chilly-laptop-44574
04/02/2020, 2:07 AMconst myProject = new gcp.organizations.Project("gcp proj", settings)
const service = new gcp.projects.Service("Kubernetes Engine API", {
disableDependentServices: true,
project: myProject.projectId,
service: "<http://container.googleapis.com|container.googleapis.com>",
});
And then I want to grand permission to the service account (created by default by container.googleapis.com)
const iamMember = new gcp.projects.IAMMember("iamMember", {
project: myProject.projectId,
role: "roles/compute.securityAdmin",
`member: serviceAccount:<mailto:service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com|service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com>
,
});`
But this generates error: googleapi: Error 400: Service account <mailto:service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com|service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com> does not exist
When I run the pulumi up
again then it works as service account has been already provisioned by that time by GCP.
Is there any way to pull status of the service account and wait if not yet created before calling enabling the role.helpful-processor-86468
04/03/2020, 9:18 AMError creating Service: googleapi: got HTTP response code 404 with body:
i couldn't create cloudrun service. Any thoughts why?helpful-processor-86468
04/03/2020, 9:31 AMCloud run (fully managed)
?miniature-rose-15269
04/03/2020, 1:25 PMpulumi up
. Been trying to sort it for a while but can’t crack it. Anyone run into it before?prehistoric-account-60014
04/03/2020, 7:18 PMgoogle_project_service
) from Terraform available in Pulumi? I can’t seem to find it in the docs. https://www.terraform.io/docs/providers/google/r/google_project_service.htmlsquare-rose-64819
04/06/2020, 10:20 PMdocker pull
. anyone know why this might be an issue?square-rose-64819
04/06/2020, 10:20 PMconst imageRegistry = docker.getRegistryImage({
name:`${imageName}:latest`
});
this.dockerImage = new docker.RemoteImage(`${name}-docker-image`, {
name: imageRegistry.name!,
pullTriggers: [imageRegistry.sha256Digest]
});
square-rose-64819
04/06/2020, 10:20 PMsquare-rose-64819
04/07/2020, 7:10 PMsquare-rose-64819
04/07/2020, 7:10 PMsquare-rose-64819
04/07/2020, 8:36 PMgcp.container.getRegistryImage
instead of docker.getRegistryImage
broad-helmet-79436
04/08/2020, 11:34 AMminMasterVersion
and nodeVersion
fields, and set them to undefined
instead of a string.
If I try adding either field now, Pulumi wants to update
my cluster, which I guess makes sense.
However, it also wants to replace
the kubernetes Provider I’ve created using outputs from the cluster resource (name
, endpoint
, and masterAuth
). Note that I don’t use minMasterVersion
or nodeVersion
, although I guess that might not matter.
replace
-ing the Kubernetes provider also leads to replacing all my Kubernetes resources, which I very much do not want.
Is there a way to add the minMasterVersion
field without breaking my provider?
`If I try addingadorable-action-51248
04/08/2020, 2:13 PMgoogleapi: Error 503: The service is currently unavailable.
when running pulumi up
. also pulumi seems to hang until i abort with ctrl-cadorable-action-51248
04/08/2020, 2:17 PMsquare-rose-64819
04/08/2020, 9:34 PMsquare-rose-64819
04/08/2020, 9:35 PMsquare-rose-64819
04/08/2020, 9:35 PMconst registryImage = gcp.container.getRegistryImage({
name: imageName,
tag: "latest"
});
square-rose-64819
04/08/2020, 9:36 PMimageName
, ive tried every combo of: gcr.io/myproject/myimage, gcr.io/myproject/myimage:tag, myimage, myimage:tagsquare-rose-64819
04/08/2020, 9:39 PMsquare-rose-64819
04/08/2020, 10:28 PMgcp.container.getRegistryImage
was wrongsquare-rose-64819
04/08/2020, 10:42 PMsquare-rose-64819
04/08/2020, 10:42 PMsquare-rose-64819
04/09/2020, 2:37 AMsquare-rose-64819
04/09/2020, 2:37 AMconst provider = new docker.Provider("registry", {
registryAuth: [{
address: "<http://gcr.io|gcr.io>",
username: "oauth2accesstoken",
// gcloud auth print-access-token | pulumi config set --secret gcpAuthToken
password: config.requireSecret("gcpAuthToken")
}]
});
const registryImage = docker.getRegistryImage({
name: imageName,
}, {
provider,
async: true
});
if (!(registryImage.name && registryImage.sha256Digest)) {
throw new Error("Unable to get registry image")
}
this.dockerImage = new docker.RemoteImage(`${name}-docker-image`, {
name: registryImage.name!,
pullTriggers: [registryImage.sha256Digest!],
}, {
provider,
parent: this,
});
square-rose-64819
04/09/2020, 2:38 AMsquare-rose-64819
04/09/2020, 2:41 AMDiagnostics:
pulumi:pulumi:Stack (------------):
error: Running program '----' failed with an unhandled exception:
Error: Unable to get registry image
at new CloudRunService (------------/resources/CloudRunService.ts:143:23)
at Object.<anonymous> (------------/configurations/CloudRun.ts:13:40)
at Module._compile (internal/modules/cjs/loader.js:1151:30)
at Module.m._compile (------------/node_modules/ts-node/src/index.ts:439:23)
at Module._extensions..js (internal/modules/cjs/loader.js:1171:10)
at Object.require.extensions.<computed> [as .ts] (------------/node_modules/ts-node/src/index.ts:442:12)
at Module.load (internal/modules/cjs/loader.js:1000:32)
at Function.Module._load (internal/modules/cjs/loader.js:899:14)
at Module.require (internal/modules/cjs/loader.js:1040:19)
at require (internal/modules/cjs/helpers.js:72:18)
error: Running program '--------------' failed with an unhandled exception:
Error: invocation of docker:index/getRegistryImage:getRegistryImage returned an error: invoking docker:index/getRegistryImage:getRegistryImage: Got error when attempting to fetch image version from registry: Got bad response from registry: 401 Unauthorized
at ------------g/node_modules/@pulumi/pulumi/runtime/invoke.js:172:33
at Object.onReceiveStatus (------------/node_modules/grpc/src/client_interceptors.js:1210:9)
at InterceptingListener._callNext (------------/node_modules/grpc/src/client_interceptors.js:568:42)
at InterceptingListener.onReceiveStatus (------------/node_modules/grpc/src/client_interceptors.js:618:8)
at callback (------------/node_modules/grpc/src/client_interceptors.js:847:24)
eager-pillow-75917
04/09/2020, 12:56 PMgcp:projects:Service (<http://file.googleapis.com|file.googleapis.com>):
error: pre-step event returned an error: failed to save snapshot: An IO error occurred during the current operation: blob (key ".pulumi/stacks/infra-staging.json") (code=Unknown): googleapi: Error 429: The rate of change requests to the object onec-pulumi-ops-staging/.pulumi/stacks/infra-staging.json exceeds the rate limit. Please reduce the rate of create, update, and delete requests., rateLimitExceeded
eager-pillow-75917
04/09/2020, 12:56 PMserviceAPIs.forEach(service => {
const serviceAPI = new gcp.projects.Service(service, {
disableDependentServices: true,
project: config.projectID,
service: service,
});
});
eager-pillow-75917
04/09/2020, 12:56 PMserviceAPIs
is my array.eager-pillow-75917
04/09/2020, 12:57 PMeager-pillow-75917
04/09/2020, 12:57 PM