I don't seem to find any documentation mentioning if there would be any downtime when a gke cluster is edited to activate workload identity.
I would like to know if there is any downtime
- while enabling it in an existing cluster
- while enabling it in an existing node pool
Tried reaching out to gcp team through feedback link, but they suggested to reach to stackexchange
We went ahead and tried this out
Enabling workload-identity at the cluster level has downtime to the control plane (no editing of the cluster possible; but existing workloads are unaffected)
Enabling workload-identity at the node-pool level recreates nodes (gke automatically cordons and recreates nodes