pulumi-community #google-cloud

glamorous-jelly-86558

09/19/2023, 12:11 AM

Cannot destroy GCP Cloud SQL via

pulumi destroy

Copy code

➜  ~/code/infra/pulumi/app git:(feat/pulumi-playground) ✗ pulumi state unprotect "urn:pulumi:staging::my-sample::gcp:sql/databaseInstance:DatabaseInstance::pulumi-postgres" 
 warning: This command will edit your stack's state directly. Confirm? Yes
Resource unprotected
➜  ~/code/infra/pulumi/app git:(feat/pulumi-playground) ✗ pulumi destroy --target "urn:pulumi:staging::eluve-sample::gcp:sql/databaseInstance:DatabaseInstance::pulumi-postgres"

average-plastic-1653

09/20/2023, 4:23 PM

Hi! I am working with GCP Workflows, and I noticed in the Pulumi doc that "This resource does not support import." Do I need a GitHub Action implemented prior to deploying from Pulumi?

full-eve-52536

09/22/2023, 4:02 PM

Does anyone have experience with the CloudRunv2.Job pulumi resource? I was able to create a Job with it, but I don't see a way to execute that Job through Pulumi. https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrunv2/job/

ambitious-thailand-9777

09/27/2023, 12:19 AM

Hi. I am getting the following error when I try to create an azure cluster using anthos. The only place the cluster accepts a cidr is for the pod and service network and i have specifed them. But in pulumi output it seems that the cidr is empty. Am I missing something? Did anyone come across this issue and what was the fix?

Copy code

Duration: 19s
   err?: Error: Command failed with exit code 255: pulumi up --yes --skip-preview --diff --exec-agent pulumi/actions@v3 --color auto --exec-kind auto.local --stack equinor --non-interactive
  [resource plugin azuread-5.42.0] installing
  error: 1 error occurred:
  	* Error creating Cluster: googleapi: Error 400: has an invalid IPv4 CIDR block: "", field: azure_cluster.networking
  Details:
  [
    {
      "@type": "<http://type.googleapis.com/google.rpc.BadRequest|type.googleapis.com/google.rpc.BadRequest>",
      "fieldViolations": [
        {
          "description": "has an invalid IPv4 CIDR block: \"\"",
          "field": "azure_cluster.networking"
        }
      ]
    }
  ]

Vnets and subnets were successfully created with following configurations:

Copy code

virtual_network = VirtualNetwork("virtualNetwork",
            address_space=AddressSpaceArgs(
                address_prefixes=["10.10.0.0/16", "10.20.0.0/16"],
            ),
            # subnets=[SubnetArgs(name="default", address_prefix="10.10.0.0/24")],
            flow_timeout_in_minutes=10,
            location=self.azure_region,
            resource_group_name=security_perimeter.name,
            virtual_network_name=name,
            tags=tags
                )
        
        #Create subnet
        self.subnet = Subnet("default",
            address_prefixes=["10.10.0.0/24"],
            resource_group_name=security_perimeter.name,
            subnet_name="default",
            virtual_network_name=virtual_network.name)

cluster definition:

Copy code

` error: update failed
  Updating ({stack}):
  v3.83.0
  
    pulumi:pulumi:Stack: (same)
      [urn=urn:pulumi:equinor::{project}:pulumi:pulumi:Stack::{stack}]
      --outputs:--
      vpc_network_id: "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Network/virtualNetworks/{vnet}"
      vpc_subnet    : "/subscriptions{sub}/resourceGroups/{rg}/providers/Microsoft.Network/virtualNetworks/equinor/subnets/default"
      + gcp:container/azureCluster:AzureCluster: (create)
          [urn=urn:pulumi:{stack}::{PROJECT}::gcp:container/azureCluster:AzureCluster::primary]
          [provider=urn:pulumi:{stack}::{PROJECT}::pulumi:providers:gcp::default_6_61_1::{}]
          authorization              : {
              adminUsers: [
                  [0]: {
                      username  : "{email}"
                  }
              ]
          }
          azureRegion                : "westeurope"
          azureServicesAuthentication: {
              applicationId: "{app_id}"
              tenantId     : "{tenant_id}"
          }
          controlPlane               : {
              mainVolume: {
                  sizeGib   : 8
              }
              rootVolume: {
                  sizeGib   : 32
              }
              sshConfig : {
                  authorizedKey: "{key}"
              }
              subnetId  : "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Network/virtualNetworks/{vnet}/subnets/default"
              tags      : {
                  client    : "pulumi"
              }
              version   : "1.27.4-gke.1600"
              vmSize    : "Standard_DS2_v2"
          }
          description                : "Azure GKE cluster created with terraform"
          fleet                      : {
              project   : "projects/{project number}"
          }
          location                   : "europe-west1"
          name                       : "azure-anthos"
          networking                 : {
              podAddressCidrBlocks    : [
                  [0]: "100.65.0.0/16"
              ]
              serviceAddressCidrBlocks: [
                  [0]: "100.66.0.0/16"
              ]
              virtualNetworkId        : "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Network/virtualNetworks/{vnet}"
          }
          project                    : "{project number}"
          resourceGroupId            : "/subscriptions/{sub}/resourceGroups/{rg}"`

prehistoric-pizza-96832

09/27/2023, 8:22 PM

hey all, is there a way to get the currently authenticated account used by the provider?

damp-magazine-59707

09/28/2023, 3:28 PM

we're seeing an odd behavior where self-managed GCP certs are always showing that they need to be replaced, and the diff shows that the cert material needs to be added, which is odd because

pulumi stack export

shows exactly the cert material we expect. a sample diff:

Copy code

+-gcp:certificatemanager/certificate:Certificate: (replace)
    [id=projects/myproject/locations/global/certificates/wildcard--app-gcp-cert-5da1faa]
    [urn=urn:pulumi:staging::app::company:app:infrastructure$company:app:dns$gcp:certificatemanager/certificate:Certificate::wildcard--app-gcp-cert]
    [provider=urn:pulumi:staging::app::pulumi:providers:gcp::default_6_59_0::45fa4902-44fd-4f64-bf52-927b03c5043d]
  ~ selfManaged: {
      + pemCertificate: "-----BEGIN CERTIFICATE-----\n...snip...\n-----END CERTIFICATE-----\n"
      + pemPrivateKey : [secret]
    }

pulumi stack export

includes certificate data that matches exactly what's in the diff. i obviously can't compare the key material, but it's odd that the diff a) shows that the key needs to be added, not changed; and b) shows that both the cert and key need to be added, when i can verify that the cert in the diff matches the cert in the current stack state. anyone have any idea what might be going on here, or how to gather more info on it?

average-plastic-1653

09/29/2023, 4:56 PM

Does anyone know or recommend Pulumi training focused on GCP and Python? I'm making progress but do not have a Terraform background, so I feel there are foundational gaps in my knowledge!

clean-dusk-43198

10/07/2023, 2:10 PM

Hello, I am having a tough time with configuring OIDC - I have tried already many combinations of audiences, but I have still one error:

Copy code

Diagnostics:
18
   pulumi:pulumi:Stack (smilingwords-gcp-management-prod):
19
     warning: unable to detect a global setting for GCP Project;
20
     Pulumi will rely on per-resource settings for this operation.
21
     Set the GCP Project by using:
22
     	`pulumi config set gcp:project <project>`
23
     warning: unable to detect a global setting for GCP Project;
24
     Pulumi will rely on per-resource settings for this operation.
25
     Set the GCP Project by using:
26
     	`pulumi config set gcp:project <project>`
27
     error: Running program '/deployment/index.ts' failed with an unhandled exception:
28
     [36m<ref *1>[39m Error: invocation of gcp:projects/getProject:getProject returned an error: invoking gcp:projects/getProject:getProject: 1 error occurred:
29
     	* Error retrieving projects: Get "<https://cloudresourcemanager.googleapis.com/v1/projects?alt=json&filter=name%3Asmw-bot+lifecycleState%3AACTIVE+labels.smw_bot%3Ay+labels.pulumi%3Ay>": oauth2/google: unable to generate access token: Post "<https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/smw-bot-serviceaccount@smw-bot-qowk5.iam.gserviceaccount.com:generateAccessToken>": oauth2/google: status code 400: {"error":"invalid_target","error_description":"The target service indicated by the \"audience\" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn't exist."}
30

