https://pulumi.com logo
#general
Title
# general
i

important-leather-28796

07/22/2019, 4:04 PM
Hey I’ve got something strange. As part of our ci, we run
preview
and while we have not made changes, we just had a change pop up as part of our
infrastructure
stack that looks pretty ominous. Am I correct in thinking this is going to update the cluster and delete/recreate all that is listed here as
replace
? This seems like it would be a very bad/production downtime event…wouldn’t it?
m

microscopic-florist-22719

07/22/2019, 5:39 PM
We tracked this down to a known issue with the underlying Terraform provider where passing
"latest"
for the
minMasterVersion
and
nodeVersion
properties results in persistent diffs even when the Pulumi program has not changed.
We saw this ourselves in our examples--the fix we applied was to use the
getEngineVersions()
API to fetch the actual version string for the latest available version.
i

important-leather-28796

07/22/2019, 5:40 PM
Yes I updated the issue, thanks
I am having a problem determining the minimal permission for our
preview
service account though
Getting
Error: invocation of gcp:container/getEngineVersions:getEngineVersions returned an error: invoking gcp:container/getEngineVersions:getEngineVersions: project: required field is not set
, we use a minimal permissioned ci account to give us a sanity check on infrastructure and it now fails
added
'roles/container.clusterViewer'
but it wasn’t the permission needed
I confirmed it to be a permission issue, just not sure which one. Also added
roles/container.viewer
which didn’t cover it
Ok, this may not have been a permissions problem - I’m stuck elsewhere but it does seem like I had to pass location and project to getEngineVersions