Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pod/Deployment doesn't restart although recognized by the operator #6

Open
rchenzheng opened this issue Jul 15, 2021 · 6 comments
Open

Comments

@rchenzheng
Copy link

Versions

Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.17-gke.1901", GitCommit:"b5bc948aea9982cd8b1e89df8d50e30ffabdd368", GitTreeState:"clean", BuildDate:"2021-05-27T19:56:12Z", GoVersion:"go1.13.15b4", Compiler:"gc", Platform:"linux/amd64"}
Operator: v0.1.0

Problem

Pod does not restart even though the secret was updated

Expected result

Pod should restart as soon as the secret is updated, instead only the secret gets updated

Logs

│ 2021-07-15T19:28:44.164Z    INFO    controllers.DopplerSecret    [/] Secrets have been modified    {"dopplersecret": "external-secrets/dopplersecret-test", "verifyTLS": true, "host": "https://api.doppler.com", "oldVersion": "W/\"70d6dcadc0177a11c86e856195e8be2c1078975aaa2fb7ab37ae1db4b5aa03ec\"", "newVersion": "W/\"f37c20815bb0f7c177425f50e14e8051588f0c011e5 │
│ 2021-07-15T19:28:44.170Z    INFO    controllers.DopplerSecret    [/] Successfully updated existing Kubernetes secret                                                                                                                                                                                                                                                     │
│ 2021-07-15T19:28:44.178Z    INFO    controllers.DopplerSecret    Finished reconciling deployments    {"dopplersecret": "external-secrets/dopplersecret-test", "numDeployments": 1}

Configs

apiVersion: secrets.doppler.com/v1alpha1
kind: DopplerSecret
metadata:
  name: dopplersecret-test # DopplerSecret Name
  namespace: external-secrets
spec:
  tokenSecret: # Kubernetes service token secret (namespace defaults to doppler-operator-system)
    name: doppler-token-secret
    namespace: doppler-operator-system
  managedSecret: # Kubernetes managed secret (will be created if does not exist)
    name: doppler-test-secret
    namespace: external-secrets # Should match the namespace of deployments that will use the secret
---
apiVersion: v1
kind: Pod
metadata:
  name: doppler-busybox
  namespace: external-secrets
  annotations:
    secrets.doppler.com/reload: 'true'
spec:
  containers:
  - name: busybox
    image: busybox:glibc
    command:
      - sleep
      - "3600"
    envFrom:
      - secretRef:
          name: doppler-test-secret

@nmanoogian
Copy link
Member

Hi @rchenzheng! 👋

Thanks for sending this in and providing excellent details! The problem here is that the Doppler operator currently monitors deployment resources, not pods. Here's an example deployment that uses reloading: https://github.com/DopplerHQ/kubernetes-operator/blob/main/config/samples/deployment-envfrom.yaml

You should be able to change your pod definition to a deployment definition by moving the current spec into the template field.

Is there any reason why you might want to use a pod instead of a deployment?

@rchenzheng
Copy link
Author

Hi @rchenzheng! 👋

Thanks for sending this in and providing excellent details! The problem here is that the Doppler operator currently monitors deployment resources, not pods. Here's an example deployment that uses reloading: https://github.com/DopplerHQ/kubernetes-operator/blob/main/config/samples/deployment-envfrom.yaml

You should be able to change your pod definition to a deployment definition by moving the current spec into the template field.

Is there any reason why you might want to use a pod instead of a deployment?

This is currently a POC, but I'd like if it could support all type of workloads since my use cases make use of most.

ie. statefulsets, daemonsets, replicasets, etc...

@nmanoogian
Copy link
Member

Ah, understood -- thanks for the feedback! I'll bring up those use cases with the team.

@rchenzheng
Copy link
Author

rchenzheng commented Jul 19, 2021

Ah, understood -- thanks for the feedback! I'll bring up those use cases with the team.

I think it'd be a fairly common use case, is there any timeline for adding support?

@nmanoogian
Copy link
Member

We don't have a timeline currently for adding support for other Kubernetes workloads.

In the meantime though, one solution would be to use the Doppler operator to sync secrets from Doppler to Kubernetes and use another reloading solution (such as Reloader) to automatically restart your workloads when those secrets change.

@kzap
Copy link

kzap commented Apr 18, 2024

Would like to request this also. Usually you have an annotation on the pod spec that a controller would update and that would trigger a restart.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants