The following example MachineConfiguration
objects contain a node disruption policy.
|
A MachineConfiguration object and a MachineConfig object are different objects. A MachineConfiguration object is a singleton object in the MCO namespace that contains configuration parameters for the MCO operator. A MachineConfig object defines changes that are applied to a machine config pool.
|
The following example MachineConfiguration
object shows no user defined policies. The default node disruption policy values are shown in the status
stanza.
Default node disruption policy
apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
name: cluster
spec:
logLevel: Normal
managementState: Managed
operatorLogLevel: Normal
status:
nodeDisruptionPolicyStatus:
clusterPolicies:
files:
- actions:
- type: None
path: /etc/mco/internal-registry-pull-secret.json
- actions:
- type: None
path: /var/lib/kubelet/config.json
- actions:
- reload:
serviceName: crio.service
type: Reload
path: /etc/machine-config-daemon/no-reboot/containers-gpg.pub
- actions:
- reload:
serviceName: crio.service
type: Reload
path: /etc/containers/policy.json
- actions:
- type: Special
path: /etc/containers/registries.conf
sshkey:
actions:
- type: None
readyReplicas: 0
The default node disruption policy does not contain a policy for changes to the /etc/containers/registries.conf.d
file. This is because both OKD and Fedora use the registries.conf.d
file to specify aliases for image short names. It is recommended that you always pull an image by its fully-qualified name. This is particularly important with public registries, because the image might not deploy if the public registry requires authentication. You can create a user-defined policy to use with the /etc/containers/registries.conf.d
file, if you need to use image short names.
In the following example, when changes are made to the SSH keys, the MCO drains the cluster nodes, reloads the crio.service
, reloads the systemd configuration, and restarts the crio-service
.
Example node disruption policy for an SSH key change
apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
name: cluster
# ...
spec:
nodeDisruptionPolicy:
sshkey:
actions:
- type: Drain
- reload:
serviceName: crio.service
type: Reload
- type: DaemonReload
- restart:
serviceName: crio.service
type: Restart
# ...
In the following example, when changes are made to the /etc/chrony.conf
file, the MCO restarts the chronyd.service
on the cluster nodes.
Example node disruption policy for a configuration file change
apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
name: cluster
# ...
spec:
nodeDisruptionPolicy:
files:
- actions:
- restart:
serviceName: chronyd.service
type: Restart
path: /etc/chrony.conf
In the following example, when changes are made to the auditd.service
systemd unit, the MCO drains the cluster nodes, reloads the crio.service
, reloads the systemd manager configuration, and restarts the crio.service
.
Example node disruption policy for a systemd unit change
apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
name: cluster
# ...
spec:
nodeDisruptionPolicy:
units:
- name: auditd.service
actions:
- type: Drain
- type: Reload
reload:
serviceName: crio.service
- type: DaemonReload
- type: Restart
restart:
serviceName: crio.service
In the following example, when changes are made to the registries.conf
file, such as by editing an ImageContentSourcePolicy
(ICSP) object, the MCO does not drain or reboot the nodes and applies the changes with no further action.
Example node disruption policy for a registries.conf file change
apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
name: cluster
# ...
spec:
nodeDisruptionPolicy:
files:
- actions:
- type: None
path: /etc/containers/registries.conf