ignoreChanges seems to have some trouble ignoring changes #856
Comments
|
Similar to https://github.com/pulumi/pulumi/issues/3529, I'm guessing that the |
|
@pgavlin thanks for the tip! |
|
I've noticed pulumi refresh completely ignores the ignoreChanges option. For example, when ignoreChanges on a kubernetes resource is set to ["status"], a |
I believe that is currently by-design. The "changes" in Curious what workflow you have is where this doesn't meet your needs? |
|
@gj are you able to share the code you used to get this to work please? I implemented the following but I can't seem to get more granularity than |
|
@benswinburne try targeting the transformations: [
args => {
if (args.type === 'aws:ecs/service:Service') {
return {
props: args.props,
opts: pulumi.mergeOptions(args.opts, {
ignoreChanges: [
'desiredCount',
'loadBalancers',
'taskDefinition',
],
}),
};
}
return undefined;
},
], |
|
@gj thanks very much for this. How have you solved being able to make changes to your task definitions etc with this setup? If we don't ignore any changes/implement any transformations, Pulumi allows me to create a task definition with say In the above example combined with the transformation, I can't update the memory because the whole definition is ignored. I guess just finding out the image name currently applied to the service and putting it into the definition at the same time as changing the memory would resolve this but it seems a bit convoluted, prone to human error and also not even guaranteed to work (if the service changes between getting the image name and applying it to the Pulumi program you'd end up rolling back a version). |
|
@benswinburne I "solved" it by simply not making those changes through Pulumi 🙂 I hit the same frustrating wall that you've run up against now, and I'm not sure if much has changed since I was playing around with this stuff last autumn. I ended up managing changes to task definitions through the AWS CLI instead of through Pulumi. |
|
Ah, that's frustrating. I think I'm effectively aiming for the same solution as you and coming up with lots of the same issues! @stack72 are you able to shed any light on this? |
|
Is there a way to not update the task definition if it hasn't changed. |
|
+1 on this general issue. The transformation is no longer needed, Additionally, if I just set the Diff looks like this: where the latest revision is indeed 95 Thankfully, executing the Pulumi update does not actually "do" anything. So it seems like this is a partial solution to the revision issue, in that "things work". But it's annoying that the diff appears every single time. It's likely to confuse anyone who has not dug into this issue. |
|
Is there any updates on this? Specifically, whether |
|
I also have trouble using it with a Helm Chart which changes it's certs each deployment. Or is it a completly different problem? |
|
I am assuming this is still an issue, no? We create a Fargate services with b/g deployment via codedeploy. The code: I've tried to use transformations but again no luck. This is the code and it still does not ignore the Load balancer changes. I've used the same transformation for the ListenerRule and it successfully ignores it, so code should be working. Any ideas or advices are welcome! |
|
only prints out I don't think there's a working workaround anymore :/ |
|
I would just like to +1 this, as others have pointed out the main issue here is that the Crosswalk package for ecs does not propagate A workaround in the meantime is to not use the crosswalk service and provision Or if you want to use cross walk, you can just hardcode your taskDefinition image name const service = new awsx.ecs.FargateService(
'api',
{
cluster: baseInfra.requireOutput('clusterArn'),
enableExecuteCommand: true,
deploymentController: {
type: 'CODE_DEPLOY',
},
networkConfiguration: {
securityGroups: [apiSecurityGroup.id],
assignPublicIp: true,
subnets: baseInfra.requireOutput('vpcPublicSubnetIds'),
},
continueBeforeSteadyState: true,
// TODO: this is hardcoded as nginx due to a bug with pulumi not being able
// to ignore changes on the task definition
// As our deployments are handled by code deploy, we should ignore changes on the task definition
taskDefinition: 'nginx:latest',
loadBalancers: [
{
containerPort: 80,
containerName: 'api',
targetGroupArn: blueTargetGroup.arn,
},
],
},
{
ignoreChanges: ['taskDefinition'],
}
); |
|
There have been some updates to Pulumi platform that might be helpful here. There is now a I am confirming with the following TypeScript program - I've selected a fast to provision awsx resource for illustration purposes. The program is to be activated with: import * as awsx from "@pulumi/awsx";
import * as pulumi from "@pulumi/pulumi";
const cfg = new pulumi.Config();
const step = cfg.requireNumber("step");
const myVpc = new awsx.ec2.Vpc("awsx-nodejs-subnets-with-tags", {
tags: {
isoverridden: "false",
},
subnetSpecs: [
{
type: awsx.ec2.SubnetType.Public,
cidrMask: 22,
tags: {
isoverridden: "true",
custom_tag_subnet_type: "subnet_public",
custom_tag_one: "1"
}
},
{
type: awsx.ec2.SubnetType.Private,
cidrMask: 21,
tags: {
custom_tag_subnet_type: "subnet_private",
custom_tag_two: step === 0 ? "zero" : "one",
custom_tag_three: "3"
}
},
],
}, {
// Using ignoreChanges does not work.
// ignoreChanges: ["tags"]
// However, using the transforms option works to suppress the update.
// More information at https://www.pulumi.com/docs/concepts/options/transforms/
transforms: [args => {
return {
props: args.props,
opts: pulumi.mergeOptions(args.opts, { ignoreChanges: ["tags"] })
}
}],
});
export const vpcId = myVpc.vpcId;
export const publicSubnetIds = myVpc.publicSubnetIds;
export const privateSubnetIds = myVpc.privateSubnetIds;Note that ignoreChanges option is a no-op for the awsx.ec2.Vpc resource but using transforms to add an ignoreChanges option for every child resource achieves the desired effect of ignoring the change. Please let us know if this unblocks any of the scenarios here 🙏 |
|
The provider should probably emit a user-friendly warning to users who attempt to set ignoreChanges when this setting is actually a no-op. Unfortunately this is not yet technically possible until the feature in pulumi/pulumi#12154 is completed. |
t0yv0
added
the
awaiting/core
|
To simplify the Code Deploy usecase we could expose an input property that automatically sets ignore changes on the correct underlying resources. Something like a |
Code
NOTE: I've also tried setting direct paths to the properties that are changing (e.g.,
'loadBalancers[0].targetGroupArn', but Pulumi still doesn't ignore the property diff.pulumi upoutputpulumi stack exportoutput{ "urn": "urn:pulumi:development::infra::awsx:x:ecs:FargateService::development-root-fargate-service", "custom": false, "type": "awsx:x:ecs:FargateService", "parent": "urn:pulumi:development::infra::pulumi:pulumi:Stack::infra-development", "customTimeouts": { "create": 1800, "update": 1800, "delete": 1800 } }Use case
I create the Fargate service and initial Task Definition via Pulumi, but then I use AWS CodeDeploy for blue/green deployments of the service. CodeDeploy flips the 'blue' and 'green' target groups on every deployment and additionally creates a new revision of the Task Definition. Pulumi seems to store the Task Definition ARN including the revision (e.g.,
<ARN>:23) and then complains that it is different than the current Task Definition attached to the Fargate service (e.g.,<same ARN>:24).The text was updated successfully, but these errors were encountered: