Hash tenant config and store in configmap

Every tenant now creates a configmap in its __tenant__ namespace with a sha256 of its values. Tenants (and eventually all other apps), watch the configmap in their __release__ namespace, by referencing it in the valuesFrom part of the HelmRelease. `tenant-root` is an exception, since it is the only tenant where the release namespace is the same as the tenant namespace. It references a different configmap in its valesFrom, created and reconciled by the cozystack installer script. Part of #802. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
2026-01-27 10:18:39 +00:00 · 2025-04-17 14:28:11 +03:00
parent 277b438f68
commit f1624353ef
5 changed files with 45 additions and 0 deletions
--- a/pkg/apis/apps/v1alpha1/types.go
+++ b/pkg/apis/apps/v1alpha1/types.go
@@ -21,6 +21,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

+const (
+	CozySystemConfigurationHashConfigMapName = "cozy-system-configuration-hash"
+	CozyTenantConfigurationHashConfigMapName = "cozy-tenant-configuration-hash"
+	CozyTenantConfigurationHashKey           = "cozyTenantConfigurationHash"
+)
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // ApplicationList is a list of Application objects.
--- a/pkg/registry/apps/application/rest.go
+++ b/pkg/registry/apps/application/rest.go
@@ -988,6 +988,18 @@ func (r *REST) convertApplicationToHelmRelease(app *appsv1alpha1.Application) (*
 		},
 	}

+	valuesFromConfigMap := appsv1alpha1.CozyTenantConfigurationHashConfigMapName
+	if helmRelease.Name == "tenant-root" && helmRelease.Namespace == "tenant-root" {
+		valuesFromConfigMap = appsv1alpha1.CozySystemConfigurationHashConfigMapName
+	}
+	helmRelease.Spec.ValuesFrom = []helmv2.ValuesReference{{
+		Kind:       "ConfigMap",
+		Name:       valuesFromConfigMap,
+		ValuesKey:  appsv1alpha1.CozyTenantConfigurationHashKey,
+		TargetPath: appsv1alpha1.CozyTenantConfigurationHashKey,
+		Optional:   true,
+	}}
+
 	return helmRelease, nil
 }