ETSI NFV-SOL CNF Update with Mgmt Driver

This document describes how to update CNF with Mgmt Driver in Tacker v2 API.

Note

The content of this document has been confirmed to work using the following VNF Packages.

Overview

The diagram below shows an overview of the CNF updating.

  1. Request update VNF

    A user requests tacker-server to update a CNF with tacker-client by requesting update VNF as a Modify VNF information operation.

  2. Call Kubernetes API

    Upon receiving a request from tacker-client, tacker-server redirects it to tacker-conductor. In tacker-conductor, the request is redirected again to the matching Mgmt Driver (in this case the Mgmt Driver of container update) according to the contents of the VNFD in the VNF Package. Then, Mgmt Driver calls Kubernetes APIs.

  3. Update resources

    Kubernetes Master update resources according to the API calls.

../../../../_images/update_with_mgmt_driver.svg

Mgmt Driver Introduction

Mgmt Driver enables Users to configure their VNF before and/or after its VNF Lifecycle Management operation. Users can customize the logic of Mgmt Driver by implementing their own Mgmt Driver and these customizations are specified by “interface” definition in NFV-SOL001 v2.6.1.

The Mgmt Driver in this user guide supports updating CNF with modify_information_start and modify_information_end operation.

Use Cases

In this user guide, the provided sample VNF Packages will be instantiated and then updated. The sample Mgmt Driver will update resources on Kubernetes during update. Update the ConfigMap and Secret, and also update the image in the Pod, Deployment, DaemonSet and ReplicaSet, and other resources will not change.

Prerequisites

The following packages should be installed:

  • tacker

  • python-tackerclient

And you need to put the Mgmt Driver file in the Scripts directory of the VNF Package.

Note

You can find sample Mgmt Driver file in the following path. tacker/sol_refactored/mgmt_drivers/container_update_mgmt_v2.py

You can also refer to ETSI NFV-SOL CNF (Containerized VNF) Deployment for the procedure of preparation from “Prepare Kubernetes VIM” to “Instantiate VNF”.

How to Instantiate VNF for Updating

You can use the sample VNF package below to instantiate VNF to be updated. In this document, TACKER_ROOT is the root of tacker’s repository on the server.

$ cd TACKER_ROOT/samples/tests/functional/sol_kubernetes_v2/test_cnf_container_update_before
$ vi pkggen.py
...
vim_id = "your k8s vim's id" (modify this value to your own vim Id)
...
$ python3 pkggen.py
$ ll
...
drwxr-xr-x  5 stack stack  4096 Nov  5 23:46 contents/
-rw-r--r--  1 stack stack  1922 Nov  5 23:46 pkggen.py
-rw-rw-r--  1 stack stack 25823 Nov 20 04:30 test_cnf_container_update_before.zip
...

Note

This tool requires some Tacker modules, so you need to run it in an environment where Tacker is installed. If you have installed Tacker in python virtual environment using devstack, etc., please activate it as follows before using the tool.

$ source /opt/stack/data/venv/bin/activate
(venv) $ python3 pkggen.py

After you have done the above, you will have the sample VNF package test_cnf_container_update_before.zip.

Note

If a file exists with the same name as the zip file being generated, the tool will fail. When running the tool again to generate a zip file, please delete or rename the old zip file.

After creating a VNF package with openstack vnf package create, When the Onboarding State is CREATED, the Operational State is DISABLED, and the Usage State is NOT_IN_USE, indicate the creation is successful.

$ openstack vnf package create
+-------------------+-------------------------------------------------------------------------------------------------+
| Field             | Value                                                                                           |
+-------------------+-------------------------------------------------------------------------------------------------+
| ID                | 67e8b34a-d303-4ec1-acb0-e6a3bf6aae12                                                            |
| Links             | {                                                                                               |
|                   |     "self": {                                                                                   |
|                   |         "href": "/vnfpkgm/v1/vnf_packages/67e8b34a-d303-4ec1-acb0-e6a3bf6aae12"                 |
|                   |     },                                                                                          |
|                   |     "packageContent": {                                                                         |
|                   |         "href": "/vnfpkgm/v1/vnf_packages/67e8b34a-d303-4ec1-acb0-e6a3bf6aae12/package_content" |
|                   |     }                                                                                           |
|                   | }                                                                                               |
| Onboarding State  | CREATED                                                                                         |
| Operational State | DISABLED                                                                                        |
| Usage State       | NOT_IN_USE                                                                                      |
| User Defined Data | {}                                                                                              |
+-------------------+-------------------------------------------------------------------------------------------------+

Upload the CSAR zip file to the VNF Package by running the following command openstack vnf package upload --path <path of vnf package> <vnf package ID>.

Here is an example of uploading VNF package:

$ openstack vnf package upload --path test_cnf_container_update_before.zip 67e8b34a-d303-4ec1-acb0-e6a3bf6aae12
Upload request for VNF package 67e8b34a-d303-4ec1-acb0-e6a3bf6aae12 has been accepted.

Create VNF instance by running openstack vnflcm create <VNFD ID> --os-tacker-api-version 2.

Note

The VNFD ID could be found by openstack vnf package show <vnf package ID> command.

Here is an example of creating VNF :

$ openstack vnflcm create 97018ca2-bf29-4715-9e2b-6e432dd1f414
+-----------------------------+------------------------------------------------------------------------------------------------------------------+
| Field                       | Value                                                                                                            |
+-----------------------------+------------------------------------------------------------------------------------------------------------------+
| ID                          | dec67077-b67c-46ff-b5bf-3b8d34b4ed79                                                                             |
| Instantiation State         | NOT_INSTANTIATED                                                                                                 |
| Links                       | {                                                                                                                |
|                             |     "self": {                                                                                                    |
|                             |         "href": "http://127.0.0.1:9890/vnflcm/v2/vnf_instances/dec67077-b67c-46ff-b5bf-3b8d34b4ed79"             |
|                             |     },                                                                                                           |
|                             |     "instantiate": {                                                                                             |
|                             |         "href": "http://127.0.0.1:9890/vnflcm/v2/vnf_instances/dec67077-b67c-46ff-b5bf-3b8d34b4ed79/instantiate" |
|                             |     }                                                                                                            |
|                             | }                                                                                                                |
| VNF Configurable Properties |                                                                                                                  |
| VNF Instance Description    |                                                                                                                  |
| VNF Instance Name           |                                                                                                                  |
| VNF Product Name            | Sample VNF                                                                                                       |
| VNF Provider                | Company                                                                                                          |
| VNF Software Version        | 1.0                                                                                                              |
| VNFD ID                     | 97018ca2-bf29-4715-9e2b-6e432dd1f414                                                                             |
| VNFD Version                | 1.0                                                                                                              |
+-----------------------------+------------------------------------------------------------------------------------------------------------------+

The following example shows the yaml files that deploys the Kubernetes resources. You can see resource definition files are included as a value of lcm-kubernetes-def-files in additionalParams here.

$ cat ./instance_kubernetes.json
{
  "flavourId": "simple",
  "vimConnectionInfo": {
    "vim1": {
      "vimId": "b7e657dc-8f16-4c1c-8fa4-a7c298d6a827",
      "vimType": "ETSINFV.KUBERNETES.V_1"
    }
  },
  "additionalParams": {
    "lcm-kubernetes-def-files": [
      "Files/kubernetes/configmap_1.yaml",
      "Files/kubernetes/deployment.yaml",
      "Files/kubernetes/pod_env.yaml",
      "Files/kubernetes/pod_volume.yaml",
      "Files/kubernetes/replicaset.yaml",
      "Files/kubernetes/secret_1.yaml",
      "Files/kubernetes/configmap_3.yaml",
      "Files/kubernetes/pod_env_2.yaml",
      "Files/kubernetes/pod_volume_2.yaml",
      "Files/kubernetes/daemonset.yaml",
      "Files/kubernetes/deployment_2.yaml",
      "Files/kubernetes/secret_3.yaml"
    ]
  }
}

Instantiate VNF by running the following command openstack vnflcm instantiate <VNF instance ID> <json file> --os-tacker-api-version 2, after the command above is executed.

$ openstack vnflcm instantiate VNF_INSTANCE_ID instance_kubernetes.json --os-tacker-api-version 2
Instantiate request for VNF Instance dec67077-b67c-46ff-b5bf-3b8d34b4ed79 has been accepted.

CNF Updating Procedure

As mentioned in Prerequisites, the VNF must be instantiated before performing updating.

Next, the user can use the original vnf package as a template to make a new vnf package, in which the yaml of ConfigMap, Secret, Pod, Deployment, DaemonSet and ReplicaSet can be changed.

Note

  • The yaml of ConfigMap and Secret can be changed. The kind, namespace and name cannot be changed, but the file name and file path can be changed.

  • The yaml of Pod, Deployment, DaemonSet and ReplicaSet can also be changed, but only the image field can be changed, and no other fields can be changed.

  • No other yaml is allowed to be changed.

  • If changes other than images are made to the yaml of Pod, Deployment, DaemonSet and ReplicaSet , those will not take effect. However, if heal entire VNF at this time, the resource will be based on the new yaml during the instantiation, and all changes will take effect.

Then after creating and uploading the new vnf package, you can perform the update operation. After the update, the Mgmt Driver will restart the pod to update and recreate the deployment, DaemonSet and ReplicaSet to update.

Note

This document provides the new vnf package, the path is samples/tests/functional/sol_kubernetes_v2/test_cnf_container_update_after

Details of CLI commands are described in VNF Lifecycle Management with v2 Tacker.

How to Update CNF

Execute Update CLI command and check the status of the resources before and after updating.

This is to confirm that the resources deployed in Kubernetes are updated after update CNF. The following is an example of the entire process. The resources information before update:

  • ConfigMap

    $ kubectl get configmaps
    NAME               DATA   AGE
    cm-data            1      70s
    cm-data3           1      70s
    kube-root-ca.crt   1      14d
    
    $ kubectl describe configmaps cm-data
    Name:         cm-data
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Data
    ====
    cmKey1.txt:
    ----
    configmap data
    foo
    bar
    
    BinaryData
    ====
    
    Events:  <none>
    
    $ kubectl describe configmaps cm-data3
    Name:         cm-data3
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Data
    ====
    cmKey1.txt:
    ----
    configmap data
    foo
    bar
    
    BinaryData
    ====
    
    Events:  <none>
    
  • Secret

    $ kubectl get secrets
    NAME                   TYPE                                  DATA   AGE
    default-token-k8svim   kubernetes.io/service-account-token   3      33m
    secret-data            Opaque                                2      2m53s
    secret-data3           Opaque                                2      2m53s
    
    $ kubectl describe secrets secret-data
    Name:         secret-data
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Type:  Opaque
    
    Data
    ====
    password:     15 bytes
    secKey1.txt:  15 bytes
    
    $ kubectl describe secrets secret-data3
    Name:         secret-data3
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Type:  Opaque
    
    Data
    ====
    password:     15 bytes
    secKey1.txt:  15 bytes
    
  • Pod

    $ kubectl get pod -o wide
    NAME                                READY   STATUS    RESTARTS   AGE     IP           NODE      NOMINATED NODE   READINESS GATES
    daemonset-vdu5-jgjq9                1/1     Running   0          6m38s   10.0.0.107   vagrant   <none>           <none>
    deployment2-vdu6-86579d6868-6mbsl   1/1     Running   0          6m38s   10.0.0.79    vagrant   <none>           <none>
    env-test                            1/1     Running   0          6m38s   10.0.0.108   vagrant   <none>           <none>
    env-test2                           1/1     Running   0          6m38s   10.0.0.97    vagrant   <none>           <none>
    vdu1-update-6fcf66b5dd-nngts        1/1     Running   0          6m38s   10.0.0.116   vagrant   <none>           <none>
    vdu2-update-2wvxj                   1/1     Running   0          6m38s   10.0.0.91    vagrant   <none>           <none>
    volume-test                         1/1     Running   0          6m38s   10.0.0.74    vagrant   <none>           <none>
    volume-test2                        1/1     Running   0          6m38s   10.0.0.98    vagrant   <none>           <none>
    
    $ kubectl describe pod volume-test
    Name:             volume-test
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://f08eaee4d9fb0cdaaf9803fb97891ff61507239af1c6317464300bcc5d1f9f08
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
    Volumes:
      cm-volume:
        Type:      ConfigMap (a volume populated by a ConfigMap)
        Name:      cm-data
        Optional:  false
      sec-volume:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  secret-data
        Optional:    false
    ...
    
    $ kubectl describe pod volume-test2
    Name:             volume-test2
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://6255e5c8d0af561789919c5aa07ac90ea691b4d0a91b5f88b9c00592295e9c9b
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
    Volumes:
      cm-volume:
        Type:      ConfigMap (a volume populated by a ConfigMap)
        Name:      cm-data3
        Optional:  false
      sec-volume:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  secret-data3
        Optional:    false
    ...
    
  • Deployment

    $ kubectl get deployments.apps -o wide
    NAME               READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES   SELECTOR
    deployment2-vdu6   1/1     1            1           20m   nginx        nginx    app=webserver
    vdu1-update        1/1     1            1           20m   nginx        nginx    app=webserver
    
    $ kubectl describe pod deployment2-vdu6-86579d6868-6mbsl
    Name:             deployment2-vdu6-86579d6868-6mbsl
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://eece8b07f2b66760bdc57e7a3fbc073938d73b37e62401d394d058e4273cdd90
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
        Environment Variables from:
          cm-data3      ConfigMap with prefix 'CM_'  Optional: false
          secret-data3  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data3'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data3'>    Optional: false
    ...
    
    $ kubectl describe pod vdu1-update-6fcf66b5dd-nngts
    Name:             vdu1-update-6fcf66b5dd-nngts
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://55db77c8612cbddc6041431a9fd1c065cd5251253b07e86288107043e84d9dab
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
        Environment Variables from:
          cm-data      ConfigMap with prefix 'CM_'  Optional: false
          secret-data  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data'>    Optional: false
    ...
    
  • DaemonSet

    $ kubectl get daemonset -o wide
    NAME             DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE   CONTAINERS   IMAGES   SELECTOR
    daemonset-vdu5   1         1         1       1            1           <none>          27m   nginx        nginx    app=nginx
    
    $ kubectl describe pod daemonset-vdu5-jgjq9
    Name:             daemonset-vdu5-jgjq9
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://0d99ecf321d715aded2ec2834f2fecc57dbb7c6eb8e7f710f193df5a0844d846
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
        Environment Variables from:
          cm-data      ConfigMap with prefix 'CM_'  Optional: false
          secret-data  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data'>    Optional: false
    ...
    
  • ReplicaSet

    $ kubectl get replicaset -o wide
    NAME                          DESIRED   CURRENT   READY   AGE   CONTAINERS   IMAGES   SELECTOR
    deployment2-vdu6-86579d6868   1         1         1       32m   nginx        nginx    app=webserver,pod-template-hash=86579d6868
    vdu1-update-6fcf66b5dd        1         1         1       32m   nginx        nginx    app=webserver,pod-template-hash=6fcf66b5dd
    vdu2-update                   1         1         1       32m   nginx        nginx    app=webserver
    
    $ kubectl describe pod vdu2-update-2wvxj
    Name:             vdu2-update-2wvxj
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://8e24081e5e325302f1e4403bf76756b90f848a9c712e53d99f547ba6265d7ed6
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
    Volumes:
      cm-volume:
        Type:      ConfigMap (a volume populated by a ConfigMap)
        Name:      cm-data
        Optional:  false
      sec-volume:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  secret-data
        Optional:    false
    ...
    

Update CNF can be executed by the following CLI command.

$ openstack vnflcm update VNF_INSTANCE_ID --I sample_param_file.json \
  --os-tacker-api-version 2

The content of the sample sample_param_file.json in this document is as follows:

{
  "vnfdId": "58bcc1c6-1400-46ec-b7fb-e508bf7e00e9",
  "vnfInstanceName": "modify_vnf_after",
  "metadata": {
    "configmap_secret_paths": [
      "Files/kubernetes/configmap_2.yaml",
      "Files/kubernetes/secret_2.yaml"
    ]
  }
}

Note

If you want to update ConfigMap and Secret, not only need to update their yaml, but also need to specify the updated yaml file path in the metadata field of the request input parameter.

