You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Could we introduce an "exclude" option that can be configured at the deployment and statefulset level? This option would allow us to specify a list of secret and configmap names for which we do not want to trigger a rolling restart.
Use case: We are a platform team responsible for ensuring best practices across 30+ teams within our organization.
When updating certain secrets, such as istio-secret-configmap, we want to enforce a rolling restart of all deployments, so service teams don't need to manually include this secret under the annotation configmap.reloader.stakater.com/reload.
However, for other secrets, like kerberos-token-secret, we want to provide service teams with the flexibility to determine whether a rolling restart is necessary, depending on whether the SDK they use supports hot reloading. In such cases, teams would indicate this by adding the relevant secret name under configmap.reloader.stakater.com/reload.
We can't use secret.reloader.stakater.com/auto: "true" as this will act on all referenced cm's and secrets
Currently, we use the annotation configmap.reloader.stakater.com/reload, but the issue with this approach is that, for secrets like istio-secret-configmap, where we want to enforce a mandatory rolling restart, we have to update all Helm charts that correspond to all service teams
A label-based approach does not work because, for some secrets/configmaps, we want to give users the flexibility to decide whether a deployment or statefulset requires a rolling restart.
This problem could be resolved by introducing an annotation like configmap.exclude.reloader.stakater.com/reload, where service teams can simply list the secrets/cm's for which they do not want to trigger a rolling restart
The text was updated successfully, but these errors were encountered:
Could we introduce an "exclude" option that can be configured at the deployment and statefulset level? This option would allow us to specify a list of secret and configmap names for which we do not want to trigger a rolling restart.
Use case: We are a platform team responsible for ensuring best practices across 30+ teams within our organization.
When updating certain secrets, such as istio-secret-configmap, we want to enforce a rolling restart of all deployments, so service teams don't need to manually include this secret under the annotation configmap.reloader.stakater.com/reload.
However, for other secrets, like kerberos-token-secret, we want to provide service teams with the flexibility to determine whether a rolling restart is necessary, depending on whether the SDK they use supports hot reloading. In such cases, teams would indicate this by adding the relevant secret name under configmap.reloader.stakater.com/reload.
This problem could be resolved by introducing an annotation like configmap.exclude.reloader.stakater.com/reload, where service teams can simply list the secrets/cm's for which they do not want to trigger a rolling restart
The text was updated successfully, but these errors were encountered: