Pulumi - How do we patch a deployment created with helm chart, when values do not contain the property to be updated

Question

I've code to deploy a helm chart using pulumi kubernetes. I would like to patch the StatefulSet (change serviceAccountName) after deploying the chart. Chart doesn't come with an option to specify service account for StatefulSet.

here's my code

// install psmdb database chart
const psmdbChart = new k8s.helm.v3.Chart(psmdbChartName, {
  namespace: namespace.metadata.name,
  path: './percona-helm-charts/charts/psmdb-db',
  // chart: 'psmdb-db',
  // version: '1.7.0',
  // fetchOpts: {
  //   repo: 'https://percona.github.io/percona-helm-charts/'
  // },
  values: psmdbChartValues
}, {
  dependsOn: psmdbOperator
})

const set = psmdbChart.getResource('apps/v1/StatefulSet', `${psmdbChartName}-${psmdbChartValues.replsets[0].name}`);

I'm using Percona Server for MongoDB Operator helm charts. It uses Operator to manage StatefulSet, which also defines CRDs.

I've tried pulumi transformations. In my case Chart doesn't contain a StatefulSet resource instead a CRD.

If it's not possible to update ServiceAccountName on StatefulSet using transformations, is there any other way I can override it?

any help is appreciated.

Thanks,

Can you please edit the tags or the headline ? Also, for basic helm usage, helm has a upgrade feature which compares the current deployment and the new requirements and upgrades the deployment accordingly. When combined with the diff add-on for helm this creates a strong strategy. You can use or consider them. — Catastrophe, Mar 23 '21 at 13:28

score 0 · Answer 1 · answered Mar 25 '21 at 14:15

Pulumi has a powerful feature called Transformations which is exactly what you need here(Example). A transformation is a callback that gets invoked by the Pulumi runtime and can be used to modify resource input properties before the resource is created.

I've not tested the code but you should get the idea:

import * as k8s from "@pulumi/kubernetes";

// install psmdb database chart
const psmdbChart = new k8s.helm.v3.Chart(psmdbChartName, {
    namespace: namespace.metadata.name,
    path: './percona-helm-charts/charts/psmdb-db',
    // chart: 'psmdb-db',
    // version: '1.7.0',
    // fetchOpts: {
    //   repo: 'https://percona.github.io/percona-helm-charts/'
    // },
    values: psmdbChartValues,
    transformations: [
        // Set name of StatefulSet
        (obj: any, opts: pulumi.CustomResourceOptions) => {
            if (obj.kind === "StatefulSet" && obj.metadata.name === `${psmdbChartName}-${psmdbChartValues.replsets[0].name}`) {
                obj.spec.template.spec.serviceAccountName = "customServiceAccount"
            }
        },
    ],
}, {
    dependsOn: psmdbOperator
})

Thanks for the answer. I've tried this already without success. Default service account is set even with transformation — Hari Prasad, Mar 25 '21 at 19:45

score 0 · Accepted Answer · answered Mar 30 '21 at 04:55

Seems Pulumi doesn't have straight forward way to patch the existing kubernetes resource. Though this is still possible with multiple steps.

From Github Comment

Import existing resource

pulumi up to import

Make desired changes to imported resource

pulumi up to apply changes

It seems they plan on supporting functionality similar to kubectl apply -f for patching resources.

Pulumi - How do we patch a deployment created with helm chart, when values do not contain the property to be updated

2 Answers2