Anyone orchestrating GKE with Pulumi? I am wondering if creating the GKE cluster with static credentials[1] is the only way to go about this? [1] - https://github.com/pulumi/examples/blob/master/gcp-py-gke/__main__.py#L30

Hi All , Has any one tried creating Cloud build trigger using Pulumi for a bitbucket private repository . Am trying to create one not sure where to provide the bitbucket details .

Can pulumi be used to mirror a bitbucket repo to google source code . ?

Can anyone answer if there's a way to "find or create" a resource using pulumi?

super beginner question: when going through the GCP tutorial I’m presented with a prompt asking me

gcp:project: The Google Cloud project to deploy into:

Should that project name match my Google Cloud project name, or the GCP project ID, or something else entirely?

Has any here already used Custom Machine Types in a GKE Nodepool? Just reading the documentation I am not sure how to use it for a regional cluster, as the custom machine type string includes a reference to a concrete zone in a region ...? https://cloud.google.com/compute/docs/reference/rest/v1/instances#machineType

zones/zone/machineTypes/custom-CPUS-MEMORY

For example: zones/us-central1-f/machineTypes/custom-4-5120 For a full list of restrictions, read the Specifications for custom machine types.

We are trying to create empty databases & database users in a Cloud SQL MySQL setup. The system running

pulumi-up

is not in the same VPC as the DB setup, so we want to integrate

cloud_sql_proxy

in our code setup. Starting the proxy via NodeJS

child_process

works, but we are searching the correct place in our code to stop the proxy after the

mysql.Grant

resources have been created/updated:

const ddl = new mysql.Grant(
    config.dbDDLUsername,
    {
      user: DDLUser.name,
      database: database.name,
      privileges: ["CREATE", "ALTER", "DROP"],
      host: "%",
    },
    {
      provider: mysqlProvider
    }
  );

  const dml = new mysql.Grant(
    config.dbDMLUsername,
    {
      user: DMLUser.name,
      database: database.name,
      privileges: ["UPDATE", "INSERT", "SELECT", "INDEX", "DELETE"],
      host: "%",
    },
    {
      provider: mysqlProvider
    }
  );

  pulumi.all([ddl.id, dml.id]).apply(async () => {
    console.log(`>>>>> Killing cloud_sql_proxy... <<<<<`);
    sqlProxyProcess.kill();
  });

Pulumi is hanging now and is not killing the child process. Any ideas?

Also, on

destroy

, our proxy isn’t even started, so the deletion of the

mysql.Grants

doesn’t happen.

Hi, anyone that has a good example of how to get the url of a cloud run service as input to another resource? I just don't get it. Previously it was a simple

pushEndpoint: myCloudRunService.status.url

But now there is a 'statuses' property instead. I've tried something like below but that doesn't work 😔

pushEndpoint: myCloudRunService.statuses.get().pop()!.url

or

 pushEndpoint: myCloudRunService.statuses.apply( 
                statuses => {
                    let hostname = statuses.pop()!.url;
                    return hostname;
                })

Super grateful for any help on this one.

Hi ! I am trying to setup a private dns zone connected with ServiceDiscovery service. Unfortunately, when i run this code:

const serviceDirectoryNamespace = new gcp.servicedirectory.Namespace('ns', {
    namespaceId: "nsid",
    location: 'europe-west3',
    project,
    });
const dnsManagedZone = new gcp.dns.ManagedZone('zone',{
    dnsName: 'fancy.local.',
    project,
    visibility: "private",
    serviceDirectoryConfig: {
      namespace: {
        namespaceUrl: serviceDirectoryNamespace.selfLink,
      },
    }
});

i get this error message:

gcp:dns/managedZone:ManagedZone resource 'zone' has a problem: "service_directory_config.0.namespace.0.namespace_url": required field is not set

if i change

serviceDirectoryConfig

and wrap the contents in arrays, I get error messages like this:

[...] has a problem: service_directory_config.0.namespace.0: expected object, got slice

the code i have looks pretty much like the code here: https://github.com/pulumi/pulumi-gcp/blob/master/sdk/nodejs/dns/managedZone.ts#L134 does anybody have an idea why this is not working ?

Just FYI: https://pulumi-community.slack.com/archives/CRFURDVQB/p1615234001051800?thread_ts=1614450771.027100&cid=CRFURDVQB

Hey folks, I’m working on adding code examples to get to language parity across our top five code examples in AWS, Azure, Google Cloud, and Kubernetes. For Google Cloud, these are the tutorials I’m adding examples for: Docker Build and Push to GCR and Deploy to Google Cloud Run using seperate projects (https://www.pulumi.com/docs/tutorials/gcp/gcp-ts-docker-gcr-cloudrun/) Google Cloud Functions (https://www.pulumi.com/docs/tutorials/gcp/gcp-ts-functions/) Web Server Virtual Machine Instance on GCE (https://www.pulumi.com/docs/tutorials/gcp/gce-webserver/) Containerized Ruby on Rails App Delivery on GCP (https://www.pulumi.com/docs/tutorials/gcp/gcp-ts-k8s-ruby-on-rails-postgresql/) GKE with a Canary Deployment (https://www.pulumi.com/docs/tutorials/gcp/gcp-py-gke/) Do these feel like the most important examples you’ve used or are there other examples from our examples repo that have been more helpful? Are there different examples you’d like to see? Thanks, Dave

Hi ! What is currently the best way to create a

BackendConfig

(

apiVersion: <http://cloud.google.com/v1|cloud.google.com/v1>

, also see https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#direct_health ) with pulumi ? would

k8s.yaml.ConfigFile

work ?

We are using this datasource aka get function: https://www.pulumi.com/docs/reference/pkg/gcp/compute/getglobaladdress/#using Although the docs state that

project

is optional, we get a stack trace that

project

is not defined when running.

Also, we have the project value in an

Output<string>

coming from a StackReference. How can we pass the real string as the value to

getGlobalAddress

? (aka Output to string)

I have the opportunity to set up a new cluster in GKE, how to do the following in Pulumi? Not sure I can navigate in the doc to have that workload-pool set

gcloud container clusters create CLUSTER_NAME \
  --workload-pool=PROJECT_ID.svc.id.goog

Hum, is it https://www.pulumi.com/docs/reference/pkg/gcp/container/cluster/#clusterworkloadidentityconfig?

Seems like I can't set the metadata config https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/NodeConfig from workloadMetadataConfig of NodePool

Hey folks! I’m trying to create a dataflow template as part of my pulumi deployment and then trigger a dataflow job using an airflow dag. The airflow part is easy enough, but I can’t seem to wrap my head around how to get the python script be run as part of the deployment. From the command line I can run

python my-dataflow-script.py --template_location '<gs://my-template-bucket/my-dataflow-template>'

or I can hardcode the

template_location

in the script itself and just run

python my-dataflow-script.py

which then packages the beam application as a template to be run in dataflow. I’ve tried calling the dataflow script from another python script using

exec(open('my-dataflow-script.py').read())

which works, but trying that in pulumi’s

__main__.py

fails with:

TypeError: cannot pickle 'TaskStepMethWrapper' object

I guess

apache_beam

tries to pickle the whole pulumi program or do something else which probably doesn’t make sense. Any experience on dataflow + pulumi and getting this working?

Hi! I started using Pulumi for our GCP deployments. I have managed to setup Cloud Run, Cloud SQL and some more stuff but I have some questions I couldn't solve on my own or with the help of Google: • How to do the equivalent of this in pulumi (This is executed in the gcp cloud console):

docker pull hasura/graphql-engine
docker tag <http://docker.io/hasura/graphql-engine:latest|docker.io/hasura/graphql-engine:latest> <http://gcr.io/gcp-project/hasura|gcr.io/gcp-project/hasura>
docker push <http://gcr.io/gcp-project/hasura|gcr.io/gcp-project/hasura>

• How to insert basic data in a Postgres (Cloud SQL) database that was setup via pulumi.

