https://pulumi.com logo
Title
s

steep-winter-68060

12/22/2022, 11:18 PM
Hi all! I’m struggling to get Pulumi to ignore a secret created by a Helm chart. I’m not sure what to put in the
ignoreChanges
list? I’ve tried these without any suscess:
ignoreChanges: ['data', 'data.token', 'metadata.managedFields[*]'],
kubernetes:<http://helm.sh/v3:Chart$kubernetes:core/v1:Secret|helm.sh/v3:Chart$kubernetes:core/v1:Secret> (datadog/datadog-agent-cluster-agent)
++ kubernetes:core/v1:Secret (create-replacement)
    [id=datadog/datadog-agent-cluster-agent]
    [urn=urn:pulumi:development::eks-cluster::kubernetes:<http://helm.sh/v3:Chart$kubernetes:core/v1:Secret::datadog/datadog-agent-cluster-agent|helm.sh/v3:Chart$kubernetes:core/v1:Secret::datadog/datadog-agent-cluster-agent>]
    __fieldManager     : "pulumi-kubernetes-db5ac33a" => "pulumi-kubernetes-c6b496ec"
    metadata           : {
        managedFields    : [
            [0]: {
                fieldsV1  : {
                    f:data    : {
                        f:token: {}
                    }
                }
            }
            [1]: {
                apiVersion: "v1"
                fieldsType: "FieldsV1"
                fieldsV1  : {
                    f:data    : {
                        f:token: {}
                    }
                    f:metadata: {
                        f:labels: {
                            f:<http://app.kubernetes.io/instance|app.kubernetes.io/instance>  : {}
                            f:<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: {}
                            f:<http://app.kubernetes.io/name|app.kubernetes.io/name>      : {}
                            f:<http://app.kubernetes.io/version|app.kubernetes.io/version>   : {}
                            f:<http://helm.sh/chart|helm.sh/chart>               : {}
                        }
                    }
                    f:type    : {}
                }
                manager   : "pulumi-kubernetes-c6b496ec"
                operation : "Apply"
                time      : "2022-12-22T22:24:32Z"
            }
        ]
    }
m

many-telephone-49025

12/23/2022, 10:05 AM
Hi, Don't use the secret generation inside the Helm chart. Create the secret beforehand (via Pulumi Secret resource) and pass the secret to the Datadog Helm Chart (look for values like existingSecret or secretRef)
s

steep-winter-68060

12/23/2022, 6:25 PM
Hmm I don’t care about this secret (it’s for DD internal communication) and I believe DD Helm chart does its own secret rotation. It’s counter-intuitive to generate my own for something internal to DD
g

gorgeous-egg-16927

01/03/2023, 5:37 PM
You can drop the secret entirely using a transformation. There’s an example of that in the API docs: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations