https://pulumi.com logo
Join Slack
Powered by
Hey I’ve got something strange. As part of our ci...
# general
i
Hey I’ve got something strange. As part of our ci, we run 
preview
and while we have not made changes, we just had a change pop up as part of our 
infrastructure
stack that looks pretty ominous. Am I correct in thinking this is going to update the cluster and delete/recreate all that is listed here as 
replace
? This seems like it would be a very bad/production downtime event…wouldn’t it?
m
We tracked this down to a known issue with the underlying Terraform provider where passing 
"latest"
for the 
minMasterVersion
and 
nodeVersion
properties results in persistent diffs even when the Pulumi program has not changed.
We saw this ourselves in our examples--the fix we applied was to use the 
getEngineVersions()
API to fetch the actual version string for the latest available version.
i
Yes I updated the issue, thanks
I am having a problem determining the minimal permission for our 
preview
service account though
Getting 
Error: invocation of gcp:container/getEngineVersions:getEngineVersions returned an error: invoking gcp:container/getEngineVersions:getEngineVersions: project: required field is not set
, we use a minimal permissioned ci account to give us a sanity check on infrastructure and it now fails
added 
'roles/container.clusterViewer'
but it wasn’t the permission needed
I confirmed it to be a permission issue, just not sure which one. Also added 
roles/container.viewer
which didn’t cover it
Ok, this may not have been a permissions problem - I’m stuck elsewhere but it does seem like I had to pass location and project to getEngineVersions
Open in Slack
PreviousNext
Powered by