This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

10/08/2019, 4:54 PM

This message was deleted.

quaint-teacher-33292

10/08/2019, 4:56 PM

Copy code

~  gcp:container:Cluster main update [diff: ~minMasterVersion]
 ++ pulumi:providers:kubernetes main create replacement [diff: ~kubeconfig]
 +- pulumi:providers:kubernetes main replace [diff: ~kubeconfig]
 ++ gcp:container:NodePool main create replacement [diff: ~cluster]
 +- gcp:container:NodePool main replace [diff: ~cluster]
 ++ kubernetes:core:Secret cloudflare-account create replacement [diff: -metadata~provider]

an excerpt from

preview --non-interactive

white-balloon-205

10/08/2019, 5:06 PM

Can you expand the diff to show what exactly is changing for not the provider and the kubernetes resources?

quaint-teacher-33292

10/08/2019, 5:09 PM

Here it is, sanitized slightly:

Copy code

~ gcp:container/cluster:Cluster: (update)
        [id=main-6394239]
        [urn=urn:pulumi:production::project::gcp:container/cluster:Cluster::main]
        [provider=urn:pulumi:production::project::pulumi:providers:gcp::default_1_2_0::992b3bde-2c57-469e-bbe3-700071901214]
      ~ minMasterVersion: "1.12.7-gke.7" => "1.13.10-gke.0"
        +-pulumi:providers:kubernetes: (replace)
            [id=1a13cc79-0197-4787-babb-38f06a662c6f]
            [urn=urn:pulumi:production::project::gcp:container/cluster:Cluster$pulumi:providers:kubernetes::main]
          ~ kubeconfig: "long valid kubeconfig from previous deploy" => output<string>
        +-gcp:container/nodePool:NodePool: (replace)
            [id=europe-west1-d/main-6394239/main-5285878]
            [urn=urn:pulumi:production::project::gcp:container/cluster:Cluster$gcp:container/nodePool:NodePool::main]
            [provider=urn:pulumi:production::project::pulumi:providers:gcp::default_1_2_0::992b3bde-2c57-469e-bbe3-700071901214]
          ~ cluster: "main-6394239" => output<string>

Because the new value is

output<string>

, it means it will be dynamically resolved at runtime, correct? But does the decision to update/replace happen at the same time too?

gorgeous-egg-16927

10/08/2019, 5:53 PM

The k8s provider will force a replacement of resources if certain fields in the kubeconfig change. In this case, it looks like the kubeconfig is a computed value (pulumi.Output), which means we can’t tell during preview what’s going to change in the kubeconfig. Tracked down the relevant PR, and it looks like we take the conservative choice to schedule a replace of resources using that provider anytime the kubeconfig is a computed value. https://github.com/pulumi/pulumi-kubernetes/pull/577 I’m pretty sure that only applies to the preview, and won’t actually replace the resources for a version upgrade, but I’m not 100% on that right now.

quaint-teacher-33292

10/08/2019, 5:55 PM

To be sure of this, one could use

pulumi update --target specific-urn

just to update the cluster, right? Then, in the second update, these values would no longer be dynamic and I could see if kubeconfig remains the same or replacement strategy continues to be chosen? I think I'm going to update the version through GCP UI for now, and wait for 1.3.0

gorgeous-egg-16927

10/08/2019, 5:56 PM

Yes, it’s the computed value causing the replacement. If the cluster has been upgraded already, it shouldn’t do that.

gorgeous-egg-16927

10/08/2019, 6:37 PM

Ok, confirmed that upgrading the GKE version doesn’t actually cause the resources to be replaced. The preview is conservative about what might happen, but it should be safe to update the stack.

gorgeous-egg-16927

10/08/2019, 6:37 PM

You can certainly upgrade it out of band or in a more targeted way depending on your risk tolerance

quaint-teacher-33292

10/08/2019, 6:56 PM

Thanks for following up, I will stay on the careful side since this is my production environment. I can't recreate a staging environment with that old version on GKE anymore, so I don't have a playground.

2 Views

Open in Slack

Previous Next