Force re-deploy when Auto DevOps application secrets are updated
Followup from https://gitlab.com/gitlab-org/gitlab-ce/issues/49056
Problem
When I:
- update a
K8S_SECRET_*
variable without any code change - manually create a new pipeline
I observe that:
- the
secret
is updated with the updated application secret variables - pods are not re-created
- pods still have old application secrets in
env
This happens because no code has changed, hence there's no new git SHA which means there's no change to the values given to Helm, especially CI_APPLICATION_TAG
. So Helm does not trigger an update to the Deployment
. See also https://github.com/helm/helm/issues/1844#issuecomment-275485470
NOTE: This is actually desirable in many cases as env vars go together with the code.
Workaround
Workarounds user can do:
- Force some code change
- Manually delete pods. Kubernetes will then create pods which will have updated secret variables
Proposal
Include a checksum of the env var values so it will restart the pods if the env vars are changed.
Maybe always force Helm to update the Deployment
??
Calculate sha of combined values for application secret, and pass that to Deployment some how
Links / Resources
Edited by Daniel Gruesso