wide-cat-87818
11/09/2022, 2:35 PMvirtualenv
project configuration are not yet supported
Are there any plans to support this usecase in the future?fresh-minister-66960
11/10/2022, 8:04 PMdef deploy_code_to_aws(metadata):
"""
Deploy all the resources to aws using Pulumi.
"""
def pulumi_program():
pass
project_name = metadata.bucket
stack_name = "Dev"
stack = auto.create_or_select_stack(
stack_name=stack_name, project_name=project_name, program=pulumi_program
)
print("successfully initialized stack")
print("installing plugins...")
stack.workspace.install_plugin("aws", "v4.0.0")
print("plugins installed")
print("setting up config")
stack.set_config("aws:region", auto.ConfigValue(value=metadata.region))
stack.set_config(
"aws:profile", auto.ConfigValue(value=metadata.profile_name)
)
print("config set")
print("refreshing stack...")
stack.refresh(on_output=print)
print("refresh complete")
print("updating stack...")
up_res = stack.up(on_output=print)
print(f"update summary: \n{json.dumps(up_res.summary.resource_changes, indent=4)}")
My question is: How can I update this code so we can start using Remote Deployments? (We already requested access)
From this example I know we have the option to call create_or_select_remote_stack_git_source()
but we donāt have a āgit sourceā we just wanted to grab the pulumi program/stack that we wrote and send that to a Pulumi Deployment remote server so it can process the stack instead of processing everything on our local machines.
Is that even possible? Is there another way we could accomplish that with Remote Deployments?quaint-hydrogen-7228
11/14/2022, 9:50 AMgreat-smartphone-86927
11/14/2022, 7:03 PMquaint-hydrogen-7228
11/15/2022, 10:38 PMbillowy-horse-79629
11/17/2022, 2:40 PMgifted-cat-49297
11/28/2022, 10:35 AMfresh-minister-66960
11/29/2022, 9:00 PMaws:lambda:Function (XXXXX):
44
error: 1 error occurred:
45
* error creating Lambda Function (1): AccessDeniedException:
46
status code: 403, request id: 2224b871-f8fc-43f9-baf5-c62809b1779d
I am creating a new account in my organization using IAM credentials of an admin user in my main account. Will post the code in a comment here.lemon-agent-27707
12/13/2022, 7:07 PMhallowed-oil-54879
12/13/2022, 7:55 PMlemon-agent-27707
01/05/2023, 4:21 AMflat-engineer-30260
01/05/2023, 5:35 AMlemon-agent-27707
01/06/2023, 3:48 AMflat-engineer-30260
01/06/2023, 10:48 AMpulumi config set --secret kubernetes:kubeconfig --path ~/.kube/config
, something like this, it won't load the file content. The only worked way is to read it from the local file pulumi_k8s = kubernetes.Provider("pulumi_k8s", kubeconfig=(lambda path: open(path).read())("kubeconfig"))
, but it is not secure to store kubeconfig file in github.lemon-agent-27707
01/09/2023, 10:10 PMadorable-area-51412
01/20/2023, 4:05 PMeager-keyboard-30823
02/16/2023, 1:13 PMeager-keyboard-30823
02/21/2023, 2:02 PMGOOGLE_CREDENTIALS
? Trying to figure out how to login to the docker registry on the deployment runner.nice-rain-32013
02/22/2023, 11:47 AMlimited-account-35949
02/23/2023, 1:57 PMsparse-intern-71089
03/02/2023, 11:27 AMrhythmic-traffic-52280
03/02/2023, 8:09 PMdry-journalist-60579
03/14/2023, 9:47 PMruntime:
name: python
options:
virtualenv: venv
in my Pulumi.yaml because locally we use poetry run pulumi up
and poetry uses the correct virtualenv automatically.
Side note: we are using a custom docker image for deployments because weāre using python 3.10 so I built one:
# based on <https://github.com/pulumi/pulumi-docker-containers/blob/main/docker/pulumi/Dockerfile>
FROM python:3.10-slim
RUN apt-get update -y && \
apt-get install -y \
curl
# Passing --build-arg PULUMI_VERSION=vX.Y.Z will use that version
# of the SDK. Otherwise, we use whatever <http://get.pulumi.com|get.pulumi.com> thinks is
# the latest
ARG PULUMI_VERSION
# Install the Pulumi SDK, including the CLI and language runtimes.
RUN curl -fsSL <https://get.pulumi.com/> | bash -s -- --version $PULUMI_VERSION
# Install Poetry
ENV POETRY_HOME=/usr/local
RUN curl -sSL <https://install.python-poetry.org> | python3 -
# Create wrappers such that pulumi commands always run with poetry
COPY ./create-poetry-wrappers.sh /usr/local/bin
RUN create-poetry-wrappers.sh
ENTRYPOINT ["/bin/bash", "-c"]
CMD [ "/bin/bash" ]
I thought that I could create some wrapper scripts to force poetry run ā¦
on pulumi, but it seems like the /pulumi-deploy-executor
is not ? somehow? using the pulumi located in the containerās $PATH?dry-journalist-60579
03/15/2023, 4:02 PMGitHub rate limit exceeded, try again in 23.838081389s. You can set GITHUB_TOKEN to make an authenticated request with a higher rate limit.
? Iām seeing this at the end of my deployment runs that I trigger manually from the UIdry-journalist-60579
03/16/2023, 4:25 PMdry-journalist-60579
03/16/2023, 10:40 PMrole/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AWSAdministratorAccess_xxxxxxxxx (the role I am logged into via the CLI)
=> assumes
role/service-role/AWSControlTowerAdmin (via Pulumi.<stack>.yaml config var aws:assumeRole.roleArn)
=> assumes
role/AWSControlTowerExecution (via `aws.Provider` in the Pulumi code)
locally this works. When running via Pulumi Deployments it doesnāt seem to. The Deployment āconfigurationā seems to show the correct aws:assumeRole
value but it doesnāt get assumed. It basically skips the middle assumption and uses the Deployment role to try to directly assume the 3rd role, AWSControlTowerExecution and it fails.
If anything Iād expect to see that assumed-role/PulumiOIDC/pulumi
cannot assume role/service-role/AWSControlTowerAdmin
or that role/service-role/AWSControlTowerAdmin
cannot assume role/AWSControlTowerExecution
, but Iām getting assumed-role/PulumiOIDC/pulumi
cannot assume role/AWSControlTowerExecution
.
This makes me think that the deploy executor is not respecting the Pulumi.<stack>.yaml
configurationā¦dry-journalist-60579
03/22/2023, 7:10 PMpulumi up
on every commit that happens on a branch, say, the main
branch. This would mean that only after you merge a PR does pulumi
run. What do people do to preview changes during the branch development?lemon-agent-27707
03/25/2023, 6:17 PMlemon-agent-27707
03/29/2023, 3:27 PMelegant-gigabyte-8733
03/29/2023, 9:55 PMelegant-gigabyte-8733
03/29/2023, 9:55 PMlemon-agent-27707
03/29/2023, 10:57 PMelegant-gigabyte-8733
03/30/2023, 3:53 AM