I’m installing AWS’s k8s load balancer controller ...
# general
I’m installing AWS’s k8s load balancer controller via helm (which is their recommended installation approach):
Copy code
new k8s.helm.v3.Chart(
    chart: "aws-load-balancer-controller",
    version: "1.6.2",
    fetchOpts: {
      repo: "<https://aws.github.io/eks-charts>",

    namespace: "kube-system",
    values: {
      clusterName: eksCluster.name,
      serviceAccount: {
        create: false,
        name: "aws-load-balancer-controller",
This works fine, but I believe the controller automatically updates its own TLS secret, so whenever I run
pulumi up
again, it tries to re-replace the changes with the original ones from the helm chart. Is there a solution or workaround to this?
actually switching from Chart to Release does seem to fix the issue. yay!
The workaround for the Chart resource would be to use a transformation to set
on the secret/certificate's data. See here for an example of transformations: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations
try using it the aws.eks.addon
Copy code
export const csiAddon = new aws.eks.Addon(
    clusterName: eksCluster.name,
    addonName: 'aws-ebs-csi-driver',
    resolveConflictsOnUpdate: 'OVERWRITE',
    // addonVersion: 'v1.24.1-eksbuild.1',
  { dependsOn: [eksCluster, nodeGroup] },