rquitales
commented
1 month ago @wclr Could you elaborate more on the secret names you're seeing and the Pulumi code you have that are causing these names? I've just tested out setting name in helmOptions to trigger between explicit and auto naming, but do not see the issue you're describing.
With autonaming:
import * as k8s from "@pulumi/kubernetes";
import * as certmanager from "@pulumi/kubernetes-cert-manager";
// Create a sandbox namespace.
const ns = new k8s.core.v1.Namespace("sandbox-ns");
// Install a cert manager into our cluster.
const manager = new certmanager.CertManager("cert-manager", {
installCRDs: true,
helmOptions: {
namespace: ns.metadata.name,
// name: "my-cert-manager", <- this is commented out
},
});# k get secrets -n sandbox-ns-7f856b94
NAME TYPE DATA AGE
cert-manager-helm-db816c75-webhook-ca Opaque 3 94s
sh.helm.release.v1.cert-manager-helm-db816c75.v1 helm.sh/release.v1 1 96sWith explicit naming:
import * as k8s from "@pulumi/kubernetes";
import * as certmanager from "@pulumi/kubernetes-cert-manager";
// Create a sandbox namespace.
const ns = new k8s.core.v1.Namespace("sandbox-ns");
// Install a cert manager into our cluster.
const manager = new certmanager.CertManager("cert-manager", {
installCRDs: true,
helmOptions: {
namespace: ns.metadata.name,
// name: "my-cert-manager",
},
});# k get secrets -n sandbox-ns-861fe41b
NAME TYPE DATA AGE
my-cert-manager-webhook-ca Opaque 3 2m55s
sh.helm.release.v1.my-cert-manager.v1 helm.sh/release.v1 1 2m56sNote how the secret name does not contain any random suffixes in it.
wclr
I belive it is a general issue with pulumi auto-hasing names (when it is not derisable).
It is possible to avoid name-hasing of other resources created by chart if we set
namein hemlOptions. But tls secret objects created still get hashes, I wonder is it possible to avoid this?