From 75c84c40244c8f1505eef87512d86b1f6c308400 Mon Sep 17 00:00:00 2001 From: Teddy Andrieux Date: Mon, 25 May 2020 18:43:47 +0200 Subject: [PATCH] charts: re-render the dex charts to use `checksum/config` We need Dex Pods to restart when secret content change, so use the `checksum/config` annotation on the Dex Pods. This annotation is equal to the digest of the secret content This chart is re-rendered using: ``` ./charts/render.py dex --namespace metalk8s-auth charts/dex.yaml \ --service-config dex metalk8s-dex-config \ charts/dex/ > salt/metalk8s/addons/dex/deployed/chart.sls ``` Fixes: #2569 --- charts/dex.yaml | 4 ++++ salt/metalk8s/addons/dex/deployed/chart.sls | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/dex.yaml b/charts/dex.yaml index 7ff7ba13ef..6214b4b702 100644 --- a/charts/dex.yaml +++ b/charts/dex.yaml @@ -40,6 +40,10 @@ extraVolumeMounts: - name: dex-login mountPath: /web/themes/scality +podAnnotations: + # Override default checksum as we want to manage it with salt + checksum/config: '__slot__:salt:metalk8s_kubernetes.get_object_digest(kind="Secret", apiVersion="v1", namespace="metalk8s-auth", name="dex", object_key="data:config.yaml")' + certs: web: create: false diff --git a/salt/metalk8s/addons/dex/deployed/chart.sls b/salt/metalk8s/addons/dex/deployed/chart.sls index 0a55910064..5f63235daa 100644 --- a/salt/metalk8s/addons/dex/deployed/chart.sls +++ b/salt/metalk8s/addons/dex/deployed/chart.sls @@ -187,7 +187,8 @@ spec: template: metadata: annotations: - checksum/config: d58a2489f8f7fd4df3f78cad5ea6ac51e7eda9ca076c41689ce853539ff2a15b + checksum/config: __slot__:salt:metalk8s_kubernetes.get_object_digest(kind="Secret", + apiVersion="v1", namespace="metalk8s-auth", name="dex", object_key="data:config.yaml") labels: app.kubernetes.io/component: dex app.kubernetes.io/instance: dex