https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
google-cloud
  • v

    victorious-dusk-75271

    07/15/2022, 11:36 PM
    Hey guys, how do you use google CDN with gke ingress?
  • c

    colossal-quill-8119

    07/18/2022, 11:55 AM
    i’m following this guide to build and push docker image but it uses GCR which is being phased our for Google Artifact Registry. how to use google artifact registry to do the same thing
  • v

    victorious-dusk-75271

    07/19/2022, 8:12 PM
    failed to access secret version for secret projects/xxx/secrets/pulumi-access-token/versions/1: rpc error: code = PermissionDenied desc = Secret Manager API has not been used in project 1065221880276 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/secretmanager.googleapis.com/overview then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry. error details: name = ErrorInfo reason = SERVICE_DISABLED domain = googleapis.com metadata = map[consumer:projects/xxx service:secretmanager.googleapis.com] error details: name = Help desc = Google developers console API activation url = https://console.developers.google.com/apis/api/secretmanager.googleapis.com/overview?project=xxxxx
  • v

    victorious-dusk-75271

    07/19/2022, 8:12 PM
    any idea how to resolve this issue? i have secret manager enabled
  • d

    dry-engine-17210

    07/22/2022, 12:20 AM
    I've been trying to upload a large file (> 1 GB) to GCS and it's a no-go. Here's the code:
    // Create a storage object for installer
    		_, err = storage.NewBucketObject(ctx, "installer-object",
    			&storage.BucketObjectArgs{
    				Bucket: bucket.Name,
    				Source: pulumi.NewFileAsset("./assets/installer.tgz"),
    			},
    			pulumi.Timeouts(&pulumi.CustomTimeouts{Create: "10m", Update: "10m"}))
    		if err != nil {
    			return err
    		}
    But I keep getting this error after 1m...
    google-native:storage/v1:BucketObject (installer-object):
        error: error sending upload request: Post "<https://storage.googleapis.com/upload/storage/v1/b/bucket-2f7c370/o?alt=json&name=installer-object-81c28a2&uploadType=multipart>": net/http: request canceled (Client.Timeout exceeded while awaiting headers): "<https://storage.googleapis.com/upload/storage/v1/b/asset-bucket-2f7c370/o?name=installer-object-81c28a2>" map[__autonamed:true bucket:asset-bucket-2f7c370 name:installer-object-81c28a2 source:0xc0004a94f0] 1820077047
    
    ...
    
    Duration: 1m5s
  • d

    dry-engine-17210

    07/22/2022, 12:23 AM
    Any way I can extend the underlying http client timeout? I tried the
    pulumi.Timeouts(&pulumi.CustomTimeouts{Create: "10m", Update: "10m"})
    option when calling
    NewBucketObject
    but it doesn't appear to do anything in this case.
  • d

    dry-engine-17210

    07/22/2022, 12:46 AM
    I've also tried splitting it into 100MB files and uploading each of them... same problem
  • g

    gifted-cat-49297

    07/22/2022, 9:22 AM
    How to run
    pulumi preview
    of GCP stuff on Gitlab merge request pipeline with Workload Identity Federation json file for given environment? I don't have idea how to provide correct file from variables 😕
  • b

    big-account-56668

    07/29/2022, 9:28 AM
    Has there been any progress or workaround for https://github.com/pulumi/pulumi-gcp/issues/827? This issue is holding us back switching from manually running Pulumi to running it in CI. We currently create services with Pulumi, but deploy updates using gcloud which sets annotations and updates the image which will diff in Pulumi after a refresh.
    f
    • 2
    • 6
  • f

    fast-motherboard-33901

    08/06/2022, 5:17 PM
    Howdy! Is it possible to create an AlloyDB instance in GCP with Pulumi?
  • g

    gorgeous-flag-72833

    08/07/2022, 9:56 AM
    Hello everyone! I am trying to get all the users who are members of a group by using this:
    export function getUsers({ groupName }: GCPNamespaces) {
      const groupMembers = pulumi.output(
        gcp.cloudidentity.getGroupMemberships({
          group: groupName,
        })
      );
      console.log(groupMembers);
    and I get this error:
    error: Error: invocation of gcp:cloudidentity/getGroupMemberships:getGroupMemberships returned an error: invoking gcp:cloudidentity/getGroupMemberships:getGroupMemberships: 1 error occurred:
            * Error when reading or editing CloudIdentityGroupMemberships "": googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the <http://cloudidentity.googleapis.com|cloudidentity.googleapis.com>. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see <https://cloud.google.com/docs/authentication/>. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check <https://cloud.google.com/apis/docs/system-parameters>.
        Details:
        [
          {
            "@type": "<http://type.googleapis.com/google.rpc.ErrorInfo|type.googleapis.com/google.rpc.ErrorInfo>",
            "domain": "<http://googleapis.com|googleapis.com>",
            "metadata": {
              "consumer": "projects/764086051850",
              "service": "<http://cloudidentity.googleapis.com|cloudidentity.googleapis.com>"
            },
    Has anyone run into this and know how to solve it?
  • l

