https://pulumi.com logo
#general
Title
# general
g

gifted-balloon-26385

12/14/2023, 12:06 AM
I’m installing AWS’s k8s load balancer controller via helm (which is their recommended installation approach):
Copy code
new k8s.helm.v3.Chart(
  "aws-load-balancer-controller",
  {
    chart: "aws-load-balancer-controller",
    version: "1.6.2",
    fetchOpts: {
      repo: "<https://aws.github.io/eks-charts>",
    },

    namespace: "kube-system",
    values: {
      clusterName: eksCluster.name,
      serviceAccount: {
        create: false,
        name: "aws-load-balancer-controller",
      },
    },
  }
);
This works fine, but I believe the controller automatically updates its own TLS secret, so whenever I run
pulumi up
again, it tries to re-replace the changes with the original ones from the helm chart. Is there a solution or workaround to this?
actually switching from Chart to Release does seem to fix the issue. yay!
d

dry-keyboard-94795

12/14/2023, 1:06 PM
The workaround for the Chart resource would be to use a transformation to set
ignoreChange
on the secret/certificate's data. See here for an example of transformations: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations
s

stale-answer-34162

12/14/2023, 2:46 PM
try using it the aws.eks.addon
Copy code
export const csiAddon = new aws.eks.Addon(
  'aws-ebs-csi-driver-addon',
  {
    clusterName: eksCluster.name,
    addonName: 'aws-ebs-csi-driver',
    resolveConflictsOnUpdate: 'OVERWRITE',
    // addonVersion: 'v1.24.1-eksbuild.1',
  },
  { dependsOn: [eksCluster, nodeGroup] },
)