feat: add reboot-signal

Signed-off-by: Christian Kotzbauer <[email protected]>

charts/kured/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.13.2"
 description: A Helm chart for kured
 name: kured
-version: 5.2.0
+version: 5.3.0
 home: https://github.com/kubereboot/kured
 maintainers:
   - name: ckotzbauer

charts/kured/README.md

@@ -101,6 +101,8 @@ The following changes have been made compared to the stable chart:
 | `configuration.rebootSentinelCommand`   | cli-parameter `--reboot-sentinel-command`                                   | `""`                      |
 | `configuration.rebootCommand`           | cli-parameter `--reboot-command`                                            | `""`                      |
 | `configuration.rebootDelay`             | cli-parameter `--reboot-delay`                                              | `""`                      |
+| `configuration.rebootMethod`            | cli-parameter `--reboot-method`                                             | `""`                      |
+| `configuration.rebootSignal`            | cli-parameter `--reboot-signal`                                             | `39`  (SIGRTMIN+5)        |
 | `configuration.slackChannel`            | cli-parameter `--slack-channel`. Passed through `tpl`                       | `""`                      |
 | `configuration.slackHookUrl`            | cli-parameter `--slack-hook-url`. Passed through `tpl`                      | `""`                      |
 | `configuration.slackUsername`           | cli-parameter `--slack-username`. Passed through `tpl`                      | `""`                      |

charts/kured/templates/daemonset.yaml

@@ -133,6 +133,12 @@ spec:
           {{- if .Values.configuration.rebootDelay }}
             - --reboot-delay={{ .Values.configuration.rebootDelay }}
           {{- end }}
+          {{- if .Values.configuration.rebootMethod }}
+            - --reboot-method={{ .Values.configuration.rebootMethod }}
+          {{- end }}
+          {{- if .Values.configuration.rebootSignal }}
+            - --reboot-signal={{ .Values.configuration.rebootSignal }}
+          {{- end }}
           {{- if .Values.configuration.slackChannel }}
             - --slack-channel={{ tpl .Values.configuration.slackChannel . }}
           {{- end }}

charts/kured/values.yaml

@@ -11,6 +11,8 @@ updateStrategy: RollingUpdate
 maxUnavailable: 1
 
 podAnnotations: {}
+# container.apparmor.security.beta.kubernetes.io/kured: unconfined
+
 dsAnnotations: {}
 
 extraArgs: {}
@@ -47,6 +49,8 @@ configuration:
   rebootSentinelCommand: ""     # command for which a successful run signals need to reboot (default ""). If non-empty, sentinel file will be ignored.
   rebootCommand: "/bin/systemctl reboot"  # command to run when a reboot is required by the sentinel
   rebootDelay: ""               # add a delay after drain finishes but before the reboot command is issued
+  rebootMethod: ""              # method to use for reboots (default command), available: command, signal
+  rebootSignal: ""              # signal to use for reboots (default 39 = SIGRTMIN+5).
   slackChannel: ""              # slack channel for reboot notifications
   slackHookUrl: ""              # slack hook URL for reboot notifications
   slackUsername: ""             # slack username for reboot notifications (default "kured")
@@ -79,6 +83,17 @@ containerSecurityContext:
   readOnlyRootFilesystem: true
 #  allowPrivilegeEscalation: true # Needed when using defaultAllowPrivilegedEscalation: false in psp
 
+# Use the following security-context when "configuration.rebootMethod=signal and useRebootSentinelHostPath=true"
+# containerSecurityContext:
+#   privileged: false
+#   readOnlyRootFilesystem: true
+#   allowPrivilegeEscalation: false
+#   capabilities:
+#     add:
+#     - CAP_KILL
+#     drop:
+#     - '*'
+
 resources: {}
 
 hostNetwork: false