profile
viewpoint
Cameron Stokes clstokes @Pulumi Seattle, WA www.cameronstokes.com Helping customers succeed with @Pulumi.

clstokes/aero 18

Provides instance metadata in a cloud-agnostic manner.

clstokes/aws-elastic-beanstalk-php 12

[DEPRECATED] Run PHP on Amazon's AWS Elastic Beanstalk service.

clstokes/example-terraform-bastion 2

Example using Terraform to create a bastion host.

clstokes/instance-metadata-downloader 2

Dowload instance metadata for offline use.

clstokes/demo_tf 1

Sample TF Config for troubleshooting

push eventpulumi/docs

Joe Duffy

commit sha 0e0ce36c59d4f0ca696a893e13e8a28ff206225a

Add an automation API shoutout

view details

push time in 19 minutes

pull request commentpulumi/docs

Add a blog for building/publishing to container registries

Your site preview for commit 331bfd84 is ready! :tada:

http://pulumi-docs-origin-pr-4686-331bfd84.s3-website.us-west-2.amazonaws.com.

joeduffy

comment created time in an hour

Pull request review commentpulumi/docs

Add a blog for building/publishing to container registries

+---+title: "Build and publish container images to any cloud with Infrastructure as Code"+allow_long_title: True+authors: ["joe-duffy"]+tags: ["Docker", "Kubernetes"]+meta_desc: "Go from Dockerfile to a fully running containerized service on your cloud of choice using infrastructure as code."+date: "2020-11-30"+meta_image: "containers.png"+---++Going from a containerized application to a service running in the cloud requires a few steps beyond an application's normal build-and-test cycle. Namely it means building and publishing a container image in a registry and then consuming that image from your target environment, whether that's Kubernetes, Amazon ECS, or another container orchestrator. It's not enough to just write a Dockerfile &mdash; you will need to pick a container registry, decide whether that registry should be public or private, authenticate against it, and ideally automate deploying subsequent updates. Infrastructure as code to the rescue! In this article, we'll see how to build, publish, and consume a simple container image, across any cloud, using just a few lines of code.++## Approach++The general approach will be to create a new infrastructure as code project that++* Prepares a container registry, either public or private+* Builds and publishes your container image to that registry+* Optionally, consumes the resulting image URL from a containerized task definition in Kubernetes, Amazon ECS, or any other container orchestrator++All told, this will be just a few dozen lines of code. This article demonstrates doing this in AWS, Azure, GCP, DigitalOcean, and Docker Hub, and offers code examples in each supported Pulumi language, namely Python, JavaScript, TypeScript, Go, and C#. These steps will work for any application that has a Dockerfile and is buildable by Docker. In principle, similar steps could be applied if you prefer to build your container image using different means, such as Buildpack.++For purposes of illustration, we'll create a simple Nginx web server whose `Dockerfile` contains:++```dockerfile+FROM nginx+RUN echo "<h1>Hello, World!</h1>" > \+    /usr/share/nginx/html/index.html+```++Now, let's dive in!++## Prepare a Container Registry++The first step is to simply prepare a new container _registry_. A registry holds one or more _repositories_, each of which can store and serve many different container images with different tags and versoins. Afterwards, we'll show how to build and publish to this registry.++The specific details of how to prepare your registry differ by cloud provider, often significantly, particularly when it comes to authenticating. Pick your cloud provider to see the details:++{{% chooser cloud "aws,azure,gcp,digitalocean,docker" / %}}++{{% choosable cloud aws %}}++<p></p>++### Amazon Elastic Container Registry (ECR)++Amazon Elastic Container Registry (ECR) provides managed Docker container hosting that makes it easy to run containerized applications in your AWS account using Amazon Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS). Each account has a default registry per region, and each registry may have any number of repositories, each for a different Docker image. Each repository can store many versions of that particular image.++#### Create a New Project++To start, create a new project and [ensure it is configured to use your AWS account]({{< relref "/docs/intro/cloud-providers/aws/setup" >}}), and then scaffold your project with the imports and overall program structure that we will fill in one piece at a time:++{{< chooser language "javascript,typescript,python,go,csharp" / >}}++{{< choosable language javascript >}}++```javascript+var aws = require("@pulumi/aws");+var docker = require("@pulumi/docker");++// [Placeholder 1: Create a private ECR registry.]++// [Placeholder 2: Get registry info (creds and endpoint).]++// [Placeholder 3: Build and publish the container image.]+```++{{< /choosable >}}++{{< choosable language typescript >}}++```typescript+import * as aws from "@pulumi/aws";+import * as docker from "@pulumi/docker";++// [Placeholder 1: Create a private ECR registry.]++// [Placeholder 2: Get registry info (creds and endpoint).]++// [Placeholder 3: Build and publish the container image.]+```++{{< /choosable >}}++{{< choosable language python >}}++```python+import base64+import pulumi+import pulumi_aws as aws+import pulumi_docker as docker++# [Placeholder 1: Create a private ECR registry.]++# [Placeholder 2: Get registry info (creds and endpoint).]++# [Placeholder 3: Build and publish the container image.]+```++{{< /choosable >}}++{{< choosable language go >}}++```go+package main++import (+    "encoding/base64"+    "errors"+    "strings"++    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ecr"+    "github.com/pulumi/pulumi-docker/sdk/v2/go/docker"+    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"+)++func main() {+    pulumi.Run(func(ctx *pulumi.Context) error {+        // [Placeholder 1: Create a private ECR registry.]++        // [Placeholder 2: Get registry info (creds and endpoint).]++        // [Placeholder 3: Build and publish the container image.]+        return nil+    })+}+```++{{< /choosable >}}++{{< choosable language csharp >}}++```csharp+using System;+using System.Collections.Generic;+using System.Text;+using System.Threading.Tasks;+using Pulumi;+using Pulumi.Aws.Ecr;+using Pulumi.Docker;++class Program+{+    static Task<int> Main() => Deployment.RunAsync(async () => {+        // [Placeholder 1: Create a private ECR repository.]++        // [Placeholder 2: Get registry info (creds and endpoint).]++        // [Placeholder 3: Build and publish the container image.]+    }+}+```++{{< /choosable >}}++#### Provision an ECR Repository++Next, declare a new ECR repository resource:++{{< chooser language "javascript,typescript,python,go,csharp" / >}}++{{< choosable language javascript >}}++```javascript+// Create a private ECR repository.+var repo = new aws.ecr.Repository("my-repo");+```++{{< /choosable >}}++{{< choosable language typescript >}}++```typescript+// Create a private ECR repository.+const repo = new aws.ecr.Repository("my-repo");+```++{{< /choosable >}}++{{< choosable language python >}}++```python+# Create a private ECR repository.+repo = aws.ecr.Repository('my-repo')+```++{{< /choosable >}}++{{< choosable language go >}}++```go+// Create a private ECR repository.+repo, err := ecr.NewRepository(ctx, "my-repo", nil)+if err != nil {+    return err+}+```++{{< /choosable >}}++{{< choosable language csharp >}}++```csharp+// Create a private ECR repository.