volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(pod): roll deployment for TLS certificates
Some checks failed
Helm / helm-lint (push) Successful in 5s
Details
Helm / helm-unittest (push) Successful in 9s
Details
Release / publish-chart (push) Failing after 6s
Details

Browse Source 
The patch add the annotation `checksum/secret-<name of the TLS secret>` with the
sha512 value of the secret. This ensures a rolling update if the TLS secrets has
been updated. Such an update can be triggered by the cert-manager.
This commit is contained in:
Markus Pesch
2025-11-30 13:31:44 +01:00
parent f1a47dc0a5
commit 757469762b
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
templates/_pod.tpl
View File

@@ -4,6 +4,10 @@
{{- define "athens-proxy.pod.annotations" }} {{- define "athens-proxy.pod.annotations" }}
{{- include "athens-proxy.annotations" . }} {{- include "athens-proxy.annotations" . }}
{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) }}
{{- $secretName := include "athens-proxy.certificates.server.name" $ }}
{{ printf "checksum/secret-%s: %s" $secretName (print (lookup "v1" "Secret" .Release.Namespace $secretName) | sha256sum) }}
{{- end }}
{{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }} {{- if and .Values.config.env.enabled (not .Values.config.env.existingSecret.enabled) }}
{{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }} {{ printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.env.name" $) (include (print $.Template.BasePath "/secretEnv.yaml") . | sha256sum) }}
{{- end }} {{- end }}
@@ -21,8 +25,6 @@
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/* labels */}} {{/* labels */}}
{{- define "athens-proxy.pod.labels" -}} {{- define "athens-proxy.pod.labels" -}}

3
unittests/deployment/certificate.yaml
View File

@@ -46,6 +46,9 @@ tests:
certificate.new.issuerRef.kind: ClusterIssuer certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: MyIssuer certificate.new.issuerRef.name: MyIssuer
asserts: asserts:
- exists:
path: spec.template.metadata.annotations["checksum/secret-athens-proxy-unittest-tls"]
template: templates/deployment.yaml
- contains: - contains:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
content: content: