pod_bounce_directive.proto

Package : certificates.mesh.gloo.solo.io

Top

pod_bounce_directive.proto

Table of Contents

PodBounceDirectiveSpec

When certificates are issued, pods may need to be bounced (restarted) to ensure they pick up the new certificates. If so, the certificate Issuer will create a PodBounceDirective containing the namespaces and labels of the pods that need to be bounced in order to pick up the new certs.

Field Type Label Description
podsToBounce []certificates.mesh.gloo.solo.io.PodBounceDirectiveSpec.PodSelector repeated A list of k8s pods to bounce (delete and cause a restart) when the certificate is issued. This will include the control plane pods as well as any pods which share a data plane with the target mesh.

PodBounceDirectiveSpec.PodSelector

Pods that will be restarted.

Field Type Label Description
namespace string The namespace in which the pods live.
labels []certificates.mesh.gloo.solo.io.PodBounceDirectiveSpec.PodSelector.LabelsEntry repeated Any labels shared by the pods.
waitForReplicas uint32 Wait for this number of replacement pods to reach be fully Ready before deleting the next set of selected pods. This is used to ensure the control plane pods are allowed to restart before sidecars and gateways are restarted.
rootCertSync certificates.mesh.gloo.solo.io.PodBounceDirectiveSpec.PodSelector.RootCertSync Wait for the control plane to have synced all root cert configmaps in data plane namespaces before bouncing these pods.

PodBounceDirectiveSpec.PodSelector.LabelsEntry

Field Type Label Description
key string
value string

PodBounceDirectiveSpec.PodSelector.RootCertSync

RootCertSync describes values in a secret and configmap which must be equal in order for a pod to be bounced.

Field Type Label Description
secretRef core.skv2.solo.io.ObjectRef
secretKey string
configMapRef core.skv2.solo.io.ObjectRef
configMapKey string

PodBounceDirectiveStatus

PodBounceDirectiveStatus reports the status for stateful pod bounces (when bouncing pods requires waiting for readiness)

Field Type Label Description
podsBounced []certificates.mesh.gloo.solo.io.PodBounceDirectiveStatus.BouncedPodSet repeated A list of k8s pods to bounce (delete and cause a restart) when the certificate is issued. This will include the control plane pods as well as any pods which share a data plane with the target mesh.

PodBounceDirectiveStatus.BouncedPodSet

A set of Pods that were restarted.

Field Type Label Description
bouncedPods []string repeated The names of the pods that were bounced for the corresponding selector.