This is an automated email from the ASF dual-hosted git repository.
adutra pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 280dcafcd Helm chart: include configmap checksum in deployment
annotations (#3023)
280dcafcd is described below
commit 280dcafcd183097907dace7a3c6b062f2512a602
Author: cccs-cat001 <[email protected]>
AuthorDate: Mon Nov 10 13:16:30 2025 -0500
Helm chart: include configmap checksum in deployment annotations (#3023)
---
CHANGELOG.md | 1 +
helm/polaris/templates/deployment.yaml | 5 +-
helm/polaris/tests/deployment_test.yaml | 87 +++++++++++++++++++++++++++++++--
3 files changed, 87 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e6fb7e78..493e0c60d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -54,6 +54,7 @@ request adding CHANGELOG notes for breaking (!) changes and
possibly other secti
- `client.region` is no longer considered a "credential" property (related to
Iceberg REST Catalog API).
- Relaxed the requirements for S3 storage's ARN to allow Polaris to connect to
more non-AWS S3 storage appliances.
+- Added checksum to helm deployment so that it will restart when the configmap
has changed.
### Deprecations
diff --git a/helm/polaris/templates/deployment.yaml
b/helm/polaris/templates/deployment.yaml
index a7cec81a4..9ee0a1892 100644
--- a/helm/polaris/templates/deployment.yaml
+++ b/helm/polaris/templates/deployment.yaml
@@ -39,10 +39,11 @@ spec:
{{- include "polaris.selectorLabels" . | nindent 6 }}
template:
metadata:
- {{- if .Values.podAnnotations }}
annotations:
+ checksum/config: {{ include (print $.Template.BasePath
"/configmap.yaml") . | sha256sum }}
+ {{- if .Values.podAnnotations }}
{{- tpl (toYaml .Values.podAnnotations) . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "polaris.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
diff --git a/helm/polaris/tests/deployment_test.yaml
b/helm/polaris/tests/deployment_test.yaml
index d80b72b64..df16d0a15 100644
--- a/helm/polaris/tests/deployment_test.yaml
+++ b/helm/polaris/tests/deployment_test.yaml
@@ -27,16 +27,19 @@ release:
templates:
- deployment.yaml
+ - configmap.yaml
tests:
# metadata.name
- it: should set deployment name
+ template: deployment.yaml
asserts:
- equal:
path: metadata.name
value: polaris-release
- it: should set deployment name with override
+ template: deployment.yaml
set:
nameOverride: polaris-override
asserts:
@@ -44,6 +47,7 @@ tests:
path: metadata.name
value: polaris-release-polaris-override
- it: should set deployment name with full override
+ template: deployment.yaml
set:
fullnameOverride: polaris-override
asserts:
@@ -53,6 +57,7 @@ tests:
# metadata.namespace
- it: should set deployment namespace
+ template: deployment.yaml
asserts:
- equal:
path: metadata.namespace
@@ -60,6 +65,7 @@ tests:
# metadata.labels
- it: should set deployment default labels
+ template: deployment.yaml
asserts:
- isSubset:
path: metadata.labels
@@ -70,6 +76,7 @@ tests:
app.kubernetes.io/managed-by: Helm
helm.sh/chart: polaris-1.2.3
- it: should set podLabels in deployment labels
+ template: deployment.yaml
set:
podLabels:
app.kubernetes.io/component: polaris
@@ -81,11 +88,13 @@ tests:
# spec.replicas
- it: should set default replicas
+ template: deployment.yaml
asserts:
- equal:
path: spec.replicas
value: 1
- it: should set replicas
+ template: deployment.yaml
set:
replicaCount: 3
asserts:
@@ -93,6 +102,7 @@ tests:
path: spec.replicas
value: 3
- it: should not set replicas if autoscaling is enabled
+ template: deployment.yaml
set:
replicaCount: 3
autoscaling:
@@ -103,22 +113,26 @@ tests:
# spec.revisionHistoryLimit
- it: should not set revisionHistoryLimit by default with null
+ template: deployment.yaml
asserts:
- notExists:
path: spec.revisionHistoryLimit
- it: should not set revisionHistoryLimit with quote empty string
+ template: deployment.yaml
set:
revisionHistoryLimit: ""
asserts:
- notExists:
path: spec.revisionHistoryLimit
- it: should not set revisionHistoryLimit with empty string
+ template: deployment.yaml
set:
revisionHistoryLimit:
