[Feature Request]Add support for secret annotation so only annotated secrets trigger rolling update

wave-k8s / wave

Kubernetes configuration tracking controller

Apache License 2.0

646 stars 82 forks source link

[Feature Request]Add support for secret annotation so only annotated secrets trigger rolling update #113

Open johnphilipscs opened 2 years ago

johnphilipscs commented 2 years ago

I am using your controller to trigger our app to perform a rolling update when cert-manager renews a certificate. It is my preference to restrict the trigger to only occur on the particular certificate secret and not on changes to other secrets.

github-actions[bot] commented 2 years ago

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

johnphilipscs commented 2 years ago

Still interested in this feature if anyone is working on this project.

jabdoa2 commented 2 months ago

I guess ideally this annotations would be on the deployment side instead of the secret side. Otherwise, you might disable it for multiple deployments at once. We could create some kind of whitelist or blacklist annotation on the deployment. What do you think?

jabdoa2 commented 1 month ago

@toelke do we want to support this?

Options:

Support wave.pusher.com/update-on-config-change: "only-annotated" on Deployments. Add wave.pusher.com/update-deployment-on-config-change: "true" to Secrets/CMs.
Add a flag to wave to change the default behavior. Add wave.pusher.com/update-deployment-on-config-change: "true" to Secrets/CMs.
Add wave.pusher.com/ignore: "true" to Secrets/CMs to selectively ignore Secrets/CMs. (Kind of different from the request)
Decide not to implement this.