Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
b
bland-tailor-50336
10/18/2022, 2:39 PM👋 Hi everyone!
Pulumi noob here... Pretty impressed by the capabilities with pulumi thus far... but have run into some frustrations.
Right now I'm using TS to write pulumi scripts for the AWS Provider.
I am having trouble with my particular configuration... which I feel like should be simple enough but I'm having issues!
https://www.reddit.com/r/pulumi/comments/y78fqm/how_to_cache_resources_that_havent_changed_rather/
m
millions-furniture-75402
10/18/2022, 2:48 PMIs it safe to assume you're using the awsx docker helper method? e.g.
repository.buildAndPushImage()b
bland-tailor-50336
10/18/2022, 2:50 PM@millions-furniture-75402 nope
I'm not maybe i should be
m
millions-furniture-75402
10/18/2022, 2:50 PMNot necessarily.
b
bland-tailor-50336
10/18/2022, 2:51 PMOne sec I'll share my configurationm
millions-furniture-75402
10/18/2022, 2:51 PMokay
b
bland-tailor-50336
10/18/2022, 2:51 PMit's quite small
so far
@millions-furniture-75402
import * as fs from 'fs';
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
const services = fs.readdirSync('./app').filter(path => /-service$/.test(path));
// Step 1: Create an ECS Fargate cluster.
const cluster = new awsx.ecs.Cluster("cluster");
// Step 2: Define the Networking for our service.
const alb = new awsx.lb.ApplicationLoadBalancer(
"net-lb", { external: true, securityGroups: cluster.securityGroups });
const web = alb.createListener("web", { port: 80, external: true });
const getServiceSegment = (service) => service.replace(/-service$/, '');
services.forEach((service) => {
const segment = getServiceSegment(service);
// Build and publish a Docker image to a private ECR registry.
const serviceImg = awsx.ecs.Image.fromPath(`${service}-img`, `./app/${service}`);
// Create a Fargate service task that can scale out.
const serviceTargetGroup = new aws.lb.TargetGroup(`${service}-target-group`, {
port: 80,
protocol: "HTTP",
vpcId: alb.vpc.id,
targetType: 'ip'
});
const service = new awsx.ecs.FargateService(service, {
cluster,
loadBalancers: [{
containerName: `${service}-container`,
containerPort: 80,
targetGroupArn: serviceTargetGroup.arn
}],
taskDefinitionArgs: {
containers: {
[`${service}-container`]: {
portMappings: [{
containerPort: 80,
}],
image: serviceImg,
cpu: 102 /*10% of 1024*/,
memory: 50 /*MB*/,
}
},
},
desiredCount: 3,
});
const listenerRule = new aws.lb.ListenerRule(`${service}-listener-rule`, {
listenerArn: web.listener.arn,
priority: 100,
actions: [{
type: "forward",
targetGroupArn: serviceTargetGroup.arn
}],
conditions: [
{
pathPattern: {
values: [`/${segment}`, `/${segment}/*`],
},
}
],
});
})
// Step 5: Export the Internet address for the service.
export const url = web.endpoint.hostname;@millions-furniture-75402 does this make sense?
it's very basic configuration... I haven't done much yet
m
millions-furniture-75402
10/18/2022, 3:07 PMYeah, that makes sense.
There are downsides to this approach, rather than treating each service as a separate stack. I believe you're aware of some of the downsides already.
Within your current approach, you might have some opportunity with
.fromDockerBuildI'm not sure if this is still the case, but Pulumi preview required the docker image be built again so that it could diff the image hash with the previous state.
There are still a bunch of open issues regarding caching docker builds:
• https://github.com/pulumi/pulumi-docker/issues/33
• https://github.com/pulumi/pulumi-docker/issues/32
• https://github.com/pulumi/pulumi-docker/issues/14
• https://github.com/pulumi/pulumi-cloud/issues/183
Another trick we have used was setting
DOCKER_BUILDKIT=1const applicationImage = containerRepository.buildAndPushImage({
env: {
DOCKER_BUILDKIT: "1",
},
});b
bland-tailor-50336
10/18/2022, 3:18 PM@millions-furniture-75402 it feels like there should be a way to retrieve a resource (any resource not just docker image) from cache instead of rebuilding it for situations like these.