Here is an example of updating CNF:

$ openstack vnflcm update dec67077-b67c-46ff-b5bf-3b8d34b4ed79 --I sample_param_file.json
  Update vnf:dec67077-b67c-46ff-b5bf-3b8d34b4ed79

The resources information after update:

  • ConfigMap

    $ kubectl describe configmaps cm-data
    Name:         cm-data
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Data
    ====
    cmKey1.txt:
    ----
    configmap2 data2
    foo2
    bar2
    
    BinaryData
    ====
    
    Events:  <none>
    
    $ kubectl describe configmaps cm-data3
    Name:         cm-data3
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Data
    ====
    cmKey1.txt:
    ----
    configmap data
    foo
    bar
    
    BinaryData
    ====
    
    Events:  <none>
    
  • Secret

    $ kubectl describe secrets secret-data
    Name:         secret-data
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Type:  Opaque
    
    Data
    ====
    password:     16 bytes
    secKey1.txt:  18 bytes
    
    $ kubectl describe secret secret-data3
    Name:         secret-data3
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    
    Type:  Opaque
    
    Data
    ====
    secKey1.txt:  15 bytes
    password:     15 bytes
    
  • Pod

    $ kubectl get pod -o wide
    NAME                                READY   STATUS    RESTARTS        AGE     IP           NODE      NOMINATED NODE   READINESS GATES
    daemonset-vdu5-whd4s                1/1     Running   0               9m49s   10.0.0.76    vagrant   <none>           <none>
    deployment2-vdu6-86579d6868-6mbsl   1/1     Running   0               104m    10.0.0.79    vagrant   <none>           <none>
    env-test                            1/1     Running   1 (9m52s ago)   104m    10.0.0.108   vagrant   <none>           <none>
    env-test2                           1/1     Running   0               104m    10.0.0.97    vagrant   <none>           <none>
    vdu1-update-5d87858fc6-tfgts        1/1     Running   0               9m52s   10.0.0.71    vagrant   <none>           <none>
    vdu2-update-tk7qp                   1/1     Running   0               9m52s   10.0.0.91    vagrant   <none>           <none>
    volume-test                         1/1     Running   1 (9m52s ago)   104m    10.0.0.74    vagrant   <none>           <none>
    volume-test2                        1/1     Running   0               104m    10.0.0.98    vagrant   <none>           <none>
    
    $ kubectl describe pod env-test
    Name:             env-test
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://143924c0a3869402db7e07950cf66c6360a4298a8b575e9ea3c35cf77d48854d
        Image:          tomcat
        Image ID:       docker.io/library/tomcat@sha256:857b168692495ee6ff0d6ee89b5b479555c74401bc3c219c88644b9181f03dd5
    ...
        Environment Variables from:
          cm-data      ConfigMap with prefix 'CM_'  Optional: false
          secret-data  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data'>    Optional: false
    ...
    
    $ kubectl describe pod env-test2
    Name:             env-test2
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://1ebf1f8fccfd821f55a0918657735758173ea83037edd84bf651e660afd16f82
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
        Environment Variables from:
          cm-data3      ConfigMap with prefix 'CM_'  Optional: false
          secret-data3  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data3'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data3'>    Optional: false
    ...
    
    $ kubectl describe pod volume-test
    Name:             volume-test
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://e46b41347ddc29dbd7afee3dda324a1ac26383ab1f805635dd64895328bbe5a1
        Image:          cirros
        Image ID:       docker.io/library/cirros@sha256:a40a2b0a21536db691c8e7e055dbb92c81ad15392048abbde32fc5698e07f831
    ...
    Volumes:
      cm-volume:
        Type:      ConfigMap (a volume populated by a ConfigMap)
        Name:      cm-data
        Optional:  false
      sec-volume:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  secret-data
        Optional:    false
    ...
    
    $ kubectl describe pod volume-test2
    Name:             volume-test2
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://6255e5c8d0af561789919c5aa07ac90ea691b4d0a91b5f88b9c00592295e9c9b
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
    Volumes:
      cm-volume:
        Type:      ConfigMap (a volume populated by a ConfigMap)
        Name:      cm-data3
        Optional:  false
      sec-volume:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  secret-data3
        Optional:    false
    ...
    
