Skip to content

Commit

Permalink
Release 1.15.0 (#68)
Browse files Browse the repository at this point in the history 
* feat: mount sentinel-location without sentinel-command

Signed-off-by: Christian Kotzbauer <[email protected]>

* fix: no readonly mount

Signed-off-by: Christian Kotzbauer <[email protected]>

* fix: mount sentinel at other folder

Signed-off-by: Christian Kotzbauer <[email protected]>

* fix: change template

Signed-off-by: Christian Kotzbauer <[email protected]>

* feat: use helm-path-helper

Signed-off-by: Christian Kotzbauer <[email protected]>

* fix: review improvements

Signed-off-by: Christian Kotzbauer <[email protected]>

* feat: add reboot-signal

Signed-off-by: Christian Kotzbauer <[email protected]>

* feat: update version

Signed-off-by: Christian Kotzbauer <[email protected]>

* fix: linting

Signed-off-by: Christian Kotzbauer <[email protected]>

---------

Signed-off-by: Christian Kotzbauer <[email protected]>
  • Loading branch information
@ckotzbauer
ckotzbauer authored Jan 17, 2024
1 parent 8549776 commit f55c5ff
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 8 deletions.
4 changes: 2 additions & 2 deletions charts/kured/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "1.14.2"
appVersion: "1.15.0"
description: A Helm chart for kured
name: kured
version: 5.3.2
version: 5.4.0
home: https://github.com/kubereboot/kured
maintainers:
- name: chopf
Expand Down
5 changes: 4 additions & 1 deletion charts/kured/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ The following changes have been made compared to the stable chart:
| Config | Description | Default |
| ------ | ----------- | ------- |
| `image.repository` | Image repository | `ghcr.io/kubereboot/kured`|
| `image.tag` | Image tag | `1.14.2` |
| `image.tag` | Image tag | `1.15.0` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `[]` |
| `revisionHistoryLimit` | Number of old history to retain to allow rollback | `10` |
Expand All @@ -83,6 +83,7 @@ The following changes have been made compared to the stable chart:
| `extraEnvVars` | Array of environment variables to pass to the daemonset. | `{}` |
| `metricsHost` | Host to expose the metrics endpoint. | `""` |
| `metricsPort` | Port to expose the metrics endpoint. | `8080` |
| `useRebootSentinelHostPath` | Controls whether the chart uses a hostPath to read the sentinel file. | `true` |
| `configuration.lockTtl` | cli-parameter `--lock-ttl` | `0` |
| `configuration.lockReleaseDelay` | cli-parameter `--lock-release-delay` | `0` |
| `configuration.alertFilterRegexp` | cli-parameter `--alert-filter-regexp` | `""` |
Expand All @@ -104,6 +105,8 @@ The following changes have been made compared to the stable chart:
| `configuration.rebootSentinelCommand` | cli-parameter `--reboot-sentinel-command` | `""` |
| `configuration.rebootCommand` | cli-parameter `--reboot-command` | `""` |
| `configuration.rebootDelay` | cli-parameter `--reboot-delay` | `""` |
| `configuration.rebootMethod` | cli-parameter `--reboot-method` | `""` |
| `configuration.rebootSignal` | cli-parameter `--reboot-signal` | `39` (SIGRTMIN+5) |
| `configuration.slackChannel` | cli-parameter `--slack-channel`. Passed through `tpl` | `""` |
| `configuration.slackHookUrl` | cli-parameter `--slack-hook-url`. Passed through `tpl` | `""` |
| `configuration.slackUsername` | cli-parameter `--slack-username`. Passed through `tpl` | `""` |
Expand Down
35 changes: 30 additions & 5 deletions charts/kured/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,13 @@ spec:
- --post-reboot-node-labels={{ . }}
{{- end }}
{{- if .Values.configuration.rebootSentinel }}
{{- if .Values.useRebootSentinelHostPath }}
- --reboot-sentinel=/sentinel/{{ base .Values.configuration.rebootSentinel }}
{{ else }}
- --reboot-sentinel={{ .Values.configuration.rebootSentinel }}
{{- end }}
{{- end }}
{{- if .Values.configuration.rebootSentinelCommand }}
{{- if and .Values.configuration.rebootSentinelCommand (not .Values.useRebootSentinelHostPath) }}
- --reboot-sentinel-command={{ .Values.configuration.rebootSentinelCommand }}
{{- end }}
{{- if .Values.configuration.rebootCommand }}
Expand All @@ -141,6 +145,12 @@ spec:
{{- if .Values.configuration.rebootDelay }}
- --reboot-delay={{ .Values.configuration.rebootDelay }}
{{- end }}
{{- if .Values.configuration.rebootMethod }}
- --reboot-method={{ .Values.configuration.rebootMethod }}
{{- end }}
{{- if .Values.configuration.rebootSignal }}
- --reboot-signal={{ .Values.configuration.rebootSignal }}
{{- end }}
{{- if .Values.configuration.slackChannel }}
- --slack-channel={{ tpl .Values.configuration.slackChannel . }}
{{- end }}
Expand Down Expand Up @@ -187,10 +197,17 @@ spec:
- --{{ $key }}
{{- end }}
{{- end }}
{{- if .Values.volumeMounts }}
{{- if or .Values.volumeMounts .Values.useRebootSentinelHostPath }}
volumeMounts:
{{- end }}
{{- if .Values.useRebootSentinelHostPath }}
- mountPath: /sentinel
name: sentinel
readOnly: true
{{- end }}
{{- if .Values.volumeMounts }}
{{- toYaml .Values.volumeMounts | nindent 12 }}
{{- end }}
{{- end }}
ports:
- containerPort: {{ .Values.configuration.metricsPort }}
name: metrics
Expand Down Expand Up @@ -229,7 +246,15 @@ spec:
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.volumes }}
{{- if or .Values.volumes .Values.useRebootSentinelHostPath }}
volumes:
{{- end }}
{{- if .Values.useRebootSentinelHostPath }}
- name: sentinel
hostPath:
path: {{ dir .Values.configuration.rebootSentinel }}
type: Directory
{{- end }}
{{- if .Values.volumes }}
{{- toYaml .Values.volumes | nindent 8 }}
{{- end }}
{{- end }}
16 changes: 16 additions & 0 deletions charts/kured/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ updateStrategy: RollingUpdate
maxUnavailable: 1

