: ~source]
    
    Outputs: ...
    Resources:
        +-1 replaced
        9 unchanged
    • 1
    • 1
  • h

    hundreds-kite-52072

    06/01/2021, 2:29 PM
    I'm trying out the example aws-ts-lambda-thumbnailer. pulumi up seems to get stuck and just sits there for a considerable amount of time. How long should I wait for it before giving up? How long would it normally take to do a pulumi up for this example? Is there a way to see what's going on so I know if it is hanging or if it is actually doing something? (The example in the readme with the repo shows a duration of 1m41s - mine is running for more than 40 minutes). The only difference I have is that the docker container won't build with a error: The command '/bin/sh -c mv ffmpeg-4.3.1-amd64-static/ffmpeg /usr/bin' returned a non-zero code: 1. So I replaced RUN "mv ffmpeg-4.3.1-amd64-static/ffmpeg /usr/bin" with "RUN mv ffmpeg-*-amd64-static/ffmpeg /usr/bin"
    b
    a
    • 3
    • 15
  • r

    rhythmic-kite-60258

    06/02/2021, 9:31 PM
    Hey Guys - i am very new to this IaC thing but i think combining IaC with Programming languages is rly great^^
    b
    • 2
    • 1
  • t

    thankful-oxygen-71474

    06/03/2021, 7:48 AM
    Hi everyone After adding 
    eslint
     to my project and format all files  I run command 
    pulumi up
     and receive multiple errors like this
    aws:lambda:Function (dev-v1-internal-verify):
    error: 1 error occurred:
    * updating urn:pulumi:dev::aok-multi-pulumi::aws:lambda/function:Function::dev-v1-internal-verify: 1 error occurred:
    * error modifying Lambda Function (dev-v1-internal-verify-cb6dab7) Code: RequestEntityTooLargeException:
    status code: 413, request id: eadb73d4-c9b3-4946-8a4a-ed2743cde46b
    Can anyone help ?
    b
    • 2
    • 2
  • w

    wide-activity-54187

    06/04/2021, 12:55 PM
    I have an k8s deployment in go that I’m trying to enumerate over appending each deployment to an array but I have no idea how to get it to work
    b
    • 2
    • 8
  • s

    straight-teacher-66836

    06/04/2021, 2:02 PM
    Hi Everyone, I want to know is there any pulumi api exposed to get infrastructure data stored in s3 or any db.
    b
    • 2
    • 3
  • s

    straight-airplane-54654

    06/08/2021, 12:09 PM
    Hi All, I have just started exploring pulumi IaC. Iam stuck at a point please let me know if someone can help. Thanks.
    b
    • 2
    • 24
  • s

    salmon-mechanic-4571

    06/08/2021, 12:54 PM
    Hi All, We're about to embark on the Pulumi journey. But before we chose this I need to have tested how to utulize Pulimu with azure DevOps and I'm quite close to have it all solved. THough I keep having an issue with my release pipeline, are there anybody who knows about the Pulumi plugin for AzureDevOps to run Pulumi tasks v.1.0 ?
    b
    • 2
    • 19
Powered by Linen
Title
s

salmon-mechanic-4571

06/08/2021, 12:54 PM
Hi All, We're about to embark on the Pulumi journey. But before we chose this I need to have tested how to utulize Pulimu with azure DevOps and I'm quite close to have it all solved. THough I keep having an issue with my release pipeline, are there anybody who knows about the Pulumi plugin for AzureDevOps to run Pulumi tasks v.1.0 ?
b

brave-planet-10645

06/08/2021, 12:57 PM
What's the error message you're getting?
s

salmon-mechanic-4571

06/08/2021, 12:57 PM
I don't know if it's my build pipeline that is something wrong with, I can see there is generated any artifact, so maybe thats why it can't find it
My code is structered like this and the Pulumi project is inside ./infrastructure
This is my build pipeline .yaml file
maybe this is all wrong
?
b

brave-planet-10645

06/08/2021, 1:37 PM
Can you add the entire azure-pipeline.yml file (removing any secrets you have in there)
s

salmon-mechanic-4571

06/08/2021, 1:42 PM
steps: - task: pulumi.build-and-release-task.custom-build-release-task.Pulumi@1 displayName: 'Run pulumi' inputs: azureSubscription: 'Sandbox Portal Unitsystem' command: up args: '--yes --skip-preview' cwd: ./ stack: 'carvedrock-training-python'
b

brave-planet-10645

06/08/2021, 1:51 PM
the
cwd
option needs to point at the folder that contains (in your case) the
__main__.py
file
s

salmon-mechanic-4571

06/08/2021, 1:57 PM
Sure, but how do I reference that in the correct syntax?
I have made it all from scrats again and kept everything in the root of my folder but now I get this:
And what should my artifact be, just the repo right?
b

brave-planet-10645

06/08/2021, 2:02 PM
Have you see this page? https://www.pulumi.com/docs/guides/continuous-delivery/azure-devops/
s

salmon-mechanic-4571

06/08/2021, 2:04 PM
thanks I'll go through again
View count: 3