From ea09a9141f29169888e9aeeb3eb2964fa229a0f0 Mon Sep 17 00:00:00 2001 From: Rafael Franzke Date: Fri, 27 Oct 2023 11:34:53 +0200 Subject: [PATCH] Add `node-local-dns` enablement to rolling update trigger docs (#8704) * Add `node-local-dns` enablement to rolling update trigger docs * Address PR review feedback --- docs/usage/node-local-dns.md | 8 +++----- docs/usage/shoot_updates.md | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/usage/node-local-dns.md b/docs/usage/node-local-dns.md index b860fae8950..88545ade61b 100644 --- a/docs/usage/node-local-dns.md +++ b/docs/usage/node-local-dns.md @@ -39,12 +39,10 @@ spec: It is worth noting that: -- When migrating from IPVS to IPTables, existing pods will continue to leverage the node-local-dns cache. +- When migrating from IPVS to IPTables, existing pods will continue to leverage the node-local-dns cache. - When migrating from IPtables to IPVS, only newer pods will be switched to the node-local-dns cache. -- The annotation will take effect during the next shoot reconciliation. This happens automatically once per day in the maintenance period (unless you have disabled it). -- During the reconfiguration of the node-local-dns there might be a short disruption in terms of domain name resolution depending on the setup. Usually, DNS requests are repeated for some time as UDP is an unreliable protocol, but that strictly depends on the application/way the domain name resolution happens. It is recommended to let the shoot be reconciled during the next maintenance period. -- If a short DNS outage is not a big issue, you can [trigger reconciliation](./shoot_operations.md#immediate-reconciliation) directly after setting the annotation. -- Switching node-local-dns off by removing the annotation can be a rather destructive operation that will result in pods without a working DNS configuration. +- During the reconfiguration of the node-local-dns there might be a short disruption in terms of domain name resolution depending on the setup. Usually, DNS requests are repeated for some time as UDP is an unreliable protocol, but that strictly depends on the application/way the domain name resolution happens. It is recommended to let the shoot be reconciled during the next maintenance period. +- Enabling or disabling node-local-dns triggers a rollout of all shoot worker nodes, see also [this document](shoot_updates.md#rolling-update-triggers). For more information about `node-local-dns`, please refer to the [KEP](https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/1024-nodelocal-cache-dns/README.md) or to the [usage documentation](https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/). diff --git a/docs/usage/shoot_updates.md b/docs/usage/shoot_updates.md index 2ab0bb18d17..908576e2cc6 100644 --- a/docs/usage/shoot_updates.md +++ b/docs/usage/shoot_updates.md @@ -85,6 +85,7 @@ The complete list of fields that trigger a rolling update: * `.spec.provider.workers[].providerConfig` * `.spec.provider.workers[].cri.name` * `.spec.provider.workers[].kubernetes.version` (except for patch version changes) +* `.spec.systemComponents.nodeLocalDNS.enabled` * `.status.credentials.rotation.certificateAuthorities.lastInitiationTime` (changed by Gardener when a shoot CA rotation is initiated) * `.status.credentials.rotation.serviceAccountKey.lastInitiationTime` (changed by Gardener when a shoot service account signing key rotation is initiated)