0

On a merge to the master branch, a Jenkins job is kicked off to update an AWS Task Definition with a new Docker image with a new versioned tag.

I'm trying to adopt IAC as much as possible, and this deployment job creates a drift in the state of AWS vs what Pulumi has recorded.

I've considered pushing a latest tag on a deployment from master and simply restarting the service (which uses the latest tag rather than a versioned one), but then I lose the strict version control and it makes rollback more difficult.

What's the best way to achieve an automated CICD process while maintaining IAC?

Mike
  • 339
  • 1
  • 3
  • 14
  • Is there a reason you don't have Pulumi update the task definition? – ydaetskcoR Mar 07 '19 at 20:47
  • I've considered that too, but it would require an additional PR cycle to deploy a change which I'd like to avoid. Though I am not ruling it out. It could very well be the best option here. – Mike Mar 07 '19 at 20:59
  • You should probably provide a bit mor context here because it's not clear what your actual issue is or what you're doing right now. – ydaetskcoR Mar 07 '19 at 23:03
  • Let's say I have 2 repos: an App repo and a Pulumi repo (that contains the current state of AWS). When the App repo has a new merge to master, something should automatically be kicked off to deploy the updated App to AWS. If it does this without Pulumi's involvement, Pulumi will be out of sync with the actual state. But if the deployment happens through Pulumi, that means after App's update someone needs to go into the Pulumi repo, make changes, submit a PR, and then merge the PR so that App's changes make it to AWS. Neither of those options are ideal, so I am wondering what best practice is – Mike Mar 07 '19 at 23:14
  • So put the Pulumi code for the application in the application's repo? That's what I do with Terraform – ydaetskcoR Mar 08 '19 at 07:09

0 Answers0