machine-controller is not restarted when cloud credentials are updated

judge-red commented 2 months ago

What happened?

When updating the cloud credentials in the Cluster resource, they're rolled out to all the correct places (cloud-config, etc.) Furthermore things like the CCM and I think the CSI are restarted. However, the machine-controller and machine-controller-webhook are not. Thus, if the old credentials don't work anymore, machines can't be added or removed anymore.

Expected behavior

Changing cloud credentials should restart the machine-controller pod.

How to reproduce the issue?

change cloud credentials
observe machine-controller and machine-controller-webhook pods not restarted
delete old credentials from cloud
observe machines can't be added or deleted anymore
restart machine-controller and machine-controller-webhook
oberseve machines can be deleted and added again

How is your environment configured?

KKP version: 2.25.8
Shared or separate master/seed clusters?: shared

Provide your KKP manifest here (if applicable)

N/A

What cloud provider are you running on?

OpenStack

What operating system are you running in your user cluster?

Ubuntu 22.04

Additional information

csengerszabo commented 2 months ago

/label sig/cluster-management

judge-red commented 1 month ago

Oops, I forgot we disabled the kubermatic-operator (replicas=0) in the environment where I tried this to work around another issue. I don't expect the operator would have anything to do with this rollout, but can't verify it right now, so please let me know if that's the case.

kubermatic / kubermatic