asserts:
- notExists:
path: spec.revisionHistoryLimit
- it: should set revisionHistoryLimit
+ template: deployment.yaml
set:
revisionHistoryLimit: 1
asserts:
@@ -126,6 +140,7 @@ tests:
path: spec.revisionHistoryLimit
value: 1
- it: should set revisionHistoryLimit (disabled revision history)
+ template: deployment.yaml
set:
revisionHistoryLimit: 0
asserts:
@@ -135,6 +150,7 @@ tests:
# spec.selector.matchLabels + spec.template.metadata.labels
- it: should set deployment selector labels
+ template: deployment.yaml
asserts:
- isSubset:
path: spec.selector.matchLabels
@@ -147,6 +163,7 @@ tests:
app.kubernetes.io/name: polaris
app.kubernetes.io/instance: polaris-release
- it: should include podLabels in spec.template.metadata.labels only
+ template: deployment.yaml
set:
podLabels:
app.kubernetes.io/component: polaris
@@ -161,11 +178,16 @@ tests:
app.kubernetes.io/component: polaris
# spec.template.metadata.annotations
- - it: should not set pod annotations by default
- asserts:
- - notExists:
- path: spec.template.metadata.annotations
+ - it: should only set checksum annotation by default
+ template: deployment.yaml
+ asserts:
+ - exists:
+ path: spec.template.metadata.annotations.checksum/config
+ - matchRegex:
+ path: spec.template.metadata.annotations.checksum/config
+ pattern: "^[a-f0-9]{64}$"
- it: should set pod annotations
+ template: deployment.yaml
set:
podAnnotations:
foo: bar
@@ -177,10 +199,12 @@ tests:
# spec.template.spec.imagePullSecrets
- it: should not set imagePullSecrets by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.imagePullSecrets
- it: should set imagePullSecrets
+ template: deployment.yaml
set:
imagePullSecrets:
- test-secret
@@ -192,11 +216,13 @@ tests:
# spec.template.spec.serviceAccountName
- it: should set default service account name
+ template: deployment.yaml
asserts:
- equal:
path: spec.template.spec.serviceAccountName
value: polaris-release
- it: should set service account name when serviceAccount.create is true
+ template: deployment.yaml
set:
serviceAccount:
create: true
@@ -205,6 +231,7 @@ tests:
path: spec.template.spec.serviceAccountName
value: polaris-release
- it: should set custom service account name when serviceAccount.create is
true
+ template: deployment.yaml
set:
serviceAccount:
create: true
@@ -214,6 +241,7 @@ tests:
path: spec.template.spec.serviceAccountName
value: polaris-sa
- it: should set service account name to default when serviceAccount.create
is false
+ template: deployment.yaml
set:
serviceAccount:
create: false
@@ -222,6 +250,7 @@ tests:
path: spec.template.spec.serviceAccountName
value: default
- it: should set custom service account name when serviceAccount.create is
false
+ template: deployment.yaml
set:
serviceAccount:
create: false
@@ -233,6 +262,7 @@ tests:
# spec.template.spec.securityContext
- it: should set securityContext by default
+ template: deployment.yaml
asserts:
- isSubset:
path: spec.template.spec.securityContext
@@ -241,6 +271,7 @@ tests:
seccompProfile:
type: RuntimeDefault
- it: should set custom securityContext
+ template: deployment.yaml
set:
podSecurityContext:
fsGroup: 1234
@@ -252,6 +283,7 @@ tests:
# spec.template.spec.containers
- it: should set container name
+ template: deployment.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].name
@@ -259,6 +291,7 @@ tests:
# spec.template.spec.containers[0].securityContext
- it: should set container securityContext by default
+ template: deployment.yaml
asserts:
- isSubset:
path: spec.template.spec.containers[0].securityContext
@@ -271,6 +304,7 @@ tests:
seccompProfile:
type: RuntimeDefault
- it: should set custom container securityContext
+ template: deployment.yaml
set:
containerSecurityContext:
allowPrivilegeEscalation: true
@@ -286,6 +320,7 @@ tests:
# spec.template.spec.containers[0].image
- it: should set container image
+ template: deployment.yaml
set:
image:
repository: test-repo
@@ -295,6 +330,7 @@ tests:
path: spec.template.spec.containers[0].image
value: test-repo:test-tag
- it: should set container image with template
+ template: deployment.yaml
set:
image:
repository: test-repo-{{ .Chart.Version }}
@@ -304,6 +340,7 @@ tests:
path: spec.template.spec.containers[0].image
value: test-repo-1.2.3:test-tag-polaris-release
- it: should set container image with chart version if no tag provided
+ template: deployment.yaml
set:
image:
repository: test-repo
@@ -315,6 +352,7 @@ tests:
# spec.template.spec.containers[0].imagePullPolicy
- it: should set container pull policy
+ template: deployment.yaml
set:
image:
pullPolicy: Always
@@ -325,10 +363,12 @@ tests:
# spec.template.spec.containers[0].env
- it: should not set container env by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.containers[0].env
- it: should set container env
+ template: deployment.yaml
set:
extraEnv:
- name: foo
@@ -342,6 +382,7 @@ tests:
# spec.template.spec.containers[0].volumeMounts + spec.template.spec.volumes
- it: should not set persistence volumes by default
+ template: deployment.yaml
asserts:
- lengthEqual:
path: spec.template.spec.volumes
@@ -358,6 +399,7 @@ tests:
# spec.template.spec.containers[0].ports
- it: should set container ports by default
+ template: deployment.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].ports
@@ -376,6 +418,7 @@ tests:
protocol: TCP
- it: should set custom container ports
+ template: deployment.yaml
set:
service:
ports:
@@ -415,6 +458,7 @@ tests:
protocol: TCP
- it: should use targetPort if defined
+ template: deployment.yaml
set:
service:
ports:
@@ -456,6 +500,7 @@ tests:
protocol: TCP
- it: should fail if port name is not unique (#1)
+ template: deployment.yaml
set:
service:
ports:
@@ -468,6 +513,7 @@ tests:
errorPattern: "service.ports\\[\\d\\]: port name already taken:
polaris-http"
- it: should fail if port name is not unique (#2)
+ template: deployment.yaml
set:
managementService:
ports:
@@ -480,6 +526,7 @@ tests:
errorPattern: "managementService.ports\\[\\d\\]: port name already
taken: polaris-mgmt"
- it: should fail if port name is not unique (#3)
+ template: deployment.yaml
set:
service:
ports:
@@ -494,6 +541,7 @@ tests:
errorPattern: "managementService.ports\\[\\d\\]: port name already
taken: polaris"
- it: should not fail when extra service references the same port name and
number
+ template: deployment.yaml
set:
extraServices:
- nameSuffix: "-extra"
@@ -519,6 +567,7 @@ tests:
protocol: TCP
- it: should fail when extra service references the same port name with
different number (#1)
+ template: deployment.yaml
set:
extraServices:
- nameSuffix: "-extra"
@@ -531,6 +580,7 @@ tests:
errorPattern: "extraServices\\[\\d\\].ports\\[\\d\\]: wrong port
number for port polaris-http, expected 8181, got 9999"
- it: should fail when extra service references the same port name with
different number (#2)
+ template: deployment.yaml
set:
extraServices:
- nameSuffix: "-extra"
@@ -543,6 +593,7 @@ tests:
errorPattern: "extraServices\\[\\d\\].ports\\[\\d\\]: wrong port
number for port polaris-mgmt, expected 8182, got 9999"
- it: should fail when extra service references the same port name with
different number (#3)
+ template: deployment.yaml
set:
service:
ports:
@@ -561,6 +612,7 @@ tests:
errorPattern: "extraServices\\[\\d\\].ports\\[\\d\\]: wrong port
number for port polaris-https, expected 8043, got 9999"
- it: should fail when extra service references the same port name with
different protocol
+ template: deployment.yaml
set:
service:
ports:
@@ -578,6 +630,7 @@ tests:
errorPattern: "extraServices\\[\\d\\].ports\\[\\d\\]: wrong
protocol for port polaris-http, expected TCP, got UDP"
- it: should create 2 ports with same number
+ template: deployment.yaml
set:
service:
ports:
@@ -602,6 +655,7 @@ tests:
containerPort: 8181
protocol: TCP
- it: should create 2 ports with same number using targetPort
+ template: deployment.yaml
set:
service:
ports:
@@ -628,6 +682,7 @@ tests:
containerPort: 8181
protocol: TCP
- it: should set port protocols
+ template: deployment.yaml
set:
service:
ports:
@@ -671,6 +726,7 @@ tests:
