https://pulumi.com logo
Powered by
a

adamant-dress-73325

03/21/2019, 1:54 AM
@lemon-spoon-91807 Hi, Is there a way for the pulumi/awsx package to support TLS protocol on NetworkListener? It looked like a nice abstraction but I was unable to figure it out, cause the readme example (https://github.com/pulumi/pulumi-awsx/tree/master/nodejs/awsx/elasticloadbalancingv2) seems to be out of date. This seems to be the issue, https://github.com/pulumi/pulumi-awsx/blob/master/nodejs/awsx/elasticloadbalancingv2/network.ts#L127
l

lemon-spoon-91807

03/21/2019, 1:54 AM
ick, that's written badly. it should have that as the default, but allow you to specify TLS.
i'll fix tonight
we're planning on pushing a new release hopefully tomorrow
sorry about that!
a

adamant-dress-73325

03/21/2019, 1:58 AM
No worries! Pulumi dev experience has been pretty amazing, awsx is quite an improvement over Cloud.Service for me.
l

lemon-spoon-91807

03/21/2019, 2:00 AM
great to hear!
Hey Richard! are you there? the 0.17.1 release of awsx now supports this
if you're on 0.17 already, then this should be trivial to move to
if you're on 0.16 though, moving to 0.17 is a larger sort of change, so i would be more conscientious about moving forward.
a

adamant-dress-73325

03/22/2019, 6:22 PM
Thanks, I’m on 0.17 will try it out later
Alright, almost working, but need certificateARN added to the args. Following does not type-check:
Copy code
const worthTLSListener = worthTargetGroup.createListener("sandbox_worth", {
    port: 443,
    protocol: "TLS",
    certificateArn: worthCert.arn,
    sslPolicy: "ELBSecurityPolicy-2016-08"
  });
Also protocols should be limited to 
TCP, TLS
on NLBs in the types, I think.
l

lemon-spoon-91807

03/25/2019, 5:55 PM
@adamant-dress-73325 These have gone through. I'm creating a new tagged release for you to use
a

adamant-dress-73325

03/25/2019, 5:56 PM
Thanks πŸ‘
l

lemon-spoon-91807

03/25/2019, 5:57 PM
and i think you're right about the protocols
i can make that change later. but there's a high turnaroundtime getting releases out. so i can patch that afterwards
Are you Blitz2145 btw?
oh. same avatar image. so presumably yes πŸ™‚
a

adamant-dress-73325

03/25/2019, 11:01 PM
yup, thats me. Thanks for the release, will try to make some more PRs if I can get to them
Got another puzzle for you, create an ALB with HTTPS, then change that resource to an NLB with TLS, I cannot seem to get it to work, error message is:
Copy code
Resources:
    + 1 to create
    - 8 to delete
    +-1 to replace
    3 changes. 40 unchanged

Do you want to perform this update? yes
Updating (sandbox-peopleticker-dev):

     Type                                                    Name                                   Status                  Info
     pulumi:pulumi:Stack                                     peopleticker-sandbox-peopleticker-dev
 >   β”œβ”€ aws:ec2:Vpc                                          default-vpc                            read
     β”œβ”€ awsx:x:ec2:Vpc                                       default-vpc
 >   β”‚  β”œβ”€ aws:ec2:Subnet                                    default-vpc-public-0                   read
 >   β”‚  └─ aws:ec2:Subnet                                    default-vpc-public-1                   read
     └─ awsx:x:elasticloadbalancingv2:NetworkLoadBalancer    sandbox_worth_load_balancer
        └─ awsx:x:elasticloadbalancingv2:NetworkTargetGroup  sandbox_worth_target_group
           └─ awsx:x:elasticloadbalancingv2:NetworkListener  sandbox_worth_redirect
 +            └─ aws:elasticloadbalancingv2:Listener         sandbox_worth_redirect                 **creating failed**     1 error

Diagnostics:
  aws:elasticloadbalancingv2:Listener (sandbox_worth_redirect):
    error: Plan apply failed: Error creating LB Listener: ValidationError: A certificate must be specified for TLS listeners
        status code: 400, request id: d6c4bc53-4f56-11e9-aeb1-f3f67ccce013
@lemon-spoon-91807 just checking to see if you saw this last issue I ran into, I can file a proper GitHub issue if ya need.
l

lemon-spoon-91807

03/27/2019, 7:09 PM
fascinating
i mean... they're totally different types, so i'ts not clear how they would have a relation
i would expect it would be just a delete followed by a create.
Super dumb question, but you did provide the certificate right? πŸ˜„
a

adamant-dress-73325

03/27/2019, 7:22 PM
I did lol
I’ll try to post a reproducible case when I get some time later today
l

lemon-spoon-91807

03/27/2019, 7:24 PM
ok...
i honestly don't understand what could be the issue then
ignorin the change of ALB to NLB, are you just able to make an NLB that uses SSL+certificate?
a

adamant-dress-73325

03/27/2019, 7:30 PM
Yup, NLB creation worked with SSL+cert. It was only the transition from ALB -> NLB that did not work
l

lemon-spoon-91807

03/27/2019, 7:30 PM
i....
i have no idea...
do you have the logs for this
that is insane πŸ™‚
a

adamant-dress-73325

03/27/2019, 7:31 PM
I can collect more logs, I only recorded the pulumi output above. Just tell me how to make pulumi verbose
l

lemon-spoon-91807

03/27/2019, 7:31 PM
--debug --verbose 7 --logtostderr
can you show me your code too?
how you passed the certificate arn
looking at terraform, they have a 5 min timeout on this
so i'm wondering if it was an ephemeral issue wher ethe cert didn't properly get created and registered with teh LB in the appropraite amount of time
a

adamant-dress-73325

03/27/2019, 10:46 PM
This is the code I was running
index.ts
Copy code
{
  "name": "typescript",
  "devDependencies": {
    "@types/node": "10.14.3"
  },
  "dependencies": {
    "@pulumi/aws": "0.17.1",
    "@pulumi/awsx": "0.17.3",
    "@pulumi/pulumi": "0.17.2"
  }
}
@lemon-spoon-91807 Here’s the code I was running, when I ran into the cert issue
Powered by