31

32
         at Object.callback [90m(/deployment/[39mnode_modules/[4m@pulumi[24m/runtime/invoke.ts:172:37[90m)[39m
33
         at Object.onReceiveStatus [90m(/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/client.ts:360:26[90m)[39m
34
         at Object.onReceiveStatus [90m(/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/client-interceptors.ts:458:34[90m)[39m
35
         at Object.onReceiveStatus [90m(/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/client-interceptors.ts:419:48[90m)[39m
36
         at [90m/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/resolving-call.ts:132:24
37
     [90m    at processTicksAndRejections (node:internal/process/task_queues:77:11)[39m {
38
       promise: Promise { [36m<rejected>[39m [36m[Circular *1][39m }
39
     }

What is the issue or how it can be solved? It would be very nice if someone would have the answer! Please help 😕 Thanks in advance!

thankful-planet-44055

10/08/2023, 12:19 AM

I have a gcloud db which I’m trying to add the edition keyword. When I run pulumi up, I get an error:

Copy code

Diagnostics:
  pulumi:pulumi:Stack (tonocracy-backend-etest):
    error: Program failed with an unhandled exception:
    Traceback (most recent call last):
      File "/devops/__main__.py", line 206, in <module>
        settings=sql.DatabaseInstanceSettingsArgs(
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    TypeError: DatabaseInstanceSettingsArgs.__init__() got an unexpected keyword argument 'edition'

The IDE is happy with this and it matches the code created by pulumi new.

Copy code

class DatabaseInstanceSettingsArgs:
    def __init__(__self__, *,
                 tier: pulumi.Input[str],
                 activation_policy: Optional[pulumi.Input[str]] = None,
                 active_directory_config: Optional[pulumi.Input['DatabaseInstanceSettingsActiveDirectoryConfigArgs']] = None,
                 advanced_machine_features: Optional[pulumi.Input['DatabaseInstanceSettingsAdvancedMachineFeaturesArgs']] = None,
                 availability_type: Optional[pulumi.Input[str]] = None,
                 backup_configuration: Optional[pulumi.Input['DatabaseInstanceSettingsBackupConfigurationArgs']] = None,
                 collation: Optional[pulumi.Input[str]] = None,
                 connector_enforcement: Optional[pulumi.Input[str]] = None,
                 data_cache_config: Optional[pulumi.Input['DatabaseInstanceSettingsDataCacheConfigArgs']] = None,
                 database_flags: Optional[pulumi.Input[Sequence[pulumi.Input['DatabaseInstanceSettingsDatabaseFlagArgs']]]] = None,
                 deletion_protection_enabled: Optional[pulumi.Input[bool]] = None,
                 deny_maintenance_period: Optional[pulumi.Input['DatabaseInstanceSettingsDenyMaintenancePeriodArgs']] = None,
                 disk_autoresize: Optional[pulumi.Input[bool]] = None,
                 disk_autoresize_limit: Optional[pulumi.Input[int]] = None,
                 disk_size: Optional[pulumi.Input[int]] = None,
                 disk_type: Optional[pulumi.Input[str]] = None,
                 edition: Optional[pulumi.Input[str]] = None,  #### HERE
                 insights_config: Optional[pulumi.Input['DatabaseInstanceSettingsInsightsConfigArgs']] = None,
                 ip_configuration: Optional[pulumi.Input['DatabaseInstanceSettingsIpConfigurationArgs']] = None,
                 location_preference: Optional[pulumi.Input['DatabaseInstanceSettingsLocationPreferenceArgs']] = None,
                 maintenance_window: Optional[pulumi.Input['DatabaseInstanceSettingsMaintenanceWindowArgs']] = None,
                 password_validation_policy: Optional[pulumi.Input['DatabaseInstanceSettingsPasswordValidationPolicyArgs']] = None,
                 pricing_plan: Optional[pulumi.Input[str]] = None,
                 sql_server_audit_config: Optional[pulumi.Input['DatabaseInstanceSettingsSqlServerAuditConfigArgs']] = None,
                 time_zone: Optional[pulumi.Input[str]] = None,
                 user_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                 version: Optional[pulumi.Input[int]] = None):

Is there a silly mistake I’m making, or is the

pulumi

command not in sync with the code in the project or ….? Slack Conversation

brash-mechanic-26159

10/12/2023, 8:23 PM

Hi, I'm trying to upgrade the

google-native

package from version 0.18.0 to 0.31.1 and all of a sudden, pulumi wants to change the name of all my resources. Core parts of our infrastructure like static IP-address and k8s clusters are being updated or recreated. This triggers updates throughout the entire stack, even for non-google-native resources. Here's an example of a GlobalAddress being changed:

