子网正在使用中,使用 pulumi destroy 时无法删除问题
Subnet is in use and cannot be deleted issue when using pulumi destroy
由于某些 issue with Pulumi cli,我在 Azure DevOps 管道中使用“Pulumi Azure Pipelines Task”,如下所示:
- Pulumi 上行管道 (
pulumi up -s dev)
- Pulumi 销毁管道 (
pulumi destroy -s dev)
在我创建应用程序网关之前,Pulumi 销毁管道工作正常。
添加应用程序网关后,当 Pulumi 销毁管道正在破坏时,出现以下错误:
error: Code="InUseSubnetCannotBeDeleted" Message="Subnet ApplicationGatewaySubnet is in use by
/subscriptions/***/resourceGroups/xxx-rg/providers/Microsoft.Network/applicationGateways/xxx-appgw-agic-dev-japaneast/gatewayIPConfigurations/appgw_gateway_ipconfig
and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet." Details=[]
我知道删除应用网关需要时间,但是Pulumi应该不会通过顺序删除资源来解决这个问题
即在应用程序网关删除完成后删除子网
如何销毁堆栈而不导致“Xxx正在使用中,无法删除”问题?
解决方法是注释掉整个代码,然后 运行“Pulumi up pipeline”。但这不是我想要的,我想使用
“Pulumi destroy pipeline”可以毫无问题地正确销毁堆栈。
更新:2021.11.18
出于调试目的,我注释掉了除 3 个简单资源之外的所有代码:
- 1 个资源组
- 1 个虚拟网络
- 1 个子网
C#代码:
//
// Added couple of extension methods to JsonElement
//
var mainRgArgs = config.RequireObject<JsonElement>(MainResourceGroupArgs);
var mainRgName = mainRgArgs.GetName();
var mainRgTags = mainRgArgs.GetTags();
var mainResourceGroup = new ResourceGroup(MainResourceGroup, new ResourceGroupArgs {
ResourceGroupName = mainRgName,
Tags = mainRgTags
});
var spokeVnetArgs = config.RequireObject<JsonElement>(SpokeVirtualNetworkArgs);
var spokeVnetName = spokeVnetArgs.GetName();
var spokeVnetAddressPrefixes = spokeVnetArgs.Get<List<string>>(AddressPrefixes);
var spokeVnetTags = spokeVnetArgs.GetTags();
var spokeVnetOutput = mainResourceGroup.Name.Apply(rgName => {
return new VirtualNetwork(SpokeVirtualNetwork, new VirtualNetworkArgs {
ResourceGroupName = rgName,
VirtualNetworkName = spokeVnetName,
AddressSpace = new AddressSpaceArgs {
AddressPrefixes = spokeVnetAddressPrefixes
},
Tags = spokeVnetTags
});
});
var spokeAksAppSubnetOutput = spokeVnetOutput.Apply(vnet => {
return Output.Tuple(mainResourceGroup.Name, vnet.Name, vnet.Urn).Apply(tuple => {
var (rgName, vnetName, vnetUniqueName) = tuple;
var subnetName = AksApplicationSubnet;
var subnets = spokeVnetArgs.GetSubnets() ?? new Dictionary<string, string>(); // GetSubnets() -> extension method
if (!subnets.ContainsKey(subnetName)) {
throw new PulumiArgumentException($"Value is not set for {nameof(subnetName)}");
}
var subnetCidr = subnets[subnetName];
return new Subnet($"{vnetUniqueName}.{subnetName}", new AzureNative.Network.SubnetArgs {
SubnetName = subnetName,
AddressPrefix = subnetCidr,
VirtualNetworkName = vnetName,
ResourceGroupName = rgName,
});
});
});
从下面的截图可以看出删除顺序是错误的(虚拟网络 > 资源组 > 子网):
Info:
- using "Pulumi Azure Pipelines Task" (version: 1.0.13) in Azure DevOps pipeline
- Pulumi backend: Azure Blob Container & Azure KeyVault
问题是您在 Apply 回调中创建资源,这是非常不鼓励的。正如您所发现的,您不仅不会在原始预览中看到它们,而且依赖信息也不会保留。更好的方法是这样的:
var mainResourceGroup = new ResourceGroup(MainResourceGroup, new ResourceGroupArgs {
ResourceGroupName = mainRgName,
Tags = mainRgTags
});
// ...
var spokeVnet = new VirtualNetwork(SpokeVirtualNetwork, new VirtualNetworkArgs {
ResourceGroupName = mainResourceGroup.Name,
VirtualNetworkName = spokeVnetName,
AddressSpace = new AddressSpaceArgs {
AddressPrefixes = spokeVnetAddressPrefixes
},
Tags = spokeVnetTags
});
// ...
var spokeAksAppSubnetOutput = new Subnet($"{vnetUniqueName}.{subnetName}", new AzureNative.Network.SubnetArgs {
SubnetName = subnetName,
AddressPrefix = subnetCidr,
VirtualNetworkName = spokeVnet.Name,
ResourceGroupName = mainResourceGroup.Name,
});
请注意,您可以将 mainResourceGroup.Name 等输出直接分配给 ResourceGroupName 等输入 - 有一个隐式转换运算符。
您不能将输出用作资源构造函数(您设置逻辑名称的地方)的第一个参数,但希望您不需要这样做。
如果某处需要Apply,可以单独声明,然后在资源分配中使用结果。
var myNewOutput = someResource.Prop1.Apply(v => ...);
new SomeOtherResource("name, new SomeOtherResourceArgs
{
Prop2 = myNewOutput,
// ...
