pulumi-community #google-cloud

google-cloud

delightful-monkey-90700

02/23/2023, 9:38 PM

The google-native plugin for

cloudbuild.v1.Build()

fails because the provider is base64 encoding a UUID string:

error: waiting for completion / read state googleapi: Error 404: Requested entity was not found. (URL=<https://cloudbuild.googleapis.com/v1/projects/production/locations/us-west2/builds/NTBhNjY5MjMtZTJmYy00YTE0LWI5ZjQtNmEwZWVkNGIwMWIw>): polling operation status: googleapi: Error 404: Requested entity was not found.

-->

> echo 'NTBhNjY5MjMtZTJmYy00YTE0LWI5ZjQtNmEwZWVkNGIwMWIw' | base64 -d
50a66923-e2fc-4a14-b9f4-6a0eed4b01b0

--> The real URL should have been

<https://cloudbuild.googleapis.com/v1/projects/production/locations/us-west2/builds/50a66923-e2fc-4a14-b9f4-6a0eed4b01b0>

better-pencil-34948

02/24/2023, 5:34 PM

I am looking to understand Stack References; in particular, ones where the Stack Reference is on a different Google Storage bucket than the stack being used. Scenario: • Stack Account - configures an private artifact registry with charts, docker images, etc, along with a secret key Output. Hosted in, say, gs://bucket/account/ • Stack B - brings up a kubernetes cluster, networking, etc. Hosted in, say, gs://otherbucket/b/. • Problem: In Stack B's code, I want to reference Stack A to bring down the secret key and allow pulling from Stack A's output. Result (go SDK):

pulumi:pulumi:StackReference (<gs://bucket/account>):

error: Preview failed: unknown stack "account"

rich-motorcycle-3089

02/27/2023, 7:10 PM

Has anyone been able to delete health checks from a Cloud Run service? I have a Startup Probe and a Liveness probe defined in my Cloud Run service driven off some config file values. When I clear out those values, I wanted to remove the appropriate health checks. Filling the appropriate values with

nil

seem to cause Pulumi to ignore the health checks altogether (keep the existing values for the next revision). Attempting to give it empty objects causes Pulumi to overwrite the values, but with default implementations of the health check. I’m using the Go SDK

best-summer-38252

02/28/2023, 7:18 PM

Im tying to add an IAM policy to a service account as per https://www.pulumi.com/registry/packages/gcp/api-docs/serviceaccount/iammember/ The policy has a list of bindings and every role I have tried provided results in an Error 400 (other than "roles/iam.serviceAccountUser"):

Error 400: Role roles/workflow.invoker is not supported for this resource., badRequest

Surely a service account can have a role as per the Pulumi example. The exmaple shows the format of the role being just the role name, roles/iam.serviceAccountUser, which seems consistent with the type info: _The role that should be applied Only one

gcp.organizations.IAMBinding

can be used per role. Note that custom roles must be of the format

organizations/{{org_id}}/roles/{{role_id}}

._ Given I am not using custom roles, is

roles/workflow.invoker

the correct format?

clean-winter-59829

03/01/2023, 5:56 AM

how do you get the current GCP project of the stack in pulumi?

stocky-restaurant-98004

03/01/2023, 6:29 PM

I'm gonna write a basic clickops -> Pulumi importer for Google Cloud, similar to the one I wrote for AWS in this blog post. Anyone got a basic Google Cloud architecture, e.g. in TF that I could use as source material? Thinking something like a VPC and some VMs, or maybe a GKE cluster. (Not sure how common VPC/VMs are on Google Cloud.)

purple-electrician-80135

03/02/2023, 12:54 AM

Hello GCP channel ... I am getting a strange error deploying an autopilot cluster and I'm unsure what I'm doing wrong.

python inline source runtime error: 'Cluster' object is not callable

From this code:

def create_gks_autopilot_cluster(project_id, name, region, network_id, subnet_id):

    gke_min_version = "1.25.6-gke.200"
    default = gcp.serviceaccount.Account("default",
                                         account_id="service-account-id",
                                         display_name="Service Account")

    # Define the GKE Autopilot cluster
    gke_cluster = gcp.container.Cluster(name,
                                        enable_autopilot=True,
                                        ip_allocation_policy=container.ClusterIpAllocationPolicyArgs(
                                            cluster_secondary_range_name="pods",
                                            services_secondary_range_name="services",
                                        ),
                                        location=region,
                                        min_master_version=gke_min_version,
                                        network=network_id,
                                        release_channel={"channel": "STABLE"},
                                        subnetwork=subnet_id,
                                        project=project_id,)
    return gke_cluster

Is there anything obvious I should be doing differently? .. this is running in a Jupyter notebook .. which has made configs unavailable (probably due being unable to find the .yaml file) but otherwise seems to work.

many-knife-65312

03/03/2023, 11:41 PM

👋

many-knife-65312

03/03/2023, 11:42 PM

i'm trying to use the

.get()

function to check for existing gcp resources, but i'm struggling with the unique provider ID, does anyone have docs or tips for using

.get()

gorgeous-architect-28903

03/09/2023, 12:14 PM

Anyone seen this when creating a GKE Node Pool?

