https://pulumi.com
Join Slack
This message was deleted.
# general
s
This message was deleted.
e
An example from the public cert part (but it happens on crt, key and ca, just for this one file):
Copy code
~ data: {
              ~ crt.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lSQUptN3YwMlJhUGF4a28vNWt4T1ZnYXd3RFFZSktvWklodmNOQVFFTEJRQXcKTFRFck1Da0dBMVVFQXhNaVlXMWlZWE56WVdSdmNpMXBibXBsWTNSdmNpNWhiV0poYzNOaFpHOXlMbk4yWXpBZQpGdzB5TURFeE1UWXhPVE0yTWpsYUZ3MHlNVEV4TVRZeE9UTTJNamxhTUMweEt6QXBCZ05WQkFNVEltRnRZbUZ6CmMyRmtiM0l0YVc1cVpXTjBiM0l1WVcxaVlYTnpZV1J2Y2k1emRtTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUEKQTRJQkR3QXdnZ0VLQW9JQkFRQzFqbUMrb3NTRzdXMmlsODlTcFBwNHRGR2JMeWlZTE95cnd6bFhQQmc0eTFYSAozemZvYjZIVSs1MWtGZGp6M3Fmdk94QzY3ZkR5VWZTcHl5dE85dVhQR1ZXZlY0dVdGK0pVWlU1RGFsTmdzZnNlCi9FdEt5QzhYSEJaREpPc3F6ODdrbXVLbUdjRTlHTGN3cnV2TWpqTnFBWEt0Z3dJeHd1Si96ZUR1QlBIRHNGOU8KdC9WS3NkTmRjdFlZUjB1ME9oNmZtZURkMU1iUXNTUStxZUlDM2JPUHVucUkrN25NNWFSQkRaWGlCd25hZ1E4OQpLTmN6ck5NcXVzczNEQTllTDFSc09nZjV6bHo2cW04RVdGR3VPcGFBRXNZR2VTaHorS3M0RGkvVHQ4cTR0dGtBCjhPS3dhZjYvZTZzVEQreW94VWdubCtvYjMxaFBLTVdLSjZpZ0J2eGpBZ01CQUFHalFqQkFNQTRHQTFVZER3RUIKL3dRRUF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFILwpCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFuYnBSZTZGMDBIQUhncXlXSC9nQXgyWFlZTUNpCldYVWUzbHVjb0xvSjYwalE0YmQ1VDRLQ21QOGE1M3BTVDVJTEtKQkxiZHFUZjROOHFYVjkxSS9IWmo5M0JwRHkKamlVWnFMU1VYdVNJV3NsTjZMcmtlaXAwNTFhMG5uWVB4TDdWUkNzTEdvV3hWZkd5cmxqWThHT0VYZzkwSmc1NApsdEQyRU9SajlNV0dHcWxySTk2c3dyZkhCMTJxZG5sRk1ZMkVUMkZBRUxvY0FKajNYTFl0S3FyaHdlUUcrZExzCmdza0JudzZoeVl4NHBRaWxkbTlGb1cyYzE2bVVxa1R3SDZKVVRHK3ZjbHJGNlFKYlhhZFdZZG1aVjlXQVk3a1gKc2J5Q1BqcWZLbVdQOEFIdVF3bzQ1TS9PUUk1OUlFOHY0eHlOUmp2T3ZEcmhyeVErU1V1RFdPTW9YQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" => "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lSQUxsNThkd3c5RnJ1Ri9LT1MwYVVEaWd3RFFZSktvWklodmNOQVFFTEJRQXcKTFRFck1Da0dBMVVFQXhNaVlXMWlZWE56WVdSdmNpMXBibXBsWTNSdmNpNWhiV0poYzNOaFpHOXlMbk4yWXpBZQpGdzB5TURFeE1UWXhPVFF3TkRkYUZ3MHlNVEV4TVRZeE9UUXdORGRhTUMweEt6QXBCZ05WQkFNVEltRnRZbUZ6CmMyRmtiM0l0YVc1cVpXTjBiM0l1WVcxaVlYTnpZV1J2Y2k1emRtTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUEKQTRJQkR3QXdnZ0VLQW9JQkFRRFVqZDR3RTlXQU8rVFBvZjNCeTVJeHg4QVhzZklwTWlLZWxNME5GK2NieWxFawpKK0VEQ0U3YlhPVnBjZmhRdmdSbVFTT2FMZGdhVEdSeTM5VGtSZWVvcUJwMzVjR3NzT2tSMVBZcit1dUJGZEJpClBETmRDOUhMdmgxWWVTTlNCOXcrcnpQZXdFaWFldEZHZWI2ZzVEbVM1Mm85eHRHVnQvQWdaM1IveXVTQThOWXcKZm92bzRMd1VOMEt2Nlh4aFFLaTZPUTlTbUJ3Zi9iTnZ6MHhvVTYzTHdSZ0FvYUVBcW1sUS84dDZZbXJaYmtCUApzV2ZLVVMwK3l3aUFQbmdoYlpzdCsvY2E0T3JnQko2N0VIQjZWd3J2U0hjaUdsT3ZVRStoNXZBN1FHQldSaSt3CmREQzhobElwcFo1KzRtTVpRUDlWVGFDZnZMWHRKTHlmMjYzc1lVMlZBZ01CQUFHalFqQkFNQTRHQTFVZER3RUIKL3dRRUF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFILwpCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFkR1ZFRXdEYk1oSS8vdFo5L3RsaEJTQUNtQzZnCkE1ZHlsRUozOXFHQ3ZMSEhUd1pVOTZiaHgyeVdMZVFFWVQ1N0d2REhpVEhGM2JzNElvakFvazRWa21IKzFocFAKMzBwZkxObUlGRC8wMnB6MngyY2hpd3Y0YlF1bXNsMzBwZVZEbENNQ0gvQmFJTjBXenFtOS9lOHNTUGZDUW1JZApaajhtT3dkcmlyc1pFL3RobldQWjB6ZFBiQVdNZzJOZ21aTzI1VDMyczk1djhHOFNscHVraFlvUUNuVnZBY2FOCnNWTmpzMUUyQmdsejBzMDBvU2JMYWZsdHBCekpiU1dVcDVyakg1TVZ3cklVMHRzbUYzNzh1eldCdDFIdjlhOEgKK2hjZUlBblFwTWM4REsxNXBjU2o4b2xvV0xiQnc5d2xjRmlLMlhRb0xqNSsxMXQ1SXFQblFYVHl4Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
g
Those values are in fact different - but you say you see them as "exactly the same when I go look in the details of the run". Where you are looking and seeing them as the same?
e
Well that’s me being dumb in my frustration and comparing them with my eyes and not a computer. Which means the value is changing every time I run pulumi up. I’ll have to look at the chart itself and how it generates that and then Pulumi’s mechanism.
This secret runs the go template “genCA” function. I’m guessing Pulumi generates objects from the helm chart? But have to read more about it. So it would be generating a new one every time, which explains the behavior. Now I need to figure out how to work around that.
Yeah ok so it’s the helm template behavior of Pulumi I need to figure out how to control with the implementation of this chart.
g
Yes, the helm chart resource in pulumi calls the equivalent to 
helm template ...
and then reads those objects back in as "first class" pulumi kubernetes resources.
b
yeah this is a common issue with helm charts that use the inbuilt helm tls generation, I've worked around this by using our tls provider: https://github.com/jaxxstorm/pulumi-aws-loadbalancercontroller/blob/main/nodejs/src/index.ts#L275-L295
e
that's cool, thanks! I've reached out to the folks who make this helm chart (Datwire/Ambassador), as I don't think I can do much about this with the way it's structured now. Looking at Pulumi transformations to see if I can get hacky about it in the meantime
Thanks all!
Took at second for this all to come together in my head, but I could use the Pulumi CA gen function and then use a transformation to replace the helm chart one. That would keep it consistent.
b
@elegant-carpet-8859 usually the helm chart has a value to allow you to specify your own cert, which chart are you using?
e
There’s no configurability for this CA. I have a good relationship with the Ambassador folks and have asked if they’d accept a PR to add it
And for the second time today I eat crow as I realize the ternary operator is in there and that's how you pass it in
9 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by