colossal-plastic-46140
01/15/2020, 3:39 PMstocky-island-3676
01/15/2020, 3:45 PMcolossal-plastic-46140
01/15/2020, 3:45 PMstocky-island-3676
01/15/2020, 3:50 PMpulumi.Config()
inside that code which are often used for different deployment environments (production
, testing
, etc.).
I.e. you simply code the general configs for the project.colossal-plastic-46140
01/15/2020, 3:51 PMstocky-island-3676
01/15/2020, 4:03 PMflat-insurance-25294
01/15/2020, 4:19 PMpulumu.<stack>.yaml
colossal-plastic-46140
01/15/2020, 4:21 PMflat-insurance-25294
01/15/2020, 4:23 PMpulumi.getProject()
) is read from there, and I am not even sure of that, would have to check the source.
I am of the opinion that it stacks should be removed as an input from outside and something defined in Pulumi since we already have a runtime (e.g Nodejs). Everything like setting configs could technically be done via env variables before writing an actual stack within pulumi.stocky-island-3676
01/15/2020, 5:22 PMpulumi config
is intended to have the config in code, as well. That way it’s easier to share with multiple users. And you have a clear file structure for multiple stacks.
@colossal-plastic-46140 To leverage secrets, you can/should use the config.requireSecret()
function: https://www.pulumi.com/docs/intro/concepts/config/#using-configuration-and-secrets-in-codeflat-insurance-25294
01/15/2020, 5:22 PMstocky-island-3676
01/15/2020, 5:24 PMflat-insurance-25294
01/15/2020, 5:24 PMstocky-island-3676
01/15/2020, 5:30 PMflat-insurance-25294
01/16/2020, 2:32 PMYour code should always create the same value. I.e. no need to save the value outside code as config.That seems kinda strange, because you’d have scenarios where you write an initial value on deployment and reference it for updates. Correct me if my assumptions are wrong or this is considered bad practice; Say the CI feeds the initial deployment that creates AWS resources the email of the person doing the pull request. There is no way for me to save the email except using
Random
to store the email.
So I get an indirection, and worse than that, I don’t actually get access to the value the Random used, just the same result (since pulumi keeps track of state).stocky-island-3676
01/16/2020, 4:38 PMyou’d have scenarios where you write an initial value on deployment and reference it for updatesYes. That scenario is quite often. E.g. to add a suffix with a random UUID. That’s what Pulumi automatically adds to resource names (as you know). I can’t follow your scenario with the e-mail address. Sounds like you want to add this as tags to the resource? What’s the use-case for it, though?
flat-insurance-25294
01/16/2020, 4:42 PMstocky-island-3676
01/16/2020, 4:47 PMflat-insurance-25294
01/16/2020, 4:48 PMstocky-island-3676
01/16/2020, 4:49 PMflat-insurance-25294
01/16/2020, 7:53 PMstocky-island-3676
01/20/2020, 11:21 AMSay tagging the resources this pr createdI see, you mean the initial PR, then. Or? BTW: I would use the link to the PR or the PR number, instead. However, you could then use the
ResourceOption
ignoreChanges
. That way next PR’s wouldn’t overwrite it. AFAIK, you can’t restrict it to a specific tag.flat-insurance-25294
01/21/2020, 1:35 AMpulumi up
Right now It’s hacked in with a Ruby script that creates a new stack, loops over a bunch of values and sets them as a stack config.aws.getAvailabilityZones({ state: "available" }).names.slice(0, 3)
In an event where aws would change the response order, I would get a diff state than previously.
This is a perfect place where you’d want to WRITE on initial deploy and READ on further deploys.getAvailabilityZones()
isn’t persisted behind the scenes, in that case I apologize.
Edit: (as a workaround, I am sorting it myself and storing it in a RandomShuffle with a key)Related: <https://github.com/hashicorp/terraform/issues/11928>
stocky-island-3676
01/21/2020, 6:01 PMWe’re using the PR number since that is the basis for all the subdomains and etc.Interesting. Means the PR-number is part of the subdomain? That’s another scenario than tags, though.
We can’t if we rely on stuff likeYou’ve seen Terraform’s solution with using availability zone *ID*’s instead of name?: https://github.com/terraform-providers/terraform-provider-aws/issues/530#issuecomment-487238667) (found that in the Github issue what succeeds to the one you’ve posted). Does it work with Pulumi as well? If not, you should create an issue inaws.getAvailabilityZones({ state: "available" }).names.slice(0, 3)
pulumi-aws
.
P.S.: Don’t shout too much in the channel itself, please.flat-insurance-25294
01/21/2020, 6:03 PMfunction getZones(upTo: number = 3): Array<string> {
const _region = getRegion()
const _zones = ["a", "b", "c"].map((zone) => _region + zone)
return _zones.slice(0, upTo)
}
A lot of the AWS resources & APIs rely on the name and not the id, so the ID are not useful.stocky-island-3676
01/21/2020, 6:06 PMflat-insurance-25294
01/21/2020, 6:08 PMcp -r stack_template Pulumi.<VAR>.yaml
modify(Pulumi.<VAR>.yaml, <new_values>)
pulumi stack init <VAR>
pulumi stack select <VAR>
pulumi up --non-interactive
We also can’t rely on Pulumi for deleting resources, since things tend to fail quite often and we don’t push that new stack to our repo, only Staging and Production are permanent.
Error deleting IAM Role (hello-world2bb21f83-5acf556): DeleteConflict: Cannot delete entity, must detach all policies first.
error deleting S3 Bucket
There are more errors, but I guess at the end of the day, it’s just easier to find resources with tags on AWS console and delete manually .stocky-island-3676
01/21/2020, 6:37 PMflat-insurance-25294
01/21/2020, 6:37 PMindex.ts
not only create the application, but also create the stacks needed and the accompanying resources.
I also think kuberentesx wrapper is a mistake, it changes too many things which makes it hard to get help when your resource config looks too different than the yaml manifest files.
In fact, one thing that I think is a low hanging fruit, is added value on iAM wrappers.
The ability to create rights for resources created as part o a group.
And the ability to get common rights for specific portions of the applications.stocky-island-3676
01/21/2020, 6:52 PM