Why would pulumi be trying to delete my cluster wh...
# generala
alert-processor-41605
05/04/2020, 5:04 PMWhy would pulumi be trying to delete my cluster when I deploy a new service? The cluster was created in crosswalk from an existing cluster that was imported and flagged with protected. We have a lot running on the cluster that is not managed by pulumi, so it is not possible to have it delete the cluster to deploy a new service. Any ideas where to look for what is causing the "replace" on that cluster resource?
g
gentle-diamond-70147
05/04/2020, 5:06 PMDoes
pulumi preview --diffa
alert-processor-41605
05/04/2020, 5:10 PM Copy code
Previewing update (next):
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:next::loop-lxp::pulumi:pulumi:Stack::loop-lxp-next]
+ loop-lxp:microservice: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice::loop-lxp-process-job-app]
+ awsx:ecr:Repository: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$awsx:ecr:Repository::loop-lxp-process-job-repository]
+ awsx:x:ecs:EC2Service: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$awsx:x:ecs:EC2Service::loop-lxp-process-job-app-next-service]
+ awsx:x:ecs:EC2TaskDefinition: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$awsx:x:ecs:EC2TaskDefinition::loop-lxp-process-job-app-next-service]
> aws:ec2/securityGroup:SecurityGroup: (read)
[id=sg-ccece4b2]
[urn=urn:pulumi:next::loop-lxp::loop-lxp:ecs:cluster$loop-lxp:ec2:default-cluster-sg$aws:ec2/securityGroup:SecurityGroup::loop-default-security-group]
[provider=urn:pulumi:next::loop-lxp::pulumi:providers:aws::default_2_2_0::dd88135f-ec5d-4de9-b48a-75d9cfcb4292]
+-aws:ecs/cluster:Cluster: (replace) 🔒
[id=arn:aws:ecs:us-east-1:xxxxxxxxxxxxxxx:cluster/Loop]
[urn=urn:pulumi:next::loop-lxp::loop-lxp:ecs:cluster$aws:ecs/cluster:Cluster::loop-lxp-cluster-resource]
[provider=urn:pulumi:next::loop-lxp::pulumi:providers:aws::default_2_2_0::dd88135f-ec5d-4de9-b48a-75d9cfcb4292]
arn : "arn:aws:ecs:us-east-1:xxxxxxxxxxxxxxx:cluster/Loop"
id : "arn:aws:ecs:us-east-1:xxxxxxxxxxxxxxx:cluster/Loop"
name : "Loop"
= aws:ecr/repository:Repository: (import)
[id=loop-lxp-process-job]
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$aws:ecr/repository:Repository::loop-lxp-process-job-repository-resource]
[provider=urn:pulumi:next::loop-lxp::pulumi:providers:aws::default_2_2_0::dd88135f-ec5d-4de9-b48a-75d9cfcb4292]
imageScanningConfiguration: {
scanOnPush: false
}
imageTagMutability : "MUTABLE"
name : "loop-lxp-process-job"
+ aws:ecr/lifecyclePolicy:LifecyclePolicy: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$awsx:ecr:Repository$aws:ecr/lifecyclePolicy:LifecyclePolicy::loop-lxp-process-job-repository]
[provider=urn:pulumi:next::loop-lxp::pulumi:providers:aws::default_2_2_0::dd88135f-ec5d-4de9-b48a-75d9cfcb4292]
policy : "{\"rules\":[{\"rulePriority\":1,\"description\":\"remove untagged images\",\"selection\":{\"tagStatus\":\"untagged\",\"countType\":\"imageCountMoreThan\",\"countNumber\":1},\"action\":{\"type\":\"expire\"}}]}"
repository: "loop-lxp-process-job"
+ aws:ecs/taskDefinition:TaskDefinition: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$awsx:x:ecs:EC2TaskDefinition$aws:ecs/taskDefinition:TaskDefinition::loop-lxp-process-job-app-next-service]
[provider=urn:pulumi:next::loop-lxp::pulumi:providers:aws::default_2_2_0::dd88135f-ec5d-4de9-b48a-75d9cfcb4292]
containerDefinitions : "[{\"image\":\"<http://xxxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/loop-lxp-process-job:next|xxxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/loop-lxp-process-job:next>\",\"environment\":[{\"name\":\"DEPLOYMENT\",\"value\":\"AWS\"},{\"name\":\"NODE_ENV\",\"value\":\"next\"}],\"memory\":512,\"name\":\"container\"}]"
executionRoleArn : "arn:aws:iam::xxxxxxxxxxxxxxx:role/ecsServiceRole"
family : "loop-lxp-process-job-app-next"
networkMode : "awsvpc"
requiresCompatibilities: [
[0]: "EC2"
]
+ aws:ecs/service:Service: (create)
[urn=urn:pulumi:next::loop-lxp::loop-lxp:app$loop-lxp:microservice$awsx:x:ecs:EC2Service$aws:ecs/service:Service::loop-lxp-process-job-app-next-service]
[provider=urn:pulumi:next::loop-lxp::pulumi:providers:aws::default_2_2_0::dd88135f-ec5d-4de9-b48a-75d9cfcb4292]
cluster : "arn:aws:ecs:us-east-1:xxxxxxxxxxxxxxx:cluster/Loop"
deploymentMaximumPercent : 200
deploymentMinimumHealthyPercent: 100
desiredCount : 1
enableEcsManagedTags : false
launchType : "EC2"
name : "loop-lxp-process-job-app-next"
networkConfiguration : {
assignPublicIp: false
securityGroups: [
[0]: "sg-xxxxxxxx"
]
subnets : [
[0]: "subnet-xxxxxxxx"
[1]: "subnet-xxxxxxxx"
[2]: "subnet-xxxxxxxx"
[3]: "subnet-xxxxxxxx"
[4]: "subnet-xxxxxxxx"
]
}
schedulingStrategy : "REPLICA"
taskDefinition : output<string>
waitForSteadyState : truealert-processor-41605
05/04/2020, 5:14 PMI think I've figured it out. When I was importing the resource, I was using the name of the cluster (which appeared to work the first time), but was causing a replace on subsequent runs. Changing the import to be
import: arn:.....g
gentle-diamond-70147
05/04/2020, 5:15 PMHmm, interesting.