860002c735
Fixes #7159 The change looks big, but it's actually pretty simple inside: the static pods had an annotation which tracks a version of the secrets which forced control plane pods to reload on a change. At the same time `kube-apiserver` can reload certificate inputs automatically from files without restart. So the inputs were split: the dynamic (for kube-apiserver) inputs don't need to be reloaded, so its version is not tracked in static pod annotation, so they don't cause a reload. The previous non-dynamic resource still causes a reload, but it doesn't get updated when e.g. node addresses change. There might be many more refactoring done, the resource chain is a bit of a mess there, but I wanted to keep number of changes minimal to keep this backportable. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com> |
||
|---|---|---|
| .. | ||
| app | ||
| integration | ||
| pkg | ||