https://pulumi.com logo
#typescript
Title
# typescript
r

rich-motorcycle-98689

03/10/2023, 9:43 PM
Hi all. I’m trying to deploy an application via Helm (i.e. using
@pulumi/kubernetes/helm
) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a
Secret
and a
MutatingWebhookConfiguration
). The problem that I’m running into is that the helm chart deploys an empty
Secret
and an empty value in the
MutatingWebhookConfiguration
and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do
pulumi up
after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?
r

rich-motorcycle-98689

03/10/2023, 11:24 PM
How would I apply that to a component of a chart resource? Are each sub-resource inside of a chart identifiable in a way?
I ended up switching from using
helm.v3.Chart
in
@pulumi/helm
to using
k8s.helm.v3.Release
in
@pulumi/kubernetes
and it fixed my problem.
Seems like generally
k8s.helm.v3.Release
is a bit more developed than
helm.v3.Chart
, considering the latter doesn’t have hook support.
g

great-sunset-355

03/13/2023, 10:27 PM
A pitty I saw this late, the similar question comes too often and
v3.Release
resolves the most problems. I guess it would be good to have some information in the docs.
l

limited-rainbow-51650

03/14/2023, 7:13 AM
@rich-motorcycle-98689 good to hear the
Release
resource solved it for you. In case you want to use
Chart
again in the future, @billions-xylophone-85957 was on the right track to propose the
ignoreChanges
resource property. You can apply this to a
Chart
resource using a resource transformation. See the
Chart with Transformations
example here: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations
r

rich-motorcycle-98689

03/17/2023, 2:21 PM
Ohhh, interesting. So you’d add the
ignoreChanges
to a resource transformation in order to apply it to a specific resource. I guess in my case it would be as simple as applying it to all
Secret
and
MutatingWebhookConfiguration
resources (since I only had those resources that were causing a problem).
Would it be fair to characterize the difference between the
Release
and the
Chart
as the
Release
being an OOTB helm solution, while the
Chart
allows for extremely fine-grained configuration control? Because it seems like the
Transformations
tool could be extremely powerful, esp for performing chart manipulation beyond what is configurable in the chart’s
values.yaml
, and I don’t see an option for transformations in the
Release
resource.