k8s-reboot-coordinator: Initial deploy

The `k8s-reboot-coordinator` coordinates node reboots throughout the cluster. It runs as a DaemonSet, watching for the presence of a sentinel file, `/run/reboot-needed` on the node. When the file appears, it acquires a lease, to ensure that only one node reboots at a time, cordons and drains the node, and then triggers the reboot by running a command on the host. After the node has rebooted, the daemon will release the lock and uncordon the node.
2025-10-13 11:31:54 -05:00
parent 5c6a77c47c
commit d5a7b5bc2d
3 changed files with 87 additions and 0 deletions
--- a/k8s-reboot-coordinator/jenkins.yaml
+++ b/k8s-reboot-coordinator/jenkins.yaml
@@ -0,0 +1,36 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: jenkins.k8s-reboot-coordinator
+  labels:
+    app.kubernetes.io/name: jenkins.k8s-reboot-coordinator
+    app.kubernetes.io/component: k8s-reboot-coordinator
+    app.kubernetes.io/part-of: k8s-reboot-coordinator
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  resourceNames:
+  - k8s-reboot-coordinator
+  verbs:
+  - get
+  - patch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jenkins.k8s-reboot-coordinator
+  labels:
+    app.kubernetes.io/name: jenkins.k8s-reboot-coordinator
+    app.kubernetes.io/component: k8s-reboot-coordinator
+    app.kubernetes.io/part-of: k8s-reboot-coordinator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jenkins.k8s-reboot-coordinator
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: jenkins-jobs