eager-pillow-75917
04/09/2020, 12:57 PMeager-pillow-75917
04/09/2020, 5:26 PMprehistoric-account-60014
04/09/2020, 11:05 PMgs://
URLs when using RemoteAsset
or RemoteArchive
for the BucketObject
source
?abundant-airplane-93796
04/13/2020, 2:00 PMpanic: fatal: An assertion has failed: Expected diff to not require deletion or replacement during Update of urn:pulumi:production::irisvr::gcp:container/cluster:Cluster::core
whenever I try and update the masterAuthorizedNetworks
attribute of one of my GKE clusters. tried pulling detailed logs but nothing is clear to me to indicate why that's causing it to want to replace the cluster. Anyone got any tips for debugging?prehistoric-account-60014
04/14/2020, 4:19 PMgcp.container.Cluster
and it is recommended to use gcp.container.NodePool
instead? I know that this is also Terraform’s recommendation but I wasn’t able to find the rationale behind it.adorable-action-51248
04/17/2020, 8:04 AMclean-autumn-55516
04/20/2020, 5:24 PMbland-lamp-16797
04/22/2020, 2:06 PMpulumi up
is says
warning: Could not get signed url for stack location: blob (key ".pulumi/stacks/deploy.json") (code=Unknown): to use SignedURL, you must call OpenBucket with a valid Options.GoogleAccessID and exactly one of Options.PrivateKey or Options.SignBytesAny idea why pulumi uses SignedURL for the state?
clean-autumn-55516
04/23/2020, 4:14 AMhelpful-processor-86468
04/24/2020, 7:15 AMclean-autumn-55516
04/24/2020, 11:04 PMeager-vase-43200
04/26/2020, 7:46 AMlittle-photographer-65759
04/28/2020, 6:16 AMDiagnostics:
pulumi:pulumi:Stack (gke-gke-medium):
error: Running program '/Users/raminder.kaler/gcloud/forgeops/cluster/pulumi/gcp/gke' failed with an unhandled exception:
TSError: ⨯ Unable to compile TypeScript:
cluster.ts(25,12): error TS2339: Property 'names' does not exist on type 'Promise<GetZonesResult>'.
cluster.ts(36,34): error TS2339: Property 'latestNodeVersion' does not exist on type 'Promise<GetEngineVersionsResult>'.
cluster.ts(95,43): error TS2339: Property 'latestMasterVersion' does not exist on type 'Promise<GetEngineVersionsResult>'.
clean-autumn-55516
04/29/2020, 3:39 AMDiagnostics:
gcp:cloudrun:Service (api):
error: 1 error occurred:
* updating urn:pulumi:gcp-fn::gcp-functions::gcp:cloudrun/service:Service::api: Error updating Service "locations/us-central1/namespaces/[secret]-reach-collector/services/api-d7cc8a9": googleapi: Error 409: Revision named 'api-d7cc8a9-00031-pag' with different configuration already exists.
clean-autumn-55516
04/29/2020, 3:39 AMpulumi refresh
before doing a pulumi up
but no luck.hallowed-rain-9096
04/30/2020, 10:03 PMpulumi up
to generate ludicrously verbose logs that included the HTTP responses from GCP's REST API. I might be able to bludgeon Cloud Run into submission if I can see the specific error that it returns with that 409 response. Can anyone help?limited-rain-96205
05/01/2020, 5:53 PMdebug: Dismissed an error as retryable. marked as timeout - Post <https://oauth2.googleapis.com/token>: dial tcp: i/o timeout
This only happens when on our corporate VPN, but it's a little baffling because I can ping and telnet to https://oauth2.googleapis.com/ just fine (as well as any *.googleapis.com address). Is there any way to get more information about the token call it's making, beyond debug mode?clean-autumn-55516
05/04/2020, 8:51 AMconst pubSubPushAuth = new gcp.serviceAccount.IAMBinding('pub-sub-push-auth', {
members: [
`serviceAccount:<mailto:service-${gcpProjectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com|service-${gcpProjectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com>`,
],
role: 'roles/iam.serviceAccountTokenCreator',
serviceAccountId: `<mailto:projects/${gcp.config.project}/serviceAccounts/service-${gcpProjectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com|projects/${gcp.config.project}/serviceAccounts/service-${gcpProjectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com>`,
});
delightful-receptionist-13751
05/04/2020, 12:35 PMquiet-wolf-18467
05/06/2020, 9:14 PMquiet-wolf-18467
05/06/2020, 9:27 PMTo configure permissions for a service account to act as an identity that can manage other GCP resources, use the googleProjectIam set of resources.
quiet-wolf-18467
05/06/2020, 9:27 PMquiet-wolf-18467
05/06/2020, 9:51 PMgreen-school-95910
05/06/2020, 10:07 PMhallowed-rain-9096
05/06/2020, 10:07 PMhallowed-rain-9096
05/06/2020, 10:08 PMIt is how Google IAM API work. It is tricky and dangerous. And their docs are quite confusing
green-school-95910
05/06/2020, 10:10 PMquiet-wolf-18467
05/06/2020, 10:11 PMgreen-school-95910
05/06/2020, 10:11 PMquiet-wolf-18467
05/06/2020, 10:11 PMquiet-wolf-18467
05/06/2020, 10:11 PM