Hey all! I have an ingress that is managed via the aws LB controller. I use its tls cert as the secretName in the tls section of the ingress, and list the three hosts that are in the rules section of the ing.

aws-load-balancer-tls

I use a transformation in the LB controller to tell Pulumi to ignoreChanges on the LB ctrl tls secret. Subsequent ups regenerate the secret causing problems with the ing’s. I also make all ing’s dependsOn the cntrl. This is bec the cntrl pods don’t spin up fast enough, and the ing is still attempted to be created. I get a service not found error. So it is a race condition. This is the current context of my setup. I want to try auto tls discovery via host used in ing rules. I tried removing tls section but it wouldn’t find certs. Even though I have certs created in ACM. Perhaps it can’t find ACM certs? the error I get:

Failed build model due to ingress: waterrecharge/waterrecharge-ingress: none certificate found for host: <http://waterrecharge-pulumi-api-aryeh.tqhosted.com|waterrecharge-pulumi-api-aryeh.tqhosted.com>"

That’s referring to the ACM cert i’ve created, right? It can’t find it? I try putting back the tls section in the ing, and I still have the same issue. What’s happening is bec of that error, the ing doesn’t resolve in pulumi. I can’t get the hostname. So the record alias can’t be created. I get:

error: aws:route53/record:Record resource '<http://waterrecharge-pulumi-aryeh.tqhosted.com|waterrecharge-pulumi-aryeh.tqhosted.com>' has a problem: Required attribute is not set. Examine values at 'Record.Aliases'.

I have to do a refresh for pulumi to get the ing data and be able to resolve the hostname.