    lively-table-10226

    08/08/2022, 10:08 AM
    Hi! I have created dual region bucket with location as
    US-EAST1+US-WEST1
    , and i tried to reapply the code once again. Ideally it should not do anything. But it says location changed from
    US
    to
    US-EAST1+US-WEST1
    and trying to delete the bucket and recreate it. Can someone help me to resolve this.
  • f

    flat-laptop-90489

    08/09/2022, 12:45 AM
    👋 I’m trying to create a regional network endpoint group for an apiGateway. I know this functionality is pre-GA. It seems like the gcp-classic provider has the ability to create NEGs with the type SERVERLESS, but it doesn’t support the apiGateway backend. The google-native provider does support this, but I’m stuck on (what I think is) a bug Then I thought, Oh! I can just create it and then import to see the differences, but… google native doesn’t have import? So now I’m a bit stuck. Does anyone have a workaround or ideas for this situation?
    • 1
    • 1
  • f

    future-window-78560

    08/12/2022, 4:56 AM
    is there a way to create instance schedules for gce vm through pulumi?
  • g

    gorgeous-country-43026

    08/17/2022, 7:52 AM
    Any ideas how to create a Cloud SQL PostgreSQL instance with a database of a custom collation strictly through Pulumi?
    • 1
    • 9
  • f

    fast-easter-23401

    08/17/2022, 12:22 PM
    Hello folks, I’m struggling with the confluent cloud API, that we’re using to create a Kafka related resources (topics, SA, api keys, and what not). We have properly configured the GCP Marketplace integration, and I’m acting on the confluent platform as a member of my organization, but can’t manage to create a kafka topic. Any ideas what’s failing?
    const topic = new KafkaTopic(
      args.name,
      {
        topicName: args.name,
        kafkaCluster: { id: cluster.id },
        restEndpoint: cluster.restEndpoint,
        credentials: {
          key: clusterSA.apiKey.name,
          secret: clusterSA.apiKey.secret,
         },
       },
     { parent: this }
    );
    
       Type                                    Name                    Status                  Info
         pulumi:pulumi:Stack                     confluent-test          **failed**              1 error; 2 messages
         └─ nesto:kafka                          test                                            
     +      ├─ confluentcloud:index:KafkaTopic   test                    **creating failed**     1 error
     +      └─ confluentcloud:index:RoleBinding  test-environment-admin  **creating failed**     1 error
     
    Diagnostics:
      pulumi:pulumi:Stack (confluent-test):
        2022/08/17 08:19:24 [DEBUG] POST <https://pkc-41voz>.<region>.gcp.confluent.cloud:443/kafka/v3/clusters/<cluster-id>/topics
     
        error: update failed
     
      confluentcloud:index:KafkaTopic (test):
        error: 1 error occurred:
            * error creating Kafka Topic: 401 Unauthorized: Unauthorized
    I also tried it creating a Provider resource, then passing the latter as
    opts
    . Didn’t work either. Any insights will be greatly appreciated. Have a nice day,
  • g

    great-sunset-355

    08/18/2022, 6:42 AM
    Hi I keep getting 404 after
    pulumi up
    with google native while trying to deploy Cloud Run Job
    import * as gcp from "@pulumi/google-native"
    
    const region = "europe-west3"  // Frankfurt, Germany
    const project = "my-gcp-project"
    const appName = "my-app"
    
    const provider = new gcp.Provider(
      "jan-provider",
      {
        project: project, 
        region: region, 
      }
    )
    
    const reg = new gcp.artifactregistry.v1.Repository(
      "repo",
      {
        description: "Hello repo world",
        format: "DOCKER",
        repositoryId: "rid"
      },
      {provider}
    )
    
    const job = new gcp.run.v2.Job(
      "job",
      {
        jobId: 'myjob',
        template: {
          taskCount: 1,
          template: {
            maxRetries: 0,
            timeout: "600s",
            containers: [
              {
                image: `${region}-docker.pkg.dev/${project}/rid/${appName}:1-amd64`,
              }
            ]
          }
        },
      },
      {provider}
    )
    Can anyone tell me what am I doing wrong?
    error: error sending request: googleapi: Error 404: Requested entity was not found.:
     "<https://run.googleapis.com/v2/projects/my-gcp-project/locations/europe-west3/jobs?jobId=myjob>"
      map[__autonamed:true jobId:myjob location:europe-west3 name:projects/my-gcp-project/locations/europe-west3/jobs/job-255417b
      project:my-gcp-project template:map[taskCount:1 template:map[containers:[map[image:europe-west3-docker.pkg.dev/my-gcp-project/rid/my-app:1-amd64]] maxRetries:0 timeout:600s]]]
    b
    • 2
    • 2
  • b

