Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly reconcile firewall deployment in maintenance time window. #397

Merged
merged 18 commits into from
May 29, 2024
Merged

Explicitly reconcile firewall deployment in maintenance time window. #397

merged 18 commits into from
May 29, 2024

Conversation

Gerrit91
Copy link
Contributor

@Gerrit91 Gerrit91 commented Mar 26, 2024
edited
Loading

@majst01
Copy link
Contributor

majst01 commented May 3, 2024

needs rebase

majst01
majst01 reviewed May 28, 2024
View reviewed changes
pkg/controller/infrastructure/actuator_reconcile.go
if !gardener.EffectiveShootMaintenanceTimeWindow(cluster.Shoot).Contains(time.Now()) {
// note that this prevents updating the firewall image even when annotating the shoot explicitly with the maintainenance annotation
// if a user wants to update the firewall immediately he needs to specify the new firewall image in the spec
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might not work in all cases, e.g. if the image is already at the latest version. Therefore i propose to skip this check if the reconcile annotation is present. WDYT ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately the controller never sees a reconcile or maintenance annotation in these resources. If we remove this check it will update the firewall potentially outside the maintenance time window when changing something in the infrastructure config (e.g. when adding an egress rule or something like that).

So if a user wants like to immediately update outside the maintenance time window with a shorthand image, he needs to change to a specific firewall image instead.

@Gerrit91 Gerrit91 marked this pull request as ready for review May 29, 2024 13:22
@Gerrit91 Gerrit91 requested a review from a team as a code owner May 29, 2024 13:22
@Gerrit91 Gerrit91 merged commit 171b7e6 into master May 29, 2024
2 checks passed
@Gerrit91 Gerrit91 deleted the reconcile-firewall-deployment-in-maintenance branch May 29, 2024 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@majst01 majst01 majst01 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Gerrit91 @majst01