## @param spec The Kured configuration ## @skip spec spec: ## @param image Docker image to use for the Kured container ## @skip image image: repository: ghcr.io/kubereboot/kured tag: "" # will default to the appVersion in Chart.yaml pullPolicy: IfNotPresent pullSecrets: [] ## @param revisionHistoryLimit The number of old history to retain to allow rollback ## @skip revisionHistoryLimit revisionHistoryLimit: 10 ## @param updateStrategy The strategy to use for updates ## @skip updateStrategy updateStrategy: RollingUpdate ## @param maxUnavailable The maximum number of pods that can be unavailable during the update ## @skip maxUnavailable maxUnavailable: 1 ## @param podAnnotations - Annotations to add to the Kured pod ## @skip podAnnotations podAnnotations: {} # container.apparmor.security.beta.kubernetes.io/kured: unconfined ## @param dsAnnotations - Annotations to add to the Kured DaemonSet ## @skip dsAnnotations dsAnnotations: {} ## @param extraArgs Additional arguments to pass to the Kured container ## @skip extraArgs extraArgs: {} ## @param extraEnvVars Additional environment variables to pass to the Kured container ## @skip extraEnvVars extraEnvVars: {} # - name: slackHookUrl # valueFrom: # secretKeyRef: # name: secret_name # key: secret_key # - name: regularEnvVariable # value: 123 ## @param configuration Configuration options for Kured ## @skip configuration configuration: useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted metricsHost: "" # host where metrics will listen metricsPort: 8080 # port number where metrics will listen lockTtl: 0 # force clean annotation after this amount of time (default 0, disabled) alertFilterRegexp: "" # alert names to ignore when checking for active alerts alertFiringOnly: false # only consider firing alerts when checking for active alerts alertFilterMatchOnly: false # Only block if the alert-filter-regexp matches active alerts blockingPodSelector: [] # label selector identifying pods whose presence should prevent reboots endTime: "17:00" # only reboot before this time of day (default "23:59") lockAnnotation: "" # annotation in which to record locking node (default "weave.works/kured-node-lock") period: "30m0s" # reboot check period (default 1h0m0s) forceReboot: false # force a reboot even if the drain fails or times out (default: false) drainGracePeriod: "" # time in seconds given to each pod to terminate gracefully, if negative, the default value specified in the pod will be used (default: -1) drainPodSelector: "" # only drain pods with labels matching the selector (default: '', all pods) drainDelay: 0 # delay drain for this duration (default: 0, disabled) drainTimeout: "" # timeout after which the drain is aborted (default: 0, infinite time) skipWaitForDeleteTimeout: "" # when time is greater than zero, skip waiting for the pods whose deletion timestamp is older than N seconds while draining a node (default: 0) prometheusUrl: "" # Prometheus instance to probe for active alerts # only reboot on these days (default [su,mo,tu,we,th,fr,sa]) rebootDays: - "mo" - "tu" - "we" - "th" - "fr" rebootSentinel: "/var/run/reboot-required" # path to file whose existence signals need to reboot (default "/var/run/reboot-required") rebootSentinelCommand: "" # command for which a successful run signals need to reboot (default ""). If non-empty, sentinel file will be ignored. rebootCommand: "/bin/systemctl reboot" # command to run when a reboot is required by the sentinel rebootDelay: "" # add a delay after drain finishes but before the reboot command is issued rebootMethod: "" # method to use for reboots (default command), available: command, signal rebootSignal: "" # signal to use for reboots (default 39 = SIGRTMIN+5). slackChannel: "" # slack channel for reboot notifications slackHookUrl: "" # slack hook URL for reboot notifications slackUsername: "" # slack username for reboot notifications (default "kured") notifyUrl: "" # notification URL with the syntax as follows: https://containrrr.dev/shoutrrr/services/overview/ messageTemplateDrain: "" # slack message template when notifying about a node being drained (default "Draining node %s") messageTemplateReboot: "" # slack message template when notifying about a node being rebooted (default "Rebooted node %s") messageTemplateUncordon: "" # slack message template when notifying about a node being uncordoned (default "Node %s rebooted & uncordoned successfully!") startTime: "10:00" # only reboot after this time of day (default "0:00") timeZone: "Europe/Amsterdam" # time-zone to use (valid zones from "time" golang package) annotateNodes: true # enable 'weave.works/kured-reboot-in-progress' and 'weave.works/kured-most-recent-reboot-needed' node annotations to signify kured reboot operations lockReleaseDelay: 0 # hold lock after reboot by this amount of time (default 0, disabled) preferNoScheduleTaint: "" # Taint name applied during pending node reboot (to prevent receiving additional pods from other rebooting nodes). Disabled by default. Set e.g. to "weave.works/kured-node-reboot" to enable tainting. logFormat: "text" # log format specified as text or json, defaults to text preRebootNodeLabels: [] # labels to add to nodes before cordoning (default []) postRebootNodeLabels: [] # labels to add to nodes after uncordoning (default []) concurrency: 1 # amount of nodes to concurrently reboot. (default 1) ## @param rbac Enable RBAC resources ## @skip rbac rbac: create: true ## @param serviceAccount The name of the service account to use ## @skip serviceAccount serviceAccount: create: true annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "8080" ## @param podSecurityPolicy Enable PodSecurityPolicy resources ## @skip podSecurityPolicy podSecurityPolicy: create: false ## @param containerSecurityContext Security context for the Kured container ## @skip containerSecurityContext containerSecurityContext: privileged: true # Give permission to nsenter /proc/1/ns/mnt readOnlyRootFilesystem: true # allowPrivilegeEscalation: true # Needed when using defaultAllowPrivilegedEscalation: false in psp # Use the following security-context when "configuration.rebootMethod=signal and configuration.useRebootSentinelHostPath=true" # containerSecurityContext: # privileged: false # readOnlyRootFilesystem: true # allowPrivilegeEscalation: false # capabilities: # add: # - CAP_KILL # drop: # - '*' ## @param resources Resource limits and requests for the Kured container ## @skip resources resources: limits: cpu: "200m" memory: "128Mi" requests: cpu: "200m" memory: "128Mi" ## @param hostNetwork Use the host's network namespace ## @skip hostNetwork hostNetwork: false ## @param metrics Enable Prometheus metrics ## @skip metrics metrics: create: false namespace: "" labels: {} interval: 60s scrapeTimeout: "" ## @param service Enable a service for the metrics ## @skip service service: create: false port: 8080 annotations: {} name: "" type: ClusterIP ## @param livenessProbe The liveness probe for the Kured container ## @skip livenessProbe livenessProbe: httpGet: path: /metrics port: metrics scheme: HTTP initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 ## @param readinessProbe The readiness probe for the Kured container ## @skip readinessProbe readinessProbe: httpGet: path: /metrics port: metrics scheme: HTTP initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 ## @param podLabels Labels to add to the Kured pod ## @skip podLabels podLabels: {} ## @param priorityClassName The name of the priority class to use ## @skip priorityClassName priorityClassName: "" ## @param tolerations Tolerations for the Kured pod ## @skip tolerations tolerations: [] ## @param affinity Affinity for the Kured pod ## @skip affinity affinity: {} ## @param nodeSelector Node selector for the Kured pod ## @skip nodeSelector nodeSelector: kubernetes.io/os: linux ## @param volumeMounts Additional volume mounts for the Kured container ## @skip volumeMounts volumeMounts: [] ## @param volumes Additional volumes for the Kured pod ## @skip volumes volumes: [] ## @param initContainers Additional init containers for the Kured pod ## @skip initContainers initContainers: {}