Lifecycle compute images

[akkornel]

We need a way to automatically mark old images as deprecated or obsolete, and to eventually delete them. The packer Cloud Build job only creates new ones, it doesn't do anything to images that already exist.

Compute Engine is smart enough to choose the newest image out of a family, so this is really just about minimizing costs.

[akkornel]

I'm moving this from the January 2022 milestone to the Ready for Public milestone. The reason is because of how instance templates work.

Instance templates need to reference an image for their boot disk configuration. But they don't reference image families, they reference specific images. That's a problem, because while Packer is making new, up-to-date images, the instance template is still pointing to the old images.

So, we need to set up an image lifecycle before this goes public, to ensure that old images are not able to be used by production traffic.

I'm thinking something like this:

1. The latest image should not be deprecated or obsolete.
2. The next-latest X images (the 'newest of the old') should be marked deprecated, and point to the latest image.
3. All other images should be obsolete, and point to the latest image.
4. Images older than Y days are deleted.

That sounds good to me overall, but there are two open questions:

• What values to use for X and Y?
• How to update the instance templates?

The last question is difficult, because I'm working on using Terraform to manage everything. So whatever handles image deprecation would also need to handle running Terraform to update the instance templates.

[akkornel]

BTW I did have a look at https://blog.teemo.co/our-journey-to-immutable-infrastructure-7bd1e2ccb7de, which I think lines up with my thinking, but didn't talk about how to safely run Terraform from as part of CD.