Cannot specify both name and name_prefix for a node_pool

— I’m definitely not setting a name. It happens even if I set

Name

nil

explicitly.

limited-wolf-14679

03/09/2023, 11:51 PM

Hi Guys, i am new to pulumi and trying to deploy kubeflow on gcp. I am using pulumi python and GCP...and deployed pulumi kuberntes-gcp-python and now I would like to deploy kubeflow but I am stuck. Any help ? I have tried to run the following code but no success:

# new kubeflow
kubeflow = gcp.container.Registry("kubeflow")

deployment = Deployment(
    "kubeflow-deployment",
    spec=DeploymentSpecArgs(
        replicas=1,
        selector=LabelSelectorArgs(
            match_labels={
                "app": "kubeflow",
            },
        ),
        template=PodTemplateSpecArgs(
            metadata=ObjectMetaArgs(
                labels={
                    "app": "kubeflow",
                },
            ),
            spec=PodSpecArgs(
                containers=[
                    ContainerArgs(
                        name="kubeflow",
                        image="kubeflow",
                        env=[
                            EnvVarArgs(
                                name="NAMESPACE",
                                value="kubeflow",
                            ),
                        ],
                        command=["/bin/bash"],
                        args=[
                            "-c",
                            "/opt/deploy.sh",
                        ]
                        
                    )
                ]

            )
        )
    ),
    metadata=ObjectMetaArgs(
        labels={
            "app": "kubeflow",
        }
    )
)

pulumi.export("name", deployment.metadata["name"])

# Allocate an IP to the Deployment.
app_name = "kubeflow"
app_labels = { "app": app_name }
frontend = Service(
    app_name,
    metadata={
        "labels": deployment.spec["template"]["metadata"]["labels"],
    },
    spec={
        "type":  "LoadBalancer",
        "ports": [{ "port": 80, "target_port": 80, "protocol": "TCP" }],
        "selector": app_labels,
    })

# When "done", this will print the public IP.
result = None

ingress = frontend.status.apply(lambda v: v["load_balancer"]["ingress"][0] if "load_balancer" in v else None)
if ingress is not None:
    result = ingress.apply(lambda v: v["ip"] if "ip" in v else v["hostname"])

pulumi.export("ip", result)

I am getting the following error: * the Kubernetes API server reported that "default/kubeflow-deployment-d5cb3c03" failed to fully initialize or become live: 'kubeflow-deployment-d5cb3c03' timed out waiting to be Ready * [MinimumReplicasUnavailable] Deployment does not have minimum availability. * [ProgressDeadlineExceeded] ReplicaSet "kubeflow-deployment-d5cb3c03-769cdfbd67" has timed out progressing. * Minimum number of live Pods was not attained * [Pod kubeflow-deployment-d5cb3c03-769cdfbd67-4lsjp]: containers with unready status: [kubeflow] -- [ImagePullBackOff] Back-off pulling image "kubeflow"

victorious-florist-84818

03/14/2023, 9:49 AM

Hey, I have a question regarding the google native provider for Pulumi. Is it fully maintained by Pulumi, or is Google supporting this as well?

billions-hydrogen-34268

03/15/2023, 5:43 PM

I want to create a Log Router Sink. Is a ProjectSink what I should use?

chilly-garage-80867

03/15/2023, 8:00 PM

Anyone deploying Autopilot GKE getting this error? ``````

chilly-garage-80867

03/15/2023, 8:00 PM

Error 400: Max pods constraint on node pools for Autopilot clusters should be 32.

adorable-activity-71456

03/15/2023, 10:39 PM

Hey, when running an up with changes to a template on a CloudRun service. We are getting the following error:

Error 409: The operation was aborted.

after the pulumi up runs for about 20 minutes.