Copy code

~ google-native:compute/v1:GlobalAddress: (update)
    [id=<https://www.googleapis.com/compute/v1/projects/><redacted>/global/addresses/<redacted>-5afe1e3]
    [urn=urn:pulumi:dev::<redacted>::google-native:compute/v1:GlobalAddress::<redacted>]
    [provider=urn:pulumi:dev::<redacted>::pulumi:providers:google-native::default_0_31_1::<redacted>]
  ~ name: "<redacted>-5afe1e3" => "<redacted>-dc52ead"

The only thing changing here is the name. The exact same thing is happening to our k8s cluster, nodepools etc. It seems like I can avoid all of this by adding the following option to each resource:

Copy code

opts=pulumi.ResourceOptions(ignore_changes=["name"])

but that doesn't seem like a good idea (but it helps isolate the issue for me). Anyone else who has experienced something similar? And knows how to approach it? Thankful for any help Erik

gifted-cat-49297

10/13/2023, 12:30 PM

I have issue with Event Arc. I'm trying to create trigger for Firestore and when I use "EventDataContentType" field I'm getting error as below

error: gcp:eventarc/trigger:Trigger resource 'qpa-ev-new-cfg-created' has a problem: Invalid or unknown key. Examine values at 'Trigger.EventDataContentType'.

When I don't use it I'm getting as response from API

* Error updating Trigger: googleapi: Error 400: The request was invalid: invalid value for trigger.event_data_content_type: "" is not supported by this event type

average-plastic-1653

10/13/2023, 5:20 PM

Hi, I am deploying a GCP Workflow and an Eventarc Trigger using the Python pulumi_gcp library. I am trying to add an environment variable to the Workflow and need help to do this. Any help would be appreciated! Pulumi AI gives this response: _Alternatively, if you're referring to environment variables in the context of Workflows workflow execution, currently, this is only supported via the Cloud Console or gcloud command-line tool and not via infrastructure as code tools like Pulumi as of my last update in April, 2023._ Thanks, Jonathan

bland-address-49163

10/15/2023, 9:40 AM

Does anyone know if there is an option to create an

IAMMember

for a cloud sql database instance (so, something like a

DatabaseIAMMember

, like there is for Buckets with

BucketIAMMember

) ? I'd like to grant

roles/cloudsql.instanceUser

and

roles/cloudsql.client

to a service account for a specific database instance.

damp-magazine-59707

10/16/2023, 7:17 PM

The docs for

gcp.gkehub.Feature

have an example for multi-cluster Services (MCS), but it seems to be entirely incomplete -- the code is just placeholder code with no actual feature spec. does that mean that it's not yet supported? i couldn't find an issue tracking it

average-plastic-1653

10/17/2023, 3:22 PM

Hi, Checking to see if anyone can tell me how to add environment variables to GCP Workflows using the Python Pulumi library?

average-plastic-1653

10/20/2023, 6:27 PM

Hi, I am adding an eventarc trigger to a Workflow. When creating a new GCP Project it takes 4 to 5 minutes for the Eventarc Service Agent account to become available. How are others handling this? For example, by adding a sleep or polling. Thanks!

thankful-notebook-32588

10/24/2023, 5:28 PM

I am new to GCP and automation. I watched the webinar by Josh Kodroff on K8S deployment on GCP. How can I ENABLE my gmail account (Which I used for registering to get a free tier account form GCP) for accessing GCP and a Project created there named k8s123 to perform k8s deployment using GCP and pulumi IaC ? Is there a step by step tutorial how to give access to one’s gmail address to perform Kubernetes deployment using Google cloud and Pulumi. I am able to authenticate from my windows command prompt to gcloud auth and its authenticated. But when I do. $ pulumi new & choose a template kubernetes-gcp-typescript Its went fine.. But when do $ pulumi up It fails with Type Name Status Info + pulumipulumiStack k8s3-dev creating failed 1 error + └─ gcpcomputeNetwork gke-network creating failed 1 error Diagnostics: gcpcomputeNetwork (gke-network): error: 1 error occurred: * Error creating Network: googleapi: Error 403: Compute Engine API has not been used in project k8s123 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=k8s123 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry. I CAN access my google cloud console (with my gmail id) and able to see the project k8s123 but how to proceed from there, what permissions need to allocated & how ? Any hints most appreciated.