+var repo = new Repository("my-repo");+```++{{< /choosable >}}++#### Authenticate with Temporary ECR Access Token++Next, we will need to generate authentication information to access the repository, in preparation for building and publishing our image. ECR supports doing this multiple different ways, however, here we will demonstrate generating a temporary access token:++{{< chooser language "javascript,typescript,python,go,csharp" / >}}++{{< choosable language javascript >}}++```javascript+// Get registry info (creds and endpoint).+var imageName = repo.repositoryUrl;+var registryInfo = repo.registryId.apply(id => {+    return aws.ecr.getCredentials({ registryId: id }).then(credentials => {+        var decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();+        var [username, password] = decodedCredentials.split(":");+        if (!password || !username) {+            throw new Error("Invalid credentials");+        }+        return {+            server: credentials.proxyEndpoint,+            username: username,+            password: password,+        };+    });+});+```++{{< /choosable >}}++{{< choosable language typescript >}}++```typescript+// Get registry info (creds and endpoint).+const imageName = repo.repositoryUrl;+const registryInfo = repo.registryId.apply(async id => {+    const credentials = await aws.ecr.getCredentials({ registryId: id });+    const decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();+    const [username, password] = decodedCredentials.split(":");+    if (!password || !username) {+        throw new Error("Invalid credentials");+    }+    return {+        server: credentials.proxyEndpoint,+        username: username,+        password: password,+    };+});+```++{{< /choosable >}}++{{< choosable language python >}}++```python+# Get registry info (creds and endpoint).+def getRegistryInfo(rid):+    creds = aws.ecr.get_credentials(registry_id=rid)+    decoded = base64.b64decode(creds.authorization_token).decode()+    parts = decoded.split(':')+    if len(parts) != 2:+        raise Exception("Invalid credentials")+    return docker.ImageRegistry(creds.proxy_endpoint, parts[0], parts[1])+image_name = repo.repository_url+registry_info = repo.registry_id.apply(getRegistryInfo)+```++{{< /choosable >}}++{{< choosable language go >}}++```go+// Get registry info (creds and endpoint).+imageName := repo.RepositoryUrl+registryInfo := repo.RegistryId.ApplyT(func(id string) (docker.ImageRegistry, error) {+    creds, err := ecr.GetCredentials(ctx, &ecr.GetCredentialsArgs{RegistryId: id})+    if err != nil {+        return docker.ImageRegistry{}, err+    }+    decoded, err := base64.StdEncoding.DecodeString(creds.AuthorizationToken)+    if err != nil {+        return docker.ImageRegistry{}, err+    }+    parts := strings.Split(string(decoded), ":")+    if len(parts) != 2 {+        return docker.ImageRegistry{}, errors.New("Invalid credentials")+    }+    return docker.ImageRegistry{+        Server:   creds.ProxyEndpoint,+        Username: parts[0],+        Password: parts[1],+    }, nil+}).(docker.ImageRegistryOutput)+```++{{< /choosable >}}++{{< choosable language csharp >}}++```csharp+// Get registry info (creds and endpoint).+var imageName = repo.RepositoryUrl;+var registryInfo = repo.RegistryId.Apply(async (id) =>+{+    var creds = await GetCredentials.InvokeAsync(new GetCredentialsArgs { RegistryId = id });+    var decodedData = Convert.FromBase64String(creds.AuthorizationToken);+    var decoded = ASCIIEncoding.ASCII.GetString(decodedData);++    var parts = decoded.Split(':');+    if (parts.Length != 2)+    {+        throw new Exception("Invalid credentials");+    }++    return new ImageRegistry+    {+        Server = creds.ProxyEndpoint,+        Username = parts[0],+        Password = parts[1],+    };+});+```++{{< /choosable >}}++#### Alternatievly, Authenticate with ECR Credential Helper

