How to trigger change in sha256sum of rendered configmap in helm?

11/30/2018

I have a setting in my configmap.yaml

---
apiVersion: V2.23
kind: ConfigMap
metadata:
   name: my-configmap
data: 
   image.tag: {{ .Values.image.tag }}

Then in deployment.yaml I have this line:

  annotations:
    checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}

Then in values.yaml I have this line:

image:
  repository: myrepo
  tag: latest
  pullPolicy: IfNotPresent

If I have the following helm command in my Jenkinsfile

        sh """
          helm upgrade --install --force \
          --namespace=default \
          --values=values.yaml \
          --set image.tag=${output_of_git-describe} \
          --set image.pullPolicy=Always \
          myimage kubernetes/myimage
       """

Question

  1. Will the sha256 for configmap.yaml actually get changed based on the helm command I have in my Jenkinsfile?
  2. Is there a helm command I can run to display the sha256 of configmap.yaml?
-- Anthony
kubernetes-helm

1 Answer

12/1/2018

As you've written it (from here), Helm will calculate the SHA-256 hash of the unrendered template file, which won't change as you update the value.

If your ConfigMap will only ever contain this single value, you could use a hash of that value instead:

checksum/config: {{ sha256sum .Values.image.tag }}

You could break out the contents of the ConfigMap into a separate renderable template:

{{/* _config_map.tpl */}}
{{- define "config-map-contents" -}}
image.tag: {{ .Values.image.tag }}
{{- end -}}
{{/* my-configmap.yaml */}}
apiVersion: v1
kind: ConfigMap
metadata:
   name: my-configmap
data: {{ include "config-map-contents" | nindent 2 }}
{{/* in the pod spec */}}
checksum/config: {{ include "config-map-contents" | sha256sum }}

At the end of the day, you need something in the pod spec to change to cause Kubernetes to redeploy it. In Helm you can more directly put the value in an environment variable without going via a ConfigMap, which will have the right effect:

env:
  - name: IMAGE_TAG
    value: {{ .Values.image.tag }}

Or if it actually is the image tag, simply changing the target image of a container in a pod will cause it to redeploy:

image: {{ printf "%s/%s:%s" .Values.image.repository (.Values.image.image | default "myimage") .Values.image.tag | quote}}
-- David Maze
Source: StackOverflow