Helm Chart Ignore Changes Example

index.ts

import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

const vpc = new awsx.ec2.Vpc("vpc", { numberOfAvailabilityZones: 2 });

const cluster = new eks.Cluster("cluster", {
    vpcId: vpc.id,
    subnetIds: vpc.publicSubnetIds,
    instanceType: "t2.medium",
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
});

/**
 * Return a modified resource `ignoreChanges` set to the provided `ignorePropertyNames`.
 * - https://www.pulumi.com/docs/intro/concepts/resources/#ignorechanges
 */
function ignoreChangesTransformation(resource: pulumi.ResourceTransformationArgs, ignorePropertyNames: string[]): pulumi.ResourceTransformationResult {
    return {
        props: resource.props,
        opts: pulumi.mergeOptions(resource.opts, {
            ignoreChanges: ignorePropertyNames,
        }),
    }
}

const albingresscntlr = new k8s.helm.v3.Chart("alb", {
    chart: "aws-load-balancer-controller",
    fetchOpts: {
        repo: "https://aws.github.io/eks-charts",
    },
    values: {
        clusterName: cluster.eksCluster.name,
        autoDiscoverAwsRegion: "true",
        autoDiscoverAwsVpcID: "true"
    }
}, {
    provider: cluster.provider,

    /**
     * Modify specific child resources of this chart to ignore changes to their certificates on each `up`.
     * - https://www.pulumi.com/docs/intro/concepts/resources/#transformations
     */
    transformations: [
        (args) => {
            if (args.type === "kubernetes:core/v1:Secret" && args.name === "default/aws-load-balancer-tls") {
                pulumi.log.info(`aws-load-balancer-controller transformation: Ignoring changes to TLS certificate on [${args.resource.urn}].`);
                return ignoreChangesTransformation(args, ["data"]);
            }
            else if (args.name === "aws-load-balancer-webhook"
                && (args.type === "kubernetes:admissionregistration.k8s.io/v1:ValidatingWebhookConfiguration"
                    || args.type === "kubernetes:admissionregistration.k8s.io/v1:MutatingWebhookConfiguration")
            ) {
                pulumi.log.info(`aws-load-balancer-controller transformation: Ignoring changes to TLS certificate on [${args.resource.urn}].`);
                return ignoreChangesTransformation(args, [
                    "webhooks[0].clientConfig.caBundle",
                    "webhooks[1].clientConfig.caBundle",
                ]);
            }
            return undefined;
        },
    ]
});

package.json

{
    "name": "aws-ts-eks",
    "devDependencies": {
        "@types/node": "^8.0.0"
    },
    "dependencies": {
        "@pulumi/awsx": "^0.30.0",
        "@pulumi/eks": "^0.30.0",
        "@pulumi/kubernetes": "^3.1.1",
        "@pulumi/pulumi": "^3.0.0",
        "@pulumi/tls": "^4.0.0"
    }
}

Pulumi.yaml

name: aws-ts-eks
description: EKS cluster example
runtime: nodejs
template:
  config:
    aws:region:
      description: The AWS region to deploy into
      default: us-west-2

tsconfig.json

{
    "compilerOptions": {
        "outDir": "bin",
        "target": "es2016",
        "module": "commonjs",
        "moduleResolution": "node",
        "declaration": true,
        "sourceMap": true,
        "stripInternal": true,
        "experimentalDecorators": true,
        "pretty": true,
        "noFallthroughCasesInSwitch": true,
        "noImplicitAny": true,
        "noImplicitReturns": true,
        "forceConsistentCasingInFileNames": true,
        "strictNullChecks": true
    },
    "files": [
        "index.ts"
    ]
}