Good catch! Fixed.

joeduffy

comment created time in 2 hours

push eventpulumi/docs

Joe Duffy

commit sha 331bfd84efc7d2572116e3ded359bdcc99b626dd

Fix some typos/formatting

view details

push time in 2 hours

Pull request review commentpulumi/docs

Add a blog for building/publishing to container registries

+---+title: "Build and publish container images to any cloud with Infrastructure as Code"+allow_long_title: True+authors: ["joe-duffy"]+tags: ["Docker", "Kubernetes"]+meta_desc: "Go from Dockerfile to a fully running containerized service on your cloud of choice using infrastructure as code."+date: "2020-11-30"+meta_image: "containers.png"+---++Going from a containerized application to a service running in the cloud requires a few steps beyond an application's normal build-and-test cycle. Namely it means building and publishing a container image in a registry and then consuming that image from your target environment, whether that's Kubernetes, Amazon ECS, or another container orchestrator. It's not enough to just write a Dockerfile &mdash; you will need to pick a container registry, decide whether that registry should be public or private, authenticate against it, and ideally automate deploying subsequent updates. Infrastructure as code to the rescue! In this article, we'll see how to build, publish, and consume a simple container image, across any cloud, using just a few lines of code.++## Approach++The general approach will be to create a new infrastructure as code project that++* Prepares a container registry, either public or private+* Builds and publishes your container image to that registry+* Optionally, consumes the resulting image URL from a containerized task definition in Kubernetes, Amazon ECS, or any other container orchestrator++All told, this will be just a few dozen lines of code. This article demonstrates doing this in AWS, Azure, GCP, DigitalOcean, and Docker Hub, and offers code examples in each supported Pulumi language, namely Python, JavaScript, TypeScript, Go, and C#. These steps will work for any application that has a Dockerfile and is buildable by Docker. In principle, similar steps could be applied if you prefer to build your container image using different means, such as Buildpack.++For purposes of illustration, we'll create a simple Nginx web server whose `Dockerfile` contains:++```dockerfile+FROM nginx+RUN echo "<h1>Hello, World!</h1>" > \+    /usr/share/nginx/html/index.html+```++Now, let's dive in!++## Prepare a Container Registry++The first step is to simply prepare a new container _registry_. A registry holds one or more _repositories_, each of which can store and serve many different container images with different tags and versoins. Afterwards, we'll show how to build and publish to this registry.++The specific details of how to prepare your registry differ by cloud provider, often significantly, particularly when it comes to authenticating. Pick your cloud provider to see the details:++{{% chooser cloud "aws,azure,gcp,digitalocean,docker" / %}}++{{% choosable cloud aws %}}++<p></p>++### Amazon Elastic Container Registry (ECR)++Amazon Elastic Container Registry (ECR) provides managed Docker container hosting that makes it easy to run containerized applications in your AWS account using Amazon Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS). Each account has a default registry per region, and each registry may have any number of repositories, each for a different Docker image. Each repository can store many versions of that particular image.++#### Create a New Project++To start, create a new project and [ensure it is configured to use your AWS account]({{< relref "/docs/intro/cloud-providers/aws/setup" >}}), and then scaffold your project with the imports and overall program structure that we will fill in one piece at a time:++{{< chooser language "javascript,typescript,python,go,csharp" / >}}++{{< choosable language javascript >}}++```javascript+var aws = require("@pulumi/aws");+var docker = require("@pulumi/docker");++// [Placeholder 1: Create a private ECR registry.]++// [Placeholder 2: Get registry info (creds and endpoint).]++// [Placeholder 3: Build and publish the container image.]+```++{{< /choosable >}}++{{< choosable language typescript >}}++```typescript+import * as aws from "@pulumi/aws";+import * as docker from "@pulumi/docker";++// [Placeholder 1: Create a private ECR registry.]++// [Placeholder 2: Get registry info (creds and endpoint).]++// [Placeholder 3: Build and publish the container image.]+```++{{< /choosable >}}++{{< choosable language python >}}++```python+import base64+import pulumi+import pulumi_aws as aws+import pulumi_docker as docker++# [Placeholder 1: Create a private ECR registry.]++# [Placeholder 2: Get registry info (creds and endpoint).]++# [Placeholder 3: Build and publish the container image.]+```++{{< /choosable >}}++{{< choosable language go >}}++```go+package main++import (+    "encoding/base64"+    "errors"+    "strings"++    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ecr"+    "github.com/pulumi/pulumi-docker/sdk/v2/go/docker"+    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"+)++func main() {+    pulumi.Run(func(ctx *pulumi.Context) error {+        // [Placeholder 1: Create a private ECR registry.]++        // [Placeholder 2: Get registry info (creds and endpoint).]++        // [Placeholder 3: Build and publish the container image.]