Two questions I have. I am using pulumi to provisi...
# getting-started
Two questions I have. I am using pulumi to provision azure storage accounts (amongst other resources). My app will also be provisioning containers in these storage accounts). So when Pulumi next interacts with these storage accounts, it would want to delete these containers? How can I tell it to ignore this. Also, if I use pulumi to lock resource groups how does pulumi handle this if the resource group needs recreating?
Are you deleting the storage containers from your program?
Are you able to share the relevant portions of your Pulumi program? To @stocky-restaurant-98004’s point, that will help us determine what the expected behavior should be.
The app will create containers using sdks. As pulumi wouldn't have created this wouldn't it delete it? Both questions are actually hypothetical but things I will be doing in the future
Pulumi has a Docker provider that can create containers for you FYI. But with an IaC tool, you'll want the entire lifecycle of the resource to be controlled by IaC. If you never want something deleted, Pulumi has an option that will enable this behavior: A common use case for retainOnDelete would be any persistent storage in your production environment (object storage, prod DB, etc.)
Because Pulumi uses real programming languages you can easily conditionally set
, e.g. if the stack name is "prod".
Ah this is containers in azure storage account not docker:)
Are you storing the containers in a container registry?
IDK about Azure storage, but s3 buckets will not delete if there's items in the bucket (unless you set
forceDestroy: true
. Azure storage may behave similarly.
@witty-vegetable-61961 you can create a storage account container using Pulumi instead of the SDK, which would mean that Pulumi will manage the storage account and the containers within it. Is there a reason you would want to create them through the Azure SDK and not use Pulumi?
Yeah that can work fine, I am happy to use that. However, how would Pulumi update the state file, it must need the project name to update state?
I use Azure storage accounts and blob containers for Pulumi state, i.e. the output of
pulumi whoami -v
Backend URL: azblob://{storage-containername}
I create that storage account and blob container with a separate Pulumi project altogether (I call it the "bootstrap-state" project). And for that "bootstrap" project I use local file system state. I've never had to run the bootstrap project more than once. And I put the state "stuff" under the root of that bootstrap project so that it's in git. FWIW.