mirror of
https://github.com/kubereboot/kured.git
synced 2026-02-14 17:39:49 +00:00
101 lines
3.4 KiB
YAML
101 lines
3.4 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kured
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: kured # Must match `--ds-name`
|
|
namespace: kube-system # Must match `--ds-namespace`
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
name: kured
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: kured
|
|
spec:
|
|
serviceAccountName: kured
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
- key: node-role.kubernetes.io/master
|
|
effect: NoSchedule
|
|
hostPID: true # Facilitate entering the host mount namespace via init
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: sentinel
|
|
hostPath:
|
|
path: /var/run
|
|
type: Directory
|
|
containers:
|
|
- name: kured
|
|
# If you find yourself here wondering why there is no
|
|
# :latest tag on Docker Hub,see the FAQ in the README
|
|
image: ghcr.io/kubereboot/kured:1.21.0
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
privileged: false # Give permission to nsenter /proc/1/ns/mnt
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["*"]
|
|
add: ["CAP_KILL"]
|
|
ports:
|
|
- containerPort: 8080
|
|
name: metrics
|
|
env:
|
|
# Pass in the name of the node on which this pod is scheduled
|
|
# for use with drain/uncordon operations and lock acquisition
|
|
- name: KURED_NODE_ID
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
volumeMounts:
|
|
- mountPath: /sentinel
|
|
name: sentinel
|
|
readOnly: true
|
|
command:
|
|
- /usr/bin/kured
|
|
- --reboot-sentinel=/sentinel/reboot-required
|
|
- --reboot-method=signal
|
|
# - --reboot-signal=39
|
|
# - --force-reboot=false
|
|
# - --drain-grace-period=-1
|
|
# - --skip-wait-for-delete-timeout=0
|
|
# - --drain-timeout=0
|
|
# - --period=1h
|
|
# - --ds-namespace=kube-system
|
|
# - --ds-name=kured
|
|
# - --lock-annotation=weave.works/kured-node-lock
|
|
# - --lock-ttl=0
|
|
# - --prometheus-url=http://prometheus.monitoring.svc.cluster.local
|
|
# - --alert-filter-regexp=^RebootRequired$
|
|
# - --alert-firing-only=false
|
|
# - --prefer-no-schedule-taint=""
|
|
# - --reboot-sentinel-command=""
|
|
# - --slack-hook-url=https://hooks.slack.com/...
|
|
# - --slack-username=prod
|
|
# - --slack-channel=alerting
|
|
# - --notify-url="" # See also shoutrrr url format
|
|
# - --message-template-drain=Draining node %s
|
|
# - --message-template-reboot=Rebooting node %s
|
|
# - --message-template-uncordon=Node %s rebooted & uncordoned successfully!
|
|
# - --blocking-pod-selector=runtime=long,cost=expensive
|
|
# - --blocking-pod-selector=name=temperamental
|
|
# - --blocking-pod-selector=...
|
|
# - --reboot-days=sun,mon,tue,wed,thu,fri,sat
|
|
# - --reboot-delay=90s
|
|
# - --start-time=0:00
|
|
# - --end-time=23:59:59
|
|
# - --time-zone=UTC
|
|
# - --annotate-nodes=false
|
|
# - --lock-release-delay=30m
|
|
# - --log-format=text
|