Hi all. I’m trying to deploy an application via Helm (i.e. using

@pulumi/kubernetes/helm

) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a

Secret

and a

MutatingWebhookConfiguration

). The problem that I’m running into is that the helm chart deploys an empty

Secret

and an empty value in the

MutatingWebhookConfiguration

and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do

pulumi up

after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?

https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/ ?

How would I apply that to a component of a chart resource? Are each sub-resource inside of a chart identifiable in a way?

A pitty I saw this late, the similar question comes too often and

v3.Release

resolves the most problems. I guess it would be good to have some information in the docs.

@rich-motorcycle-98689 good to hear the

Release

resource solved it for you. In case you want to use

Chart

again in the future, @billions-xylophone-85957 was on the right track to propose the

ignoreChanges

resource property. You can apply this to a

Chart

resource using a resource transformation. See the

Chart with Transformations

example here: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations

Ohhh, interesting. So you’d add the

ignoreChanges

to a resource transformation in order to apply it to a specific resource. I guess in my case it would be as simple as applying it to all

Secret

and

MutatingWebhookConfiguration

resources (since I only had those resources that were causing a problem).