+        return nil+    })+}+```++{{< /choosable >}}++{{< choosable language csharp >}}++```csharp+using System;+using System.Collections.Generic;+using System.Text;+using System.Threading.Tasks;+using Pulumi;+using Pulumi.Aws.Ecr;+using Pulumi.Docker;++class Program+{+    static Task<int> Main() => Deployment.RunAsync(async () => {+        // [Placeholder 1: Create a private ECR repository.]++        // [Placeholder 2: Get registry info (creds and endpoint).]++        // [Placeholder 3: Build and publish the container image.]+    }+}+```++{{< /choosable >}}++#### Provision an ECR Repository++Next, declare a new ECR repository resource:++{{< chooser language "javascript,typescript,python,go,csharp" / >}}++{{< choosable language javascript >}}++```javascript+// Create a private ECR repository.+var repo = new aws.ecr.Repository("my-repo");+```++{{< /choosable >}}++{{< choosable language typescript >}}++```typescript+// Create a private ECR repository.+const repo = new aws.ecr.Repository("my-repo");+```++{{< /choosable >}}++{{< choosable language python >}}++```python+# Create a private ECR repository.+repo = aws.ecr.Repository('my-repo')+```++{{< /choosable >}}++{{< choosable language go >}}++```go+// Create a private ECR repository.+repo, err := ecr.NewRepository(ctx, "my-repo", nil)+if err != nil {+    return err+}+```++{{< /choosable >}}++{{< choosable language csharp >}}++```csharp+// Create a private ECR repository.+var repo = new Repository("my-repo");+```++{{< /choosable >}}++#### Authenticate with Temporary ECR Access Token++Next, we will need to generate authentication information to access the repository, in preparation for building and publishing our image. ECR supports doing this multiple different ways, however, here we will demonstrate generating a temporary access token:++{{< chooser language "javascript,typescript,python,go,csharp" / >}}++{{< choosable language javascript >}}++```javascript+// Get registry info (creds and endpoint).+var imageName = repo.repositoryUrl;+var registryInfo = repo.registryId.apply(id => {+    return aws.ecr.getCredentials({ registryId: id }).then(credentials => {+        var decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();+        var [username, password] = decodedCredentials.split(":");+        if (!password || !username) {+            throw new Error("Invalid credentials");+        }+        return {+            server: credentials.proxyEndpoint,+            username: username,+            password: password,+        };+    });+});+```++{{< /choosable >}}++{{< choosable language typescript >}}++```typescript+// Get registry info (creds and endpoint).+const imageName = repo.repositoryUrl;+const registryInfo = repo.registryId.apply(async id => {+    const credentials = await aws.ecr.getCredentials({ registryId: id });+    const decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();+    const [username, password] = decodedCredentials.split(":");+    if (!password || !username) {+        throw new Error("Invalid credentials");+    }+    return {+        server: credentials.proxyEndpoint,+        username: username,+        password: password,+    };+});+```++{{< /choosable >}}++{{< choosable language python >}}++```python+# Get registry info (creds and endpoint).+def getRegistryInfo(rid):+    creds = aws.ecr.get_credentials(registry_id=rid)+    decoded = base64.b64decode(creds.authorization_token).decode()+    parts = decoded.split(':')+    if len(parts) != 2:+        raise Exception("Invalid credentials")+    return docker.ImageRegistry(creds.proxy_endpoint, parts[0], parts[1])+image_name = repo.repository_url+registry_info = repo.registry_id.apply(getRegistryInfo)+```++{{< /choosable >}}++{{< choosable language go >}}++```go+// Get registry info (creds and endpoint).+imageName := repo.RepositoryUrl+registryInfo := repo.RegistryId.ApplyT(func(id string) (docker.ImageRegistry, error) {+    creds, err := ecr.GetCredentials(ctx, &ecr.GetCredentialsArgs{RegistryId: id})+    if err != nil {+        return docker.ImageRegistry{}, err+    }+    decoded, err := base64.StdEncoding.DecodeString(creds.AuthorizationToken)+    if err != nil {+        return docker.ImageRegistry{}, err+    }+    parts := strings.Split(string(decoded), ":")+    if len(parts) != 2 {+        return docker.ImageRegistry{}, errors.New("Invalid credentials")+    }+    return docker.ImageRegistry{+        Server:   creds.ProxyEndpoint,+        Username: parts[0],+        Password: parts[1],+    }, nil+}).(docker.ImageRegistryOutput)+```++{{< /choosable >}}++{{< choosable language csharp >}}++```csharp+// Get registry info (creds and endpoint).+var imageName = repo.RepositoryUrl;+var registryInfo = repo.RegistryId.Apply(async (id) =>+{+    var creds = await GetCredentials.InvokeAsync(new GetCredentialsArgs { RegistryId = id });+    var decodedData = Convert.FromBase64String(creds.AuthorizationToken);+    var decoded = ASCIIEncoding.ASCII.GetString(decodedData);++    var parts = decoded.Split(':');+    if (parts.Length != 2)+    {+        throw new Exception("Invalid credentials");+    }++    return new ImageRegistry+    {+        Server = creds.ProxyEndpoint,+        Username = parts[0],+        Password = parts[1],+    };+});+```++{{< /choosable >}}++#### Alternatievly, Authenticate with ECR Credential Helper
#### Alternatively, Authenticate with ECR Credential Helper
joeduffy

comment created time in 5 hours

pull request commentpulumi/docs

Add a blog for building/publishing to container registries

Your site preview for commit b6eaa715 is ready! :tada:

http://pulumi-docs-origin-pr-4686-b6eaa715.s3-website.us-west-2.amazonaws.com.

joeduffy

comment created time in 7 hours

push eventpulumi/docs

Joe Duffy

commit sha b6eaa7155fdf5ebe6da007fd4edc0fdb53d7dfb7

Add a preview image

view details

push time in 7 hours

PR opened pulumi/docs

Add a blog for building/publishing to container registries

This new blog post shows the basics of using Pulumi to provision a container registry on a given cloud -- with examples on AWS, Azure, GCP, DigitalOcean, and Docker Hub -- and then build/publish a container image using our docker.Image component. It also demonstrates consuming the resulting image from a Kubernetes service. All examples are available in all languages: JavaScript, TypeScript, Python, Go, and C#.

+2259 -1

0 comment

2 changed files

pr created time in 11 hours

create barnchpulumi/docs

branch : joeduffy/container_build_publish_blog

created branch time in 11 hours

issue commentpulumi/pulumi-azure

AutoscaleSetting recurrence does not allow specifying an end time

Hi @reddyalready

There is no endDate as part of recurrence

There is an endDate as part of fixedDate

https://www.pulumi.com/docs/reference/pkg/azure/monitoring/autoscalesetting/#autoscalesettingprofile

Paul

reddyalready

comment created time in 11 hours

issue commentpulumi/pulumi-azure-nextgen

Support for ARM's listCredentials or equivalent

We do support it. Docs: https://www.pulumi.com/docs/reference/pkg/azure-nextgen/containerregistry/listregistrycredentials/ Example: https://github.com/mikhailshilkov/temporal-samples/blob/main/azure-aks/temporal.ts#L53-L59

Unless you mean arm2pulumi issues?

joeduffy

comment created time in 12 hours

issue openedpulumi/pulumi-azure-nextgen

Support for ARM's listCredentials or equivalent

I was porting some ARM logic for provisioning and publishing to an Azure Container Registry (e.g., see this article) and ran into the need for listCredentials, which we don't seem to have an equivalent for (unless I am missing it). (Related to https://github.com/pulumi/pulumi-azure-nextgen/issues/37, however, this is different from many other built-ins, since it's not trivially replaceable by a language or library construct.) Is this something we intend to offer as a built-in function of this package? I can learn how to do it in the Azure SDK for each chosen language, but after a few moments of looking, that doesn't appear to be terribly straightforward.

created time in 12 hours

issue openedpulumi/pulumi-azure-nextgen

Add provider/configuration docs

Unless I'm missing it, we don't seem to have the Azure NextGen equivalent of https://www.pulumi.com/docs/intro/cloud-providers/azure/setup/.

I went looking for this after realizing that azure-nextgen:location doesn't work like the old provider does and wanted to see if there were any configurable options.

