Comments (7)
Rafael, I did not expect you here! :D
Thanks for clarification. We wanted to make our firewall creation idempotent. I guess it's fine for the time being if the infrastructure gets only reconciled during maintenance window. We differ a little from the other cloud providers here because we actually maintain a server in the infrastructure. Ideally, this would be managed by something like the machine-controller-manager
, such that we can also do machine upgrades. Maybe we even need a special controller to handle this properly... not sure yet.
from gardener-extension-provider-metal.
That's right. We do not ask the metal-api again after we got a machine id from the firewall create request. Would be a good thing to make this more robust.
from gardener-extension-provider-metal.
Unfortunately, the Gardener does not explicitly request infrastructure reconciliation once it succeeded. When adding the gardener.cloud/operation: "reconcile"
annotation to the infrastructure resource, the newly implemented behavior of recreating a firewall works fine...
from gardener-extension-provider-metal.
@Gerrit91 The Gardener does add the gardener.cloud/operation=reconcile
annotation to the Infrastructure
only during the maintenance time window. It's a little bit special here. For all other extension resources (like Worker
, ControlPlane
, etc), it adds the annotation in every reconciliation loop. The rational was to minimize the number of calls to the IaaS providers to prevent running into quota limits, especially if you have a lot of shoots using the same IaaS account. Hence, the idea was to run the infrastructure reconciliation only once a day - in the maintenance time window. WDYT?
from gardener-extension-provider-metal.
Btw, to trigger an immediate maintenance operation (if you don't want to wait till the time window starts) you can annotate your shoot with shoot.garden.sapcloud.io/operation=maintain
instead of shoot.garden.sapcloud.io/operation=reconcile
.
from gardener-extension-provider-metal.
We now support updating the firewall spec (image or size), which causes firewall deletion (hence downtime) and recreation.
from gardener-extension-provider-metal.
I think, we can close this for now as it has partially been resolved. Let's open another issue for "zero-downtime firewall updates" when it's time.
from gardener-extension-provider-metal.
Related Issues (20)
- firewall update fails
- Firewall ignition still uses deprecated enable instead of enabled
- MCM Secret Finalizer Patch in Migrate can probably be removed in g/g v1.36.0
- ☂️-Issue reduce container capabilities
- ☂ Adapt to new secrets manager [GEP-18] HOT 1
- Shoot migration not working anymore HOT 2
- Auditing for reversed VPN does not work anymore HOT 1
- Adapt audit log path
- firewall-controller-manager mutating and validation webhooks are not cleaned up on cluster deletion
- tailer pods violating pod security standards HOT 2
- Remove PSP Deployment if k8s >= 1.25 HOT 1
- Add Fluentd operator resources
- Override DNS and NTP on the worker from NetworkIsolation if given HOT 4
- Make DNS and NTP CWNP match exactly the DNS and NTP Servers from Cloudprofile if given HOT 1
- Remove vendor
- No health endpoint
- Allow setting storage class for prometheus and etcd-events HOT 1
- ☂️ update metallb to v0.14.x HOT 1
- Using deprecated containerd configuration
- Cilium needs new configuration options
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gardener-extension-provider-metal.