    big-engineer-71075

    08/18/2022, 8:53 PM
    I am using Pulumi to create a dataproc cluster. When I run
    preview --refresh --diff
    , I see a diff on the cluster for the
    machineTypeUri
    property. The weird thing is that the diff is of the form:
    "<https://www.googleapis.com/compute/v1/projects/MY_PROJECT_ID/zones/us-east4-b/machineTypes/c2-standard-8>" => "c2-standard-8"
    I initially set
    machineTypeUri
    to "c2-standard-8" but I am guessing that GCP updates this with the full URI. How can I make this stop causing a diff? I know I could add
    config.workerConfig.machineTypeUri
    to
    ignoreChanges
    but I'm not sure that's a great approach - if it changes outside of Pulumi, I think I'd want Pulumi to know and deal with it. Also, somewhat related: on this page, https://www.pulumi.com/registry/packages/gcp/api-docs/dataproc/cluster/#clusterclusterconfigworkerconfig , it shows that there is a property named
    machineType
    . But the actual code requires a config property named
    machineTypeUri
    -
    machineType
    doesn't seem to be a valid name.
  • g

    gray-train-92590

    08/24/2022, 7:53 PM
    For GCP alert Notification Channels for Slack (https://www.pulumi.com/registry/packages/gcp/api-docs/monitoring/notificationchannel/) does anyone know how the slack refresh token can be used? I see the sensitive label for auth token, but not refresh token.
  • g

    gorgeous-country-43026

    08/25/2022, 1:27 PM
    Trying to create a
    gcp.iam.WorkloadIdentityPoolProvider
    but with no luck. To me this is looking like a bug in Pulumi's implementation (or terraform since it has been generated from it). I'm basing this on the error I get, it's a 404 from Google endpoint with URL (obfuscated slightly, but it's still valid:
    <p>The requested URL <code>/v1beta/projects/my-gcp-project/locations/global/workloadIdentityPools/projects/my-gcp-project/locations/global/workloadIdentityPools/my-workload-pool/providers?alt=json&workloadIdentityPoolProviderId=github</code> was not found on this server.  <ins>That's all we know.</ins>
    Please note the doubling of the
    /projects/my-gcp-project/locations/global/workloadIdentityPools
    part in the URL. No wonder it gets a 404. I'm just double checking if I'm not misinterpreting this before I create an issue?
    • 1
    • 3
  • a

    aloof-traffic-97122

    08/25/2022, 5:58 PM
    hi friends, this is probably really simple, but I'm trying to create a gcp instance and a gcp instance group using the pulumi python API. The code for this looks like:
    instance = gcp.compute.Instance(...a bunch of args)
    instance_group = gcp.compute.InstanceGroup(instances=[instance.self_link], ...other args)
    When I run pulumi pre, I get
    AttributeError: 'NoneType' object has no attribute 'self_link'
    , so it looks like the instance is
    None
    . Are there any tips on how I debug what to do next?
    l
    • 2
    • 2
  • e

    echoing-angle-67526

    08/28/2022, 12:55 PM
    Hello! I can't find the API to add GKE zonal NEGs to my backend service. I'm trying to find the equivalent of this gcloud command: https://cloud.google.com/kubernetes-engine/docs/how-to/standalone-neg#add_backends is this supported? thanks in advance!
    • 1
    • 2
  • g

    gorgeous-country-43026

    08/29/2022, 12:23 PM
    Just out of curiosity, can I do anything about this? I mean, my local
    gcloud
    has been setup accordingly and doesn't complain anymore but Pulumi executions do:
    pulumi:pulumi:Stack (my-stack):
        W0829 14:00:19.388176   16096 gcp.go:120] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
        To learn more, consult <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>
    b
    • 2
    • 3
  • i

    incalculable-midnight-8291

    08/31/2022, 10:14 AM
    Is it possible to configure OAuth 2.0 Client IDs with Pulumi? Especially to add more Authorized JavaScript origins and redirect URIs?
  • f

    flat-oyster-65811

    08/31/2022, 11:20 AM
    After upgrading the node dependency
    @pulumi/google-native
    all of the DNS records I created will be 'replaced' with identical records with a new
    urn
    . I predict that this could cause disruptions in our DNS. Any ideas on how to avoid the replacement while still being able to upgrade the dependency?
    b
    g
    • 3
    • 2
  • b

    big-engineer-71075

    09/01/2022, 2:46 PM
    I'm having trouble creating a
    ProjectIamPolicy
    in a new stack: When I try, I get an error:
    error: object retrieval failure after successful create / read state: googleapi: got HTTP response code 404 with body
    (followed by the 404 body). If I use curl to query GCP for the directly policy, I get a response, containing a full policy. The policy clearly exists in GCP but Pulumi somehow can't find it. I'm thinking of trying to modify the state of the stack by adding the basic JSON for a policy (based on an example from a different stack's state I exported to a file) but this seems like a questionable way to fix it. Has anyone else run into this? Does anyone have a suggestion on how to fix this?
    • 1
    • 1
  • v

    victorious-dusk-75271

    09/02/2022, 7:03 PM
    Is there anyway to edit aws-auth config map with pulumi?
  • v

    victorious-dusk-75271

    09/02/2022, 7:09 PM
    I am getting this error in codebuild
    -- kubernetes:apps/v1:Deployment allrites-frontend deleting original error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
        kubernetes:core/v1:ConfigMap allrites-frontend-config  
     -- kubernetes:apps/v1:Deployment allrites-frontend **deleting failed** error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
  • c

    crooked-cpu-12491

    09/06/2022, 8:47 PM
    Hi there, I pulled pulumi-google-native 0.25.0 version this morning and trying to do pulumi preview. I get the following error with the latest version. I could do the preview when I tried the same with 0.14.0 last week. Any thoughts on this? I'm using pulumi version 3.38.0
    error: Preview failed: unable to find required configuration setting: GCP Project
    Set the GCP Project by using:
    	`pulumi config set gcp:project <project>`
    v
    • 2
    • 1
  • g

    gorgeous-country-43026

    09/07/2022, 8:58 AM
    So, I have a situation where I have a DNS registered to project A and it is setup there into a DNS zone. All fine. Now I also have a project B where I have a GKE running and it has an ingress. I want to bind this domain to that ingress IP address without having to do copy-pasting addresses over to different codebases. My initial thoughts on this are: 1. Read the other project state file and deduct the IP address from there. But as far as I have understood this is not possible but can only be done over different stacks? 2. Retrieve the managed cluster object via
    gcp.container.getCluster
    and proceed from there to get the ingress. I do not see however an immediate logical way to proceed to get the ingress object and its IP via this route 3. Bind the domain on project B cluster definition via its
    dnsConfig
    attribute but I think this won't work and would only work on the same project? 4. Bite the bullet and just do copy-pasting over. Not happy if I have to do this but might be the only reasonable choice
    • 1
    • 4
Powered by Linen
Title
g

gorgeous-country-43026

09/07/2022, 8:58 AM
So, I have a situation where I have a DNS registered to project A and it is setup there into a DNS zone. All fine. Now I also have a project B where I have a GKE running and it has an ingress. I want to bind this domain to that ingress IP address without having to do copy-pasting addresses over to different codebases. My initial thoughts on this are: 1. Read the other project state file and deduct the IP address from there. But as far as I have understood this is not possible but can only be done over different stacks? 2. Retrieve the managed cluster object via
gcp.container.getCluster
and proceed from there to get the ingress. I do not see however an immediate logical way to proceed to get the ingress object and its IP via this route 3. Bind the domain on project B cluster definition via its
dnsConfig
attribute but I think this won't work and would only work on the same project? 4. Bite the bullet and just do copy-pasting over. Not happy if I have to do this but might be the only reasonable choice
Oh, I'm an idiot. Of course one would have to fetch the load balancer not the ingress 🤦‍♂️
Didn't find an easy way to do this. I find it astonishing that Pulumi still doesn't support referencing another project state but it does support this for terraform remote states? Like, what. I ended up downloading the another project state file via custom code, parsing that and finding the correct resource and from its outputs get the IP address value. Nuts but works.
Did it like this. Yes, it is a hack, yes, I do feel dirty, yes, it can break. But until I can figure out a better way I'm going with this:
const project = pulumi.output(gcp.projects.getProject({ filter: "name:project-with-state-name" }));

const stackStateContent = project.apply(project => new storage.Storage({
  projectId: project.id
})).apply(stor => stor
  .bucket("pulumi-state")
  .file("rootFolderName/.pulumi/stacks/stackname.json")
  .download())
  .apply(downloadResult => JSON.parse(downloadResult.toString()));

const ingressIp = liveDevStackStateContent.apply(stackState => {
  const resources : Array<any> = stackState.checkpoint.latest.resources;
  const ingressResource = resources.find((res : any) => res.id === "web/web-ingress");
  const ip : string = ingressResource.outputs.status.loadBalancer.ingress[0].ip;
  return ip;
});
Any better ideas are welcome!
View count: 4