I need to protect a cluster from possible deletion...
# generalg
great-breakfast-56601
11/10/2021, 12:01 PMI need to protect a cluster from possible deletion, but the first pass might change the vmSize. Anyone know how to order things so it can be protected even on first pass?
e
echoing-dinner-19531
11/10/2021, 12:31 PMWhat do you mean first pass? Are these resources your importing into Pulumi?
g
great-breakfast-56601
11/10/2021, 1:39 PMThese are resources already existing in the stack. The config has drifted. Doing a migration to a versioned system, but can't destroy the cluster if, say, the vmSize is not what it was built with.
great-breakfast-56601
11/10/2021, 1:40 PMI'm looking at getting the existing stack and doing a manual compare at the moment. protect doesn't seem to protect anything until the next round.
e
echoing-dinner-19531
11/10/2021, 3:08 PMYeh protect won't apply the first time round. I think it might be possible to add protect tags via a "stack export" edit the json and "stack import" but I'm not sure exactly how the tag gets added to the json structure.
g
great-breakfast-56601
11/10/2021, 8:03 PMyeah, one can but i don't want to do manual editing
l
little-cartoon-10569
11/10/2021, 8:20 PMYou might have to. You can ignore the changing property or you can edit the property to have the old value.
little-cartoon-10569
11/10/2021, 8:22 PMYou must do this even if you have the resource protected. The protect opt is a Pulumi feature: it stops Pulumi from trying to delete something. When the code has a change that forces Pulumi to destroy and recreate a resource, and that resource is protected, then Pulumi will honour the protect and abandon the
uplittle-cartoon-10569
11/10/2021, 8:22 PMSo you're going to need to fix the drift.
e
echoing-dinner-19531
11/10/2021, 8:46 PMYeh this sounds like you want to keep doing a "pulumi preview" until preview says nothing needs to change so that your pulumi program correctly represents what your resources are. Then you can check that program into the versioned system.
g
great-breakfast-56601
11/11/2021, 5:38 AMThis isn't something I can do manually. I need to make it safe for pipeline.
great-breakfast-56601
11/11/2021, 5:39 AMI'm going to do a manual comparison in the code and only update destructive values on a flag
great-breakfast-56601
11/11/2021, 8:36 AM Copy code
DefaultNodePool = new KubernetesClusterDefaultNodePoolArgs
{
Name = existingNodePool != null ? existingNodePool.Apply(value => value.Name) : Output.Create(resourcePrefix),
NodeCount = nodeCount,
VmSize = existingNodePool != null ? existingNodePool.Apply(value => value.VmSize) : Output.Create(vmSize),
OsDiskSizeGb = existingNodePool != null ? existingNodePool.Apply(value => value.OsDiskSizeGb) : Output.Create(30),
VnetSubnetId = existingNodePool != null ? existingNodePool.Apply(value => value.VnetSubnetId) : kubeSubnet.Id,
OrchestratorVersion = nodeVersion
},great-breakfast-56601
11/11/2021, 8:36 AMEnding up with something like this.
e
echoing-dinner-19531
11/11/2021, 12:46 PMThis all seems really odd... maybe I'm just totally not getting your problem but surely if your able to get existingNodePool you should just make DefaultNodePool equal to the values from that.
g
great-breakfast-56601
11/11/2021, 4:36 PMI just want to protect it from destruction, not any kind of update