Related to https://github.com/pulumi/docs/issues/4295 but seems distinct enough to file an issue on this.

created time in 13 hours

issue commentpulumi/examples

azure-ts-aks-helm example fails

Adjusting the import and using helm3 seems to help, i.e.

import * as k8s from "@pulumi/kubernetes";
...
const apache = new k8s.helm.v3.Chart(...
winjer

comment created time in 13 hours

issue commentpulumi/pulumi-azure-nextgen

arm2pulumi: Not handling case-insensitivity correctly

@joeduffy Yes see https://github.com/pulumi/pulumi-azure-nextgen/issues/37 for template coverage tracker.

MitchellGerdisch

comment created time in 20 hours

issue openedpulumi/pulumi-docker

Feature request: provide a way to run docker network connect

So that you can connect a container to an existing network.

created time in a day

issue commentpulumi/pulumi

Error when trying to change secret provider

Let me know if there is anything I can do help triage this. I do need to get going on the workaround, but that will probably take a couple of days to finish.

mastoj

comment created time in a day

issue openedpulumi/pulumi

Error when trying to change secret provider

<!--- Provide a general summary of the issue -->

I want to change secret provider from one azure keyvault to another one.

The command I'm running is:

pulumi stack change-secrets-provider "azurekeyvault:/<path to keyvault>"

Expected Behavior

The provider is changed for the selected stack, and the config secret and stack outputs are changed accordingly.

Current Behavior

Some error message about bad parameter

error: secrets (code=InvalidArgument): keyvault.BaseClient#Decrypt: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadParameter" Message="The parameter is incorrect.\r\n"

Steps to Reproduce

  1. Set up keyvault for a stack
  2. Create a second keyvault
  3. Run pulumi stack change-secrets-provider "azurekeyvault:/<path to keyvault>"

Context (Environment)

OS version:

No LSB modules are available.
Distributor ID:	Pop
Description:	Pop!_OS 20.10
Release:	20.10
Codename:	groovy

(based of ubuntu)

Pulumi version: 2.14.0

Impact

Due to policies I do need to change the keyvault. The impact of not doing so is that other developers doesn't have access to pulumi. The goal here is to show value of pulumi before going through internal process of buying licenses.

Things I've tried

To verify that I have access to both keyvault from the CLI I have created a stack using both keyvaults and created a secret using pulumi config set x y --secret against both stacks without problem. The problem is only there when I try to change from one keyvault to another.

I've also tried to run with verbose logging, but there is no more information even with log level 9.

created time in a day

issue commentpulumi/pulumi-kubernetes

Pulumi failing to install kube-prometheus helm chart

Works perfectly with the typescript sdk, thanks

bradkyle

comment created time in a day

issue closedpulumi/pulumi-kubernetes

Pulumi failing to install kube-prometheus helm chart

Problem description

Truing to install kube-prometheus helm chart found the bitnami repository or the kube-prometheus stack from the prometheus community as follows:

self.prometheus_chart = k8s.helm.v3.Chart(
           "prometheus",
            k8s.helm.v3.ChartOpts(
               chart="kube-prometheus-stack",
               fetch_opts=k8s.helm.v3.FetchOpts(
                   repo="https://prometheus-community.github.io/helm-charts",
               ),
       ))
 self.prometheus_chart = k8s.helm.v3.Chart(
            "prometheus-operator",
             k8s.helm.v3.ChartOpts(
                chart="kube-prometheus",
                fetch_opts=k8s.helm.v3.FetchOpts(
                    repo="https://charts.bitnami.com/bitnami",
                ),
        ))

returns the following error

pulumi:pulumi:Stack (dev):
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"
  2020/11/24 03:27:45 info: skipping unknown hook: "crd-install"

