no problem creating via “gcloud container” with no ip aliases and autoassign range.

Is there a new API requirement for deploying Cloud Functions that wasn’t there before?

Error waiting for Creating CloudFunctions Function: Error code 7, message: Build failed: Cloud Build API has not been used in project 669636788185 before or it is disabled. Enable it by visiting <https://console.developers.google.com/apis/api/cloudbuild.googleapis.com/overview?project=669636788185> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

\

I think you meant for the other slash

/shrug

¯\_(ツ)_/¯

Hello everyone, I need to pass to my container using cloud run a secret stored in google secret manager. One solution I found is obviously to get the secret in a CI/CD pipeline, store it as an env variable and pass it down to the container as a part of the configuration using Pulumi. Is this the right solution, are there better solutions?

maybe @green-school-95910 knows how to use secretEnvs

property *secretRef*

secretRef?: outputs.cloudrun.ServiceTemplateSpecContainerEnvFromSecretRef;

The Secret to select from. Structure is documented below.

however this looks like an output

secretEnvs are not for that. Those are for attaching k8s secrets when running Cloud Run on GKE/Anthos. It is not supported on managed

Your solution is one that I would recommend if it's not critically sensitive information

For strictly sensitive information I would recommend not to set it from the CI in plaintext. In this case you can either add an entry script to your container that will get the secret, then pass the name of the secret as an env variable

Or to use Runtime Configurator

what is runtime configurator?

I am applying the project seed pattern where I create a new project with pulumi starting from a root project: I create a bucket, I enable cloud run, all works, except when I create a topic subscription that fails with 403. What I don’t understand is whether my topic subscription is getting created with the service account of cloud build (where I run pulumi) or the default service account for the newly created project

creating failed error: Error creating Subscription: googleapi: Error 403: User not authorized to perform this action.

That’s really akward, @green-school-95910 do you have any hint on this? both my cloud build and my project default service acount have the role pubsub editor

Hi. How can one deploy a docker container onto a Google Compute Engine instance without using Kubernetes? This is covered by https://registry.terraform.io/modules/terraform-google-modules/container-vm/google/2.0.0 in terraform.

Hey guys, I think I have hit an infinite recursion problem, activating the service usage API fails with pulumi because… well because the service usage API has not been activated yet! cpprojectsService (EnableServiceUsage): gcpprojectsService (EnableServiceUsage): Step #9 - “Pulumi Create Stack”: error: Error when reading or editing Project Service : Request “List Project Services my-project” returned error: Failed to list enabled services for project my-project: googleapi: Error 403: Service Usage API has not been used in project XYZ before or it is disabled. Enable it by visiting XYZ then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

Hi all. I have some pulumi programs that works fine on my pc and was working fine in a GCP instance. From a while, launching in the instance: it seems freezed.

I’m launching it with TF_LOG=trace and “-d” but I have no debug output.

Stacks are on GCS.

ideas?

Hi, I just learned of Pulumi today. I'm evaluating whether to move to it from Terraform.

I asked this question in the Github, but does anyone know if it is possible to create projects with the typescript library? Maybe like this?

import * as pulumi from '@pulumi/pulumi';
import * as gcp from '@pulumi/gcp';

const projectName = 'my-project'
const project = new gcp.projects.Project('my-project');

is there a way of specifying a serviceaccount for

gcp.container.Cluster

?

Hi 👋 - I’m struggling to replicate in Pulumi something I can do through the console UI which is to create a VPC Connector for a Cloud Run Service. Does anyone know what the right resource is that I’m looking for? Is it

gcp_._servicenetworking_._Connection

?

Hey guys, I have opened an issue on providing better instructions for testing

Another silly question - when specifying a container image for cloud run I seem to have to specify the full image (with tag). This seems annoying since every time I run

pulumi up

it will change the running image. How are people dealing with this?

Do you tag each image twice or is there a way to configure pulumi to only change the image if it’s not set.