-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Description
In the current example template, the Django and PostgreSQL containers are in separate DeploymentConfig's. I have a CI pipeline that processes the template, and since I leave the DATABASE_PASSWORD parameter blank (intentional), it is generated every time the pipeline runs. However, this doesn't trigger a ConfigChange in either DeploymentConfig because the environment variables are secret references (it seems like this would be the obvious thing to do). The Django container does get re-built as part of my CI pipeline and triggers an ImageChange, so the result is that I end up with a Django container that has a different database password in its environment variables from my PostgreSQL container.
Has anyone figured out how to solve this problem? I thought maybe if we put both containers in the same DeploymentConfig or have both the containers be restarted when the Django image changes... but neither seems ideal. Is there a way to specify an annotation that results in the Deployments being recreated when the Secret is updated?