Fix/restart on tenanttokenchange without fieldchange (release-1.4)

[gkrenn]

Description

The tenant and ActiveGate tokens can be rotated using the tenant's rotation API.

This process updates the oneagent-tenant-secret and ActiveGate secret. To activate these changes, the OneAgents and ActiveGates need to be restarted.

To accomplish this, this PR adds a hash as an annotation to the DaemonSet and StatefulSet. If the hash changes, the pods will be restarted.

To not introduce a new field on a bugfix version, it uses the old bugfix implementation. For the new implementation including a new field look at PR #4361

Jira

How can this be tested?

• Deploy dynakube with oneagents
• Navigate to the api docs in your tenant
• Start the token rotation
• the oneagents will be updated after some time.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 80.89888% with 17 lines in your changes missing coverage. Please review.

Project coverage is 64.29%. Comparing base (c62f39b) to head (495cd73).
Report is 1 commits behind head on release-1.4.

Files with missing lines	Patch %	Lines
...ntrollers/dynakube/oneagent/oneagent_reconciler.go	59.09%	7 Missing and 2 partials ⚠️
...kube/activegate/internal/statefulset/reconciler.go	52.94%	6 Missing and 2 partials ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@               Coverage Diff               @@
##           release-1.4    #4376      +/-   ##
===============================================
+ Coverage        64.28%   64.29%   +0.01%     
===============================================
  Files              401      402       +1     
  Lines            27072    27135      +63     
===============================================
+ Hits             17403    17447      +44     
- Misses            8302     8317      +15     
- Partials          1367     1371       +4     

Flag	Coverage Δ
unittests	64.29% <80.89%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[StefanHauth]

Works on my machine for OneAgent. For whatever reason the AG token doesn't get rotated when I start a token rotation.
I'd like to have a second opinion on this PR, please.

[aorcholski]

AG reports an error

... message has an error: REQUEST_REJECTED

The same error if I deploy dynakube again from scratch.

[aorcholski]

IMHO we should return err and shouldn't change the template if K8S API error encountered. We don't know if the secret/tenant has changed or not.

[aorcholski]

IMHO we should return err and shouldn't change the template if K8S API error encountered. We don't know if the secret/tenant has changed or not.

[aorcholski]

IMHO we should return err and should'n change the template if K8S API error encountered. We don't know if the secret/tenant has changed or not.

[gkrenn]

Thanks for your detailed checks, I adapted the PR according to the review.

[aorcholski]

LGTM