From 15b0f75466abd62aa8aafbcea2426f011732fa92 Mon Sep 17 00:00:00 2001 From: Andreas Burger Date: Wed, 15 Jan 2025 15:12:05 +0100 Subject: [PATCH 1/3] Update doc with respect to update behaviour --- docs/operations/operations.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/operations/operations.md b/docs/operations/operations.md index 436a5f1d9..9ae8a4132 100644 --- a/docs/operations/operations.md +++ b/docs/operations/operations.md @@ -226,3 +226,13 @@ One of the benefits of having managed service principals is that the operator co After the service principal secret has been rotated and the corresponding secret is updated, all Shoot clusters using it need to be reconciled or the last operation to be retried. +### Worker Configuration Update Strategy + +Changes to the `Shoot` worker-pools are applied in-place where possible. In case this is not possible a rolling update of the workers will be performed to apply the new configuration, as outlined in [the Gardener documentation](https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/shoot_updates.md#in-place-vs-rolling-updates). The exact fields that trigger this behaviour depend on whether the feature gate `NewWorkerPoolHash` is enabled. If it is not enabled, the fields mentioned in the [Gardener doc](https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/shoot_updates.md#rolling-update-triggers) are used, with a few additions: + +- `.spec.provider.workers[].dataVolumes[].size` and `.spec.provider.workers[].dataVolumes[].type` (only the affected worker pool) +- `.spec.provider.infrastructureConfig.identity` + +If the feature gate _is_ enabled, instead of the complete provider config only the fields explicitly mentioned above are used, with the addition of + +- `.spec.provider.workers[].providerConfig.diagnosticsProfile` From d4cf9015055e1f2e81e4126f3796cb67136ddbac Mon Sep 17 00:00:00 2001 From: Andreas Burger Date: Fri, 17 Jan 2025 16:36:01 +0100 Subject: [PATCH 2/3] address initial (offline) comments --- docs/operations/operations.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/operations/operations.md b/docs/operations/operations.md index 9ae8a4132..71065fd5e 100644 --- a/docs/operations/operations.md +++ b/docs/operations/operations.md @@ -226,12 +226,12 @@ One of the benefits of having managed service principals is that the operator co After the service principal secret has been rotated and the corresponding secret is updated, all Shoot clusters using it need to be reconciled or the last operation to be retried. -### Worker Configuration Update Strategy +### In-place vs Rolling-updates of Shoot Workers Changes to the `Shoot` worker-pools are applied in-place where possible. In case this is not possible a rolling update of the workers will be performed to apply the new configuration, as outlined in [the Gardener documentation](https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/shoot_updates.md#in-place-vs-rolling-updates). The exact fields that trigger this behaviour depend on whether the feature gate `NewWorkerPoolHash` is enabled. If it is not enabled, the fields mentioned in the [Gardener doc](https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/shoot_updates.md#rolling-update-triggers) are used, with a few additions: -- `.spec.provider.workers[].dataVolumes[].size` and `.spec.provider.workers[].dataVolumes[].type` (only the affected worker pool) - `.spec.provider.infrastructureConfig.identity` +- `.spec.provider.workers[].dataVolumes[].size` and `.spec.provider.workers[].dataVolumes[].type` (only the affected worker pool) If the feature gate _is_ enabled, instead of the complete provider config only the fields explicitly mentioned above are used, with the addition of From dfcbe513ef033870971843ff6f14febdbeb3e33a Mon Sep 17 00:00:00 2001 From: Andreas Burger Date: Fri, 17 Jan 2025 16:41:44 +0100 Subject: [PATCH 3/3] address comment --- docs/operations/operations.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/operations/operations.md b/docs/operations/operations.md index 71065fd5e..2c934e28d 100644 --- a/docs/operations/operations.md +++ b/docs/operations/operations.md @@ -226,12 +226,13 @@ One of the benefits of having managed service principals is that the operator co After the service principal secret has been rotated and the corresponding secret is updated, all Shoot clusters using it need to be reconciled or the last operation to be retried. -### In-place vs Rolling-updates of Shoot Workers +### Rolling Update Triggers Changes to the `Shoot` worker-pools are applied in-place where possible. In case this is not possible a rolling update of the workers will be performed to apply the new configuration, as outlined in [the Gardener documentation](https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/shoot_updates.md#in-place-vs-rolling-updates). The exact fields that trigger this behaviour depend on whether the feature gate `NewWorkerPoolHash` is enabled. If it is not enabled, the fields mentioned in the [Gardener doc](https://github.com/gardener/gardener/blob/master/docs/usage/shoot-operations/shoot_updates.md#rolling-update-triggers) are used, with a few additions: - `.spec.provider.infrastructureConfig.identity` -- `.spec.provider.workers[].dataVolumes[].size` and `.spec.provider.workers[].dataVolumes[].type` (only the affected worker pool) +- `.spec.provider.workers[].dataVolumes[].size` (only the affected worker pool) +- `.spec.provider.workers[].dataVolumes[].type` (only the affected worker pool) If the feature gate _is_ enabled, instead of the complete provider config only the fields explicitly mentioned above are used, with the addition of