feat(helm/infisical-core): auto-reload

2026-01-08 23:18:05 -05:00 · 2025-10-20 15:54:51 +04:00
parent 00b2a6bafc
commit bf37ad958a
6 changed files with 27 additions and 5 deletions
--- a/helm-charts/infisical-standalone-postgres/CHANGELOG.md
+++ b/helm-charts/infisical-standalone-postgres/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 1.7.2 (October 20, 2025)
+Changes:
+* Added automatic reloading support for the Infisical deployment when the `infisical.kubeSecretRef` kubernetes secret changes.
+  * Configurable by `reloader.enabled: true|false`. Defaults to `true`.
+
 ## 1.7.1 (October 10, 2025)

 Changes:
--- a/helm-charts/infisical-standalone-postgres/Chart.lock
+++ b/helm-charts/infisical-standalone-postgres/Chart.lock
@@ -8,5 +8,8 @@ dependencies:
 - name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
  version: 18.14.1
-digest: sha256:57a18fb5258fc153d27b633f6570104c7628af651f08f3ae7e1cf8920c2c31fa
-generated: "2025-09-30T18:44:50.303037+04:00"
+- name: reloader
+  repository: https://stakater.github.io/stakater-charts
+  version: 2.2.3
+digest: sha256:cdaf2a4056a24633b7bbcafb72c8c6fd1c0e8d75a9ceb016917906f83db1e6b0
+generated: "2025-10-20T13:56:11.25867+04:00"
--- a/helm-charts/infisical-standalone-postgres/Chart.yaml
+++ b/helm-charts/infisical-standalone-postgres/Chart.yaml
@@ -7,7 +7,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.7.1
+version: 1.7.2

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -28,3 +28,7 @@ dependencies:
    version: 18.14.1
    repository: oci://registry-1.docker.io/bitnamicharts
    condition: redis.enabled
+  - name: reloader
+    version: 2.2.3
+    repository: https://stakater.github.io/stakater-charts
+    condition: reloader.enabled
--- a/helm-charts/infisical-standalone-postgres/templates/infisical.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/infisical.yaml
@@ -4,6 +4,9 @@ kind: Deployment
 metadata:
  name: {{ include "infisical.fullname" . }}
  annotations:
+    {{- if .Values.reloader.enabled }}
+    secret.reloader.stakater.com/reload: {{ $infisicalValues.kubeSecretRef }}
+    {{- end }}
    updatedAt: {{ now | date "2006-01-01 MST 15:04:05" | quote }}
    {{- with $infisicalValues.deploymentAnnotations }}
    {{- toYaml . | nindent 4 }}
--- a/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
@@ -15,6 +15,10 @@ spec:
        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
        app.kubernetes.io/instance: {{ .Release.Name | quote }}
        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+      {{- if .Values.reloader.enabled }}
+      annotations:
+        secret.reloader.stakater.com/reload: {{ $infisicalValues.kubeSecretRef }}
+      {{- end }}
    spec:
      serviceAccountName: {{ include "infisical.serviceAccountName" . }}
    {{- if $infisicalValues.image.imagePullSecrets }}
--- a/helm-charts/infisical-standalone-postgres/values.yaml
+++ b/helm-charts/infisical-standalone-postgres/values.yaml
@@ -118,8 +118,7 @@ ingress:
  # -- Custom annotations for ingress resource
  annotations: {}
  # -- TLS settings for HTTPS access
-  tls:
-    []
+  tls: []
    # -- TLS secret name for HTTPS
    # - secretName: letsencrypt-prod
    # -- Domain name to associate with the TLS certificate
@@ -184,3 +183,7 @@ redis:

  # -- Redis deployment type (e.g., standalone or cluster)
  architecture: standalone
+
+# -- Reloader is used to reload the Infisical instance when the Kubernetes secret referenced by `infisical.kubeSecretRef` is updated
+reloader:
+  enabled: true