feat: regenerate grafana deployment when credentials get changed #786
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Currently, if there's any change in the secret with admin credentials (e.g. secret is deleted or changed), the change is not propagated to grafana deployment. Thus grafana-operator will fail to communicate with grafana.
This PR makes sure grafana deployment is regenerated upon user/password changes in the admin secret by propagating credentials hash.
If
admin_user
andadmin_password
are passed viasecurity
section and someone manually rewrites the contents of the secret, then operator will change the contents back, the pod will not be restarted as it's not needed, hash is the same.Additional notes:
gofumpt
has adjusted formatting a bit in the files that I modified, I hope that's fine.Relevant issues/tickets
#774 - this ticket is for stateful grafana deployment that relies on postgres. For that case, the admin password can be changed only via grafana-cli, which would require an additional logic in init container. My PR addresses a similar issue, but only for ephemeral grafana. - This case is much simpler since it only requires a new pod to be generated.
Type of change
Checklist
Verification steps
Both steps must force grafana-operator to generate an updated deployment.