Navigation :

pod_bounce_directive.proto

Package : internal.gloo.solo.io

Top

pod_bounce_directive.proto

Table of Contents

PodBounceDirectiveSpec

When certificates are issued, Istio-controlled pods need to be bounced (restarted) to ensure they pick up the new certificates due to this issue. The certificate issuer will create a PodBounceDirective containing the namespaces and labels of the pods that need to be bounced in order to pick up the new certs.

Field Type Label Description
podsToBounce []internal.gloo.solo.io.PodBounceDirectiveSpec.PodSelector repeated A list of Kubernetes pods to bounce (delete and cause a restart) when the certificate is issued. This will include the control plane pods as well as any Pods which share a data plane with the target mesh.
meshRef core.skv2.solo.io.ObjectRef Reference to the mesh on which this cert is being issued for

PodBounceDirectiveSpec.PodSelector

pods that will be restarted.

Field Type Label Description
namespace string The namespace in which the pods live.
labels []internal.gloo.solo.io.PodBounceDirectiveSpec.PodSelector.LabelsEntry repeated Any labels shared by the Pods.
waitForReplicas uint32 Wait for this number of replacement pods to reach be fully ready before deleting the next set of selected Pods. This is used to ensure the control plane pods are allowed to restart before sidecars and gateways are restarted.
rootCertSync internal.gloo.solo.io.PodBounceDirectiveSpec.PodSelector.RootCertSync Wait for the control plane to have synced all root cert configmaps in data plane namespaces before bouncing these Pods.

PodBounceDirectiveSpec.PodSelector.LabelsEntry

Field Type Label Description
key string
value string

PodBounceDirectiveSpec.PodSelector.RootCertSync

RootCertSync describes values in a secret and configmap which must be equal in order for a Pod to be bounced.

Field Type Label Description
secretRef core.skv2.solo.io.ObjectRef
secretKey string
configMapRef core.skv2.solo.io.ObjectRef
configMapKey string

PodBounceDirectiveStatus

PodBounceDirectiveStatus reports the status for stateful Pod bounces (when bouncing pods requires waiting for readiness).

Field Type Label Description
observedGeneration int64 The most recent generation observed in the the PodBounceDirective metadata. If the observedGeneration does not match metadata.generation, the Gloo Mesh agent has not processed the most recent version of this IssuedCertificate.
state internal.gloo.solo.io.PodBounceDirectiveStatus.State The current state of the IssuedCertificate workflow, reported by the agent.
error string
podsBounced []internal.gloo.solo.io.PodBounceDirectiveStatus.BouncedPodSet repeated A list of Kubernetes pods to bounce (delete and cause a restart) when the certificate is issued. This will include the control plane pods as well as any Pods which share a data plane with the target mesh.

PodBounceDirectiveStatus.BouncedPodSet

A set of pods that were restarted.

Field Type Label Description
bouncedPods []string repeated The names of the pods that were bounced for the corresponding selector specified in PodBounceDirectiveSpec.PodSelector.labels.

PodBounceDirectiveStatus.State

Possible states in which an PodBounceDirective can exist.

Name Number Description
PENDING 0 The PodBounceDirective has yet to be picked up by the agent.
BOUNCING_PODS 1 The agent has decided on which pods to bounce, and it's working on it.
FAILED 3 Processing the pod bounce directive workflow failed.
FINISHED 4 Successfully bounced all pods