search

pulumi / pulumi-azure-native

Azure Native Provider
Apache License 2.0
123 stars 32 forks source link

Updates on container group are invalid when using `delete_before_replace` #918

Open nagyben opened 3 years ago

nagyben commented 3 years ago

Trying to modify an existing containerinstance.ContainerGroup resource (which was deployed using pulumi originally) and using delete_before_replace=True is returning an error

Steps to reproduce

container_group = azure_native.containerinstance.ContainerGroup(
    f"spl-outputs",
    tags=config.require_object("tags"),
    container_group_name=f"spl-outputs",
    containers=[
        azure_native.containerinstance.ContainerArgs(
            command=[],
            environment_variables=[
                azure_native.containerinstance.EnvironmentVariableArgs(
                    name="AZURE_STORAGE_CONNECTION_STRING",
                    secure_value=config.require_secret("azureStorageConnectionString"),
                ),
                azure_native.containerinstance.EnvironmentVariableArgs(
                    name="API_BASE_URL",
                    secure_value=config.require("apiBaseUrl"),
                ),
            ],
            image=config.require("image"),
            name="spl-output",
            ports=[
                azure_native.containerinstance.ContainerPortArgs(
                    port=80,
                )
            ],
            resources=azure_native.containerinstance.ResourceRequirementsArgs(
                requests=azure_native.containerinstance.ResourceRequestsArgs(
                    cpu=1,
                    memory_in_gb=2,
                ),
            ),
        ),
        azure_native.containerinstance.ContainerArgs(                                   # add
            command=["python demographics_scheduler.py"],                        # add
            image=config.require("image"),                                       # add
            name="demographics",                                                 # add
            resources=azure_native.containerinstance.ResourceRequirementsArgs(   # add
                requests=azure_native.containerinstance.ResourceRequestsArgs(    # add
                    cpu=0.2,                                                     # add
                    memory_in_gb=0.5,                                            # add
                ),                                                               # add
            ),                                                                   # add
        ),                                                                       # add
    ],
    image_registry_credentials=[
        azure_native.containerinstance.ImageRegistryCredentialArgs(
            server=config.require("imageRegistryServer"),
            username=config.require_secret("imageRegistryUsername"),
            password=config.require_secret("imageRegistryPassword"),
        )
    ],
    ip_address=azure_native.containerinstance.IpAddressArgs(
        ports=[
            azure_native.containerinstance.PortArgs(
                port=80,
                protocol="TCP",
            )
        ],
        type="Private",
    ),
    location=config.require("location"),
    network_profile=azure_native.containerinstance.ContainerGroupNetworkProfileArgs(
        id=network_profile.id,
    ),
    os_type="Linux",
    resource_group_name=resource_group.name.apply(lambda x: x),
    opts=pulumi.ResourceOptions(delete_before_replace=True),                # add
)
  1. run pulumi up

Expected: No errors to be thrown

Actual:

azure-native:containerinstance:ContainerGroup (spl-outputs):
error: Code="InvalidContainerGroupUpdate" Message="The updates on container group 'spl-outputs' are invalid. If you are going to update the os type, restart policy, network profile, CPU, memory or GPU resources for a container group, you must delete it first and then create a new one."

Workaround:

Manually delete container group before running pulumi up works

But this is not ideal when we are using CI/CD for deployment

mikhailshilkov commented 3 years ago

Hi @nagyben thank you for reporting this.

I believe delete_before_replace has no effect in this case because there's no "replace" operation. The provider tries to run an update-in-place and fails.

We use an annotation that Azure API is supposed to provide on properties that require replacement but those annotations are lacking in many spots, including this one, probably. We'll use this issue to track adding a manual annotation.

jemrobinson commented 1 year ago

Are there any updates on this? I'm still seeing this behaviour in pulumi-azure-native 1.102.0. Is there any ResourceOption I can provide to force replacement?

I'm currently using ResourceOptions(delete_before_replace=True, replace_on_changes=["containers"]) as a workaround.

mikhailshilkov commented 1 year ago

Is there any ResourceOption I can provide to force replacement?

Yes, replace_on_changes should do that, as you mention. Does it not work for you?

jemrobinson commented 1 year ago

I think that both delete_before_replace and replace_on_changes are needed to stop Pulumi trying an in-place update. It sounds like that's the best option until the upstream code adds the appropriate annotation.