# spec.template.spec.containers[0].livenessProbe
- it: should set container livenessProbe by default
+ template: deployment.yaml
set:
managementService:
ports:
@@ -700,6 +756,7 @@ tests:
# spec.template.spec.containers[0].readinessProbe
- it: should set container readinessProbe by default
+ template: deployment.yaml
set:
managementService:
ports:
@@ -727,10 +784,12 @@ tests:
# spec.template.spec.containers[0].resources
- it: should not set container resources by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.containers[0].resources
- it: should set container resources
+ template: deployment.yaml
set:
resources:
requests:
@@ -752,10 +811,12 @@ tests:
# spec.template.spec.nodeSelector
- it: should not set nodeSelector by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.nodeSelector
- it: should set nodeSelector
+ template: deployment.yaml
set:
nodeSelector:
disktype: ssd
@@ -767,10 +828,12 @@ tests:
# spec.template.spec.affinity
- it: should not set affinity by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.affinity
- it: should set affinity
+ template: deployment.yaml
set:
affinity:
nodeAffinity:
@@ -798,10 +861,12 @@ tests:
# spec.template.spec.tolerations
- it: should not set tolerations by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.tolerations
- it: should set tolerations
+ template: deployment.yaml
set:
tolerations:
- key: "key"
@@ -818,6 +883,7 @@ tests:
effect: "NoSchedule"
- it: should set storage credentials
+ template: deployment.yaml
set:
storage:
secret:
@@ -852,6 +918,7 @@ tests:
key: gcpToken
- it: should set extra env
+ template: deployment.yaml
set:
extraEnv:
- name: foo
@@ -877,6 +944,7 @@ tests:
key: key
- it: should set extra env + storage credentials
+ template: deployment.yaml
set:
storage:
secret:
@@ -901,11 +969,13 @@ tests:
key: awsAccessKeyId
- it: should not set any environment variables by default
+ template: deployment.yaml
asserts:
- notExists:
path: spec.template.spec.containers[0].env
- it: should configure config volume
+ template: deployment.yaml
set:
image.configDir: /config/dir
asserts:
@@ -928,6 +998,7 @@ tests:
path: application.properties
- it: should configure config volume with token broker secret (rsa-key-pair
- deprecation)
+ template: deployment.yaml
set:
image.configDir: /config/dir
authentication:
@@ -970,6 +1041,7 @@ tests:
path: private.pem
- it: should configure config volume with token broker secret (symmetric-key
- deprecation)
+ template: deployment.yaml
set:
image.configDir: /config/dir
authentication:
@@ -1010,6 +1082,7 @@ tests:
path: symmetric.key
- it: should configure config volume with token broker secret (rsa-key-pair)
+ template: deployment.yaml
set:
image.configDir: /config/dir
authentication:
@@ -1052,6 +1125,7 @@ tests:
path: private.pem
- it: should configure config volume with token broker secret (symmetric-key)
+ template: deployment.yaml
set:
image.configDir: /config/dir
authentication:
@@ -1092,6 +1166,7 @@ tests:
path: symmetric.key
- it: should configure config volume with authentication including per-realm
overrides
+ template: deployment.yaml
set:
image.configDir: /config/dir
authentication:
@@ -1144,6 +1219,7 @@ tests:
path: REALM+2/private.pem
- it: should set relational-jdbc persistence environment variables
+ template: deployment.yaml
set:
persistence: { type: "relational-jdbc", relationalJdbc: { secret: {
name: "polaris-persistence", username: "username", password: "password",
jdbcUrl: "jdbcUrl" } } }
asserts:
@@ -1173,6 +1249,7 @@ tests:
key: jdbcUrl
- it: should configure volume for file logging
+ template: deployment.yaml
set:
logging.file.enabled: true
logging.file.logsDir: /custom/logs
@@ -1191,6 +1268,7 @@ tests:
claimName: polaris-release-logs
- it: should include extra volumes and volume mounts
+ template: deployment.yaml
set:
extraVolumes:
- name: extra-volume
@@ -1213,6 +1291,7 @@ tests:
emptyDir: {}
- it: should set OIDC client secret
+ template: deployment.yaml
set:
oidc: { client: { secret: { name: polaris-oidc-secret, key:
client-secret } } }
asserts:
