Look into the matrix of supported Kubernetes releases - can we stop updating "secrets-versions" label forcing the pod restart on secret changes (or some of the secret changes), as the pod is able to auto-reload in all support ed Kubernetes versions?
E.g. kube-controller-manager and its kubeconfig.
If we can, that would minimize controlplane disruption around certificate renewal process.
Look into the matrix of supported Kubernetes releases - can we stop updating "secrets-versions" label forcing the pod restart on secret changes (or some of the secret changes), as the pod is able to auto-reload in all support ed Kubernetes versions?
E.g. kube-controller-manager and its kubeconfig.
If we can, that would minimize controlplane disruption around certificate renewal process.