CREATE OR REPLACE function...

Really appreciate your help!

Hi ! How do I create an IP address with purpose

SHARED_LOADBALANCER_VIP

? I am using it like this:

new gcp.compute.Address("myip", {
    project,
    addressType: 'INTERNAL',
    subnetwork: subnet.selfLink,
    labels,
    region:'europe-west1',
    purpose: 'SHARED_LOADBALANCER_VIP'
});

but which fails with the error :

has a problem: expected purpose to be one of [GCE_ENDPOINT ], got SHARED_LOADBALANCER_VIP

I am trying to attach a IAM role to a GCP service account , created via

pulumi

. for example if i want to make the service account

storage.Admin

using

serviceaccount.NewIAMMember

. roles are given as below • roles/storage.admin • projects/<projectName>/roles/storage.admin Both threw error

400

does not exist in the resource's hierarchy., badRequest

Hello everyone, I am a beginner in Pulumi and I am testing https://github.com/pulumi/examples/tree/master/gcp-py-network-component I have configured everything well, except that when I do my pulumi up it gives me this : error: Configuration 'gcp-py-network-component:subnet_cidr_blocks' value '172.2.0.0/16' is not a valid 'JSON object' error: an unhandled error occurred: Program exited with non-zero exit code: 1 Do you know the exact syntax to declare a cidr in the pulumi config file? I typed this command : pulumi config set gcp-py-network-component:subnet_cidr_blocks '172.2.0.0/16' And here is the return in my Pulumi.dev.yaml file :

config:
gcp-py-network-component:subnet_cidr_blocks: '172.2.0.0/16'

Would you have an idea ? Thanks in advance for your answer

Hi All , Can some one explain the difference between

gcp.projects.IAM*

&

gcp.serviceAccount.IAM*

. How and when to use these two ?

Hi everyone, does anyone have an example of setting up cloud sql with a private ip? I can probably adapt the terraform example, but just wanted to check.

We are thinking to move some stuff to GCP and as we already use Pulumi for Azure, I therefore started to monitor this channel. For some reason there is very little activity about GCP - at least thats my feeling compared to Azure and AWS… Therefore my question: is the Pulumi GCP Provider widely used and are people happy with it?

I have a GKE cluster setup using

const engineVersion = gcp.container.getEngineVersions().then((v) => v.latestMasterVersion);

and then

minMasterVersion: engineVersion,
        nodeVersion: engineVersion,

but the order of upgrading seems wrong as it starts to complain now about

* googleapi: Error 400: Node version "1.19.8-gke.1600" must not have a greater minor version than master version "1.18.16-gke.502"., badRequest
119

How should I manage that?

Is there a way to create

auto-pilot

GKE clusters using

Pulumi

?

Hi All , Again question on

GKE

-

auto-pilot.

- i created a autopilot cluster manually - then imported it with

pulumi import

command - got the below suggested code .

package main

import (
	"<http://github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/container|github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/container>"
	"<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := container.NewCluster(ctx, "name", &container.ClusterArgs{
			EnableAutopilot:           pulumi.Bool(true),
			EnableBinaryAuthorization: pulumi.Bool(false),
			EnableKubernetesAlpha:     pulumi.Bool(false),
			EnableL4IlbSubsetting:     pulumi.Bool(false),
			EnableLegacyAbac:          pulumi.Bool(false),
			EnableTpu:                 pulumi.Bool(false),
			Name:                      pulumi.String("cluster-name"),
			Network:                   pulumi.String("default"),
			VerticalPodAutoscaling: &container.ClusterVerticalPodAutoscalingArgs{
				Enabled: pulumi.Bool(true),
			},
		}, pulumi.Protect(true))
		if err != nil {
			return err
		}
		return nil
	})
}

But when i tried using the above code as sample to create another

auto-pilot

cluster . Got below error

error: gcp:container/cluster:Cluster resource 'name' has a problem: ConflictsWith: "enable_binary_authorization": conflicts with enable_autopilot. Examine values at 'Cluster.EnableBinaryAuthorization'.