-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Cluster-wide Certificates Refresh #60
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot @mateoflorido! Something that I wonder is that do we have a retry mechanism on the single machine certs refresh reconciler? If that's the case, then you might need to consider the problem that we already have with the in-place upgrade reconcilers.
In short, currently the single machine in-place upgrade reconciler retries by removing the status
annotation on a machine without removing the upgrade instructions, which in a sense reverts everything back to a state that looks like a fresh upgrade command has been triggered. This can cause some confusions on the higher level which is the MachineDeploymentReconciler
.
There are workarounds for that tho, and I'm currently going for the one that I consider the best (adding a new annotation).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, great work left a small comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, great proposal @mateoflorido
Great, we should consider this approach when we implement the proposal. Thanks, @HomayoonAlimohammadi! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's change to accepted and merge the proposal.
Co-authored-by: Berkay Tekin Öz <berkay.tekinoz@canonical.com>
219667f
to
06e7150
Compare
06e7150
to
3a13903
Compare
Overview
Add a proposal for implementing a cluster-wide certificates refresh in the Canonical Kubernetes providers