Table of Contents
When certificates are issued, Istio-controlled pods need to be bounced (restarted) to ensure they pick up the new certificates due to this issue. The certificate issuer will create a PodBounceDirective containing the namespaces and labels of the pods that need to be bounced in order to pick up the new certs.
|podsToBounce||certificates.mesh.gloo.solo.io.PodBounceDirectiveSpec.PodSelector||repeated||A list of Kubernetes pods to bounce (delete and cause a restart) when the certificate is issued. This will include the control plane pods as well as any Pods which share a data plane with the target mesh.|
pods that will be restarted.
|namespace||string||The namespace in which the pods live.|
|labels||certificates.mesh.gloo.solo.io.PodBounceDirectiveSpec.PodSelector.LabelsEntry||repeated||Any labels shared by the Pods.|
|waitForReplicas||uint32||Wait for this number of replacement pods to reach be fully ready before deleting the next set of selected Pods. This is used to ensure the control plane pods are allowed to restart before sidecars and gateways are restarted.|
|rootCertSync||certificates.mesh.gloo.solo.io.PodBounceDirectiveSpec.PodSelector.RootCertSync||Wait for the control plane to have synced all root cert configmaps in data plane namespaces before bouncing these Pods.|
RootCertSync describes values in a secret and configmap which must be equal in order for a Pod to be bounced.
PodBounceDirectiveStatus reports the status for stateful Pod bounces (when bouncing pods requires waiting for readiness).
|podsBounced||certificates.mesh.gloo.solo.io.PodBounceDirectiveStatus.BouncedPodSet||repeated||A list of Kubernetes pods to bounce (delete and cause a restart) when the certificate is issued. This will include the control plane pods as well as any Pods which share a data plane with the target mesh.|
A set of pods that were restarted.
|bouncedPods||string||repeated||The names of the pods that were bounced for the corresponding selector specified in