Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
g
great-breakfast-56601
11/10/2021, 12:01 PMI need to protect a cluster from possible deletion, but the first pass might change the vmSize. Anyone know how to order things so it can be protected even on first pass?
e
echoing-dinner-19531
11/10/2021, 12:31 PMWhat do you mean first pass? Are these resources your importing into Pulumi?
g
great-breakfast-56601
11/10/2021, 1:39 PMThese are resources already existing in the stack. The config has drifted. Doing a migration to a versioned system, but can't destroy the cluster if, say, the vmSize is not what it was built with.
I'm looking at getting the existing stack and doing a manual compare at the moment. protect doesn't seem to protect anything until the next round.
e
echoing-dinner-19531
11/10/2021, 3:08 PMYeh protect won't apply the first time round. I think it might be possible to add protect tags via a "stack export" edit the json and "stack import" but I'm not sure exactly how the tag gets added to the json structure.
g
great-breakfast-56601
11/10/2021, 8:03 PMyeah, one can but i don't want to do manual editing
l
little-cartoon-10569
11/10/2021, 8:20 PMYou might have to. You can ignore the changing property or you can edit the property to have the old value.
You must do this even if you have the resource protected. The protect opt is a Pulumi feature: it stops Pulumi from trying to delete something. When the code has a change that forces Pulumi to destroy and recreate a resource, and that resource is protected, then Pulumi will honour the protect and abandon the
upSo you're going to need to fix the drift.
e
echoing-dinner-19531
11/10/2021, 8:46 PMYeh this sounds like you want to keep doing a "pulumi preview" until preview says nothing needs to change so that your pulumi program correctly represents what your resources are. Then you can check that program into the versioned system.
g
great-breakfast-56601
11/11/2021, 5:38 AMThis isn't something I can do manually. I need to make it safe for pipeline.
I'm going to do a manual comparison in the code and only update destructive values on a flag
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = existingNodePool != null ? existingNodePool.Apply(value => value.Name) : Output.Create(resourcePrefix),
NodeCount = nodeCount,
VmSize = existingNodePool != null ? existingNodePool.Apply(value => value.VmSize) : Output.Create(vmSize),
OsDiskSizeGb = existingNodePool != null ? existingNodePool.Apply(value => value.OsDiskSizeGb) : Output.Create(30),
VnetSubnetId = existingNodePool != null ? existingNodePool.Apply(value => value.VnetSubnetId) : kubeSubnet.Id,
OrchestratorVersion = nodeVersion
},Ending up with something like this.
e
echoing-dinner-19531
11/11/2021, 12:46 PMThis all seems really odd... maybe I'm just totally not getting your problem but surely if your able to get existingNodePool you should just make DefaultNodePool equal to the values from that.
g
great-breakfast-56601
11/11/2021, 4:36 PMI just want to protect it from destruction, not any kind of update