stocky-restaurant-98004

03/16/2023, 6:23 PM

Hi. I wrote a blog post on bulk importing Google Cloud resources into Pulumi. Check it out! https://www.pulumi.com/blog/google-cloud-pulumi-import-account-scraper/

many-knife-65312

03/17/2023, 8:09 PM

hi friends, I'm back again. Does anyone know off the top of their head where to find the unique IDs for K8s resources?

many-knife-65312

03/17/2023, 8:43 PM

it looks like the

.get()

function for a k8s resource errors out when it doesn't exist. what's the right way to handle this scenario so that the resource is created if it doesn't exist?

gifted-cat-49297

03/20/2023, 12:57 PM

How to get Cloud Run URL using Go? For

.Statuses

it's returning

cloudrun.ServiceStatusArrayOutput

but I have no idea what to do with this object.

chilly-garage-80867

03/20/2023, 11:19 PM

Deploying GKE on GCP, anyone get this when trying to push .yaml files

Error: invocation of kubernetes:yaml:decode returned an error: failed to initialize discovery client: The gcp auth plugin has been removed.
    Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
    See <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke> for further details

refined-engineer-9827

03/21/2023, 6:31 PM

Trying to manage a split-horizon dns setup having pulumi manage the private dns side of things. If I try to add/remove a VPC via Pulumi, I get back:

gcp:dns:ManagedZone (brinqa-net-private):
    error: 1 error occurred:
    	* updating urn:pulumi:brinqa-prod::brinqa-net-private::gcp:dns/managedZone:ManagedZone::brinqa-net-private: 1 error occurred:
    	* Error updating ManagedZone "projects/brinqa-prod/managedZones/brinqa-net-private": googleapi: Error 400: The field 'entity.managedZone.id' cannot be modified., immutableField

Why would Pulumi be trying to update/change the id field of the zone? The diff shows it only trying to update

privateVisibilityConfig.networks

refined-engineer-9827

03/21/2023, 7:01 PM

I think this applies to my issue, not sure how to go about fixing it for Pulumi, other than have a bug report submitted, and wait for a release that fixes the issue: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone#networks

refined-engineer-9827

03/21/2023, 11:09 PM

Okay, pretty sure I found the bug. No idea where/with who to file the bug with though:

I0321 22:26:42.150801 2409260 log.go:75] Unmarshaling property for RPC[Provider[gcp, 0xc0015a85a0].Update(projects/brinqa-prod/managedZones/brinqa-net-private,urn:pulumi:brinqa-prod::brinqa-net-private::gcp:dns/managedZone:ManagedZone::brinqa-net-private).outputs]: managedZoneId={2.9610687372243656e+18}

managedZoneId is cast as an Int, which is then changed to scientific notation. the problem is

2.9610687372243656e+18

recasts as

2961068737224365600

, whereas the actual id for my zone is:

2961068737224365485

(not to mention there's a rounding error there, but that's another nit to pick). If someone can point me to the right place to file said bug, I'll be more than happy to do it.

adamant-leather-41068

03/22/2023, 12:01 AM

The docs for

gcp.compute.AttachedDisk

say:

Note: When using
gcp.compute.AttachedDisk
you must use
lifecycle.ignore_changes = ["attached_disk"]
on the
gcp.compute.Instance
resource that has the disks attached. Otherwise the two resources will fight for control of the attached disk block.

How do I do this? ie, where does this go?

stocky-restaurant-98004

03/22/2023, 2:34 PM

Just an FYI, we're running a workshop in about 90 minutes if you'd like to join us: https://www.pulumi.com/resources/kubernetes-on-google-cloud/

gifted-room-26715

03/23/2023, 5:55 AM

Hello folks, I want to import GCP resources that are created through console. Is there a reference doc that lists how to reference each and every gcp resource through its ID? For instance what is the correct command for importing instanceGroup as the below one continues to state the referenced resource doesn't exist even though it is already created and used. pulumi import gcp:compute/instanceGroup:InstanceGroup my-instance-group projects/my-project/zones/us-central1-a/instanceGroups/my-instance-group I've tried with zone and regions variations and also with InstanceGroupManager but so far no luck.

millions-train-91139

03/23/2023, 6:18 AM

Anyone is using GCP Cloud SQL Postgres Database instance together with Postgresql provider to set initial roles for other users?

prehistoric-tailor-40857

03/27/2023, 4:40 AM

any support for Bigquery as datasource for Grafana? Doesn’t look like it, just curious if anybody has a workaround for it

busy-lawyer-33856

03/29/2023, 5:34 AM

Hi, Is it correctly understood, that the gcp.cloudbuild.Trigger connecting to the Github repo only works for Github Enterprise users? Or is it possible with Github Team? Thank you, Elias