From 3c8fb86231e7435c5eb2b24913e70b9de9d9f196 Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Thu, 29 May 2025 11:22:05 +0200
Subject: [PATCH] fix(deployment): define annotations to automatically roll
deployments
The following patch extends the chart to automatically roll the deployment, when
one of the configurations, stored in a config map or secret, has been changed.
The implementation add annotations which triggers `helm update` or ArgoCD to
roll the deployment. Further information can be found on the official helm
website:
https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
---
.../prometheus-postgres-exporter/_pod.tpl | 31 +++
.../deployment.yaml | 2 +
unittests/deployment/deployment.yaml | 205 +++++++++++++++++-
3 files changed, 236 insertions(+), 2 deletions(-)
diff --git a/templates/prometheus-postgres-exporter/_pod.tpl b/templates/prometheus-postgres-exporter/_pod.tpl
index f18b6cc..a8d5da3 100644
--- a/templates/prometheus-postgres-exporter/_pod.tpl
+++ b/templates/prometheus-postgres-exporter/_pod.tpl
@@ -4,6 +4,37 @@
{{- define "prometheus-postgres-exporter.pod.annotations" -}}
{{ include "prometheus-postgres-exporter.annotations" . }}
+
+# The following annotations are required to trigger a rolling update. Further information can be found in the official
+# documentation of helm:
+#
+# https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
+#
+
+{{/* database */}}
+{{- if and .Values.config.database.existingSecret.enabled .Values.config.database.existingSecret.secretName }}
+{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.database.existingSecret.secretName ) }}
+checksum/secret-database: {{ print $secret.spec | sha256sum }}
+{{- else }}
+checksum/secret-database: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretDatabase.yaml") . | sha256sum }}
+{{- end }}
+
+{{/* exporter config */}}
+{{- if and .Values.config.exporterConfig.existingSecret.enabled .Values.config.exporterConfig.existingSecret.secretName }}
+{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.exporterConfig.existingSecret.secretName ) }}
+checksum/secret-exporter-config: {{ print $secret.spec | sha256sum }}
+{{- else }}
+checksum/secret-exporter-config: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretExporterConfig.yaml") . | sha256sum }}
+{{- end }}
+
+{{/* web config */}}
+{{- if and .Values.config.webConfig.existingSecret.enabled .Values.config.webConfig.existingSecret.secretName }}
+{{- $secret := default (dict "data" (dict)) (lookup "v1" "Secret" .Release.Namespace .Values.config.webConfig.existingSecret.secretName ) }}
+checksum/secret-web-config: {{ print $secret.spec | sha256sum }}
+{{- else }}
+checksum/secret-web-config: {{ include (print $.Template.BasePath "/prometheus-postgres-exporter/secretWebConfig.yaml") . | sha256sum }}
+{{- end }}
+
{{- end }}
{{/* labels */}}
diff --git a/templates/prometheus-postgres-exporter/deployment.yaml b/templates/prometheus-postgres-exporter/deployment.yaml
index 3287681..215eda9 100644
--- a/templates/prometheus-postgres-exporter/deployment.yaml
+++ b/templates/prometheus-postgres-exporter/deployment.yaml
@@ -18,6 +18,8 @@ spec:
{{- include "prometheus-postgres-exporter.pod.selectorLabels" . | nindent 6 }}
template:
metadata:
+ annotations:
+ {{- include "prometheus-postgres-exporter.pod.annotations" . | nindent 8 }}
labels:
{{- include "prometheus-postgres-exporter.pod.labels" . | nindent 8 }}
spec:
diff --git a/unittests/deployment/deployment.yaml b/unittests/deployment/deployment.yaml
index c5ed8b8..486b4ee 100644
--- a/unittests/deployment/deployment.yaml
+++ b/unittests/deployment/deployment.yaml
@@ -7,18 +7,29 @@ release:
namespace: testing
templates:
- templates/prometheus-postgres-exporter/deployment.yaml
+- templates/prometheus-postgres-exporter/secretDatabase.yaml
+- templates/prometheus-postgres-exporter/secretExporterConfig.yaml
+- templates/prometheus-postgres-exporter/secretWebConfig.yaml
tests:
- it: Rendering default
+ set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
asserts:
- hasDocuments:
count: 1
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- containsDocument:
apiVersion: apps/v1
kind: Deployment
name: prometheus-postgres-exporter-unittest
namespace: testing
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
- path: metadata.annotations
+ path: metadata.annotations.checksum/secret-database
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: metadata.labels
value:
@@ -27,27 +38,51 @@ tests:
app.kubernetes.io/name: prometheus-postgres-exporter
app.kubernetes.io/version: 0.1.0
helm.sh/chart: prometheus-postgres-exporter-0.1.0
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.replicas
value: 1
+ template: templates/prometheus-postgres-exporter/deployment.yaml
+ - exists:
+ path: spec.template.metadata.annotations.checksum/secret-database
+ template: templates/prometheus-postgres-exporter/deployment.yaml
+ - exists:
+ path: spec.template.metadata.annotations.checksum/secret-exporter-config
