From bf2424bc520d4e50ca9ba61ededf68af7710a16e Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Fri, 4 Aug 2023 13:55:43 +0200 Subject: [PATCH 1/7] feat: mount sentinel-location without sentinel-command Signed-off-by: Christian Kotzbauer --- charts/kured/Chart.yaml | 2 +- charts/kured/templates/daemonset.yaml | 22 ++++++++++++++++++---- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/charts/kured/Chart.yaml b/charts/kured/Chart.yaml index a747993..c6f6e27 100644 --- a/charts/kured/Chart.yaml +++ b/charts/kured/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.13.2" description: A Helm chart for kured name: kured -version: 5.1.0 +version: 5.2.0 home: https://github.com/kubereboot/kured maintainers: - name: ckotzbauer diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml index 3ba5929..c4ca445 100644 --- a/charts/kured/templates/daemonset.yaml +++ b/charts/kured/templates/daemonset.yaml @@ -172,10 +172,17 @@ spec: - --{{ $key }} {{- end }} {{- end }} -{{- if .Values.volumeMounts }} + {{- if or .Values.volumeMounts (not .Values.configuration.rebootSentinelCommand) }} volumeMounts: + {{- end }} + {{- if not .Values.configuration.rebootSentinelCommand }} + - mountPath: /var/run + name: sentinel + readOnly: true + {{- end }} + {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 12 }} -{{- end }} + {{- end }} ports: - containerPort: {{ .Values.configuration.metricsPort }} name: metrics @@ -214,7 +221,14 @@ spec: affinity: {{ toYaml . | indent 8 }} {{- end }} -{{- if .Values.volumes }} + {{- if or .Values.volumes (not .Values.configuration.rebootSentinelCommand) }} volumes: + {{- end }} + {{- if not .Values.configuration.rebootSentinelCommand }} + - name: sentinel + hostPath: + path: /var/run + {{- end }} + {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 8 }} -{{- end }} + {{- end }} From 9e5e33001416de35b92fef2fffa90685da42a332 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Fri, 4 Aug 2023 15:18:21 +0200 Subject: [PATCH 2/7] fix: no readonly mount Signed-off-by: Christian Kotzbauer --- charts/kured/templates/daemonset.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml index c4ca445..1770a5a 100644 --- a/charts/kured/templates/daemonset.yaml +++ b/charts/kured/templates/daemonset.yaml @@ -178,7 +178,9 @@ spec: {{- if not .Values.configuration.rebootSentinelCommand }} - mountPath: /var/run name: sentinel - readOnly: true + # This can't be read-only because the service-account-token is mounted within the same directory + # This would cause a crash at startup + readOnly: false {{- end }} {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 12 }} From 9a2e7274e2d93e191ea969b4a0de205fdd8d5f59 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Sat, 5 Aug 2023 10:25:07 +0200 Subject: [PATCH 3/7] fix: mount sentinel at other folder Signed-off-by: Christian Kotzbauer --- charts/kured/templates/daemonset.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml index 1770a5a..7d754c8 100644 --- a/charts/kured/templates/daemonset.yaml +++ b/charts/kured/templates/daemonset.yaml @@ -122,6 +122,8 @@ spec: {{- end }} {{- if .Values.configuration.rebootSentinelCommand }} - --reboot-sentinel-command={{ .Values.configuration.rebootSentinelCommand }} + {{- else }} + - --reboot-sentinel-command=/sentinel/reboot-required {{- end }} {{- if .Values.configuration.rebootCommand }} - --reboot-command={{ .Values.configuration.rebootCommand }} @@ -176,11 +178,9 @@ spec: volumeMounts: {{- end }} {{- if not .Values.configuration.rebootSentinelCommand }} - - mountPath: /var/run + - mountPath: /sentinel name: sentinel - # This can't be read-only because the service-account-token is mounted within the same directory - # This would cause a crash at startup - readOnly: false + readOnly: true {{- end }} {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 12 }} From af4fb40ac652e37d6137ff168f645f443a9512e6 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Sat, 5 Aug 2023 10:35:35 +0200 Subject: [PATCH 4/7] fix: change template Signed-off-by: Christian Kotzbauer --- charts/kured/templates/daemonset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml index 7d754c8..30d3b18 100644 --- a/charts/kured/templates/daemonset.yaml +++ b/charts/kured/templates/daemonset.yaml @@ -119,11 +119,11 @@ spec: {{- end }} {{- if .Values.configuration.rebootSentinel }} - --reboot-sentinel={{ .Values.configuration.rebootSentinel }} + {{- else if not .Values.configuration.rebootSentinelCommand }} + - --reboot-sentinel=/sentinel/reboot-required {{- end }} {{- if .Values.configuration.rebootSentinelCommand }} - --reboot-sentinel-command={{ .Values.configuration.rebootSentinelCommand }} - {{- else }} - - --reboot-sentinel-command=/sentinel/reboot-required {{- end }} {{- if .Values.configuration.rebootCommand }} - --reboot-command={{ .Values.configuration.rebootCommand }} From 6660debbce5eae24f39f5c6014ce5c07f16b5a45 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Thu, 10 Aug 2023 19:43:35 +0200 Subject: [PATCH 5/7] feat: use helm-path-helper Signed-off-by: Christian Kotzbauer --- charts/kured/README.md | 1 + charts/kured/templates/daemonset.yaml | 24 +++++++++++++----------- charts/kured/values.yaml | 2 ++ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/charts/kured/README.md b/charts/kured/README.md index 23b7e26..c03aed8 100644 --- a/charts/kured/README.md +++ b/charts/kured/README.md @@ -82,6 +82,7 @@ The following changes have been made compared to the stable chart: | `extraArgs` | Extra arguments to pass to `/usr/bin/kured`. See below. | `{}` | | `extraEnvVars` | Array of environment variables to pass to the daemonset. | `{}` | | `metricsPort` | Port to expose the metrics endpoint. | `8080` | +| `configuration.useRebootSentinelHostPath` | Not actually a flag, indicates if the sentinel should be mounted | `true` | | `configuration.lockTtl` | cli-parameter `--lock-ttl` | `0` | | `configuration.lockReleaseDelay` | cli-parameter `--lock-release-delay` | `0` | | `configuration.alertFilterRegexp` | cli-parameter `--alert-filter-regexp` | `""` | diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml index 30d3b18..d4aa876 100644 --- a/charts/kured/templates/daemonset.yaml +++ b/charts/kured/templates/daemonset.yaml @@ -118,11 +118,13 @@ spec: - --post-reboot-node-labels={{ . }} {{- end }} {{- if .Values.configuration.rebootSentinel }} + {{- if .Values.configuration.useRebootSentinelHostPath }} + - --reboot-sentinel=/sentinel/{{ base .Values.configuration.rebootSentinel }} + {{ else }} - --reboot-sentinel={{ .Values.configuration.rebootSentinel }} - {{- else if not .Values.configuration.rebootSentinelCommand }} - - --reboot-sentinel=/sentinel/reboot-required + {{- end }} {{- end }} - {{- if .Values.configuration.rebootSentinelCommand }} + {{- if and .Values.configuration.rebootSentinelCommand (not .Values.configuration.useRebootSentinelHostPath) }} - --reboot-sentinel-command={{ .Values.configuration.rebootSentinelCommand }} {{- end }} {{- if .Values.configuration.rebootCommand }} @@ -174,13 +176,13 @@ spec: - --{{ $key }} {{- end }} {{- end }} - {{- if or .Values.volumeMounts (not .Values.configuration.rebootSentinelCommand) }} + {{- if or .Values.volumeMounts .Values.configuration.useRebootSentinelHostPath }} volumeMounts: {{- end }} - {{- if not .Values.configuration.rebootSentinelCommand }} - - mountPath: /sentinel - name: sentinel - readOnly: true + {{- if .Values.configuration.useRebootSentinelHostPath }} + - mountPath: /sentinel + name: sentinel + readOnly: true {{- end }} {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 12 }} @@ -223,13 +225,13 @@ spec: affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- if or .Values.volumes (not .Values.configuration.rebootSentinelCommand) }} + {{- if or .Values.volumes .Values.configuration.useRebootSentinelHostPath }} volumes: {{- end }} - {{- if not .Values.configuration.rebootSentinelCommand }} + {{- if .Values.configuration.useRebootSentinelHostPath }} - name: sentinel hostPath: - path: /var/run + path: {{ dir .Values.configuration.rebootSentinel }} {{- end }} {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 8 }} diff --git a/charts/kured/values.yaml b/charts/kured/values.yaml index c067996..87405fb 100644 --- a/charts/kured/values.yaml +++ b/charts/kured/values.yaml @@ -25,6 +25,8 @@ extraEnvVars: # value: 123 configuration: + useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted + metricsPort: 8080 # port number where metrics will listen lockTtl: 0 # force clean annotation after this amount of time (default 0, disabled) alertFilterRegexp: "" # alert names to ignore when checking for active alerts From 17b6d6cdd0d2e5422cc601f500e63ec4c2c66f1a Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Thu, 10 Aug 2023 19:45:10 +0200 Subject: [PATCH 6/7] fix: add space Signed-off-by: Christian Kotzbauer --- charts/kured/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/kured/values.yaml b/charts/kured/values.yaml index 87405fb..bf5973b 100644 --- a/charts/kured/values.yaml +++ b/charts/kured/values.yaml @@ -25,7 +25,7 @@ extraEnvVars: # value: 123 configuration: - useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted + useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted metricsPort: 8080 # port number where metrics will listen lockTtl: 0 # force clean annotation after this amount of time (default 0, disabled) From 72961b3abcaa402eb05879993f35b1358f2727e0 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Sat, 12 Aug 2023 09:53:48 +0200 Subject: [PATCH 7/7] fix: review improvements Signed-off-by: Christian Kotzbauer --- charts/kured/README.md | 2 +- charts/kured/templates/daemonset.yaml | 13 +++++++------ charts/kured/values.yaml | 6 ++++-- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/charts/kured/README.md b/charts/kured/README.md index c03aed8..266d856 100644 --- a/charts/kured/README.md +++ b/charts/kured/README.md @@ -82,7 +82,7 @@ The following changes have been made compared to the stable chart: | `extraArgs` | Extra arguments to pass to `/usr/bin/kured`. See below. | `{}` | | `extraEnvVars` | Array of environment variables to pass to the daemonset. | `{}` | | `metricsPort` | Port to expose the metrics endpoint. | `8080` | -| `configuration.useRebootSentinelHostPath` | Not actually a flag, indicates if the sentinel should be mounted | `true` | +| `useRebootSentinelHostPath` | Controls whether the chart uses a hostPath to read the sentinel file. | `true` | | `configuration.lockTtl` | cli-parameter `--lock-ttl` | `0` | | `configuration.lockReleaseDelay` | cli-parameter `--lock-release-delay` | `0` | | `configuration.alertFilterRegexp` | cli-parameter `--alert-filter-regexp` | `""` | diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml index d4aa876..cc2c050 100644 --- a/charts/kured/templates/daemonset.yaml +++ b/charts/kured/templates/daemonset.yaml @@ -118,13 +118,13 @@ spec: - --post-reboot-node-labels={{ . }} {{- end }} {{- if .Values.configuration.rebootSentinel }} - {{- if .Values.configuration.useRebootSentinelHostPath }} + {{- if .Values.useRebootSentinelHostPath }} - --reboot-sentinel=/sentinel/{{ base .Values.configuration.rebootSentinel }} {{ else }} - --reboot-sentinel={{ .Values.configuration.rebootSentinel }} {{- end }} {{- end }} - {{- if and .Values.configuration.rebootSentinelCommand (not .Values.configuration.useRebootSentinelHostPath) }} + {{- if and .Values.configuration.rebootSentinelCommand (not .Values.useRebootSentinelHostPath) }} - --reboot-sentinel-command={{ .Values.configuration.rebootSentinelCommand }} {{- end }} {{- if .Values.configuration.rebootCommand }} @@ -176,10 +176,10 @@ spec: - --{{ $key }} {{- end }} {{- end }} - {{- if or .Values.volumeMounts .Values.configuration.useRebootSentinelHostPath }} + {{- if or .Values.volumeMounts .Values.useRebootSentinelHostPath }} volumeMounts: {{- end }} - {{- if .Values.configuration.useRebootSentinelHostPath }} + {{- if .Values.useRebootSentinelHostPath }} - mountPath: /sentinel name: sentinel readOnly: true @@ -225,13 +225,14 @@ spec: affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- if or .Values.volumes .Values.configuration.useRebootSentinelHostPath }} + {{- if or .Values.volumes .Values.useRebootSentinelHostPath }} volumes: {{- end }} - {{- if .Values.configuration.useRebootSentinelHostPath }} + {{- if .Values.useRebootSentinelHostPath }} - name: sentinel hostPath: path: {{ dir .Values.configuration.rebootSentinel }} + type: Directory {{- end }} {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 8 }} diff --git a/charts/kured/values.yaml b/charts/kured/values.yaml index bf5973b..1e0f60f 100644 --- a/charts/kured/values.yaml +++ b/charts/kured/values.yaml @@ -24,9 +24,11 @@ extraEnvVars: # - name: regularEnvVariable # value: 123 -configuration: - useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted +# Controls whether the chart uses a hostPath to read the sentinel file +useRebootSentinelHostPath: true + +configuration: metricsPort: 8080 # port number where metrics will listen lockTtl: 0 # force clean annotation after this amount of time (default 0, disabled) alertFilterRegexp: "" # alert names to ignore when checking for active alerts