From 08cc3c62026dd7b106cdbaf98998709d16a64339 Mon Sep 17 00:00:00 2001
From: Azeem Shaikh <azeemshaikh38@gmail.com>
Date: Tue, 3 Aug 2021 13:50:30 -0700
Subject: [PATCH] Rollout worker whenever controller starts (#808)

Co-authored-by: Azeem Shaikh <azeems@google.com>
---
 cron/k8s/controller.yaml | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/cron/k8s/controller.yaml b/cron/k8s/controller.yaml
index 098b4654..522e3149 100644
--- a/cron/k8s/controller.yaml
+++ b/cron/k8s/controller.yaml
@@ -12,6 +12,30 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: scorecard-batch-controller
+rules:
+  - apiGroups: ["apps", "extensions"]
+    resources: ["deployments"]
+    resourceNames: ["scorecard-batch-worker"]
+    verbs: ["get", "patch"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: scorecard-batch-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: scorecard-batch-controller
+subjects:
+  - kind: ServiceAccount
+    name: default
+---
+
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
@@ -24,6 +48,7 @@ spec:
     spec:
       template:
         spec:
+          restartPolicy: Never
           containers:
           - name: controller
             image: gcr.io/openssf/scorecard-batch-controller:latest
@@ -33,4 +58,10 @@ spec:
                 memory: 1Gi
               requests:
                 memory: 1Gi
-          restartPolicy: OnFailure
+          - name: worker-update
+            image: bitnami/kubectl@sha256:44468c0f5b348e6dcf5e11feb6fdcc969c874bba2856150fe50eb1aacb3bdfee
+            command:
+              - "kubectl"
+              - "rollout"
+              - "restart"
+              - "deployment/scorecard-batch-worker"