Fix deployment spec annotation

internal/controller/generic_tunnel_reconciler.go

@@ -1,6 +1,8 @@
 package controller
 
 import (
+	"crypto/md5"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"time"
@@ -250,12 +252,13 @@ func createManagedResources(r GenericTunnelReconciler) (ctrl.Result, error) {
 	}
 
 	// Check if ConfigMap already exists, else create it
-	if err := k8s.MergeOrApply(r, configMapForTunnel(r)); err != nil {
+	cm := configMapForTunnel(r)
+	if err := k8s.MergeOrApply(r, cm); err != nil {
 		return ctrl.Result{}, err
 	}
 
 	// Apply patch to deployment
-	dep := deploymentForTunnel(r)
+	dep := deploymentForTunnel(r, cm.Data[configmapKey])
 	if err := k8s.StrategicPatch(dep, r.GetTunnel().GetSpec().DeployPatch, dep); err != nil {
 		r.GetLog().Error(err, "unable to patch deployment, check patch")
 		r.GetRecorder().Event(r.GetTunnel().GetObject(), corev1.EventTypeWarning, "FailedPatch", "Failed to patch deployment, check patch")
@@ -329,9 +332,10 @@ func secretForTunnel(r GenericTunnelReconciler) *corev1.Secret {
 }
 
 // deploymentForTunnel returns a tunnel Deployment object
-func deploymentForTunnel(r GenericTunnelReconciler) *appsv1.Deployment {
+func deploymentForTunnel(r GenericTunnelReconciler, configStr string) *appsv1.Deployment {
 	ls := labelsForTunnel(r.GetTunnel())
 	protocol := r.GetTunnel().GetSpec().Protocol
+	hash := md5.Sum([]byte(configStr))
 
 	args := []string{"tunnel", "--protocol", protocol, "--config", "/etc/cloudflared/config/config.yaml", "--metrics", "0.0.0.0:2000", "run"}
 	volumes := []corev1.Volume{{
@@ -398,6 +402,9 @@ func deploymentForTunnel(r GenericTunnelReconciler) *appsv1.Deployment {
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
 					Labels: ls,
+					Annotations: map[string]string{
+						tunnelConfigChecksum: hex.EncodeToString(hash[:]),
+					},
 				},
 				Spec: corev1.PodSpec{
 					SecurityContext: &corev1.PodSecurityContext{

internal/controller/tunnelbinding_controller.go

@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"sort"
 	"strings"
+	"time"
 
 	"github.com/adyanth/cloudflare-operator/internal/clients/cf"
 
@@ -156,7 +157,11 @@ func (r *TunnelBindingReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 			// TunnelBinding object not found, could have been deleted after reconcile request.
 			// Owned objects are automatically garbage collected. For additional cleanup logic use finalizers.
 			// Return and don't requeue
-			r.log.Info("TunnelBinding deleted, nothing to do")
+			r.log.Info("TunnelBinding deleted, updating config")
+			if err = r.configureCloudflareDaemon(); err != nil {
+				r.log.Error(err, "unable to update config")
+				return ctrl.Result{}, err
+			}
 			return ctrl.Result{}, nil
 		}
 		r.log.Error(err, "unable to fetch TunnelBinding")
@@ -170,7 +175,8 @@ func (r *TunnelBindingReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 
 	// Check if TunnelBinding is marked for deletion
 	if r.binding.GetDeletionTimestamp() != nil {
-		return ctrl.Result{}, r.deletionLogic()
+		// Requeue to update configmap above
+		return ctrl.Result{RequeueAfter: time.Second}, r.deletionLogic()
 	}
 
 	if err := r.setStatus(); err != nil {
@@ -535,10 +541,10 @@ func (r *TunnelBindingReconciler) setConfigMapConfiguration(config *cf.Configura
 	// Restart pods
 	r.Recorder.Event(r.binding, corev1.EventTypeNormal, "ApplyingConfig", "Applying ConfigMap to Deployment")
 	r.Recorder.Event(cfDeployment, corev1.EventTypeNormal, "ApplyingConfig", "Applying ConfigMap to Deployment")
-	if cfDeployment.Annotations == nil {
-		cfDeployment.Annotations = map[string]string{}
+	if cfDeployment.Spec.Template.Annotations == nil {
+		cfDeployment.Spec.Template.Annotations = map[string]string{}
 	}
-	cfDeployment.Annotations[tunnelConfigChecksum] = hex.EncodeToString(hash[:])
+	cfDeployment.Spec.Template.Annotations[tunnelConfigChecksum] = hex.EncodeToString(hash[:])
 	if err := r.Update(r.ctx, cfDeployment); err != nil {
 		r.log.Error(err, "Failed to update Deployment for restart")
 		r.Recorder.Event(r.binding, corev1.EventTypeWarning, "FailedApplyingConfig", "Failed to apply ConfigMap to Deployment")