No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Can I create a CRD and use it in the same `pulumi up` run ?  I created a `helm.v3.Release` for cert-manager, and a `yaml.v2.ConfigGroup` that defines a `ClusterIssuer` (cert-manager helm release installs the `ClusterIssuer` CRD) . I have a. `depends_on`  in the ConfigGroup to wait for the cert-manager helm release to complete. But it seems that pulumi tries to determine if  `ClusterIssuer` is a namespaced or not before the helm release actually installed the CRD. (`Exception: marshaling properties: awaiting input property "resources": failed to determine if the following GVK is namespaced: <http://cert-manager.io/v1|cert-manager.io/v1>, Kind=ClusterIssuer` )

I've created a  <https://github.com/pulumi/pulumi-kubernetes/issues/3176> but then I realized that maybe this known already ? or there is another way to make it wait?

this is something that comes up a lot, and i actually just merged some functionality that might be helpful for you.

the <https://github.com/pulumi/pulumi-kubernetes/blob/4b148fbceff9dd29a705151fe661ae56e77a7ede/CHANGELOG.md#added|changelog> goes into detail, but essentially you can add a `<http://pulumi.com/waitFor|pulumi.com/waitFor>` annotation to help pulumi know when cert-manager is ready before attempting to create your issuer. i actually have an example of how to do exactly what you’re doing <https://github.com/pulumi/pulumi-kubernetes/blob/4b148fbceff9dd29a705151fe661ae56e77a7ede/tests/sdk/nodejs/testdata/await/cert-manager/index.ts#L9-L38|here>.

this hasn’t been released yet but it’s available as an alpha in `4.18.0-alpha.1724335757` if you’d like to play around with it. we would love to hear your feedback!

it’s worth mentioning the `waitFor: "jsonpath={.webhooks[].clientConfig.caBundle}"`  annotation in my example essentially accomplishes the same thing as cert-manager’s own <https://github.com/cert-manager/cert-manager/blob/01a107f800efd477b1cf497aef51ccdd9e509476/deploy/charts/cert-manager/values.yaml#L1231-L1237|post-install hook>.

importantly, Chart resources don’t apply helm hooks, but Release resources do. this is why your workaround on #3176 works — the first Release runs the post-install hook and is guaranteed to be ready before the second one installs an issuer.

there are <https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/choosing-the-right-helm-resource-for-your-use-case/|pros and cons> to Chart vs. Release resources. the v4 Chart is quite nice _but_ it doesn’t support post-install hooks, and we don’t have a v4 Release (yet) which does. this annotation gives you a bit of a middle ground if you want Chart functionality but need a lightweight post-install readiness check like this.

also worth metioning your “failed to determine if the following GVK is namespaced” error is a bug (with a fix up here <https://github.com/pulumi/pulumi-kubernetes/pull/3186>), which should at least fix what you were originally trying to do.