k8s-reboot-coordinator: Initial deploy

The `k8s-reboot-coordinator` coordinates node reboots throughout the cluster. It runs as a DaemonSet, watching for the presence of a sentinel file, `/run/reboot-needed` on the node. When the file appears, it acquires a lease, to ensure that only one node reboots at a time, cordons and drains the node, and then triggers the reboot by running a command on the host. After the node has rebooted, the daemon will release the lock and uncordon the node.
2025-10-13 11:31:54 -05:00
parent 5c6a77c47c
commit d5a7b5bc2d
3 changed files with 87 additions and 0 deletions
--- a/k8s-reboot-coordinator/jenkins.yaml
+++ b/k8s-reboot-coordinator/jenkins.yaml
@@ -0,0 +1,36 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: jenkins.k8s-reboot-coordinator
+  labels:
+    app.kubernetes.io/name: jenkins.k8s-reboot-coordinator
+    app.kubernetes.io/component: k8s-reboot-coordinator
+    app.kubernetes.io/part-of: k8s-reboot-coordinator
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  resourceNames:
+  - k8s-reboot-coordinator
+  verbs:
+  - get
+  - patch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jenkins.k8s-reboot-coordinator
+  labels:
+    app.kubernetes.io/name: jenkins.k8s-reboot-coordinator
+    app.kubernetes.io/component: k8s-reboot-coordinator
+    app.kubernetes.io/part-of: k8s-reboot-coordinator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jenkins.k8s-reboot-coordinator
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: jenkins-jobs
--- a/k8s-reboot-coordinator/kustomization.yaml
+++ b/k8s-reboot-coordinator/kustomization.yaml
@@ -0,0 +1,37 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+labels:
+- pairs:
+    app.kubernetes.io/instance: k8s-reboot-coordinator
+  includeSelectors: true
+
+resources:
+- https://git.pyrocufflink.net/dustin/k8s-reboot-coordinator//kubernetes?ref=master
+- service.yaml
+- jenkins.yaml
+
+images:
+- name: k8s-reboot-coordinator
+  newName: git.pyrocufflink.net/packages/k8s-reboot-coordinator
+  newTag: latest
+
+patches:
+- patch: |-
+    apiVersion: apps/v1
+    kind: DaemonSet
+    metadata:
+      name: k8s-reboot-coordinator
+    spec:
+      template:
+        spec:
+          containers:
+          - name: k8s-reboot-coordinator
+            imagePullPolicy: Always
+            env:
+            - name: RUST_LOG
+              value: k8s_reboot_coordinator=debug,info
+          imagePullSecrets:
+          - name: imagepull-gitea
--- a/k8s-reboot-coordinator/service.yaml
+++ b/k8s-reboot-coordinator/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: &name k8s-reboot-coordinator
+  labels: &labels
+    app.kubernetes.io/name: *name
+    app.kubernetes.io/component: *name
+    app.kubernetes.io/part-of: *name
+spec:
+  selector: *labels
+  ports:
+  - port: 8000
+    targetPort: http
+    name: http