Feature Overview and Background

Changing any configuration (units, files, mirros, kube config etc) via the MCO will trigger a reboot for every node in the pool and some of those changes don't need a reboot.

Problem

Rebooting nodes on on-premise platforms during an MCO configuration rollout requires a significant amount of time (15m+, mainly in POST). A frequent configuration done through the MCO is setting up ImageSourceContentPolicy (ICSP) and under certain circumstances, it doesn't require a node reboot to be applied. Other safe examples include changes to the CRI-O configuration and/or the Kubelet and/or the pull-secret. In 4.7 we plan to focus on two particular changes, pull-secret and ICSP.

Goals / Acceptance Criteria - 4.7 phase

Avoid rebooting in the cases of adding an ICSP
Avoid rebooting in the case of a change in the pull secret
Avoid rebooting in the case of a change of ssh authorized_keys

Goals / Acceptance Criteria - 4.8 phase

Avoid workload disruption (reboot and drain) in case of api-to-kubelet CA cert rotation
Avoid workload disruption (reboot and drain) in the cases of adding an ICSP
Avoid workload disruption (reboot and drain) in the case of a change in the pull secret
Avoid workload disruption (reboot and drain) in the case of a change of ssh authorized_keys

Goals / Acceptance Criteria - unscheduled

Additional reboot scenarios

Attachments

Issue Links

is related to

MCO-108 Avoid workload disruption for GPG Public Key Rotation

Closed

Activity

People

Assignee:: Mark Russell

Reporter:: Mark Russell

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 2020/09/02 7:19 PM

Updated:: 2022/10/19 9:47 PM

Resolved:: 2021/09/08 8:39 PM