});
这样可以正确保留依赖项以供删除。
如果您想要配置多个子网,请查看 this issue 以了解如何在需要时按顺序执行此操作。
由于某些 issue with Pulumi cli,我在 Azure DevOps 管道中使用“Pulumi Azure Pipelines Task”,如下所示:
- Pulumi 上行管道 (
pulumi up -s dev) - Pulumi 销毁管道 (
pulumi destroy -s dev)
在我创建应用程序网关之前,Pulumi 销毁管道工作正常。 添加应用程序网关后,当 Pulumi 销毁管道正在破坏时,出现以下错误:
error: Code="InUseSubnetCannotBeDeleted" Message="Subnet ApplicationGatewaySubnet is in use by /subscriptions/***/resourceGroups/xxx-rg/providers/Microsoft.Network/applicationGateways/xxx-appgw-agic-dev-japaneast/gatewayIPConfigurations/appgw_gateway_ipconfig and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet." Details=[]
我知道删除应用网关需要时间,但是Pulumi应该不会通过顺序删除资源来解决这个问题 即在应用程序网关删除完成后删除子网
如何销毁堆栈而不导致“Xxx正在使用中,无法删除”问题?
解决方法是注释掉整个代码,然后 运行“Pulumi up pipeline”。但这不是我想要的,我想使用 “Pulumi destroy pipeline”可以毫无问题地正确销毁堆栈。
更新:2021.11.18
出于调试目的,我注释掉了除 3 个简单资源之外的所有代码:
- 1 个资源组
- 1 个虚拟网络
- 1 个子网
C#代码:
//
// Added couple of extension methods to JsonElement
//
var mainRgArgs = config.RequireObject<JsonElement>(MainResourceGroupArgs);
var mainRgName = mainRgArgs.GetName();
var mainRgTags = mainRgArgs.GetTags();
var mainResourceGroup = new ResourceGroup(MainResourceGroup, new ResourceGroupArgs {
ResourceGroupName = mainRgName,
Tags = mainRgTags
});
var spokeVnetArgs = config.RequireObject<JsonElement>(SpokeVirtualNetworkArgs);
var spokeVnetName = spokeVnetArgs.GetName();
var spokeVnetAddressPrefixes = spokeVnetArgs.Get<List<string>>(AddressPrefixes);
var spokeVnetTags = spokeVnetArgs.GetTags();
var spokeVnetOutput = mainResourceGroup.Name.Apply(rgName => {
return new VirtualNetwork(SpokeVirtualNetwork, new VirtualNetworkArgs {
ResourceGroupName = rgName,
VirtualNetworkName = spokeVnetName,
AddressSpace = new AddressSpaceArgs {
AddressPrefixes = spokeVnetAddressPrefixes
},
Tags = spokeVnetTags
});
});
var spokeAksAppSubnetOutput = spokeVnetOutput.Apply(vnet => {
return Output.Tuple(mainResourceGroup.Name, vnet.Name, vnet.Urn).Apply(tuple => {
var (rgName, vnetName, vnetUniqueName) = tuple;
var subnetName = AksApplicationSubnet;
var subnets = spokeVnetArgs.GetSubnets() ?? new Dictionary<string, string>(); // GetSubnets() -> extension method
if (!subnets.ContainsKey(subnetName)) {
throw new PulumiArgumentException($"Value is not set for {nameof(subnetName)}");
}
var subnetCidr = subnets[subnetName];
return new Subnet($"{vnetUniqueName}.{subnetName}", new AzureNative.Network.SubnetArgs {
SubnetName = subnetName,
AddressPrefix = subnetCidr,
VirtualNetworkName = vnetName,
ResourceGroupName = rgName,
});
});
});
从下面的截图可以看出删除顺序是错误的(虚拟网络 > 资源组 > 子网):
Info:
- using "Pulumi Azure Pipelines Task" (version: 1.0.13) in Azure DevOps pipeline
- Pulumi backend: Azure Blob Container & Azure KeyVault
问题是您在 Apply 回调中创建资源,这是非常不鼓励的。正如您所发现的,您不仅不会在原始预览中看到它们,而且依赖信息也不会保留。更好的方法是这样的:
var mainResourceGroup = new ResourceGroup(MainResourceGroup, new ResourceGroupArgs {
ResourceGroupName = mainRgName,
Tags = mainRgTags
});
// ...
var spokeVnet = new VirtualNetwork(SpokeVirtualNetwork, new VirtualNetworkArgs {
ResourceGroupName = mainResourceGroup.Name,
VirtualNetworkName = spokeVnetName,
AddressSpace = new AddressSpaceArgs {
AddressPrefixes = spokeVnetAddressPrefixes
},
Tags = spokeVnetTags
});
// ...
var spokeAksAppSubnetOutput = new Subnet($"{vnetUniqueName}.{subnetName}", new AzureNative.Network.SubnetArgs {
SubnetName = subnetName,
AddressPrefix = subnetCidr,
VirtualNetworkName = spokeVnet.Name,
ResourceGroupName = mainResourceGroup.Name,
});
请注意,您可以将 mainResourceGroup.Name 等输出直接分配给 ResourceGroupName 等输入 - 有一个隐式转换运算符。
您不能将输出用作资源构造函数(您设置逻辑名称的地方)的第一个参数,但希望您不需要这样做。
如果某处需要Apply,可以单独声明,然后在资源分配中使用结果。
var myNewOutput = someResource.Prop1.Apply(v => ...);
new SomeOtherResource("name, new SomeOtherResourceArgs
{
Prop2 = myNewOutput,
// ...
});
这样可以正确保留依赖项以供删除。
如果您想要配置多个子网,请查看 this issue 以了解如何在需要时按顺序执行此操作。