Closed thepabloaguilar closed 1 year ago
I removed and added again the chart using Pulumi, I got this in my second run:
pulumi preview
Previewing update (prod):
Type Name Plan Info
pulumi:pulumi:Stack infrastructure-prod
└─ aws:eks:Cluster default-eks-cluster [diff: ~provider]
└─ kubernetes:helm.sh/v3:Chart aws-load-balancer-controller [diff: ~protect]
+ ├─ kubernetes:elbv2.k8s.aws/v1beta1:IngressClassParams alb create
├─ kubernetes:core/v1:Service kube-system/aws-load-balancer-webhook-service [diff: ~protect]
+- ├─ kubernetes:core/v1:Secret kube-system/aws-load-balancer-tls replace [diff: ~data]
├─ kubernetes:networking.k8s.io/v1:IngressClass alb [diff: ~protect]
├─ kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition ingressclassparams.elbv2.k8s.aws [diff: ~protect]
├─ kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition targetgroupbindings.elbv2.k8s.aws [diff: ~protect]
~ ├─ kubernetes:admissionregistration.k8s.io/v1:MutatingWebhookConfiguration aws-load-balancer-webhook update [diff: ~webhooks]
~ ├─ kubernetes:admissionregistration.k8s.io/v1:ValidatingWebhookConfiguration aws-load-balancer-webhook update [diff: ~webhooks]
├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRole aws-load-balancer-controller-role [diff: ~protect]
├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding aws-load-balancer-controller-rolebinding [diff: ~protect]
├─ kubernetes:rbac.authorization.k8s.io/v1:Role kube-system/aws-load-balancer-controller-leader-election-role [diff: ~protect]
├─ kubernetes:rbac.authorization.k8s.io/v1:RoleBinding kube-system/aws-load-balancer-controller-leader-election-rolebinding [diff: ~protect]
├─ kubernetes:apps/v1:Deployment kube-system/aws-load-balancer-controller [diff: ~protect]
- └─ kubernetes:elbv2.k8s.aws/v1beta1:IngressClassParams kube-system/alb delete
For some reason it's deleting my IngressClassParams named kube-system/alb
and creating another with alb
as the name!
For your most recent attempt, I see a ingress class without namespace prefix already so perhaps there was an issue with the naming scheme in your code to install it initially? Could you open a separate ticket when you try it with a fresh install?
For the original issue, that is currently expected and needs better documentation (https://github.com/pulumi/pulumi-kubernetes/issues/1568). We treat secrets as immutable at the moment. We addressed a problem related to configmaps recently and we may have to extend the same to secrets. In this particular case though - perhaps you can consider using the new helm release resource? https://www.pulumi.com/blog/helm-release-resource-for-kubernetes-generally-available/
Hey @viveklak thanks for the reply, I've changed to Release
and it worked like a charm!
For your most recent attempt, I see a ingress class without namespace prefix already so perhaps there was an issue with the naming scheme in your code to install it initially?
No, it's the same code from the first comment. You can see there the namespace is set correctly: namespace='kube-system',
Could you open a separate ticket when you try it with a fresh install?
On this repo, right?
Hello!
I'm using Pulumi to install a Helm chart in a EKS cluster, the first run worked like a charm but everytime after that I try to run
pulumi up
it wants to replace a secret and the problem is that secret is a protected resource (and should be I guess). This is how I'm installing the chart:pulumi up
output:pulumi up
after I unprotected that resource:Issue details
Steps to reproduce
aws-load-balancer-controller
chart in a EKS Cluster (withpulumi up
)pulumi up
againExpected: No replacements try Actual: Replacements try