https://pulumi.com logo
#kubernetes
Title
# kubernetes
b

busy-soccer-65968

06/05/2020, 7:10 PM
following this https://www.pulumi.com/docs/guides/crosswalk/kubernetes/apps/#create-a-deployment-with-a-secret. I have noticed if I add
metadeta.name
to my secret. Then my deployment diff shows
[secret]
and does a delete-replace instead of simply updated the deployment spec. If I do not include
metadata.name
in my secret and update the
stringData
then the deployent does an update instead of delete replace. It also, does not show the
[secret]
diff. Is this expect?
To elaberate
if I make the secret
Copy code
// Create a Secret with the database credentials.
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    stringData: {
        "database-username": "test1",
        "database-password": "test1",
    }
}, { provider: provider });
run
pulumi update
it creates the deployment with that secret then I update
Copy code
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    stringData: {
         "database-username": "test2",
        "database-password": "test2",
    }
}, { provider: provider });
and run pulumi update. Then the Deployment shows update. However, if I make
Copy code
// Create a Secret with the database credentials.
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    metadata: {name: "blahblah"}, <---- adding metadata.name
    stringData: {
        "database-username": "test1",
        "database-password": "test1",
    }
}, { provider: provider });
and then perform the same steps above. Then the deployment actually shows as
replace
instead of
update
which TERMINATES all pods and the deployment. Then replaces them all.
so for now I will just make the secret without an explicit
metadata.name
however I would like to be able to name my secret without it replacing the deployment everytime the
stringData
changes
please let me know if I'm doing something wrong/dumb. Or if I can give any further detail on this. I can repro it consistently
it doesn't look like from the
Secret.ts
it doesn't look like metadata is secret output. https://github.com/pulumi/pulumi-kubernetes/blob/master/sdk/nodejs/core/v1/Secret.ts#L134-L137
4 Views