https://pulumi.com logo
#general
Title
# general
b

better-shampoo-48884

10/28/2021, 7:19 AM
Is there any way to target -only- a new code block for
pulumi up
? I know it's possible to
-t
existing URNs for updating (again, would also work if there was an -exclude, but hey) - but if its new code it wouldn't have a URN to target yet.. Basically, can i get pulumi to create only this:
Copy code
+   │  ├─ azure-native:keyvault:Secret                                                     secret-keypair-vault-public-1                                  create
l

little-cartoon-10569

10/28/2021, 7:26 AM
Why? If that's the only change, Pulumi will detect that and apply only that change.
If other changes in your code are deliberately not being applied, then you're not making full use of either Pulumi or git. Your source and your applied changes should be exactly in sync: that's how Pulumi is designed.
If there are bits of your work that you don't want applied just yet, then the best approach is to not merge it into your main branch just yet...
b

better-shampoo-48884

10/29/2021, 7:22 AM
(sorry about the really delayed response). Essentially I frequently end up in states where the stack is moderately broken one way or another, either due to config drift (which I know shouldn't happen), or more usually due to a
pulumi up
leaving the stack in a failed state (y'know, having to export, delete, import, up, manually change the things it changed but didnt, etc). I've come to the conclusion that my two pulumi programs are Too Big for pulumi. Nevermind the fact that each of them use 4+gb of memory in node every time i run them, it is just simply too fragile when tiny errors and timeouts in pulumi operations cause 1-2 days of manual risky work to correct. Simply put - i have two stacks - infra + k8s. the infra stack creates multiple resource groups in multiple regions in azure and populates them with aks, storage accounts, keyvaults, networks, subnets, nsgs, etc etc etc. the K8s takes the stack output from the infra run in order to use the AKS in each region + keyvault + (sometimes other things) in conjunction with the kubernetes apply stuff. Here i've got a few helm charts, some crds (using crd2pulumi as well), and other stuff set up in a coordinated way. The infra stack creates about ~100 resources per region, and the k8s one ~170 per region.
This question was borne from a desperation to have to avoid the 1-2 days work up front to get the stack in a usable state and apply the new code -now-. Regardless, I'm now going to completely rejig the whole pulumi approach for the simple fact that as these stacks grow they become completely unmanagable and its starting to become more of a risk than a benefit. besides, with the performance issues on top, i'm almost certain that it'll be quicker to chain 30 different pulumi programs together than to run these two.
(btw, the regionality of the thing has a big impact - azure is not exactly the fastest cloud, and managing resources in westus and australia from europe causes all kinds of havoc.)