Still looking for a fix for enabling Azure managed certifica Pulumi Community #general

Still looking for a fix for enabling Azure managed...

salmon-printer-16080

06/01/2022, 10:24 PM

Still looking for a fix for enabling Azure managed certificates on a Web App - specifically using a traffic manager in front of the endpoints which allows https.

salmon-printer-16080

06/01/2022, 10:41 PM

It looks like Azure / Pulumi integration is not great currently. The docs are not very good at explaining how or what to pass into the binding to get it working as expected. Would love for someone to look into this issue further 🙂

salmon-printer-16080

06/01/2022, 11:00 PM

Looks like its related to this open issue: https://github.com/pulumi/pulumi-azure-native/issues/578 I will try some solutions today.

crooked-sunset-90921

06/01/2022, 11:10 PM

Ha I was about to paste you the link to that issue... it sucked my soul for days to get to a fix for those certs. Try my workaround with the two passes

crooked-sunset-90921

06/01/2022, 11:10 PM

https://github.com/pulumi/pulumi-azure-native/issues/578#issuecomment-966880117

crooked-sunset-90921

06/01/2022, 11:11 PM

And also consider whether you need Web App, or could you do your deployment using Static Site? https://www.pulumi.com/registry/packages/azure-native/api-docs/web/staticsite/

crooked-sunset-90921

06/01/2022, 11:12 PM

We've since switched most of our code to static sites and it's cut our pulumi resources down to 10% of what they were before, lot less complexity and Azure cost

salmon-printer-16080

06/01/2022, 11:30 PM

Hey Marko, Ill give it a try now

👍 1

salmon-printer-16080

06/02/2022, 4:08 AM

Sadly we still have issues, even by creating a binding before the certificate, and then re-running, the binding cannot be updated. Pulumi wants to remove and re-create it, which It cannot do as its already in use.

salmon-printer-16080

06/02/2022, 4:09 AM

Following a similar process as you, where we had a catch for when a binding did not exist, then when it did exist, create the cert and update the binding.

salmon-printer-16080

06/02/2022, 10:45 PM

Here is what happens when I try update the binding after creating the certificate. It tries to replace the current binding; but this does not work as we get another error, which states that we can only remove the domain via the traffic manager (remove the endpoint I assume). I pretty much followed your suggestion. Just wondering if we can force that existing binding to be updated instead of removed?

salmon-printer-16080

06/02/2022, 10:50 PM

So the steps taken to reproduce: 1. Create a Azure Webapp 2. Create the a traffic manager profile and an external endpoint, pointing to the app. 3. Create a base hostname binding, without

sslstate

and

thumbprint

set, this links the app to the traffic manager endpoint. 4. Create the certificate on that app, which points to the Traffic Manager endpoint we setup earlier. 5. Update the hostname binding with the

sslstate

and

thumbprint

set. a. This is where I am stuck, it wants to delete and re-create this, but It cannot as it is in use by the traffic manager endpoint that was created.) b. We also cannot remove the endpoint, and the original binding in the app is using it, creating our circular dependency.

7 Views

Open in Slack

Previous Next