/
values.yaml
154 lines (127 loc) · 6.26 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
image:
repository: ghcr.io/kubereboot/kured
tag: "" # will default to the appVersion in Chart.yaml
pullPolicy: IfNotPresent
pullSecrets: []
revisionHistoryLimit: 10
updateStrategy: RollingUpdate
# requires RollingUpdate updateStrategy
maxUnavailable: 1
podAnnotations: {}
# container.apparmor.security.beta.kubernetes.io/kured: unconfined
dsAnnotations: {}
extraArgs: {}
extraEnvVars:
# - name: slackHookUrl
# valueFrom:
# secretKeyRef:
# name: secret_name
# key: secret_key
# - name: regularEnvVariable
# value: 123
configuration:
useRebootSentinelHostPath: true # not actually a flag, indicates if the sentinel should be mounted
metricsHost: "" # host where metrics will listen
metricsPort: 8080 # port number where metrics will listen
lockTtl: 0 # force clean annotation after this amount of time (default 0, disabled)
alertFilterRegexp: "" # alert names to ignore when checking for active alerts
alertFiringOnly: false # only consider firing alerts when checking for active alerts
alertFilterMatchOnly: false # Only block if the alert-filter-regexp matches active alerts
blockingPodSelector: [] # label selector identifying pods whose presence should prevent reboots
endTime: "" # only reboot before this time of day (default "23:59")
lockAnnotation: "" # annotation in which to record locking node (default "weave.works/kured-node-lock")
period: "" # reboot check period (default 1h0m0s)
forceReboot: false # force a reboot even if the drain fails or times out (default: false)
drainGracePeriod: "" # time in seconds given to each pod to terminate gracefully, if negative, the default value specified in the pod will be used (default: -1)
drainPodSelector: "" # only drain pods with labels matching the selector (default: '', all pods)
drainDelay: 0 # delay drain for this duration (default: 0, disabled)
drainTimeout: "" # timeout after which the drain is aborted (default: 0, infinite time)
skipWaitForDeleteTimeout: "" # when time is greater than zero, skip waiting for the pods whose deletion timestamp is older than N seconds while draining a node (default: 0)
prometheusUrl: "" # Prometheus instance to probe for active alerts
rebootDays: [] # only reboot on these days (default [su,mo,tu,we,th,fr,sa])
rebootSentinel: "/var/run/reboot-required" # path to file whose existence signals need to reboot (default "/var/run/reboot-required")
rebootSentinelCommand: "" # command for which a successful run signals need to reboot (default ""). If non-empty, sentinel file will be ignored.
rebootCommand: "/bin/systemctl reboot" # command to run when a reboot is required by the sentinel
rebootDelay: "" # add a delay after drain finishes but before the reboot command is issued
rebootMethod: "" # method to use for reboots (default command), available: command, signal
rebootSignal: "" # signal to use for reboots (default 39 = SIGRTMIN+5).
slackChannel: "" # slack channel for reboot notifications
slackHookUrl: "" # slack hook URL for reboot notifications
slackUsername: "" # slack username for reboot notifications (default "kured")
notifyUrl: "" # notification URL with the syntax as follows: https://containrrr.dev/shoutrrr/services/overview/
messageTemplateDrain: "" # slack message template when notifying about a node being drained (default "Draining node %s")
messageTemplateReboot: "" # slack message template when notifying about a node being rebooted (default "Rebooted node %s")
messageTemplateUncordon: "" # slack message template when notifying about a node being uncordoned (default "Node %s rebooted & uncordoned successfully!")
startTime: "" # only reboot after this time of day (default "0:00")
timeZone: "" # time-zone to use (valid zones from "time" golang package)
annotateNodes: false # enable 'weave.works/kured-reboot-in-progress' and 'weave.works/kured-most-recent-reboot-needed' node annotations to signify kured reboot operations
lockReleaseDelay: 0 # hold lock after reboot by this amount of time (default 0, disabled)
preferNoScheduleTaint: "" # Taint name applied during pending node reboot (to prevent receiving additional pods from other rebooting nodes). Disabled by default. Set e.g. to "weave.works/kured-node-reboot" to enable tainting.
logFormat: "text" # log format specified as text or json, defaults to text
preRebootNodeLabels: [] # labels to add to nodes before cordoning (default [])
postRebootNodeLabels: [] # labels to add to nodes after uncordoning (default [])
concurrency: 1 # amount of nodes to concurrently reboot. (default 1)
rbac:
create: true
serviceAccount:
create: true
name:
podSecurityPolicy:
create: false
containerSecurityContext:
privileged: true # Give permission to nsenter /proc/1/ns/mnt
readOnlyRootFilesystem: true
# allowPrivilegeEscalation: true # Needed when using defaultAllowPrivilegedEscalation: false in psp
# Use the following security-context when "configuration.rebootMethod=signal and configuration.useRebootSentinelHostPath=true"
# containerSecurityContext:
# privileged: false
# readOnlyRootFilesystem: true
# allowPrivilegeEscalation: false
# capabilities:
# add:
# - CAP_KILL
# drop:
# - '*'
resources: {}
hostNetwork: false
metrics:
create: false
namespace: ""
labels: {}
interval: 60s
scrapeTimeout: ""
service:
create: false
port: 8080
annotations: {}
name: ""
type: ClusterIP
livenessProbe:
httpGet:
path: /metrics
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /metrics
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
nodeSelector:
kubernetes.io/os: linux
volumeMounts: []
volumes: []
initContainers: {}