New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trigger to redeploy containers when a secret changes #7019
Comments
We should consider a solution similar to the outcome of kubernetes/kubernetes#22368. |
We have run into this issue in Openshift Ops. We change secrets, but nothing redeploys. Then, our service is broken. |
@Kargakis i wonder how you will trigger a new deployment in kube when the secret changes (without changing the PodSpec). |
|
@Kargakis so ConfigMap will have version and you will refer to it in podSpec? |
There are two options discussed. IIUC:
The deployment controller watches for config maps, spots the owner reference, mounts that cm in the deployment it references, profit. I am in favor of the second option as it solves secret updates too whereas with 1. we would need to additionally inline a secrets template in the deployment and overbloat the resource. Let's join the discussion upstream. |
ownerReferences don't have the infomation you need to create the mount. It also means that if the dc is deleted, the configmap is deleted |
What more do you need than a reference?
If the configmap is not shared, then it makes sense to me. If you want the config map to stay around, you will have to remove the owner reference (if that's possible). |
The path can be provided in the deployment. |
This should be part of the generic trigger controller, and must be level On Fri, Aug 26, 2016 at 4:39 PM, Michail Kargakis notifications@github.com
|
Triggers is what I have been thinking. Users specify a ConfigMapTrigger that optionally holds a mount path and a container name and when the controller notices a CM that holds a foo deployment reference, it mounts that map in foo. Same story about secrets. |
We already have a way to specify mount information in the spec. Don't duplicate that in the triggers. The triggers should just have the name of the thing you want to trigger on. |
I don't want to add it to the API objects though - why wouldn't I want
a trigger on deployments or daemon sets?
Let's discuss on Monday / Tuesday and pull together a proposal for a
level driven trigger.
|
Edit: removed, wrong issue tracker ^^ sorry. |
Has this ever been solved? Trello shows a "sign-up" popup and then redirects to the default board, making it impossible to read the card details. |
Updating a secret should redeploy all deployments who mount that secret so that the latest version of the secret is automatically reflected in the cluster.
The text was updated successfully, but these errors were encountered: