cf-gitbot
commented
3 years ago We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/176772648
The labels on this github issue will be updated when the story is started.
heycait
Is your feature request related to a problem? Please describe.
In our cf-for-k8s environment we use
kbldto point image references at an internal Harbor container registry. Since we usekappto deploy CF, during upgrades it sees these image swaps as a change to therestart-workloads-for-istioJoband this causes issues. Since theJobis supposed to be immutable, we end up seeing errors like:Describe the solution you'd like
I believe the
Jobis idempotent and that it won't roll workloads that are already using the correct version of the Istio sidecar proxy, but we should double check this (if it's not, it should be made to be).Assuming that's the case, we could potentially use the same update strategy as the ccdb-migrate job (or maybe even
always-replace) and essentially have it re-run on every deploy (see these kapp docs for more details).I think this could be useful since it will ensure that pods eventually have the correct sidecar version if something goes wrong the first time the
Jobruns (some error or potential race condition for apps pushed during the upgrade) and would work around this issue withkapp.We could also set the
ttlSecondsAfterFinishedproperty on theJobso that it removes itself sometime afterwards for cleanliness.Describe alternatives you've considered
For this specific issue you can also work around it by applying the
kapp.k14s.io/update-strategy: "skip"annotation to theJobso thatkappwon't try to update it. That's what we did in our environment with ayttoverlay, but I think there are benefits to the other strategies.Additional context
The implementation of this
Joblives here: https://github.com/cloudfoundry/cf-k8s-networking/blob/develop/ci/dockerfiles/upgrade/roll.sh#L5