recreate components when posgres and redis password changes (#619)

* include posgres and redis password checksum as templates
CartoDB · Sep 24, 2024 · 446a14f · 446a14f
1 parent 7d028a8
commit 446a14f
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 0 deletions.
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
@@ -1023,6 +1023,17 @@ Get the Postgresql credentials secret.
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the Postgresql password sha256sum
+*/}}
+{{- define "carto.postgresql.passwordChecksum" -}}
+{{- if .Values.internalPostgresql.enabled -}}
+{{- print (tpl (toYaml .Values.internalPostgresql.password) . | sha256sum ) -}}
+{{- else -}}
+{{- print (tpl (toYaml .Values.externalPostgresql.password) . | sha256sum ) -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Add environment variables to configure database values
 */}}
@@ -1300,6 +1311,17 @@ Return the absolute path where the Redis CA cert will be mounted
 {{- printf "%s/%s" (include "carto.redis.configMapMountDir" .) (include "carto.redis.configMapMountFilename" .) -}}
 {{- end -}}
 
+{{/*
+Return the Redis password sha256sum
+*/}}
+{{- define "carto.redis.passwordChecksum" -}}
+{{- if .Values.internalRedis.enabled }}
+{{- print (tpl (toYaml .Values.internalRedis.auth.password) . | sha256sum ) -}}
+{{- else }}
+{{- print (tpl (toYaml .Values.externalRedis.password) . | sha256sum ) -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return YAML for the Redis init container
 */}}

diff --git a/chart/templates/cdn-invalidator-sub/deployment.yaml b/chart/templates/cdn-invalidator-sub/deployment.yaml
@@ -31,6 +31,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/cdn-invalidator-sub/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/cdn-invalidator-sub/secret.yaml") . | sha256sum }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.cdnInvalidatorSub.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.cdnInvalidatorSub.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/import-api/deployment.yaml b/chart/templates/import-api/deployment.yaml
@@ -25,6 +25,8 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/import-api/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/import-api/secret.yaml") . | sha256sum }}
+        checksum/redis-password: {{ include "carto.redis.passwordChecksum" . }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.importApi.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.importApi.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/import-worker/deployment.yaml b/chart/templates/import-worker/deployment.yaml
@@ -31,6 +31,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/import-worker/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/import-worker/secret.yaml") . | sha256sum }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.importWorker.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.importWorker.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/lds-api/deployment.yaml b/chart/templates/lds-api/deployment.yaml
@@ -25,6 +25,8 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/lds-api/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/lds-api/secret.yaml") . | sha256sum }}
+        checksum/redis-password: {{ include "carto.redis.passwordChecksum" . }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.ldsApi.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.ldsApi.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/maps-api/deployment.yaml b/chart/templates/maps-api/deployment.yaml
@@ -26,6 +26,8 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/maps-api/configmap.yaml") . | sha256sum }}
         checksum/feature-flags-config: {{ include (print $.Template.BasePath "/custom-feature-flags-configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/maps-api/secret.yaml") . | sha256sum }}
+        checksum/redis-password: {{ include "carto.redis.passwordChecksum" . }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.mapsApi.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.mapsApi.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/sql-worker/deployment.yaml b/chart/templates/sql-worker/deployment.yaml
@@ -32,6 +32,8 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/sql-worker/configmap.yaml") . | sha256sum }}
         checksum/feature-flags-config: {{ include (print $.Template.BasePath "/custom-feature-flags-configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/sql-worker/secret.yaml") . | sha256sum }}
+        checksum/redis-password: {{ include "carto.redis.passwordChecksum" . }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.sqlWorker.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.sqlWorker.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/workspace-api/deployment.yaml b/chart/templates/workspace-api/deployment.yaml
@@ -26,6 +26,8 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/workspace-api/configmap.yaml") . | sha256sum }}
         checksum/feature-flags-config: {{ include (print $.Template.BasePath "/custom-feature-flags-configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/workspace-api/secret.yaml") . | sha256sum }}
+        checksum/redis-password: {{ include "carto.redis.passwordChecksum" . }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.workspaceApi.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.workspaceApi.podAnnotations "context" $) | nindent 8 }}

diff --git a/chart/templates/workspace-subscriber/deployment.yaml b/chart/templates/workspace-subscriber/deployment.yaml
@@ -32,6 +32,8 @@ spec:
         checksum/config: {{ include (print $.Template.BasePath "/workspace-subscriber/configmap.yaml") . | sha256sum }}
         checksum/feature-flags-config: {{ include (print $.Template.BasePath "/custom-feature-flags-configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/workspace-subscriber/secret.yaml") . | sha256sum }}
+        checksum/redis-password: {{ include "carto.redis.passwordChecksum" . }}
+        checksum/postgresql-password: {{ include "carto.postgresql.passwordChecksum" . }}
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
         {{- if .Values.workspaceSubscriber.podAnnotations }}
         {{- include "common.tplvalues.render" (dict "value" .Values.workspaceSubscriber.podAnnotations "context" $) | nindent 8 }}