Like my setup works fine
... it's just that if I expanded that to 100 services... the pulumi up command would be slow as hell trying to create all those resources
I'll look into these links you've provided
m
millions-furniture-75402
10/18/2022, 3:20 PMEssentially you'd be rolling your own cache check and injecting
ignoreChangesb
bland-tailor-50336
10/18/2022, 3:21 PMHmmm Interesting
Alternatively if I create "micro-stacks" for each service
and reference the main stack for the LB output
m
millions-furniture-75402
10/18/2022, 3:25 PMThat's ideal in some ways. You have separate lifecycle management for each of your services as a stack
b
bland-tailor-50336
10/18/2022, 3:26 PMHow can I create an new environment (e.g. stage-2, dev-3) for the main stack and all micro-stacks?
m
millions-furniture-75402
10/18/2022, 3:26 PMWhat happens to the state of your "mega stack" if it fails during deployment on service 3 of 5?
b
bland-tailor-50336
10/18/2022, 3:26 PMAlso How can I abstract this away from application developers don't have to see all the infrastructure code in their service directory?
m
millions-furniture-75402
10/18/2022, 3:27 PMYou should namespace your stacks, e.g.
sandbox.us-east-1dev.us-east-1Create a new stack with
pulumi stack init <stackname>b
bland-tailor-50336
10/18/2022, 3:28 PMright
the idea of just create a new environment for all the services in my megastack with a single command is appealing
m
millions-furniture-75402
10/18/2022, 3:28 PMThe automation API can help you with managing many stacks all as one program.
Bear in mind that the stack YAMLs are tightly coupled with the Pulumi CLI, even with the automation API.
b
bland-tailor-50336
10/18/2022, 3:28 PMI have to read more about the automation API
m
millions-furniture-75402
10/18/2022, 3:31 PMHere is a conversation with some information last time I discussed automation API with some one https://pulumi-community.slack.com/archives/C019YSXN04B/p1661373144801119
b
bland-tailor-50336
10/18/2022, 3:53 PM@millions-furniture-75402 it seems like I can create a stack for the LB and then create a "microstack" for each service that uses a stack reference to the LB
and then tie this together with the automation api
^^ this is the path forward I'm going to try
m
millions-furniture-75402
10/18/2022, 3:58 PMYes, that sounds right.
A popular pattern is to have a "base infrastructure" stack for that contains shared resources across projects or stacks.
In some cases, your project will be complex or large enough that it should have it's own "base infrastructure".
Take for example, this dynamically generated gameserver stack that is using outputs from another "gameserver-shared" stack.
const gameserverShared = new pulumi.StackReference(gameserverSharedName);
const gameserverSharedAlbId = gameserverShared.getOutput("albId");
const gameserverSharedAlbSecurityGroupId = gameserverShared.getOutput("albSecurityGroupId");
const alb = new awsx.lb.ApplicationLoadBalancer(`${resourcePrefix}-lb`, {
loadBalancer: aws.lb.LoadBalancer.get(`${resourcePrefix}-lb`, gameserverSharedAlbId, { vpcId: vpc.vpc.id }),
external: true,
securityGroups: [gameserverSharedAlbSecurityGroupId],
vpc: vpc.vpc,
});Then you can take that alb resource and add to it, e.g.:
const appTargetGroup = new awsx.lb.ApplicationTargetGroup(`${resourcePrefix}-tg`, {
deregistrationDelay: 0,
healthCheck: { path: "/health", port: "443", protocol: "HTTPS", matcher: "200" },
loadBalancer: alb,
port: 443,
protocol: "HTTPS",
vpc: vpc.vpc,
tags: autotag,
});
const https = new awsx.lb.ApplicationListener(`${resourcePrefix}-https`, {
listener: aws.lb.Listener.get(`${resourcePrefix}-https`, gameserverSharedListenerHttpsId),
loadBalancer: alb,
targetGroup: appTargetGroup,
vpc: vpc.vpc,
});
new awsx.lb.ListenerRule(`${resourcePrefix}-lr`, https, {
actions: [{ targetGroupArn: appTargetGroup.targetGroup.arn.apply(v => v), type: "forward" }],
conditions: [{ hostHeader: { values: [fqdn] } }],
});
new aws.route53.Record(appName, {
aliases: [{ evaluateTargetHealth: true, name: alb.loadBalancer.dnsName, zoneId: elbServiceHostedZoneId }],
name: fqdn.apply(v => v),
type: "A",
zoneId: hostedZoneId,
});note, my
vpc.vpcvpc