 error: Program failed with an unhandled exception:
  error: Traceback (most recent call last):
    File "/home/thora/.pulumi/bin/pulumi-language-python-exec", line 85, in <module>
      loop.run_until_complete(coro)
    File "/home/thora/.conda/lib/python3.7/asyncio/base_events.py", line 584, in run_until_complete
      return future.result()
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/stack.py", line 83, in run_in_stack
      await run_pulumi_func(lambda: Stack(func))
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
      await RPC_MANAGER.rpcs.pop()
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/rpc_manager.py", line 67, in rpc_wrapper
      result = await rpc
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/resource.py", line 451, in do_register_resource_outputs
      serialized_props = await rpc.serialize_properties(outputs, {})
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/rpc.py", line 75, in serialize_properties
      result = await serialize_property(v, deps, input_transformer)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/rpc.py", line 197, in serialize_property
      value = await serialize_property(output.future(), deps, input_transformer)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/runtime/rpc.py", line 183, in serialize_property
      future_return = await asyncio.ensure_future(awaitable)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 113, in get_value
      val = await self._future
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 185, in run
      return await transformed.future(with_unknowns=True)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 113, in get_value
      val = await self._future
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 185, in run
      return await transformed.future(with_unknowns=True)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 113, in get_value
      val = await self._future
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 154, in run
      value = await self._future
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 338, in gather_futures
      return await asyncio.gather(*value_futures)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 113, in get_value
      val = await self._future
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 154, in run
      value = await self._future
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi/output.py", line 175, in run
      transformed: Input[U] = func(value)
    File "/home/thora/.conda/lib/python3.7/site-packages/pulumi_kubernetes/yaml.py", line 519, in <lambda>
      CustomResourceDefinition(f"{x}", opts, **obj)))]
  TypeError: __init__() got an unexpected keyword argument 'status'
  error: an unhandled error occurred: Program exited with non-zero exit code: 1

pip show pulumi

Name: pulumi
Version: 2.14.0
Summary: Pulumi's Python SDK
Home-page: https://github.com/pulumi/pulumi
Author: None
Author-email: None
License: Apache 2.0
Location: /home/thora/.conda/lib/python3.7/site-packages
Requires: dill, protobuf, grpcio
Required-by: pulumi-tls, pulumi-terraform, pulumi-random, pulumi-policy, pulumi-kubernetes, pulumi-kafka, pulumi-github, pulumi-gcp, pulumi-docker

pip show pulumi_kubernetes

Version: 2.7.2
Summary: A Pulumi package for creating and managing Kubernetes resources.
Home-page: https://pulumi.com
Author: None
Author-email: None
License: Apache-2.0
Location: /home/thora/.conda/lib/python3.7/site-packages
Requires: pulumi, semver, requests, parver, pyyaml
Required-by:

minikube version


minikube version: v1.13.0
commit: v1.13.0

Assuming this is an issue with the CustomResource def and not the helm chart? Any tips on how one should solve this? Thanks

closed time in a day

bradkyle

issue closedpulumi/pulumi

Migrate from Sun’s

closed time in a day

admin-simeon

issue commentpulumi/pulumi

Pulumi/actions Github action should support mapping stack output to step outputs

Please see https://www.azurefromthetrenches.com/integrating-pulumi-stack-output-with-github-actions/ for an end user's experience here. We should definitely make this easier, but in the meantime, hopefully this post helps others.

amichel

comment created time in a day

issue commentpulumi/pulumi

Unable to manually fix stack state due to dependencies

Yes, I realise that's not what --force is intended for (to delete any resources with protect=True flag)

but something analogous to that for this case would be useful

anentropic

comment created time in a day

push eventpulumi/pulumi-aiven

stack72

commit sha 4494c12b38e6d29572dc7a2d1f6078b924e9b28f

Upgrade to pulumi-terraform-bridge v2.13.2

view details

Paul Stack

commit sha 29de5c640bdc58d7ffee8b6d80c3bde5bc60ac86

Merge pull request #84 from pulumi/pulumi-terraform-v2.13.2 Upgrade to pulumi-terraform-bridge v2.13.2

view details

stack72

commit sha ff45624cc2b10d608cb8b0cc5261726a5de42675

Upgrade to v2.1.0 of the Aiven Terraform Provider

view details

push time in a day

issue commentpulumi/pulumi-eks

Support CoreDNS and KubeProxy updates

HI! I need to do this, but I do not know how to do this. There are some solutions?

gitfool

comment created time in a day

issue commentpulumi/pulumi-kubernetes

Pulumi failing to install kube-prometheus helm chart

Thanks for the response, will give it a go with typescript.

bradkyle

comment created time in a day

more