To elaberate

if I make the secret

// Create a Secret with the database credentials.
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    stringData: {
        "database-username": "test1",
        "database-password": "test1",
    }
}, { provider: provider });

run

pulumi update

it creates the deployment with that secret then I update

const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    stringData: {
         "database-username": "test2",
        "database-password": "test2",
    }
}, { provider: provider });

and run pulumi update. Then the Deployment shows update. However, if I make

// Create a Secret with the database credentials.
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
    metadata: {name: "blahblah"}, <---- adding metadata.name
    stringData: {
        "database-username": "test1",
        "database-password": "test1",
    }
}, { provider: provider });

and then perform the same steps above. Then the deployment actually shows as

replace

instead of

update

which TERMINATES all pods and the deployment. Then replaces them all.

so for now I will just make the secret without an explicit

metadata.name

however I would like to be able to name my secret without it replacing the deployment everytime the

stringData

changes

please let me know if I'm doing something wrong/dumb. Or if I can give any further detail on this. I can repro it consistently

it doesn't look like from the

Secret.ts

it doesn't look like metadata is secret output. https://github.com/pulumi/pulumi-kubernetes/blob/master/sdk/nodejs/core/v1/Secret.ts#L134-L137