Annotate ES master/data sts with S3 secret hash

To ensure that a Helm upgrade with changed S3 credentials results in a restart of the elasticsearch-master and elasticsearch-data pods, add an annotation with the hash of the S3 secret. Change-Id: Id30e5749a378167b9c2c14a155bc6ca236d78516
2022-04-27 08:33:58 -07:00 · 2022-04-27 08:33:58 -07:00 · dbf841c09c
parent 92977da6b8
commit dbf841c09c
4 changed files with 8 additions and 1 deletions
--- a/elasticsearch/Chart.yaml
+++ b/elasticsearch/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v7.6.2
 description: OpenStack-Helm ElasticSearch
 name: elasticsearch
-version: 0.2.16
+version: 0.2.17
 home: https://www.elastic.co/
 sources:
  - https://github.com/elastic/elasticsearch
--- a/elasticsearch/templates/statefulset-data.yaml
+++ b/elasticsearch/templates/statefulset-data.yaml
@ -48,6 +48,9 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin-elasticsearch.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc-elasticsearch.yaml" . | include "helm-toolkit.utils.hash" }}
+{{- if and .Values.manifests.secret_s3 .Values.conf.elasticsearch.snapshots.enabled }}
+        secret-s3-user-hash: {{ tuple "secret-s3-user.yaml" . | include "helm-toolkit.utils.hash" }}
+{{- end }}
    spec:
 {{ dict "envAll" $envAll "application" "data" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $serviceAccountName }}
--- a/elasticsearch/templates/statefulset-master.yaml
+++ b/elasticsearch/templates/statefulset-master.yaml
@ -44,6 +44,9 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin-elasticsearch.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc-elasticsearch.yaml" . | include "helm-toolkit.utils.hash" }}
+{{- if and .Values.manifests.secret_s3 .Values.conf.elasticsearch.snapshots.enabled }}
+        secret-s3-user-hash: {{ tuple "secret-s3-user.yaml" . | include "helm-toolkit.utils.hash" }}
+{{- end }}
 {{ dict "envAll" $envAll "podName" "elasticsearch-master" "containerNames" (list "elasticsearch-master" "init" "memory-map-increase") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
 {{ dict "envAll" $envAll "application" "master" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
--- a/releasenotes/notes/elasticsearch.yaml
+++ b/releasenotes/notes/elasticsearch.yaml
@ -26,4 +26,5 @@ elasticsearch:
  - 0.2.14 Fix cronjob rendering
  - 0.2.15 Fix elasticsearch-data shutdown
  - 0.2.16 Use python3 for helm tests when possible
+  - 0.2.17 Annotate ES master/data sts with S3 secret hash
 ...