From 6c5b3e9af67376684fdfb5143b60d1f0d3a86d7b Mon Sep 17 00:00:00 2001
From: Gerrit <tirreg91@googlemail.com>
Date: Wed, 12 Feb 2025 13:27:30 +0100
Subject: [PATCH] Roll metal-api on cert changes.

---
 charts/metal-control-plane/Chart.yaml         |  2 +-
 .../templates/metal-api-config.yaml           | 49 +++++++++++++++++
 .../templates/metal-api.yaml                  | 55 ++-----------------
 charts/metal-control-plane/values.yaml        |  1 +
 4 files changed, 57 insertions(+), 50 deletions(-)
 create mode 100644 charts/metal-control-plane/templates/metal-api-config.yaml

diff --git a/charts/metal-control-plane/Chart.yaml b/charts/metal-control-plane/Chart.yaml
index c97a2cf..56ae2e9 100644
--- a/charts/metal-control-plane/Chart.yaml
+++ b/charts/metal-control-plane/Chart.yaml
@@ -3,4 +3,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for deploying the metal control plane in K8s
 name: metal-control-plane
-version: 0.4.7
+version: 0.4.9
diff --git a/charts/metal-control-plane/templates/metal-api-config.yaml b/charts/metal-control-plane/templates/metal-api-config.yaml
new file mode 100644
index 0000000..de1ed1a
--- /dev/null
+++ b/charts/metal-control-plane/templates/metal-api-config.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: metal-api
+  name: metal-api
+type: Opaque
+stringData:
+  view_key: {{ .Values.metal_api.view_key }}
+  edit_key: {{ .Values.metal_api.edit_key }}
+  admin_key: {{ .Values.metal_api.admin_key }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: metal-api-grpc
+  name: metal-api-grpc
+data:
+  server_key.pem: {{ .Values.metal_api.grpc.tls.server_key_enc }}
+  server.pem: {{ .Values.metal_api.grpc.tls.server_cert_enc }}
+  ca.pem: {{ .Values.metal_api.grpc.tls.ca_cert_enc }}
+{{- if .Values.metal_api.bmc.superuser.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: metal-api-bmc
+  name: metal-api-bmc
+data:
+  superuser.pwd: {{ .Values.metal_api.bmc.superuser.pwd_enc }}
+{{- end }}
+{{- if .Values.metal_api.s3.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: metal-api-s3
+  name: metal-api-s3
+type: Opaque
+stringData:
+  s3_address: {{ .Values.metal_api.s3.address }}
+  s3_key: {{ .Values.metal_api.s3.key }}
+  s3_secret: {{ .Values.metal_api.s3.secret }}
+  s3_firmware_bucket: {{ .Values.metal_api.s3.firmware_bucket }}
+{{- end }}
diff --git a/charts/metal-control-plane/templates/metal-api.yaml b/charts/metal-control-plane/templates/metal-api.yaml
index 7ae2e3a..20ebc0a 100644
--- a/charts/metal-control-plane/templates/metal-api.yaml
+++ b/charts/metal-control-plane/templates/metal-api.yaml
@@ -1,53 +1,4 @@
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app: metal-api
-  name: metal-api
-type: Opaque
-stringData:
-  view_key: {{ .Values.metal_api.view_key }}
-  edit_key: {{ .Values.metal_api.edit_key }}
-  admin_key: {{ .Values.metal_api.admin_key }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app: metal-api-grpc
-  name: metal-api-grpc
-data:
-  server_key.pem: {{ .Values.metal_api.grpc.tls.server_key_enc }}
-  server.pem: {{ .Values.metal_api.grpc.tls.server_cert_enc }}
-  ca.pem: {{ .Values.metal_api.grpc.tls.ca_cert_enc }}
-{{- if .Values.metal_api.bmc.superuser.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app: metal-api-bmc
-  name: metal-api-bmc
-data:
-  superuser.pwd: {{ .Values.metal_api.bmc.superuser.pwd_enc }}
-{{- end }}
-{{- if .Values.metal_api.s3.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    app: metal-api-s3
-  name: metal-api-s3
-type: Opaque
-stringData:
-  s3_address: {{ .Values.metal_api.s3.address }}
-  s3_key: {{ .Values.metal_api.s3.key }}
-  s3_secret: {{ .Values.metal_api.s3.secret }}
-  s3_firmware_bucket: {{ .Values.metal_api.s3.firmware_bucket }}
-{{- end }}
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -63,6 +14,12 @@ spec:
     metadata:
       labels:
         app: metal-api
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/metal-api-config.yaml") . | sha256sum }}
+        checksum/masterdata-api-config: {{ include (print $.Template.BasePath "/masterdata-api-config.yaml") . | sha256sum }}
+{{- if .Values.metal_api.nsq.tls.enabled }}
+        checksum/nsqd-tls-config: {{ .Values.metal_api.nsq.tls.checksum }}
+{{- end }}
     spec:
       restartPolicy: Always
       # it's better to disable the service links as the default args do not work properly otherwise (metal#64)
diff --git a/charts/metal-control-plane/values.yaml b/charts/metal-control-plane/values.yaml
index 6c5e6c0..5e671b9 100644
--- a/charts/metal-control-plane/values.yaml
+++ b/charts/metal-control-plane/values.yaml
@@ -107,6 +107,7 @@ metal_api:
     tls:
       enabled: false
       secret_name: ""
+      checksum: ""
   grpc:
     tls:
       enabled: false