feat: auto restart deployment when secret files change (#43)

Signed-off-by: Laszlo Uveges <[email protected]>
project-zot · Jul 15, 2024 · 076a029 · 076a029
1 parent 86f2eb6
commit 076a029
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 4 deletions.
diff --git a/charts/zot/Chart.yaml b/charts/zot/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: v2.1.0
 description: A Helm chart for Kubernetes
 name: zot
 type: application
-version: 0.1.57
+version: 0.1.58
diff --git a/charts/zot/templates/deployment.yaml b/charts/zot/templates/deployment.yaml
@@ -22,6 +22,9 @@ spec:
         {{- if and .Values.mountConfig .Values.configFiles }}
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         {{- end }}
+        {{- if and .Values.mountSecret .Values.secretFiles }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        {{- end }}
         {{- if .Values.forceRoll }}
         rollme: {{ randAlphaNum 5 | quote }}
         {{- end }}

diff --git a/charts/zot/unittests/secret_checksum_test.yaml b/charts/zot/unittests/secret_checksum_test.yaml
@@ -0,0 +1,25 @@
+suite: secret checksum in deployment
+# Can't use global templates in this test suite as it will break the checksum calculation
+# causing false negative test outcome.
+# templates:
+#   - deployment.yaml
+tests:
+  - it: has no checksum/secret if no config
+    template: deployment.yaml
+    asserts:
+      - isNull:
+          path: spec.template.metadata.annotations.checksum/secret
+  - it: generate checksum/secret if config is present
+    template: deployment.yaml
+    set:
+      mountSecret: true
+      secretFiles:
+        htpasswd: |-
+          admin:$2y$05$vmiurPmJvHylk78HHFWuruFFVePlit9rZWGA/FbZfTEmNRneGJtha
+          user:$2y$05$L86zqQDfH5y445dcMlwu6uHv.oXFgT6AiJCwpv3ehr7idc0rI3S2G
+    asserts:
+      - isNotNull:
+          path: spec.template.metadata.annotations.checksum/secret
+      - matchRegex:
+          path: spec.template.metadata.annotations.checksum/secret
+          pattern: "^[a-f0-9]{64}$" # SHA256 hex output
diff --git a/charts/zot/values.yaml b/charts/zot/values.yaml
@@ -63,9 +63,7 @@ startupProbe:
 mountConfig: false
 # If mountConfig is true the chart creates the '$CHART_RELEASE-config', if it
 # does not exist the user is in charge of managing it (as this file includes a
-# sample file you have to add it empty to handle it externally) ... note that
-# the service does not reload the configFiles once mounted, so you need to
-# delete the pods to create new ones to use the new values.
+# sample file you have to add it empty to handle it externally).
 configFiles:
   config.json: |-
     {