This repository has been archived by the owner on Jun 17, 2023. It is now read-only.
Set disable_on_destroy=true for API management. #91
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have an exekube project. It's pretty straightforward for now, basically a copy of https://github.com/exekube/demo-apps-project/.
I am using exekube:0.3.1-google with some trivial changes.
When I do this with a new cluster:
I get this error every time I re-run
xk up live/dev/infra
:I can work around it by running
xk gcloud services disable
on each service in${var.project_services}
here:I can also fix it by setting
disable_on_destroy = true
in the terraform code, as I have done in this PR.What do you think of this approach?
Slightly separate but related question:
The design today seems to be
xk down live/dev/infra
is run only rarely, even ifxk down; xk up
is run frequently. However, I think there is a difference between enabling GCP APIs -- which creates no resources and (AFAIK) costs nothing -- and managing networks, static IPs, and DNS Zones -- which are visible resources and have small (but non-zero) costs. All of these things are managed by a single module today,gke-network
.What do you think about moving the API management out of the
gke-network
module and into its own module? Since (AIUI) API management happens asynchronously on Google's end, it can require a few runs ofxk up live/dev/infra
before everything converges[1]. Hence, it might be desirable to run the API management code less often, or at least separately from the network/IP/DNS management code. Splittinggke-network
's responsibilities might also enable a different decision on thedisable_on_destroy
question above.[1] The errors look like this: