Reconciliation strategy

Stay organized with collections Save and categorize content based on your preferences.

With declarative configuration, you define the desired state of the system. The system then works constantly to remain as close as possible to this state. See Declarative management of Kubernetes objects using configuration files for more information.

With Config Connector, you can create and update resources in any order, regardless of dependency relationships. GKE moves your declared configuration towards eventual consistency with the desired state.

For example, if you create a PubSubSubscription before the corresponding PubSubTopic, Config Connector waits until the topic is created before creating the associated subscription.

The duration your Config Connector installation remains inconsistent depends on the number and types of resources it manages. Changes to a GKE cluster are typically executed in seconds. However, the time to create Google Cloud resources can vary based on the type of resource. For example, a single PubSubTopic takes seconds to create. Google Cloud resources do not reach consistency until they are created. For example, when creating an SQLInstance and an SQLDatabase, the system is inconsistent for a period of minutes while the database is created.

GKE and Config Connector reconcile each resource with every update or after a jitter period with an average of 10 minutes. When there is an error in reconciling, Config Connector retries with exponential backoff where maximum backoff is two minutes. You can view any errors in the Events of a given resource.

Mutable but unreadable fields are actuated on change only

Some APIs expose fields that are not readable, but are mutable (for example, the password for a SQL user). Due to the inability to see if these fields have been modified, mutable but unreadable fields are updated only when the custom resource is modified.

Resources are not recreated when modifying immutable fields

Some fields in a resource are immutable, and can't be reconciled without deleting, then re-creating the target resource.

In these situations, Config Connector emits an "UpdatedFailed" Kubernetes event for the resource rather than perform this re-creation. You must then delete and re-create the resource.

Example event:

Warning  UpdateFailed  37m (x643 over 15d)    computeinstance-controller  Update call failed: the desired mutation for the following field(s) is invalid: [bootDisk.0.InitializeParams.0.Image networkInterface.0.NetworkIp]