limited-farmer-68874

10/24/2023, 7:16 PM

Is there a sane way I can migrate from the Cloud Run v1 API to the Cloud Run v2 API without having to destroy and recreate my service? (the URL is referenced in a lot of places and I'd like to avoid having to update it everywhere)

thankful-notebook-32588

10/30/2023, 6:06 PM

Hi all, I am in need of an infrastructure set up for data analytics / live video stream analytics application using big data and analytics technology.. The data is basically right now stored as structured data(no video streaming) in PostgresDatabase. ( Its an emergency call handling solution, In database which stores, caller info (address, mobile number, locations co-ordinates, emergency category metadata and dispatch information regarding rescue vehicles., Rescue vehicle location update (lat, long)every 30 seconds all are stored in the Postgres Database .. Input1 : I have to do an analytics on these data( say 600 GB for the last 2 years its the size grown from initial setup).To perform an analytical application development( using python and data analytics libraries, and displaying the results and analytical predication through a dashboard application.) Query 1. How much resource in terms of compute(GPU?(CPU) cores required for this analytical application? and memory ? And any specific type of storage(in memory like redis required ? ) etc, which I have to provision for these kind of application processing. ?? any hints most welcome.. Any more input required let me know I can provide if available. Input 2 In addition to the above I have to do video analytics from bodyworn cameras by police personnel, drone surveillance Videos from any emergency sites, patrol vehicle (from a mobile tablet device over 5G )live streaming of indent locations for few minutes ( say 3 to 5 minutes live streaming for each incident. ) There are 50 drones, 500 Emergency rescue service vehicles, 300 body worn camera personnels.. and roughly 5000 incidents / emergency incidents per day happening, which needs video streaming for at least 1000 incidents for a time duration of 4 to 5 minutes live streaming. Query2. What/(how many) kind of computing resources GPUs(CPUs)? RAM, Storage solutions I have to deploy in numbers( or cores of GPUs/how many/(CPUs)? RAM ? In Memory (Redis or similar ) or any other specific data storage mechanisms ? Any hints much appreciated..

damp-ability-26071

11/01/2023, 2:09 PM

Hi there! My team is trying to investigate an error, but the error message isn't helpful. "pulumi up" returns

Diagnostics:

gcpcloudrunService (*):

error: expected property name after '.'

Increasing verbosity isn't giving more detail. This uses provider

<@UDNQQGNJF>/gcp

version

6.64

Any idea how to figure out which property name this error refers to? Or how to investigate at all?

hallowed-pilot-39436

11/02/2023, 11:11 AM

Hey, we're using gke and trying to ugrade the

k8s.Provider

to the new

gke-gcloud-auth-plugin

Copy code

user:
    exec:
        apiVersion: client.authentication.k8s.io/v1beta1
        command: gke-gcloud-auth-plugin
        installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
          <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
        provideClusterInfo: true

After the change to the provider, pulumi wants to replace all of the kubernetes objects:

Copy code

+-  ├─ kubernetes:core/v1:Namespace                         namespace1                                                            replace     [diff: ~metadata,provider]
 +-  ├─ kubernetes:core/v1:Namespace                         namespace2                                                            replace     [diff: ~metadata,provider]

i tried adding

ignoreChanges: ['metadata', 'provider']

but it didn't work - it still trying to replace all of the objects. any idea on how to prevent the replacement of all of the objects?

colossal-tailor-72573

11/02/2023, 6:22 PM

Hello All -- just getting to know google cloud and pulumi. I'm not sure I understand how the cloudrunv2 iam stuff works. I'd like to allow unauthenticated users access to invoke a cloudrun service. I'm guessing I'm supposed to attach the "allUsers" to "roles/run.invoker" for the service. However, none of the service iam functions let you specify which service you're referring to. What am I missing? https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrunv2/serviceiambinding/

brainy-cricket-15245

11/10/2023, 7:11 PM

Update: SOLVED, see thread Hi everyone, I'm having trouble using pulumi to set up a Private Endpoint Link between MongoDB and Google Cloud. When creating a GCP Forwarding Rule to forward an allocated IP address to the target MongoDB Service Attachment, I get these two errors: First error:

