https://pulumi.com logo
Join Slack
Powered by
How are people updating their deployments when you...
# kubernetes
g
How are people updating their deployments when your app changes (and thus need to fetch the latest image in your deployments)? Currently we explicitly set the current image tag in the deployment spec (
spec.template.spec.containers.image
), which we fetch via docker.getRegistryImage , so when our app changes we can rerun 
pulumi up
and the deployment will be updated with the latest image. This works fine but there’s a really annoying issue with the docker provider w/ AWS ECR where there’s a no-op “update” on the docker provider every time we use it, and the issue doesn’t look like it’ll get fixed anytime soon, so curious if there are other approaches people are using we can use to circumvent this issue
s
Ugh. That is a tricky bug to fix. What about explicitly setting the value via config (maybe using ESC to control it centrally) and then kicking off a deployment with the new value?
g
how would you imagine the ESC approach could work? Setting it via config directly would be a little annoying for us as it would create a never ending stream of commits in our infra repo and also require us to allow automated commits to main without reviews
(For reference we have an “app” repo which builds and pushes the docker image and then an infra repo with the pulumi project. when “App” GHA finishes pushing to ECR, it triggers a GHA run on the infra repo to run pulumi up)
s
What if your app repo used Pulumi to build the Docker image?
g
i see and then grab the stack outputs in ESC
s
At any rate, you can use ESC to avoid having to make a code change all the time: • In your IaC program, make the container version a required config value. • Create an ESC environment that contains the value (as plaintext, since it's not a secret) • Have your IaC program reference the ESC environment. Now every time you run a Pulumi command, the config value will be fetched from the (centrally managed) ESC environment. There's lots of different ways to trigger a Pulumi deployment when the ESC environment changes. ESC environments can also directly reference Pulumi IaC stack outputs. ESC webhooks: https://www.pulumi.com/docs/esc/environments/webhooks/#webhook-formats 
pulumi-stacks
ESC integration: https://www.pulumi.com/docs/esc/integrations/infrastructure/pulumi-iac/pulumi-stacks/
g
yeah using ESC to provide the value is clear to me, i was asking more about the updating part. i see how using pulumi to build the docker image could make that work, except we use https://depot.dev/ to build our images right now (it cut our build times by like 60%)
i could probably just write some script in GHA To edit the ESC Env manually i suppose
s
Docker Build Cloud probably has the same caching features.
And then you could use the 
docker-build
provider if their service is appealing to you.
Yeah, it's also very scriptable. This is the CLI command you would use to update a single value in an environment: https://www.pulumi.com/docs/esc/cli/commands/esc_env_set/ Or you could just overwrite the whole thing. There's also an ESC GHA: https://github.com/marketplace/actions/esc-action
g
ok yeah im going to give that approach a try, seems like the most straightforward path from what we have
thanks josh!
s
My pleasure, and please let me know how the approach works for you. I wanna make sure my advice is actually good.
g
7 Views
Open in Slack
PreviousNext
Powered by