Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Cluster-wide Certificates Refresh #60

Merged
merged 3 commits into from
Oct 9, 2024
Merged

Add Cluster-wide Certificates Refresh #60

merged 3 commits into from
Oct 9, 2024

Conversation

mateoflorido
Copy link
Member

@mateoflorido mateoflorido commented Oct 1, 2024
edited
Loading

Overview

Add a proposal for implementing a cluster-wide certificates refresh in the Canonical Kubernetes providers

@mateoflorido mateoflorido requested a review from a team as a code owner October 1, 2024 01:56
HomayoonAlimohammadi
HomayoonAlimohammadi approved these changes Oct 4, 2024
View reviewed changes
Copy link
Contributor

@HomayoonAlimohammadi HomayoonAlimohammadi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @mateoflorido! Something that I wonder is that do we have a retry mechanism on the single machine certs refresh reconciler? If that's the case, then you might need to consider the problem that we already have with the in-place upgrade reconcilers.
In short, currently the single machine in-place upgrade reconciler retries by removing the status annotation on a machine without removing the upgrade instructions, which in a sense reverts everything back to a state that looks like a fresh upgrade command has been triggered. This can cause some confusions on the higher level which is the MachineDeploymentReconciler.
There are workarounds for that tho, and I'm currently going for the one that I consider the best (adding a new annotation).

berkayoz
berkayoz approved these changes Oct 4, 2024
View reviewed changes
Copy link
Member

@berkayoz berkayoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, great work left a small comment.

docs/proposals/004-orchestration-refresh-certs.md Outdated Show resolved Hide resolved
bschimke95
bschimke95 reviewed Oct 4, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, great proposal @mateoflorido

@mateoflorido
Copy link
Member Author

Thanks a lot @mateoflorido! Something that I wonder is that do we have a retry mechanism on the single machine certs refresh reconciler? If that's the case, then you might need to consider the problem that we already have with the in-place upgrade reconcilers. In short, currently the single machine in-place upgrade reconciler retries by removing the status annotation on a machine without removing the upgrade instructions, which in a sense reverts everything back to a state that looks like a fresh upgrade command has been triggered. This can cause some confusions on the higher level which is the MachineDeploymentReconciler. There are workarounds for that tho, and I'm currently going for the one that I consider the best (adding a new annotation).

Great, we should consider this approach when we implement the proposal. Thanks, @HomayoonAlimohammadi!

bschimke95
bschimke95 approved these changes Oct 8, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's change to accepted and merge the proposal.

mateoflorido and others added 2 commits October 9, 2024 13:03
@bschimke95 bschimke95 force-pushed the KU-1603/orchestration-refresh-certs branch from 219667f to 06e7150 Compare October 9, 2024 11:03
@bschimke95 bschimke95 force-pushed the KU-1603/orchestration-refresh-certs branch from 06e7150 to 3a13903 Compare October 9, 2024 11:04
@bschimke95 bschimke95 merged commit 759220a into main Oct 9, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bschimke95 bschimke95 bschimke95 approved these changes

@HomayoonAlimohammadi HomayoonAlimohammadi HomayoonAlimohammadi approved these changes

@berkayoz berkayoz berkayoz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mateoflorido @berkayoz @HomayoonAlimohammadi @bschimke95