Use checksum of configmap for sidecar-enabled Agents. (#970)

* ♻️ Use checksum for agent-configmap Signed-off-by: Rintaro Okamura <[email protected]> * 🔧 Fix kube-linter reviewdog settings Signed-off-by: Rintaro Okamura <[email protected]> Co-authored-by: Yusuke Kato <[email protected]>
vdaas · Feb 1, 2021 · faeea6a · faeea6a
1 parent 14ac985
commit faeea6a
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 81 deletions.
diff --git a/.github/workflows/reviewdog-k8s.yml b/.github/workflows/reviewdog-k8s.yml
@@ -63,4 +63,6 @@ jobs:
       - uses: actions/checkout@v2
       - name: kubelinter for generated manifests
         run: |
-          kube-linter lint charts/vald
+          kube-linter lint \
+            --config .github/kubelinter.yaml \
+            charts/vald
diff --git a/charts/vald/templates/agent/daemonset.yaml b/charts/vald/templates/agent/daemonset.yaml
@@ -48,12 +48,16 @@ spec:
         app.kubernetes.io/name: {{ include "vald.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
         app.kubernetes.io/component: agent
-      {{- if $agent.podAnnotations }}
+      {{- if or $agent.podAnnotations $agent.sidecar.enabled }}
       annotations:
+        {{- if $agent.podAnnotations }}
         {{- toYaml $agent.podAnnotations | nindent 8 }}
+        {{- end }}
+        {{- if $agent.sidecar.enabled }}
+        checksum/configmap: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
+        checksum/sidecar-configmap: {{ include (print $.Template.BasePath "/agent/sidecar-configmap.yaml") . | sha256sum }}
+        {{- end }}
       {{- end }}
-      # annotations:
-      #   checksum/configmap: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
     spec:
       {{- if or $agent.initContainers $agent.sidecar.initContainerEnabled }}
       initContainers:

diff --git a/charts/vald/templates/agent/deployment.yaml b/charts/vald/templates/agent/deployment.yaml
@@ -14,66 +14,70 @@
 # limitations under the License.
 #
 {{- $agent := .Values.agent -}}
-{{- if and .Values.agent.enabled (eq .Values.agent.kind "Deployment") }}
+{{- if and $agent.enabled (eq $agent.kind "Deployment") }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Values.agent.name }}
+  name: {{ $agent.name }}
   labels:
-    app: {{ .Values.agent.name }}
+    app: {{ $agent.name }}
     app.kubernetes.io/name: {{ include "vald.name" . }}
     helm.sh/chart: {{ include "vald.chart" . }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.Version }}
     app.kubernetes.io/component: agent
-  {{- if .Values.agent.annotations }}
+  {{- if $agent.annotations }}
   annotations:
-    {{- toYaml .Values.agent.annotations | nindent 4 }}
+    {{- toYaml $agent.annotations | nindent 4 }}
   {{- end }}
 spec:
-  progressDeadlineSeconds: {{ .Values.agent.progressDeadlineSeconds }}
-  {{- if not .Values.agent.hpa.enabled }}
-  replicas: {{ .Values.agent.minReplicas }}
+  progressDeadlineSeconds: {{ $agent.progressDeadlineSeconds }}
+  {{- if not $agent.hpa.enabled }}
+  replicas: {{ $agent.minReplicas }}
   {{- end }}
-  revisionHistoryLimit: {{ .Values.agent.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ $agent.revisionHistoryLimit }}
   selector:
     matchLabels:
-      app: {{ .Values.agent.name }}
+      app: {{ $agent.name }}
   strategy:
     rollingUpdate:
-      maxSurge: {{ .Values.agent.rollingUpdate.maxSurge }}
-      maxUnavailable: {{ .Values.agent.rollingUpdate.maxUnavailable }}
+      maxSurge: {{ $agent.rollingUpdate.maxSurge }}
+      maxUnavailable: {{ $agent.rollingUpdate.maxUnavailable }}
     type: RollingUpdate
   template:
     metadata:
       creationTimestamp: null
       labels:
-        app: {{ .Values.agent.name }}
+        app: {{ $agent.name }}
         app.kubernetes.io/name: {{ include "vald.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
         app.kubernetes.io/component: agent
-      {{- if .Values.agent.podAnnotations }}
+      {{- if or $agent.podAnnotations $agent.sidecar.enabled }}
       annotations:
-        {{- toYaml .Values.agent.podAnnotations | nindent 8 }}
+        {{- if $agent.podAnnotations }}
+        {{- toYaml $agent.podAnnotations | nindent 8 }}
+        {{- end }}
+        {{- if $agent.sidecar.enabled }}
+        checksum/configmap: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
+        checksum/sidecar-configmap: {{ include (print $.Template.BasePath "/agent/sidecar-configmap.yaml") . | sha256sum }}
+        {{- end }}
       {{- end }}
-      # annotations:
-      #   checksum/configmap: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
     spec:
-      {{- if or .Values.agent.initContainers .Values.agent.sidecar.initContainerEnabled }}
+      {{- if or $agent.initContainers $agent.sidecar.initContainerEnabled }}
       initContainers:
-        {{- if .Values.agent.initContainers }}
-        {{- $initContainers := dict "initContainers" .Values.agent.initContainers "Values" .Values "namespace" .Release.Namespace -}}
+        {{- if $agent.initContainers }}
+        {{- $initContainers := dict "initContainers" $agent.initContainers "Values" .Values "namespace" .Release.Namespace -}}
         {{- include "vald.initContainers" $initContainers | trim | nindent 8 }}
         {{- end }}
-        {{- if .Values.agent.sidecar.initContainerEnabled }}
-        - name: {{ .Values.agent.sidecar.name }}-init
-          image: "{{ .Values.agent.sidecar.image.repository }}:{{ default .Values.defaults.image.tag .Values.agent.sidecar.image.tag }}"
-          imagePullPolicy: {{ .Values.agent.sidecar.image.pullPolicy }}
-          {{- $servers := dict "Values" .Values.agent.sidecar.server_config "default" .Values.defaults.server_config -}}
+        {{- if $agent.sidecar.initContainerEnabled }}
+        - name: {{ $agent.sidecar.name }}-init
+          image: "{{ $agent.sidecar.image.repository }}:{{ default .Values.defaults.image.tag $agent.sidecar.image.tag }}"
+          imagePullPolicy: {{ $agent.sidecar.image.pullPolicy }}
+          {{- $servers := dict "Values" $agent.sidecar.server_config "default" .Values.defaults.server_config -}}
           {{- include "vald.containerPorts" $servers | trim | nindent 10 }}
           resources:
-            {{- toYaml .Values.agent.sidecar.resources | nindent 12 }}
+            {{- toYaml $agent.sidecar.resources | nindent 12 }}
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           {{- if $agent.securityContext }}
@@ -83,55 +87,55 @@ spec:
           env:
             - name: VALD_AGENT_SIDECAR_MODE
               value: "initcontainer"
-            {{- if .Values.agent.sidecar.env }}
-            {{- toYaml .Values.agent.sidecar.env | nindent 12 }}
+            {{- if $agent.sidecar.env }}
+            {{- toYaml $agent.sidecar.env | nindent 12 }}
             {{- end }}
           volumeMounts:
-            - name: {{ .Values.agent.sidecar.name }}-config
+            - name: {{ $agent.sidecar.name }}-config
               mountPath: /etc/server/
-            {{- if .Values.agent.volumeMounts }}
-            {{- toYaml .Values.agent.volumeMounts | nindent 12 }}
+            {{- if $agent.volumeMounts }}
+            {{- toYaml $agent.volumeMounts | nindent 12 }}
             {{- end }}
         {{- end }}
       {{- end }}
       affinity:
-        {{- include "vald.affinity" .Values.agent.affinity | nindent 8 }}
-      {{- if .Values.agent.topologySpreadConstraints }}
