charts: re-render the dex charts to use checksum/config

We need Dex Pods to restart when secret content change, so use the `checksum/config` annotation on the Dex Pods. This annotation is equal to the digest of the secret content This chart is re-rendered using: ``` ./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \ --service-config dex metalk8s-dex-config \ charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls ``` Fixes: #2569
scality · May 26, 2020 · 75c84c4 · 75c84c4
1 parent 9814037
commit 75c84c4
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/charts/dex.yaml b/charts/dex.yaml
@@ -40,6 +40,10 @@ extraVolumeMounts:
   - name: dex-login
     mountPath: /web/themes/scality
 
+podAnnotations:
+  # Override default checksum as we want to manage it with salt
+  checksum/config: '__slot__:salt:metalk8s_kubernetes.get_object_digest(kind="Secret", apiVersion="v1", namespace="metalk8s-auth", name="dex", object_key="data:config.yaml")'
+
 certs:
   web:
     create: false

diff --git a/salt/metalk8s/addons/dex/deployed/chart.sls b/salt/metalk8s/addons/dex/deployed/chart.sls
@@ -187,7 +187,8 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: d58a2489f8f7fd4df3f78cad5ea6ac51e7eda9ca076c41689ce853539ff2a15b
+        checksum/config: __slot__:salt:metalk8s_kubernetes.get_object_digest(kind="Secret",
+          apiVersion="v1", namespace="metalk8s-auth", name="dex", object_key="data:config.yaml")
       labels:
         app.kubernetes.io/component: dex
         app.kubernetes.io/instance: dex