Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: regenerate grafana deployment when credentials get changed #786

Merged
merged 3 commits into from Jul 12, 2022
Merged

feat: regenerate grafana deployment when credentials get changed #786

merged 3 commits into from Jul 12, 2022

Conversation

weisdd
Copy link
Collaborator

@weisdd weisdd commented Jul 9, 2022
edited

Description

Currently, if there's any change in the secret with admin credentials (e.g. secret is deleted or changed), the change is not propagated to grafana deployment. Thus grafana-operator will fail to communicate with grafana.
This PR makes sure grafana deployment is regenerated upon user/password changes in the admin secret by propagating credentials hash.
If admin_user and admin_password are passed via security section and someone manually rewrites the contents of the secret, then operator will change the contents back, the pod will not be restarted as it's not needed, hash is the same.

Additional notes:

  • Even though I personally prefer to use annotations for such things, I tried to mimic the existing code, so stayed with environment variables;
  • gofumpt has adjusted formatting a bit in the files that I modified, I hope that's fine.

Relevant issues/tickets

#774 - this ticket is for stateful grafana deployment that relies on postgres. For that case, the admin password can be changed only via grafana-cli, which would require an additional logic in init container. My PR addresses a similar issue, but only for ephemeral grafana. - This case is much simpler since it only requires a new pod to be generated.

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist

  • This change requires a documentation update
  • I have added tests that prove my fix is effective or that my feature works
  • I have added a test case that will be used to verify my changes
  • Verified independently on a cluster by reviewer

Verification steps

  • Delete the secret with admin credentials;
  • Change credentials in the secret.

Both steps must force grafana-operator to generate an updated deployment.

weisdd and others added 3 commits July 9, 2022 16:24
@weisdd
feat: annotate secret
3abea9e 
Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
@weisdd
feat: fix hash generation, propagate hash to pods
46ba88b 
Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
@NissesSenap
Merge branch 'master' into feature/credentials-annotation
e945ca1
@HubertStefanski
Copy link
Collaborator

Hey @weisdd, thanks for the PR, Peter is verifying your changes right now, so hopefully we can merge this and get it in the next release!

On a side-note, we have a weekly grafana-operator triage/discussion call along with interested community members/developers, would you be interested in joining us in one (or more) of these calls? If so I can send you an invitation for the upcoming one!

@pb82
Copy link
Collaborator

pb82 commented Jul 12, 2022

@weisdd works as expected, thanks for the contribution!

@pb82 pb82 merged commit 32bfcb1 into grafana:master Jul 12, 2022
@weisdd
Copy link
Collaborator Author

weisdd commented Jul 12, 2022
edited

@HubertStefanski sure, I'd love to :) I'll ping you on Slack/Linkedin then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HubertStefanski HubertStefanski HubertStefanski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@weisdd @HubertStefanski @pb82 @NissesSenap