v5: Re-consider replace-on-changes behavior for secrets and config maps #3179

blampe · 2024-08-20T16:56:21Z

See Levi's comment here #1568 (comment)

As far as I can tell, the default replace behavior for configmaps and secrets came about because at the time Pulumi didn't have a concept of replaceOnChanges and Kubernetes didn't have immutable secrets or configmaps yet.

Those two gaps made it really difficult to bump Deployments to pick up new config, so Pulumi took the opinion that these should always be immutable. Hence deployments would always pick up new config/secrets because they would always be replaced.

Meanwhile, Pulumi has introduced replaceOnChanges and immutable secrets/cms have been stable since k8s 1.21. Given that, it would make sense for Pulumi to relax its opinion here and let the user decide the replacement behavior of these resources.

Changing a secret's data always results in a replace insted of an update #1772

The text was updated successfully, but these errors were encountered:

blampe added the kind/enhancement Improvements or new features label Aug 20, 2024

pulumi-bot added the needs-triage Needs attention from the triage team label Aug 20, 2024

This was referenced Aug 20, 2024

Reconsider default behavior of immutable ConfigMaps #3006

Closed

Add option to treat secrets as mutable #3164

Merged

blampe removed the needs-triage Needs attention from the triage team label Aug 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v5: Re-consider replace-on-changes behavior for secrets and config maps #3179

v5: Re-consider replace-on-changes behavior for secrets and config maps #3179

blampe commented Aug 20, 2024 •

edited

Loading

v5: Re-consider replace-on-changes behavior for secrets and config maps #3179

v5: Re-consider replace-on-changes behavior for secrets and config maps #3179

Comments

blampe commented Aug 20, 2024 • edited Loading

blampe commented Aug 20, 2024 •

edited

Loading