Copy code

* Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.loadBalancingScheme': 'EXTERNAL'. Invalid field set in Private Service Connect Forwarding Rule. This field should not be set., invalid

That one goes away if I manually set

loadBalancingScheme

to be

''

(see below for code)

Copy code

* Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.labels': ''. Invalid field set in Private Service Connect Forwarding Rule. This field should not be set., invalid

This one won't go away, even after trying to manually set the

labels

to be

{}

null

, and

undefined

. Interestingly, I also get the exact same error when I provide an object with values in it! So it seems that the SDK is sending a request to the GCP API that has the labels set to
''
regardless of user input. I'm using the typescript SDK,

@pulumi/gcp@7.0.0

and

@pulumi/pulumi@3.92.0

Here's the code I'm running:

Copy code

const mongoEndpoint = new mongodbatlas.PrivateLinkEndpoint(
    'mongoPrivateLinkEndpoint',
    {
      projectId: mongoProject.id,
      providerName: 'GCP',
      region: 'CENTRAL_US',
    },
    { provider: getMongoAtlasProvider() }
  );

  const mongoSubnet = new gcp.compute.Subnetwork('mongo-atlas-subnet', {
    name: `mongo-atlas-subnet-${projectId}`,
    purpose: 'PRIVATE_RFC_1918',
    ipCidrRange: '10.120.0.0/16',
    ipv6AccessType: 'INTERNAL',
    network: appVpcNetwork.selfLink,
    region: location,
  });

  const endpoints: mongodbatlas.types.input.PrivateLinkEndpointServiceEndpoint[] = [];
  // create 50 ips and forwarding rules
  for (let i = 0; i < 50; i++) {
    const ip = new gcp.compute.Address(`mongo-atlas-ip-${i}`, {
      name: `mongo-atlas-ip-${i}`,
      region: location,
      subnetwork: mongoSubnet.selfLink,
      addressType: 'INTERNAL',
    });

    const rule = new gcp.compute.ForwardingRule(`mongo-atlas-${i}`, {
      region: location,
      network: appVpcNetwork.name,
      subnetwork: mongoSubnet.name,
      ipAddress: ip.selfLink,
      target: mongoEndpoint.serviceAttachmentNames[i],
      loadBalancingScheme: '',
    });
    endpoints.push({
      endpointName: rule.name,
      ipAddress: ip.address,
    });
  }

  new mongodbatlas.PrivateLinkEndpointService(
    'mongoPrivateLinkEndpointService',
    {
      projectId: mongoProject.id,
      providerName: 'GCP',
      gcpProjectId: '<my-gcp-project>', // redacted
      endpoints,
      endpointServiceId: mongoSubnet.id,
      privateLinkId: mongoEndpoint.id,
    },
    { provider: getMongoAtlasProvider() }
  );

fancy-insurance-82174

11/12/2023, 3:18 AM

Hi, I am encountering an issue while trying to create a GCP instance for alloydb. Although I was able to create the alloydb cluster successfully, the instance creation is not working. Additionally, the error message provided is hard to trace back. Here is the pulumi code:

Copy code

default_instance = gcp.alloydb.Instance(prefix,
    cluster=default_cluster.name,
    instance_id="primary-instance",
    instance_type="PRIMARY",
    machine_config=gcp.alloydb.InstanceMachineConfigArgs(
        cpu_count=2,
    ))

Output:

Copy code

Diagnostics:
  gcp:alloydb:Instance (development):
    error: 1 error occurred:
        * Error waiting to create Instance: Error waiting for Creating Instance: Error code 13, message: an internal error has occurred

thankful-notebook-32588

11/14/2023, 9:01 AM

I am trying the k8s cluster deployment on GCP (free tier account) using the template kubernetes-gcp-typescript I am able to get the initial pulumi new and pulumi up commands get right. Once I edited for Kubernetes objects and deploy-nginx server and loadbalancer deployment snippets in the index.ts files and running the pulumi up command it fails ..... The error as followos kube-system pdcsi-node-k295j 2/2 Running 0 7m29s kube-system pdcsi-node-xvzrr 2/2 Running 0 6m50s apple@APPLEs-MacBook-Pro k8sNov0723 % npm i @pulumi/kubernetes added 18 packages, and audited 225 packages in 21s 67 packages are looking for funding run