  • Deployment

    $ kubectl get deployments -o wide
    NAME               READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS   IMAGES   SELECTOR
    deployment2-vdu6   1/1     1            1           114m   nginx        nginx    app=webserver
    vdu1-update        1/1     1            1           114m   nginx        cirros   app=webserver
    
    $ kubectl describe pod deployment2-vdu6-86579d6868-6mbsl
    Name:             deployment2-vdu6-86579d6868-6mbsl
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://eece8b07f2b66760bdc57e7a3fbc073938d73b37e62401d394d058e4273cdd90
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
        Environment Variables from:
          cm-data3      ConfigMap with prefix 'CM_'  Optional: false
          secret-data3  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data3'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data3'>    Optional: false   Optional: false
    ...
    
    $ kubectl describe pod vdu1-update-5d87858fc6-tfgts
    Name:             vdu1-update-5d87858fc6-tfgts
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://12e4ada36be199c46971f4e41c4afc82d7cedd77c5120a8a0b751a43a884a307
        Image:          cirros
        Image ID:       docker.io/library/cirros@sha256:a40a2b0a21536db691c8e7e055dbb92c81ad15392048abbde32fc5698e07f831
    ...
        Environment Variables from:
          cm-data      ConfigMap with prefix 'CM_'  Optional: false
          secret-data  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data'>    Optional: false
    ...
    
  • DaemonSet

    $ kubectl get daemonset -o wide
    NAME             DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE    CONTAINERS   IMAGES   SELECTOR
    daemonset-vdu5   1         1         1       1            1           <none>          126m   nginx        cirros   app=nginx
    
    $ kubectl describe pod daemonset-vdu5-whd4s
    Name:             daemonset-vdu5-whd4s
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://f291342b342ad106410b99212f4e934730dbdf94cc2d2daf767efd7cb7305d68
        Image:          cirros
        Image ID:       docker.io/library/cirros@sha256:a40a2b0a21536db691c8e7e055dbb92c81ad15392048abbde32fc5698e07f831
    ...
        Environment Variables from:
          cm-data      ConfigMap with prefix 'CM_'  Optional: false
          secret-data  Secret with prefix 'SEC_'    Optional: false
        Environment:
          CMENV:   <set to the key 'cmKey1.txt' of config map 'cm-data'>  Optional: false
          SECENV:  <set to the key 'password' in secret 'secret-data'>    Optional: false
    ...
    
  • ReplicaSet

    $ kubectl get replicaset.apps -o wide
    NAME                          DESIRED   CURRENT   READY   AGE    CONTAINERS   IMAGES                SELECTOR
    deployment2-vdu6-86579d6868   1         1         1       131m   nginx        nginx                 app=webserver,pod-template-hash=86579d6868
    vdu1-update-5d87858fc6        1         1         1       37m    nginx        cirros                app=webserver,pod-template-hash=5d87858fc6
    vdu1-update-6fcf66b5dd        0         0         0       131m   nginx        nginx                 app=webserver,pod-template-hash=6fcf66b5dd
    vdu2-update                   1         1         1       131m   nginx        nginx                 app=webserver
    
    $ kubectl describe pod vdu2-update-tk7qp
    Name:             vdu2-update-tk7qp
    Namespace:        default
    ...
    Containers:
      nginx:
        Container ID:   cri-o://05f13a7b7d171e2d68bcbceefbce0537b851bd0f0f7de60fba0d9500349d6f4d
        Image:          nginx
        Image ID:       docker.io/library/nginx@sha256:86e53c4c16a6a276b204b0fd3a8143d86547c967dc8258b3d47c3a21bb68d3c6
    ...
    Volumes:
      cm-volume:
        Type:      ConfigMap (a volume populated by a ConfigMap)
        Name:      cm-data
        Optional:  false
      sec-volume:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  secret-data
        Optional:    false
    ...
    

You can see that only the Pods are restarted whose ConfigMap/Secret or images are updated. When it comes to Deployments, DaemonSets and ReplicaSets whose ConfigMap/Secret or images are updated, their pods will be deleted and recreated.