Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

path-based reboot mechanism #868

Open
rptaylor opened this issue Dec 15, 2023 · 12 comments
Open

path-based reboot mechanism #868

rptaylor opened this issue Dec 15, 2023 · 12 comments

Comments

@rptaylor
Copy link

rptaylor commented Dec 15, 2023

Following #814 , a reboot method option is being added which can be 'command' or 'signal'. Following an idea by @sftim #416 (comment) it would be natural to consider adding a 3rd option for reboot method, "path", which relies on systemd units on the node to trigger a reboot by writing to a path on the node. Third party security-focused admission controllers could be used to ensure that kured only has write access to an approved location, like /var/run/kured.

Disadvantage: requires admins to set up systemd units on the node out of band - though they may wish to anyway as this would also be a convenient way to do automated OS updates with a systemd timer. Kured could document recommended systemd unit files to install for this.

Advantage: The kured pod would not even need to have CAP_KILL or hostPID, so it would be as minimally privileged as possible.

Copy link

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

@rptaylor
Copy link
Author

Still relevant.

Copy link

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

@rptaylor
Copy link
Author

Would still be interesting.

Copy link

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

Copy link

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

@rptaylor
Copy link
Author

This issue just remained interesting.

Copy link

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

@rptaylor
Copy link
Author

Still nice to have.

@evrardjp
Copy link
Collaborator

With my refactor it would be quite easy to achieve nowadays. These refactors are still ongoing.

Copy link

This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).

@rptaylor
Copy link
Author

That's good, we should keep it under consideration then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants