flagger icon indicating copy to clipboard operation
flagger copied to clipboard
verified publisher icon fluxcd

Changing the secret for the metric provider should be less impactful

Open AlainDeleglise opened this issue 1 year ago • 2 comments

Describe the feature

When one uses an external metric provider for the metric templates, changing the secret can only be done by deleting and recreating the canary object, which in turn results in the deletion of the target object (and related pods).

Proposed solution

The external metric provider secret should be decoupled from the canary object, to allow one to make secret rotation or just plain changing the secret.

Any alternatives you've considered?

Maybe mount the secret in the flagger pod, when one deploys it as a replicas, a rollout has no impact.

AlainDeleglise avatar Oct 03 '24 15:10 AlainDeleglise

the metric provider secret is decoupled from the canary object, if you use the MetricTemplate API: https://docs.flagger.app/usage/metrics#custom-metrics

aryan9600 avatar Oct 26 '24 14:10 aryan9600

@aryan9600 Hi, thanks for your answer. I've already specified the secret in the metric template object. However, I've tried to just delete the metric template and recreate it, but flagger is still unable to collect the metrics, hence my message.

AlainDeleglise avatar Oct 28 '24 08:10 AlainDeleglise