-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version #21489
Conversation
…m chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
The issue has now been solved and the PR #21431 merged, could you please update this PR with the changes in |
…m chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
@FraPazGal done! |
This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution. |
@FraPazGal please re-check! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks @jkroepke!
…each helm chart version (bitnami#21489) * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> --------- Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> Signed-off-by: János Hidvégi <jani.hidvegi@gmial.com>
…each helm chart version (bitnami#21489) * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> --------- Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
…each helm chart version (bitnami#21489) * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> --------- Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
…each helm chart version (bitnami#21489) * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> * [kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> --------- Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> Signed-off-by: Jose Antonio Carmona <jcarmona@vmware.com>
* Avoid unnecessary restarts at new helm version: The ConfigMap where the config is stored, contains labels. The labels contains the version of the helm chart. If there is a new helm chart version, the pod gets restarted, too. It doesnt matter, if its necessary or not. To solve this, I moved the config to a named templated which can be sourced from the config map and the hash annotation. I contribute this pattern to many helm charts: ([promtail] Avoid unnecessary pod restart on each helm chart version grafana/helm-charts#2833, [bitnami/kubernetes-event-exporter] Avoid unnecessary pod restart on each helm chart version bitnami/charts#21489, [prometheus-blackbox-exporter] Avoid unnecessary pod restart on each helm chart version prometheus-community/helm-charts#4077, helm: Avoid unnecessary pod restart on each helm chart version kubernetes-sigs/external-dns#4103) * Added securityContexts to container and pod. They contains the current best-practice. The settings are required to run kubelint together with PSA restricted. * Added automountServiceAccountToken to the Deployment and ServiceAccount. A lot of security tools hightlight automountServiceAccountToken=true on a ServiceAccount as insecure. The best-practice is to set automountServiceAccountToken=false on a ServiceAccount and do automountServiceAccountToken=true on the Deployment. Ref: https://securecloud.blog/2021/08/17/azure-aks-reviewing-recommendations-from-security-center-disabling-automounting-api-credentials * Added nodeSelector, affinity, tolerations, priorityClassName Pass .Values.config, .Values.ingress.hosts.hosts through helm tpl function: If kubelint is part of a bigger umbrella helm chart, values from .Values.global can be re-used. It's also useful for the namespace option * Adds configurable readinessProbe to deployment * Bumps chart version number
Description of the change
This PR changes the the input of the config checksum which triggers the reload.
On main branch, the whole configmap/secret checksum is included as checksum input. The configmap contains labels which includes the helm chart version. Each new helm chart version forces a pod restart which is not always necessary.
Benefits
Avoid unnecessary pod restart on each new helm chart version
Possible drawbacks
N/A
Applicable issues
Additional information
Checklist
Chart.yaml
according to semver. This is not necessary when the changes only affect README.md files.README.md
using readme-generator-for-helm