feat: add reboot-signal

Signed-off-by: Christian Kotzbauer <[email protected]>
kubereboot · Jan 16, 2024 · 95790c7 · 95790c7
1 parent 6d5f7ab
commit 95790c7
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/charts/kured/README.md b/charts/kured/README.md
@@ -105,6 +105,8 @@ The following changes have been made compared to the stable chart:
 | `configuration.rebootSentinelCommand`   | cli-parameter `--reboot-sentinel-command`                                   | `""`                      |
 | `configuration.rebootCommand`           | cli-parameter `--reboot-command`                                            | `""`                      |
 | `configuration.rebootDelay`             | cli-parameter `--reboot-delay`                                              | `""`                      |
+| `configuration.rebootMethod`            | cli-parameter `--reboot-method`                                             | `""`                      |
+| `configuration.rebootSignal`            | cli-parameter `--reboot-signal`                                             | `39`  (SIGRTMIN+5)        |
 | `configuration.slackChannel`            | cli-parameter `--slack-channel`. Passed through `tpl`                       | `""`                      |
 | `configuration.slackHookUrl`            | cli-parameter `--slack-hook-url`. Passed through `tpl`                      | `""`                      |
 | `configuration.slackUsername`           | cli-parameter `--slack-username`. Passed through `tpl`                      | `""`                      |

diff --git a/charts/kured/templates/daemonset.yaml b/charts/kured/templates/daemonset.yaml
@@ -145,6 +145,12 @@ spec:
           {{- if .Values.configuration.rebootDelay }}
             - --reboot-delay={{ .Values.configuration.rebootDelay }}
           {{- end }}
+          {{- if .Values.configuration.rebootMethod }}
+            - --reboot-method={{ .Values.configuration.rebootMethod }}
+          {{- end }}
+          {{- if .Values.configuration.rebootSignal }}
+            - --reboot-signal={{ .Values.configuration.rebootSignal }}
+          {{- end }}
           {{- if .Values.configuration.slackChannel }}
             - --slack-channel={{ tpl .Values.configuration.slackChannel . }}
           {{- end }}

diff --git a/charts/kured/values.yaml b/charts/kured/values.yaml
@@ -11,6 +11,8 @@ updateStrategy: RollingUpdate
 maxUnavailable: 1
 
 podAnnotations: {}
+# container.apparmor.security.beta.kubernetes.io/kured: unconfined
+
 dsAnnotations: {}
 
 extraArgs: {}
@@ -48,6 +50,8 @@ configuration:
   rebootSentinelCommand: ""     # command for which a successful run signals need to reboot (default ""). If non-empty, sentinel file will be ignored.
   rebootCommand: "/bin/systemctl reboot"  # command to run when a reboot is required by the sentinel
   rebootDelay: ""               # add a delay after drain finishes but before the reboot command is issued
+  rebootMethod: ""              # method to use for reboots (default command), available: command, signal
+  rebootSignal: ""              # signal to use for reboots (default 39 = SIGRTMIN+5).
   slackChannel: ""              # slack channel for reboot notifications
   slackHookUrl: ""              # slack hook URL for reboot notifications
   slackUsername: ""             # slack username for reboot notifications (default "kured")
@@ -81,6 +85,17 @@ containerSecurityContext:
   readOnlyRootFilesystem: true
 #  allowPrivilegeEscalation: true # Needed when using defaultAllowPrivilegedEscalation: false in psp
 
+# Use the following security-context when "configuration.rebootMethod=signal and useRebootSentinelHostPath=true"
+# containerSecurityContext:
+#   privileged: false
+#   readOnlyRootFilesystem: true
+#   allowPrivilegeEscalation: false
+#   capabilities:
+#     add:
+#     - CAP_KILL
+#     drop:
+#     - '*'
+
 resources: {}
 
 hostNetwork: false