I installed AWS Load Balancer Controller via Helm chart Sinc Pulumi Community #aws

I installed AWS Load Balancer Controller via Helm ...

wide-finland-25364

01/20/2022, 7:19 AM

I installed AWS Load Balancer Controller via Helm chart. Since initial installation, whenever I do

pulumi up

, the certs in

Secrets kube-system/aws-load-balancer-tls

get replaced. I even tried "keepTLSSecret: true," but no-go. I see that

kubernetes:<http://admissionregistration.k8s.io/v1:MutatingWebhookConfiguration|admissionregistration.k8s.io/v1:MutatingWebhookConfiguration>

and

kubernetes:<http://admissionregistration.k8s.io/v1:ValidatingWebhookConfiguration|admissionregistration.k8s.io/v1:ValidatingWebhookConfiguration>

gets updated too. Is there a way to mitigate this? This is the code

Copy code

// Install AWS Load Balancer Controller via Helm chart
const awslbcontroller = new k8s.helm.v3.Chart("aws-load-balancer-controller", {
  chart: "aws-load-balancer-controller",
  version: "1.3.3",
  namespace: "kube-system",
  fetchOpts:{
      repo: "<https://aws.github.io/eks-charts>",
  },
  values: {
    clusterName: clusterName,
    keepTLSSecret: true,
  }
}, {provider: cluster.provider});

wide-finland-25364

01/20/2022, 9:13 AM

Seems like there's a known bug, and the workaround is to ignore bunch of stuff. The example is for ArgoCD; is there a similar workaround I can apply for Pulumi?

worried-city-86458

01/21/2022, 3:07 AM

It's better to install and use cert-manager with aws lbc. In the helm chart values specify:

Copy code

enableCertManager: true

PS. I recommend using helm release resources instead of helm chart resources

👍 2

wide-finland-25364

01/21/2022, 6:21 PM

Thank you for the tips! I think I've found a blog post about chart vs release. I'll definitely look into it.

127 Views

Open in Slack

Previous Next