https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
google-cloud
  • c

    chilly-laptop-44574

    04/02/2020, 2:07 AM
    Hello guys!! What is the best practice to wait for the resource before applying further changes in GCP and Typescript? I have following flow: Project -> enable API -> enable Role
    const myProject = new gcp.organizations.Project("gcp proj", settings)
    const service = new gcp.projects.Service("Kubernetes Engine API", {
    disableDependentServices: true,
    project: myProject.projectId,
    service: "<http://container.googleapis.com|container.googleapis.com>",
    });
    And then I want to grand permission to the service account (created by default by container.googleapis.com)
    const iamMember = new gcp.projects.IAMMember("iamMember", {
    project:  myProject.projectId,
    role: "roles/compute.securityAdmin",
    `member:
    serviceAccount:<mailto:service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com|service-${myProject.number}@container-engine-robot.iam.gserviceaccount.com>
    ,
    });` But this generates error:
    googleapi: Error 400: Service account <mailto:service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com|service-xxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com> does not exist
    When I run the
    pulumi up
    again then it works as service account has been already provisioned by that time by GCP. Is there any way to pull status of the service account and wait if not yet created before calling enabling the role.
  • h

    helpful-processor-86468

    04/03/2020, 9:18 AM
    Error creating Service: googleapi: got HTTP response code 404 with body:
    i couldn't create cloudrun service. Any thoughts why?
  • h

    helpful-processor-86468

    04/03/2020, 9:31 AM
    can pulumi create
    Cloud run (fully managed)
    ?
    a
    • 2
    • 4
  • m

    miniature-rose-15269

    04/03/2020, 1:25 PM
    I’m trying to create a Cloud Function that publishes to PubSub but running into a packaging issue on
    pulumi up
    . Been trying to sort it for a while but can’t crack it. Anyone run into it before?
    👀 1
    • 1
    • 1
  • p

    prehistoric-account-60014

    04/03/2020, 7:18 PM
    Is the following resource (
    google_project_service
    ) from Terraform available in Pulumi? I can’t seem to find it in the docs. https://www.terraform.io/docs/providers/google/r/google_project_service.html
    • 1
    • 1
  • s

    square-rose-64819

    04/06/2020, 10:20 PM
    i'm trying to access a remote docker image from within my ComponentResource, and i'm getting a 401 even though i can pull the image just fine with a
    docker pull
    . anyone know why this might be an issue?
  • s

    square-rose-64819

    04/06/2020, 10:20 PM
    const imageRegistry = docker.getRegistryImage({
      name:`${imageName}:latest`
    });
    
    this.dockerImage = new docker.RemoteImage(`${name}-docker-image`, {
      name: imageRegistry.name!,
      pullTriggers: [imageRegistry.sha256Digest]
    });
  • s

    square-rose-64819

    04/06/2020, 10:20 PM
    pretty much straight out of the docs
  • s

    square-rose-64819

    04/07/2020, 7:10 PM
    this is a gcr.io image for the record
  • s

    square-rose-64819

    04/07/2020, 7:10 PM
    seems like it should just work, but maybe pulumi isn't accessing my credentials for docker?
  • s

    square-rose-64819

    04/07/2020, 8:36 PM
    answering my own question: i was able to get this to work by using
    gcp.container.getRegistryImage
    instead of
    docker.getRegistryImage
    👍 1
  • b

    broad-helmet-79436

    04/08/2020, 11:34 AM
    Hi! Just in case this is an instance of the XY problem and I’m asking about the wrong thing: My goal is to be able to upgrade the Kubernetes cluster master and node pool using Pulumi. I’ve somehow screwed up my container cluster’s
    minMasterVersion
    and
    nodeVersion
    fields, and set them to
    undefined
    instead of a string. If I try adding either field now, Pulumi wants to
    update
    my cluster, which I guess makes sense. However, it also wants to
    replace
    the kubernetes Provider I’ve created using outputs from the cluster resource (
    name
    ,
    endpoint
    , and
    masterAuth
    ). Note that I don’t use
    minMasterVersion
    or
    nodeVersion
    , although I guess that might not matter.
    replace
    -ing the Kubernetes provider also leads to replacing all my Kubernetes resources, which I very much do not want. Is there a way to add the
    minMasterVersion
    field without breaking my provider? `If I try adding
    s
    • 2
    • 5
  • a

    adorable-action-51248

    04/08/2020, 2:13 PM
    I am currently, getting
    googleapi: Error 503: The service is currently unavailable.
    when running
    pulumi up
    . also pulumi seems to hang until i abort with ctrl-c
    g
    • 2
    • 3
  • a

    adorable-action-51248

    04/08/2020, 2:17 PM
    mmh. the firebase console also doesnt work….
  • s

    square-rose-64819

    04/08/2020, 9:34 PM
    getting an image from the container registry is actually a huge pain
    g
    • 2
    • 11
  • s

    square-rose-64819

    04/08/2020, 9:35 PM
    all of the docker commands and gcloud commands work - i'm able to pull an image out of my project's google cloud registry, check the digest, etc
  • s

    square-rose-64819

    04/08/2020, 9:35 PM
    but doing this does not work, and doesn't yield a digest:
    const registryImage = gcp.container.getRegistryImage({
                    name: imageName,
                    tag: "latest"
                });
  • s

    square-rose-64819

    04/08/2020, 9:36 PM
    for
    imageName
    , ive tried every combo of: gcr.io/myproject/myimage, gcr.io/myproject/myimage:tag, myimage, myimage:tag
  • s

    square-rose-64819

    04/08/2020, 9:39 PM
    super super frustrating
  • s

    square-rose-64819

    04/08/2020, 10:28 PM
    what i said yesterday about using
    gcp.container.getRegistryImage
    was wrong
  • s

    square-rose-64819

    04/08/2020, 10:42 PM
    looks like someone is doing this with terraform: https://roidelapluie.be/blog/2019/04/22/docker-gcp-terraform/
  • s

    square-rose-64819

    04/08/2020, 10:42 PM
    unclear how that translates to pulumi
  • s

    square-rose-64819

    04/09/2020, 2:37 AM
    i'm still not able to get this to work
  • s

    square-rose-64819

    04/09/2020, 2:37 AM
    here's what i have:
    const provider = new docker.Provider("registry", {
                    registryAuth: [{
                        address: "<http://gcr.io|gcr.io>",
                        username: "oauth2accesstoken",
                        // gcloud auth print-access-token | pulumi config set --secret gcpAuthToken
                        password: config.requireSecret("gcpAuthToken")
                    }]
                });
    
                const registryImage = docker.getRegistryImage({
                    name: imageName,
                }, {
                    provider,
                    async: true
                });
    
                if (!(registryImage.name && registryImage.sha256Digest)) {
                    throw new Error("Unable to get registry image")
                }
    
                this.dockerImage = new docker.RemoteImage(`${name}-docker-image`, {
                    name: registryImage.name!,
                    pullTriggers: [registryImage.sha256Digest!],
                }, {
                    provider,
                    parent: this,
                });
  • s

    square-rose-64819

    04/09/2020, 2:38 AM
    this still results in a 401
  • s

    square-rose-64819

    04/09/2020, 2:41 AM
    Diagnostics:
      pulumi:pulumi:Stack (------------):
        error: Running program '----' failed with an unhandled exception:
        Error: Unable to get registry image
            at new CloudRunService (------------/resources/CloudRunService.ts:143:23)
            at Object.<anonymous> (------------/configurations/CloudRun.ts:13:40)
            at Module._compile (internal/modules/cjs/loader.js:1151:30)
            at Module.m._compile (------------/node_modules/ts-node/src/index.ts:439:23)
            at Module._extensions..js (internal/modules/cjs/loader.js:1171:10)
            at Object.require.extensions.<computed> [as .ts] (------------/node_modules/ts-node/src/index.ts:442:12)
            at Module.load (internal/modules/cjs/loader.js:1000:32)
            at Function.Module._load (internal/modules/cjs/loader.js:899:14)
            at Module.require (internal/modules/cjs/loader.js:1040:19)
            at require (internal/modules/cjs/helpers.js:72:18)
        error: Running program '--------------' failed with an unhandled exception:
        Error: invocation of docker:index/getRegistryImage:getRegistryImage returned an error: invoking docker:index/getRegistryImage:getRegistryImage: Got error when attempting to fetch image version from registry: Got bad response from registry: 401 Unauthorized
            at ------------g/node_modules/@pulumi/pulumi/runtime/invoke.js:172:33
            at Object.onReceiveStatus (------------/node_modules/grpc/src/client_interceptors.js:1210:9)
            at InterceptingListener._callNext (------------/node_modules/grpc/src/client_interceptors.js:568:42)
            at InterceptingListener.onReceiveStatus (------------/node_modules/grpc/src/client_interceptors.js:618:8)
            at callback (------------/node_modules/grpc/src/client_interceptors.js:847:24)
  • e

    eager-pillow-75917

    04/09/2020, 12:56 PM
    Hi there! I need to activate about 30+ different Service APIs for GCP. and I created an array with all of them and then a for loop going through the array, but I am getting this error for some of them:
    gcp:projects:Service (<http://file.googleapis.com|file.googleapis.com>):
        error: pre-step event returned an error: failed to save snapshot: An IO error occurred during the current operation: blob (key ".pulumi/stacks/infra-staging.json") (code=Unknown): googleapi: Error 429: The rate of change requests to the object onec-pulumi-ops-staging/.pulumi/stacks/infra-staging.json exceeds the rate limit. Please reduce the rate of create, update, and delete requests., rateLimitExceeded
    g
    • 2
    • 1
  • e

    eager-pillow-75917

    04/09/2020, 12:56 PM
    serviceAPIs.forEach(service => {
        const serviceAPI = new gcp.projects.Service(service, {
            disableDependentServices: true,
            project: config.projectID,
            service: service,
        }); 
    });
  • e

    eager-pillow-75917

    04/09/2020, 12:56 PM
    serviceAPIs
    is my array.
  • e

    eager-pillow-75917

    04/09/2020, 12:57 PM
    what should I do in this case?
Powered by Linen
Title
e

eager-pillow-75917

04/09/2020, 12:57 PM
what should I do in this case?
View count: 3