+ template: templates/prometheus-postgres-exporter/deployment.yaml
+ - exists:
+ path: spec.template.metadata.annotations.checksum/secret-web-config
+ template: templates/prometheus-postgres-exporter/deployment.yaml
+ - equal:
+ path: spec.template.metadata.labels
+ value:
+ app.kubernetes.io/instance: prometheus-postgres-exporter-unittest
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: prometheus-postgres-exporter
+ app.kubernetes.io/version: 0.1.0
+ helm.sh/chart: prometheus-postgres-exporter-0.1.0
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.affinity
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- contains:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
name: prometheus-postgres-exporter-unittest-database-env
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.containers[0].args
value:
- --config.file=/etc/prometheus-postgres-exporter/config.d/exporterConfig.yaml
- --web.config.file=/etc/prometheus-postgres-exporter/config.d/webConfig.yaml
- --web.listen-address=:9187
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.containers[0].volumeMounts
value:
- mountPath: /etc/prometheus-postgres-exporter/config.d
name: config-d
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
@@ -59,42 +94,59 @@ tests:
name: prometheus-postgres-exporter-unittest-exporter-config
- secret:
name: prometheus-postgres-exporter-unittest-web-config
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.containers[0].image
value: quay.io/prometheuscommunity/postgres-exporter:v0.1.0
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: IfNotPresent
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].resources
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.containers[0].securityContext
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.dnsConfig
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.dnsPolicy
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.hostname
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.hostNetwork
value: false
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.imagePullSecrets
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.nodeSelector
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.priorityClassName
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.restartPolicy
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.subdomain
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 60
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.tolerations
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- notExists:
path: spec.template.spec.topologySpreadConstraints
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.strategy
value:
@@ -102,17 +154,31 @@ tests:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom replicas
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.replicas: 3
asserts:
- equal:
path: spec.replicas
value: 3
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom affinity
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -136,9 +202,16 @@ tests:
values:
- antarctica-east1
- antarctica-west1
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test additional arguments
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.postgresExporter.args:
- "--foo=bar"
- "--bar=foo"
@@ -151,26 +224,42 @@ tests:
- --web.listen-address=:9187
- --foo=bar
- --bar=foo
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom imageRegistry and imageRepository
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.postgresExporter.image.registry: registry.example.local
deployment.postgresExporter.image.repository: path/special/prometheus-postgres-exporter
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.example.local/path/special/prometheus-postgres-exporter:v0.1.0
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom imagePullPolicy
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.postgresExporter.image.pullPolicy: Always
asserts:
- equal:
path: spec.template.spec.containers[0].imagePullPolicy
value: Always
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test config.database.existingSecret
set:
+ # Normal test values
config.database.existingSecret.enabled: true
config.database.existingSecret.secretName: custom-database-secret
asserts:
@@ -179,9 +268,16 @@ tests:
content:
secretRef:
name: custom-database-secret
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test config.exporterConfig.existingSecret
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
config.exporterConfig.existingSecret.enabled: true
config.exporterConfig.existingSecret.secretName: exporter-config-secret
asserts:
@@ -190,6 +286,7 @@ tests:
value:
- mountPath: /etc/prometheus-postgres-exporter/config.d
name: config-d
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
@@ -201,9 +298,16 @@ tests:
name: exporter-config-secret
- secret:
name: prometheus-postgres-exporter-unittest-web-config
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test config.webConfig.existingSecret
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
config.webConfig.existingSecret.enabled: true
config.webConfig.existingSecret.secretName: web-config-secret
asserts:
@@ -212,6 +316,7 @@ tests:
value:
- mountPath: /etc/prometheus-postgres-exporter/config.d
name: config-d
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
@@ -223,9 +328,16 @@ tests:
name: prometheus-postgres-exporter-unittest-exporter-config
- secret:
name: web-config-secret
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom resource limits and requests
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.postgresExporter.resources:
limits:
cpu: 100m
@@ -242,6 +354,7 @@ tests:
resourceFieldRef:
divisor: "1"
resource: limits.cpu
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.containers[0].resources
value:
@@ -251,9 +364,16 @@ tests:
requests:
cpu: 25m
memory: 100MB
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test custom securityContext
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.postgresExporter.securityContext:
capabilities:
add:
@@ -277,9 +397,16 @@ tests:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test dnsConfig
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.dnsConfig:
nameservers:
- "8.8.8.8"
@@ -291,17 +418,31 @@ tests:
nameservers:
- "8.8.8.8"
- "8.8.4.4"
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test dnsPolicy
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.dnsPolicy: ClusterFirst
asserts:
- equal:
path: spec.template.spec.dnsPolicy
value: ClusterFirst
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test hostNetwork, hostname, subdomain
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.hostNetwork: true
deployment.hostname: pg-exporter
deployment.subdomain: exporters.internal
@@ -309,15 +450,24 @@ tests:
- equal:
path: spec.template.spec.hostNetwork
value: true
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.hostname
value: pg-exporter
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.subdomain
value: exporters.internal
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test imagePullSecrets
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.imagePullSecrets:
- name: my-pull-secret
- name: my-special-secret
@@ -327,9 +477,16 @@ tests:
value:
- name: my-pull-secret
- name: my-special-secret
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test nodeSelector
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.nodeSelector:
foo: bar
asserts:
@@ -337,33 +494,61 @@ tests:
path: spec.template.spec.nodeSelector
value:
foo: bar
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test priorityClassName
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.priorityClassName: my-priority
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: my-priority
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test restartPolicy
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.restartPolicy: Always
asserts:
- equal:
path: spec.template.spec.restartPolicy
value: Always
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test terminationGracePeriodSeconds
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.terminationGracePeriodSeconds: 120
asserts:
- equal:
path: spec.template.spec.terminationGracePeriodSeconds
value: 120
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test tolerations
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.tolerations:
- key: database/type
operator: Equal
@@ -377,9 +562,16 @@ tests:
operator: Equal
value: postgres
effect: NoSchedule
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test topologySpreadConstraints
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.topologySpreadConstraints:
- topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
@@ -395,9 +587,16 @@ tests:
labelSelector:
matchLabels:
app.kubernetes.io/instance: prometheus-postgres-exporter
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- it: Test additional volumeMounts and volumes
set:
+ # Ensure that the secrets and config maps are well configured.
+ config.database.secret.databaseUsername: "postgres"
+ config.database.secret.databasePassword: "postgres"
+ config.database.secret.databaseConnectionUrl: "localhost:5432/postgres?sslmode=disable"
+
+ # Normal test values
deployment.postgresExporter.volumeMounts:
- name: data
mountPath: /usr/lib/prometheus-postgres-exporter/data
@@ -413,6 +612,7 @@ tests:
mountPath: /usr/lib/prometheus-postgres-exporter/data
- name: config-d
mountPath: /etc/prometheus-postgres-exporter/config.d
+ template: templates/prometheus-postgres-exporter/deployment.yaml
- equal:
path: spec.template.spec.volumes
value:
@@ -426,4 +626,5 @@ tests:
- secret:
name: prometheus-postgres-exporter-unittest-exporter-config
- secret:
- name: prometheus-postgres-exporter-unittest-web-config
\ No newline at end of file
+ name: prometheus-postgres-exporter-unittest-web-config
+ template: templates/prometheus-postgres-exporter/deployment.yaml
\ No newline at end of file