From 617d3cd6c65e57f1547aba4be9fbb6bcf3bc6001 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Fri, 4 Aug 2023 13:38:17 +0200 Subject: [PATCH] feat: sentinel-command without nsenter by default Signed-off-by: Christian Kotzbauer --- cmd/kured/main.go | 7 ++++++- kured-ds.yaml | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/cmd/kured/main.go b/cmd/kured/main.go index 9af206965..66f8d6e28 100644 --- a/cmd/kured/main.go +++ b/cmd/kured/main.go @@ -837,9 +837,14 @@ func root(cmd *cobra.Command, args []string) { // To run those commands as it was the host, we'll use nsenter // Relies on hostPID:true and privileged:true to enter host mount space // PID set to 1, until we have a better discovery mechanism. - hostSentinelCommand := buildHostCommand(1, sentinelCommand) hostRestartCommand := buildHostCommand(1, restartCommand) + // Only wrap sentinel-command with nsenter, if a custom-command was configured, otherwise use the host-path mount + hostSentinelCommand := sentinelCommand + if rebootSentinelCommand != "" { + hostSentinelCommand = buildHostCommand(1, sentinelCommand) + } + go rebootAsRequired(nodeID, hostRestartCommand, hostSentinelCommand, window, lockTTL, lockReleaseDelay) go maintainRebootRequiredMetric(nodeID, hostSentinelCommand) diff --git a/kured-ds.yaml b/kured-ds.yaml index 615db3d03..d67c15361 100644 --- a/kured-ds.yaml +++ b/kured-ds.yaml @@ -29,6 +29,10 @@ spec: effect: NoSchedule hostPID: true # Facilitate entering the host mount namespace via init restartPolicy: Always + volumes: + - name: sentinel + hostPath: + path: /var/run containers: - name: kured # If you find yourself here wondering why there is no @@ -48,6 +52,10 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + volumeMounts: + - mountPath: /var/run + name: sentinel + readOnly: true command: - /usr/bin/kured # - --force-reboot=false