Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat add auto deployment #480

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Feat add auto deployment #480

wants to merge 4 commits into from

Conversation

gertzakis
Copy link
Contributor

@gertzakis gertzakis commented Nov 28, 2024
edited
Loading

Fixes: #440

For every helm release a new sha256 hash is generated for configmap and secret files. Those are added as annotations into the Pod templates of the nautobot & celery deployments.
That way every helm release forces a rollout of all the Nautobot and Worker Pods.

ubajze
ubajze reviewed Nov 29, 2024
View reviewed changes
charts/nautobot/templates/nautobot-deployment.yaml Outdated
@@ -1,3 +1,4 @@
{{- $config_checksum := dict "checksum/config" (print $.Template.BasePath "/configmap.yaml" . | sha256sum) "checksum/secret" (print $.Template.BasePath "/secret.yaml" . | sha256sum) }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested it locally with: helm template . -s templates/nautobot-deployment.yaml

It calculates different checksums every time we run the command. I am not sure if this is something we want.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can probably add something like this:

{{- $config_checksum := (include "nautobot.configMap.env" . | sha256sum | quote) }}

  template:
    metadata:
      annotations:
        test-checksum: {{ $config_checksum }}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

#
# values.yaml: allowedHosts: "*"
#
$ helm template . | grep "test-checksum"
        test-checksum: "a5d5bf5cc1e3c3fddd81f11114372e9559d8f9637309c8f28b4b5bea817f2068"
#
# values.yaml: allowedHosts: "foobar"
#
$ helm template . | grep "test-checksum"
        test-checksum: "b6b470bf60067da5c63d75bd0e3bca0f2a58decea40076721934ec60fe1b5288"
#
# values.yaml: allowedHosts: "*"
#
$ helm template . | grep "test-checksum"
        test-checksum: "a5d5bf5cc1e3c3fddd81f11114372e9559d8f9637309c8f28b4b5bea817f2068"

Copy link
Contributor Author

@gertzakis gertzakis Nov 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see your point. So I used the include method with the values and not checking the files, cause every time the files are rendered a new sha256 hash was generated.
I also removed secrets totally for now, because secrets have different values every time, so even if you use the above approach the sha256 is still different on every deployment.

Do you think it makes sense to move those under annotations and not have setting a variable?
For example:

annotations:
    checksum/config-env: {{- include .... }} 
    {{- if $nautobot.podAnnotations }} 
    {{- include "common.tplvalues.render" (dict "value" (merge $nautobot.podAnnotations) "context" $) | nindent 8 }}
    {{- end }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ubajze ubajze ubajze left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enhancement Automatic Roll of Deployments
2 participants
@gertzakis @ubajze