EDIT False alarm disappointed Leaving it up though as delete

Question

EDIT False alarm disappointed Leaving it up though as deleted posts just make people curious for no reason wink There s something weird about diffs with one helm chart in particular every time I run the stack it wants to replace some certificates with the exact identical certificate ``` kubernetes akv2k8s ~ kubernetes akv2k8s akv2k8s envinjector update diff ~webhooks + kubernetes core v1 Secret akv2k8s akv2k8s envinjector tls replace diff ~data + kubernetes core v1 Secret akv2k8s akv2k8s envinjector ca replace diff ~data ~ kubernetes apps v1 Deployment akv2k8s akv2k8s envinjector update diff ~spec ``` Edit neeevermind there is a tiny diff in the certificates generated a bit frustrating but of no consequence Was almost certain there might have been some encoding issues triggering the diff or something but no new certs are generated by the chart every time it s touched oh well

better-shampoo-48884 · Answer

and I spoke too quickly there is actually a diff of just a few characters every single time oh well confused

billowy-army-68599 · Answer

There s discussion about this here <https pulumi community slack com archives C84L4E3N1 p1617211149122200 thread ts=1617187173 108800 amp channel=C84L4E3N1 amp message ts=1617211149 122200|https pulumi community slack com archives C84L4E3N1 p1617211149122200 thread ts=1617187173 108800 amp channel=C84L4E3N1 amp message ts=1617211149 122200>

better-shampoo-48884 · Answer

That is so incredibly awesome thanks My chart expects me to pass those certs as variables to overload the helm behavior though so I made a nice reusable component out of that tls cert generation stuff smiley Only issue now is some odd complaints about templating when I add the certs to the values ``` akv2k8sValues env injector certificate custom = enabled true server tls crt tlsCert crt certPem key tlsCert key privateKeyPem ca crt tlsCert caCert certPem ``` with ``` const SPVakv2k8s = new k8s helm v3 Chart akv2k8s chart akv2k8s version 2 0 10 namespace akv2k8sNamespace metadata name fetchOpts repo helmRepos spv url values akv2k8sValues provider cluster ``` results in ```Error invocation of kubernetes helm template returned an error failed to generate YAML for specified Helm chart failed to create chart from template YAML parse error on akv2k8s templates env injector apiservice yaml error converting YAML to JSON yaml line 15 could not find expected ``` Which makes me wonder how much json gt yaml gt json gt yaml is actually going on here D

billowy-army-68599 · Answer

helm s values yaml takes a string so you ll need to inject values into the helm chart using an `apply `

better-shampoo-48884 · Answer

thanks slightly smiling face tried that but I really think I need a full on tutorial on the apply x = gt x loop and how it actually works under the hood I keep hitting the same hurdle of not understanding how the Output lt T gt transforms and when

better-shampoo-48884 · Answer

``` if akv2k8sValues env injector certificate custom akv2k8sValues env injector certificate = useCertManager false custom enabled true server tls crt tlsCert crt certPem apply x = gt x key tlsCert key privateKeyPem apply x = gt x ca crt tlsCert caCert certPem apply x = gt x ``` Basically this produces the exact same error

better-shampoo-48884 · Answer

Man I m giving up for now This actually passed but likely with the crappy string values rather than the correct values since the actual deployment failed still in the process of burning down my deployment The top combination of interpolate + apply was then referenced with yet another apply earlier with still no joy There seems to be no way to get those keys to be real strings before helm does its magic ``` let serverCrt = pulumi interpolate`$ tlsCert crt certPem apply x = gt x ` let serverKey = xzc let caCrt = czx let serverCrt = vcx tlsCert crt certPem apply pem = gt serverCrt = pem return true tlsCert key privateKeyPem apply key = gt serverKey = key return true tlsCert caCert certPem apply pem = gt caCrt = pem return true if akv2k8sValues env injector certificate custom akv2k8sValues env injector certificate = useCertManager false custom enabled true server tls crt serverCrt key serverKey ca crt caCrt ```

better-shampoo-48884 · Answer

Going full shotgun mode on this still failing at the same place ``` let akv2k8sValues = yaml load fs readFileSync components chart values akv2k8s production yml as any let tlsCrt = tlsCert crt certPem apply tlsCrt = gt let curObj = akv2k8sValues akv2k8sValues env injector certificate = useCertManager false custom enabled true server tls crt tlsCert crt certPem apply x = gt x key toBeFilled ca crt toBeFilled return akv2k8sValues let tlsKey = pulumi all tlsCrt tlsCert key privateKeyPem apply objValue key = gt objValue env injector certificate custom server tls key = key return objValue let finalAkv2k8sValues = pulumi all tlsKey tlsCert caCert certPem apply objValue cert = gt objValue env injector certificate custom ca crt = cert return objValue const SPVakv2k8s = new k8s helm v3 Chart akv2k8s chart akv2k8s version 2 0 10 namespace akv2k8sNamespace metadata name fetchOpts repo helmRepos spv url values finalAkv2k8sValues apply x = gt x provider cluster dependsOn tlsCert crt tlsCert key tlsCert caCert ```