npm fund

for details found 0 vulnerabilities apple@APPLEs-MacBook-Pro k8sNov0723 % pulumi up Previewing update (dev) View in Browser (Ctrl+O): https://app.pulumi.com/Dhanesh/k8sGCP/dev/previews/d0f6f6fe-8b49-4444-8334-c5d379e68751 Type Name Plan pulumipulumiStack k8sGCP-dev + ├─ pulumiproviderskubernetes k8s-provider create + ├─ kubernetescore/v1Service nginx-service create + └─ kubernetesapps/v1Deployment nginx-deployment create Outputs: + nginxLoadBalancerAddress: outputstring Resources: + 3 to create 6 unchanged Do you want to perform this update? yes Updating (dev) View in Browser (Ctrl+O): https://app.pulumi.com/Dhanesh/k8sGCP/dev/updates/3 Type Name Status Info *pulumipulumiStack k8sGCP-dev failed 1 error* + ├─ pulumiproviderskubernetes k8s-provider created (1s) + ├─ kubernetescore/v1Service nginx-service created (72s) + └*─ kubernetesapps/v1Deployment nginx-deployment creating failed 1 error* Diagnostics: pulumipulumiStack (k8sGCP-dev): error: update failed kubernetesapps/v1Deployment (nginx-deployment): error: 4 errors occurred: * resource default/nginx-deployment was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: 'nginx-deployment' timed out waiting to be Ready * [MinimumReplicasUnavailable] Deployment does not have minimum availability. * Minimum number of live Pods was not attained * [Pod nginx-deployment-68b9d8bc68-5frrb]: containers with unready status: [nginx] -- [ImagePullBackOff] Back-off pulling image "nginx:1.19.10" Outputs: clusterId : "projects/k8snov0723/locations/us-central1/clusters/gke-cluster-a740275" clusterName : "gke-cluster-a740275" kubeconfig : [secret] networkId : "projects/k8snov0723/global/networks/gke-network-8f00948" networkName : "gke-network-8f00948" + nginxLoadBalancerAddress: "35.239.14.51" Resources: + 2 created 6 unchanged Duration: 10m13s Whats wrong here ...?? index.ts file follows here ####################################################################################################################### import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; // Get some provider-namespaced configuration values const providerCfg = new pulumi.Config("gcp"); const gcpProject = providerCfg.require("project"); const gcpRegion = providerCfg.get("region") || "us-central1"; // Get some other configuration values or use defaults const cfg = new pulumi.Config(); const nodesPerZone = cfg.getNumber("nodesPerZone") || 1; // Create a new network const gkeNetwork = new gcp.compute.Network("gke-network", { autoCreateSubnetworks: false, description: "A virtual network for your GKE cluster(s)", }); // Create a new subnet in the network created above const gkeSubnet = new gcp.compute.Subnetwork("gke-subnet", { ipCidrRange: "10.128.0.0/12", network: gkeNetwork.id, privateIpGoogleAccess: true, }); // Create a new GKE cluster const gkeCluster = new gcp.container.Cluster("gke-cluster", { addonsConfig: { dnsCacheConfig: { enabled: true, }, }, binaryAuthorization: { evaluationMode: "PROJECT_SINGLETON_POLICY_ENFORCE", }, datapathProvider: "ADVANCED_DATAPATH", description: "A GKE cluster", initialNodeCount: 1, ipAllocationPolicy: { clusterIpv4CidrBlock: "/14", servicesIpv4CidrBlock: "/20", }, location: gcpRegion, masterAuthorizedNetworksConfig: { cidrBlocks: [{ cidrBlock: "0.0.0.0/0", displayName: "All networks", }], }, network: gkeNetwork.name, networkingMode: "VPC_NATIVE", privateClusterConfig: { enablePrivateNodes: true, enablePrivateEndpoint: false, masterIpv4CidrBlock: "10.100.0.0/28", }, removeDefaultNodePool: true, releaseChannel: { channel: "STABLE", }, subnetwork: gkeSubnet.name, workloadIdentityConfig: { workloadPool:

