This message was deleted.
# kubernetes
s
This message was deleted.
b
My guess is there is something in the chart that is getting changed on every deployment, likely due to some hook
You should look at the Helm chart to see if there is a way to disable that part of it or tell it to skip hooks, and possibly do a transform on the Pulumi side
b
I suspect the
Secret
has a fixed name in the helm chart? The issue with
ConfigMap
mentioned up above likely applies to
Secret
as well: When you use a fixed name for a
Secret
, Pulumi deletes and replaces it in order to force a recreation of pods that mount the secret in. If you can have Pulumi name the
Secret
for you, it will create a new secret, update the pods to depend on it, and perform a standard rollout.
r
Thanks for your responses. @bored-table-20691 I dont see any evidence of their being hooks or a way to disable them. Nothing specified in the readme or configuration. Is there somewhere else I could look to find this? @brave-ambulance-98491 I'm not specifying a
Secret
or
ConfigMap
for Datadog, but these are created when deploying the chart:
b
Can you share a link to the chart a
r
FYI, how I'm deploying the chart:
Copy code
var datadogChart = new Chart("datadog-chart",
    new ChartArgs
    {
        Chart = "datadog",
        Version = args.DatadogChartVersion,
        Namespace = "default",
        Values = new Dictionary<string, object>
        {
            ["datadog"] = new Dictionary<string, object>
            {
                ["apiKey"] = args.DatadogApiKey,
                ["site"] = "<http://datadoghq.eu|datadoghq.eu>",
                ["logs"] = new Dictionary<string, object>
                {
                    ["enabled"] = true,
                    ["containerCollectAll"] = true
                },
                ["kubelet"] = new Dictionary<string, object>
                {
                    ["tlsVerify"] = false
                }
            },
        },
        FetchOptions = new ChartFetchArgs
        {
            Repo = "<https://helm.datadoghq.com>"
        }
    },
    new ComponentResourceOptions
    {
        Provider = provider,
    });
Link corrected
b
# clusterAgent.token -- Cluster Agent token is a preshared key between node agents and cluster agent (autogenerated if empty, needs to be at least 32 characters a-zA-z) token: ""
This is the issue
Set a value there (you can use the random Pulumi provider)
r
Ok great, thanks. Let me try this. What do you mean by using a random Pulumi provider?
b
Yep exactly.
Sorry I'm on my phone so hard to link
r
No problem - appreciate the help! I will report back
@bored-table-20691 Thanks - this did work for me. I had to name my secret (which I believe makes it immutable) because otherwise the Datadog agent cannot find it. Pasting my code below for reference.
Copy code
var datadogChecksum = new RandomPassword("datadog-checksum-password", new RandomPasswordArgs
{
    Length = 32,
    Special = true
});

var secret = new Secret("datadog-checksum-secret", 
    new SecretArgs
    {
        Metadata = new ObjectMetaArgs()
        {
            Name = "datadog-checksum-secret",
            Namespace = "default"
        },
        StringData =  datadogChecksum
            .Result
            .Apply(x => new Dictionary<string, string>() { { "token", x } })
    },
    new CustomResourceOptions
    {
        Provider = provider
    });

// Datadog chart. <https://github.com/DataDog/helm-charts/tree/main/charts/datadog>
var datadogChart = new Chart("datadog-chart",
    new ChartArgs
    {
        Chart = "datadog",
        Version = args.DatadogChartVersion,
        Namespace = "default",
        Values = new Dictionary<string, object>
        {
            ["datadog"] = new Dictionary<string, object>
            {
                ["apiKey"] = args.DatadogApiKey,
                ["site"] = "<http://datadoghq.eu|datadoghq.eu>",
                ["logs"] = new Dictionary<string, object>
                {
                    ["enabled"] = true,
                    ["containerCollectAll"] = true
                },
                ["kubelet"] = new Dictionary<string, object>
                {
                    ["tlsVerify"] = false // See: <https://github.com/DataDog/integrations-core/issues/2582>
                }
            },
            ["clusterAgent"] = new Dictionary<string, object>
            {
                ["tokenExistingSecret"] = "datadog-checksum-secret"
            }
        },
        FetchOptions = new ChartFetchArgs
        {
            Repo = "<https://helm.datadoghq.com>"
        }
    },
    new ComponentResourceOptions
    {
        Provider = provider,
        DependsOn = { aks, datadogChecksum }
    });
b
Glad it worked out