Why

cert-manager

chart deployment keeps failing ? A bit of context. I install

cert-manager

using his helm chart like the following.

const certmanager =  new k8s.helm.v2.Chart("cert-manager", {
    repo: "jetstack",
    chart: "cert-manager",
    version: "v0.10.0",
    namespace: "cert-manager",
    values: {
        ingressShim: {
            enabled: true,
            extraArgs: [
                "--default-issuer-name=letsencrypt-dev",
                "--default-issuer-kind=ClusterIssuer",
                "--dns01-recursive-nameservers-only=true"
            ]
        }
    }
},{dependsOn:[certmanagerSecret]);

The first

pulumi up

was successful, but as soon as I change other resources on the file not related to certmanager it always throws those errors

error: resource cert-manager-controller-certificates was not successfully created by the Kubernetes API server : <http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> "cert-manager-controller-certificates" already exists
13:55:21.102[cert-manager-control] failed create kubernetes:<http://rbac.authorization.k8s.io/v1beta1:ClusterRole|rbac.authorization.k8s.io/v1beta1:ClusterRole>
13:55:26.990[cert-manager-cainjec] Retry #0; creation failed: <http://clusterrolebindings.rbac.authorization.k8s.io|clusterrolebindings.rbac.authorization.k8s.io> "cert-manager-cainjector" already exists
13:55:26.990[cert-manager-cainjec] error: resource cert-manager-cainjector was not successfully created by the Kubernetes API server : <http://clusterrolebindings.rbac.authorization.k8s.io|clusterrolebindings.rbac.authorization.k8s.io> "cert-manager-cainjector" already exists
13:55:26.990[cert-manager-cainjec] failed create kubernetes:<http://rbac.authorization.k8s.io/v1beta1:ClusterRoleBinding|rbac.authorization.k8s.io/v1beta1:ClusterRoleBinding>
13:55:29.808[cert-manager-control] Retry #0; creation failed: <http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> "cert-manager-controller-orders" already exists
13:55:29.808[cert-manager-control] error: resource cert-manager-controller-orders was not successfully created by the Kubernetes API server : <http://clusterroles.rbac.authorization.k8s.io|clusterroles.rbac.authorization.k8s.io> "cert-manager-controller-orders" already exists
13:55:29.809[cert-manager-control] failed create kubernetes:<http://rbac.authorization.k8s.io/v1beta1|rbac.authorization.k8s.io/v1beta1>:

The resources are installed but pulumi detects as new or something and want to install them. is there a way to make this idempotent ?