podAnnotations: {}
# container.apparmor.security.beta.kubernetes.io/kured: unconfined

dsAnnotations: {}

extraArgs: {}
Expand All @@ -25,6 +27,7 @@ extraEnvVars:
# value: 123

configuration:
useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted
metricsHost: "" # host where metrics will listen
metricsPort: 8080 # port number where metrics will listen
lockTtl: 0 # force clean annotation after this amount of time (default 0, disabled)
Expand All @@ -47,6 +50,8 @@ configuration:
rebootSentinelCommand: "" # command for which a successful run signals need to reboot (default ""). If non-empty, sentinel file will be ignored.
rebootCommand: "/bin/systemctl reboot" # command to run when a reboot is required by the sentinel
rebootDelay: "" # add a delay after drain finishes but before the reboot command is issued
rebootMethod: "" # method to use for reboots (default command), available: command, signal
rebootSignal: "" # signal to use for reboots (default 39 = SIGRTMIN+5).
slackChannel: "" # slack channel for reboot notifications
slackHookUrl: "" # slack hook URL for reboot notifications
slackUsername: "" # slack username for reboot notifications (default "kured")
Expand Down Expand Up @@ -80,6 +85,17 @@ containerSecurityContext:
readOnlyRootFilesystem: true
# allowPrivilegeEscalation: true # Needed when using defaultAllowPrivilegedEscalation: false in psp

# Use the following security-context when "configuration.rebootMethod=signal and useRebootSentinelHostPath=true"
# containerSecurityContext:
# privileged: false
# readOnlyRootFilesystem: true
# allowPrivilegeEscalation: false
# capabilities:
# add:
# - CAP_KILL
# drop:
# - '*'

resources: {}

hostNetwork: false
Expand Down

0 comments on commit f55c5ff

Please sign in to comment.