Automatically Roll Deployments When ConfigMaps or Secrets change

Often times configmaps or secrets are injected as configurationfiles in containers.Depending on the application a restart may be required should thosebe updated with a subsequent helm upgrade, but if thedeployment spec itself didn’t change the application keeps runningwith the old configuration resulting in an inconsistent deployment.

The sha256sum function can be used to ensure a deployment’sannotation section is updated if another file changes:

  1. kind: Deployment
  2. spec:
  3.   template:
  4.     metadata:
  5.       annotations:
  6.         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
  7. [...]

See also the helm upgrade —recreate-pods flag for a slightlydifferent way of addressing this issue.