Extend korifi diff CF docs with container lifecycle

As discussed in #2913 there is a difference in the Korifi gehaviour during a rolling udpate compared to CF on VMs. That is why, I think that it makes sense to document this at the moment.
cloudfoundry · Oct 10, 2023 · c79b20d · c79b20d
1 parent 8a55c8c
commit c79b20d
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/docs/known-differences-with-cf-for-vms.md b/docs/known-differences-with-cf-for-vms.md
@@ -5,11 +5,16 @@
 ## Roles and Permissions for Orgs
 
 ### Org Manager
-When interacting directly through `kubectl` a CF managed [cf_org_manager](https://github.com/cloudfoundry/korifi/blob/main/controllers/config/cf_roles/cf_org_manager.yaml) users get elevated permissions to view and list all orgs. But when listed through 
-the API shim, we filter the org list to show only the orgs the user has a role-binding in. 
+When interacting directly through `kubectl` a CF managed [cf_org_manager](https://github.com/cloudfoundry/korifi/blob/main/controllers/config/cf_roles/cf_org_manager.yaml) users get elevated permissions to view and list all orgs. But when listed through
+the API shim, we filter the org list to show only the orgs the user has a role-binding in.
 
 ## Roles and Permissions for Spaces
 
 ### Org User
 When interacting directly through `kubectl`, users with CF managed [cf_org_user](https://github.com/cloudfoundry/korifi/blob/main/controllers/config/cf_roles/cf_org_user.yaml) roles will have permissions to view and list all orgs and all spaces. But when listed through
-the API shim, the user would only be able to list and view spaces which have role-binding corresponding to the user. 
+the API shim, the user would only be able to list and view spaces which have role-binding corresponding to the user.
+
+## Container Lifecycle
+
+### Rolling Updates
+In Kofiri `--strategy=rolling` is implemented using k8S rolling update capabilities of the scheduler. At the moment korifi uses statefulsets to run the app workloads. Rolling update for statefulsets stops the old instance before starting the new one, for ordering reasons. If the app has only one instance the udpate will cause a downtime. Apps with more than one instance won't experience any downtime, but they will have one instance less up and running during the update.