+        {{- include "vald.affinity" $agent.affinity | nindent 8 }}
+      {{- if $agent.topologySpreadConstraints }}
       topologySpreadConstraints:
-        {{- toYaml .Values.agent.topologySpreadConstraints | nindent 8 }}
+        {{- toYaml $agent.topologySpreadConstraints | nindent 8 }}
       {{- end }}
       containers:
-        - name: {{ .Values.agent.name }}
-          image: "{{ .Values.agent.image.repository }}:{{ default .Values.defaults.image.tag .Values.agent.image.tag }}"
-          imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
-          {{- $servers := dict "Values" .Values.agent.server_config "default" .Values.defaults.server_config -}}
+        - name: {{ $agent.name }}
+          image: "{{ $agent.image.repository }}:{{ default .Values.defaults.image.tag $agent.image.tag }}"
+          imagePullPolicy: {{ $agent.image.pullPolicy }}
+          {{- $servers := dict "Values" $agent.server_config "default" .Values.defaults.server_config -}}
           {{- include "vald.containerPorts" $servers | trim | nindent 10 }}
           resources:
-            {{- toYaml .Values.agent.resources | nindent 12 }}
+            {{- toYaml $agent.resources | nindent 12 }}
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           {{- if $agent.securityContext }}
           securityContext:
             {{- toYaml $agent.securityContext | nindent 12 }}
           {{- end }}
-          {{- if .Values.agent.env }}
+          {{- if $agent.env }}
           env:
-            {{- toYaml .Values.agent.env | nindent 12 }}
+            {{- toYaml $agent.env | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: {{ .Values.agent.name }}-config
+            - name: {{ $agent.name }}-config
               mountPath: /etc/server/
-            {{- if .Values.agent.volumeMounts }}
-            {{- toYaml .Values.agent.volumeMounts | nindent 12 }}
+            {{- if $agent.volumeMounts }}
+            {{- toYaml $agent.volumeMounts | nindent 12 }}
             {{- end }}
-        {{- if .Values.agent.sidecar.enabled }}
-        - name: {{ .Values.agent.sidecar.name }}
-          image: "{{ .Values.agent.sidecar.image.repository }}:{{ default .Values.defaults.image.tag .Values.agent.sidecar.image.tag }}"
-          imagePullPolicy: {{ .Values.agent.sidecar.image.pullPolicy }}
-          {{- $servers := dict "Values" .Values.agent.sidecar.server_config "default" .Values.defaults.server_config -}}
+        {{- if $agent.sidecar.enabled }}
+        - name: {{ $agent.sidecar.name }}
+          image: "{{ $agent.sidecar.image.repository }}:{{ default .Values.defaults.image.tag $agent.sidecar.image.tag }}"
+          imagePullPolicy: {{ $agent.sidecar.image.pullPolicy }}
+          {{- $servers := dict "Values" $agent.sidecar.server_config "default" .Values.defaults.server_config -}}
           {{- include "vald.containerPorts" $servers | trim | nindent 10 }}
           resources:
-            {{- toYaml .Values.agent.sidecar.resources | nindent 12 }}
+            {{- toYaml $agent.sidecar.resources | nindent 12 }}
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           {{- if $agent.securityContext }}
@@ -141,52 +145,52 @@ spec:
           env:
             - name: VALD_AGENT_SIDECAR_MODE
               value: "sidecar"
-            {{- if .Values.agent.sidecar.env }}
-            {{- toYaml .Values.agent.sidecar.env | nindent 12 }}
+            {{- if $agent.sidecar.env }}
+            {{- toYaml $agent.sidecar.env | nindent 12 }}
             {{- end }}
           volumeMounts:
-            - name: {{ .Values.agent.sidecar.name }}-config
+            - name: {{ $agent.sidecar.name }}-config
               mountPath: /etc/server/
-            {{- if .Values.agent.volumeMounts }}
-            {{- toYaml .Values.agent.volumeMounts | nindent 12 }}
+            {{- if $agent.volumeMounts }}
+            {{- toYaml $agent.volumeMounts | nindent 12 }}
             {{- end }}
         {{- end }}
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       schedulerName: default-scheduler
-      {{- if .Values.agent.podSecurityContext }}
+      {{- if $agent.podSecurityContext }}
       securityContext:
-        {{- toYaml .Values.agent.podSecurityContext | nindent 8 }}
+        {{- toYaml $agent.podSecurityContext | nindent 8 }}
       {{- end }}
-      terminationGracePeriodSeconds: {{ .Values.agent.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ $agent.terminationGracePeriodSeconds }}
       volumes:
-        - name: {{ .Values.agent.name }}-config
+        - name: {{ $agent.name }}-config
           configMap:
             defaultMode: 420
-            name: {{ .Values.agent.name }}-config
-        {{- if .Values.agent.sidecar.enabled }}
-        - name: {{ .Values.agent.sidecar.name }}-config
+            name: {{ $agent.name }}-config
+        {{- if $agent.sidecar.enabled }}
+        - name: {{ $agent.sidecar.name }}-config
           configMap:
             defaultMode: 420
-            name: {{ .Values.agent.sidecar.name }}-config
+            name: {{ $agent.sidecar.name }}-config
         {{- end }}
-        {{- if .Values.agent.volumes }}
-        {{- toYaml .Values.agent.volumes | nindent 8 }}
+        {{- if $agent.volumes }}
+        {{- toYaml $agent.volumes | nindent 8 }}
         {{- end }}
-      {{- if .Values.agent.nodeName }}
-      nodeName: {{ .Values.agent.nodeName }}
+      {{- if $agent.nodeName }}
+      nodeName: {{ $agent.nodeName }}
       {{- end }}
-      {{- if .Values.agent.nodeSelector }}
+      {{- if $agent.nodeSelector }}
       nodeSelector:
-        {{- toYaml .Values.agent.nodeSelector | nindent 8 }}
+        {{- toYaml $agent.nodeSelector | nindent 8 }}
       {{- end }}
-      {{- if .Values.agent.tolerations }}
+      {{- if $agent.tolerations }}
       tolerations:
-        {{- toYaml .Values.agent.tolerations | nindent 8 }}
+        {{- toYaml $agent.tolerations | nindent 8 }}
       {{- end }}
-      {{- if .Values.agent.podPriority }}
-      {{- if .Values.agent.podPriority.enabled }}
-      priorityClassName: {{ .Release.Namespace }}-{{ .Values.agent.name }}-priority
+      {{- if $agent.podPriority }}
+      {{- if $agent.podPriority.enabled }}
+      priorityClassName: {{ .Release.Namespace }}-{{ $agent.name }}-priority
       {{- end }}
       {{- end }}
 status:

diff --git a/charts/vald/templates/agent/statefulset.yaml b/charts/vald/templates/agent/statefulset.yaml
@@ -53,12 +53,16 @@ spec:
         app.kubernetes.io/name: {{ include "vald.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
         app.kubernetes.io/component: agent
-      {{- if $agent.podAnnotations }}
+      {{- if or $agent.podAnnotations $agent.sidecar.enabled }}
       annotations:
+        {{- if $agent.podAnnotations }}
         {{- toYaml $agent.podAnnotations | nindent 8 }}
+        {{- end }}
+        {{- if $agent.sidecar.enabled }}
+        checksum/configmap: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
+        checksum/sidecar-configmap: {{ include (print $.Template.BasePath "/agent/sidecar-configmap.yaml") . | sha256sum }}
+        {{- end }}
       {{- end }}
-      # annotations:
-      #   checksum/configmap: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
     spec:
       {{- if or $agent.initContainers $agent.sidecar.initContainerEnabled }}
       initContainers: