This message was deleted Pulumi Community #kubernetes

Join Slack

This message was deleted.

# kubernetes

sparse-intern-71089

09/28/2021, 3:53 PM

This message was deleted.

bored-table-20691

09/28/2021, 4:07 PM

My guess is there is something in the chart that is getting changed on every deployment, likely due to some hook

bored-table-20691

09/28/2021, 4:08 PM

You should look at the Helm chart to see if there is a way to disable that part of it or tell it to skip hooks, and possibly do a transform on the Pulumi side

brave-ambulance-98491

09/28/2021, 5:12 PM

I suspect the

Secret

has a fixed name in the helm chart? The issue with

ConfigMap

mentioned up above likely applies to

Secret

as well: When you use a fixed name for a

Secret

, Pulumi deletes and replaces it in order to force a recreation of pods that mount the secret in. If you can have Pulumi name the

Secret

for you, it will create a new secret, update the pods to depend on it, and perform a standard rollout.

rapid-soccer-18092

09/29/2021, 4:06 AM

Thanks for your responses. @bored-table-20691 I dont see any evidence of their being hooks or a way to disable them. Nothing specified in the readme or configuration. Is there somewhere else I could look to find this? @brave-ambulance-98491 I'm not specifying a

Secret

ConfigMap

for Datadog, but these are created when deploying the chart:

bored-table-20691

09/29/2021, 4:07 AM

Can you share a link to the chart a

rapid-soccer-18092

09/29/2021, 4:08 AM

FYI, how I'm deploying the chart:

Copy code

var datadogChart = new Chart("datadog-chart",
    new ChartArgs
    {
        Chart = "datadog",
        Version = args.DatadogChartVersion,
        Namespace = "default",
        Values = new Dictionary<string, object>
        {
            ["datadog"] = new Dictionary<string, object>
            {
                ["apiKey"] = args.DatadogApiKey,
                ["site"] = "<http://datadoghq.eu|datadoghq.eu>",
                ["logs"] = new Dictionary<string, object>
                {
                    ["enabled"] = true,
                    ["containerCollectAll"] = true
                },
                ["kubelet"] = new Dictionary<string, object>
                {
                    ["tlsVerify"] = false
                }
            },
        },
        FetchOptions = new ChartFetchArgs
        {
            Repo = "<https://helm.datadoghq.com>"
        }
    },
    new ComponentResourceOptions
    {
        Provider = provider,
    });

rapid-soccer-18092

09/29/2021, 4:09 AM

@bored-table-20691 https://github.com/DataDog/helm-charts/blob/main/charts/datadog/README.md

rapid-soccer-18092

09/29/2021, 4:11 AM

Link corrected

bored-table-20691

09/29/2021, 4:13 AM

# clusterAgent.token -- Cluster Agent token is a preshared key between node agents and cluster agent (autogenerated if empty, needs to be at least 32 characters a-zA-z) token: ""

bored-table-20691

09/29/2021, 4:13 AM

This is the issue

bored-table-20691

09/29/2021, 4:14 AM

Set a value there (you can use the random Pulumi provider)

rapid-soccer-18092

09/29/2021, 4:28 AM

Ok great, thanks. Let me try this. What do you mean by using a random Pulumi provider?

rapid-soccer-18092

09/29/2021, 4:29 AM

Something like this? https://www.pulumi.com/docs/reference/pkg/random/randompassword/

bored-table-20691

09/29/2021, 4:33 AM

Yep exactly.

bored-table-20691

09/29/2021, 4:33 AM

Sorry I'm on my phone so hard to link

rapid-soccer-18092

09/29/2021, 4:33 AM

No problem - appreciate the help! I will report back

rapid-soccer-18092

09/29/2021, 6:18 AM

@bored-table-20691 Thanks - this did work for me. I had to name my secret (which I believe makes it immutable) because otherwise the Datadog agent cannot find it. Pasting my code below for reference.

Copy code

var datadogChecksum = new RandomPassword("datadog-checksum-password", new RandomPasswordArgs
{
    Length = 32,
    Special = true
});

var secret = new Secret("datadog-checksum-secret", 
    new SecretArgs
    {
        Metadata = new ObjectMetaArgs()
        {
            Name = "datadog-checksum-secret",
            Namespace = "default"
        },
        StringData =  datadogChecksum
            .Result
            .Apply(x => new Dictionary<string, string>() { { "token", x } })
    },
    new CustomResourceOptions
    {
        Provider = provider
    });

// Datadog chart. <https://github.com/DataDog/helm-charts/tree/main/charts/datadog>
var datadogChart = new Chart("datadog-chart",
    new ChartArgs
    {
        Chart = "datadog",
        Version = args.DatadogChartVersion,
        Namespace = "default",
        Values = new Dictionary<string, object>
        {
            ["datadog"] = new Dictionary<string, object>
            {
                ["apiKey"] = args.DatadogApiKey,
                ["site"] = "<http://datadoghq.eu|datadoghq.eu>",
                ["logs"] = new Dictionary<string, object>
                {
                    ["enabled"] = true,
                    ["containerCollectAll"] = true
                },
                ["kubelet"] = new Dictionary<string, object>
                {
                    ["tlsVerify"] = false // See: <https://github.com/DataDog/integrations-core/issues/2582>
                }
            },
            ["clusterAgent"] = new Dictionary<string, object>
            {
                ["tokenExistingSecret"] = "datadog-checksum-secret"
            }
        },
        FetchOptions = new ChartFetchArgs
        {
            Repo = "<https://helm.datadoghq.com>"
        }
    },
    new ComponentResourceOptions
    {
        Provider = provider,
        DependsOn = { aks, datadogChecksum }
    });

bored-table-20691

09/29/2021, 2:25 PM

Glad it worked out

9 Views

Open in Slack

Previous Next