${gcpProject}.svc.id.goog

, }, }); // Create a service account for the node pool const gkeNodepoolSa = new gcp.serviceaccount.Account("gke-nodepool-sa", { accountId: pulumi.interpolate

${gkeCluster.name}-np-1-sa

, displayName: "Nodepool 1 Service Account", }); // Create a nodepool for the GKE cluster const gkeNodepool = new gcp.container.NodePool("gke-nodepool", { cluster: gkeCluster.id, nodeCount: nodesPerZone, nodeConfig: { oauthScopes: ["https://www.googleapis.com/auth/cloud-platform"], serviceAccount: gkeNodepoolSa.email, }, }); // Build a Kubeconfig for accessing the cluster const clusterKubeconfig = pulumi.interpolate `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${gkeCluster.masterAuth.clusterCaCertificate} server: https://${gkeCluster.endpoint} name: ${gkeCluster.name} contexts: - context: cluster: ${gkeCluster.name} user: ${gkeCluster.name} name: ${gkeCluster.name} current-context: ${gkeCluster.name} kind: Config preferences: {} users: - name: ${gkeCluster.name} user: exec: apiVersion: client.authentication.k8s.io/v1beta1 command: gke-gcloud-auth-plugin installHint: Install gke-gcloud-auth-plugin for use with kubectl by following https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke provideClusterInfo: true `; // Export some values for use elsewhere export const networkName = gkeNetwork.name; export const networkId = gkeNetwork.id; export const clusterName = gkeCluster.name; export const clusterId = gkeCluster.id; export const kubeconfig = clusterKubeconfig; const k8sProvider = new k8s.Provider("k8s-provider",{ kubeconfig: kubeconfig }); const nginxDeployment = new k8s.apps.v1.Deployment("nginx-deployment", { metadata: { name: "nginx-deployment", labels: { app: "nginx" }, }, spec: { replicas: 2, selector: { matchLabels: { app: "nginx" } }, template: { metadata: { labels{app "nginx"} }, spec: { containers:[ { name: "nginx", image: "nginx:1.19.10", ports: [{ containerPort: 80 }], }, ], }, }, }, }, { provider: k8sProvider}); const nginxService = new k8s.core.v1.Service("nginx-service", { metadata: { name: "nginx-service" }, spec: { selector: { app: "nginx" }, type: "LoadBalancer", ports: [{ port:80, targetPort: 80 }], }, }, { provider: k8sProvider }); export const nginxLoadBalancerAddress = nginxService.status.loadBalancer.ingress[0].ip; ############################################################################################################

thankful-notebook-32588

11/14/2023, 1:03 PM

UPDATE On K8S Deployment on GCP Using PULUMI Automation ( Simple Nginx k8s cluster Deployment Successful )

thankful-notebook-32588

11/14/2023, 1:03 PM

I HAVE PREPARED A DETAILED DOCUMENTATION ON HOW TO K8S CLUSTER ON GCP USING PULUMI FROM A WINDOWS MACHINE . I can post this Document for those who trying for the first time.. May be useful. Anyone wants to post/upload the steps I am happy to do..

millions-branch-13617

11/14/2023, 11:24 PM

I'm using pulumi to manage some firebase projects and apps, but I seem to have gotten myself into a situation where the

gcp:firebase:AndroidApp

created was deleted via the console, and now Pulumi complains with

googleapi: Error 404: App not found.

What's the best way to resolve this? Can I force Pulumi to recreate that app?

millions-branch-13617

11/15/2023, 3:43 AM

I've made some pulumi resource changes and now I'm running into the error:

Identity Platform has already been enabled for this project.

This issue mentions importing the resource, but I'm unsure how to do that in Pulumi. https://github.com/hashicorp/terraform-provider-google/issues/16520 Can anyone point me in the right direction?

dry-controller-79976

11/19/2023, 5:14 PM

I have defined a https://www.pulumi.com/registry/packages/gcp/api-docs/compute/packetmirroring/ in a Pulumi project, but whenever I now run

pulumi up

for a stack with that resource, it always produces an update preview like this:

Copy code

Type                            Name                          Plan       
     pulumi:pulumi:Stack             example                                
 ~   └─ gcp:compute:PacketMirroring  ids-packet-mirroring  update

and when the

details

option is selected, there is no diff. What might be going on here and how could I debug this? I tried looking at more verbose logs but didn't see anything that looked explanatory.