Comments (3)
Hi @mrocheleau,
you only can set privileged: false
when you are using the signal-mode AND no custom reboot- or sentinel-command. Any command which should be executed, needs the nsenter
command and privileged permissions. With privileged permissions you can of course use the new signal-mode, but it does not improve the security-configuration.
We should print a warning, when the pod is not privileged and a custom-command is configured.
from kured.
Hi @mrocheleau, you only can set
privileged: false
when you are using the signal-mode AND no custom reboot- or sentinel-command. Any command which should be executed, needs thensenter
command and privileged permissions. With privileged permissions you can of course use the new signal-mode, but it does not improve the security-configuration.We should print a warning, when the pod is not privileged and a custom-command is configured.
Gotcha, ok this works then and if we ever switch distributions and no longer require a custom command we'll use the signal mode - thanks for the response!
from kured.
It works fine if I switch the non-signal manifest with the rest of our custom command switches the same outside of the reboot-method=command in the non-signal one.
`time="2024-02-02T18:37:27Z" level=info msg="Reboot is probably not necessary." cmd=/usr/bin/nsenter std=out`
`time="2024-02-02T18:38:00Z" level=info msg="No core libraries or services have been updated." cmd=/usr/bin/nsenter std=out`
from kured.
Related Issues (20)
- [Bug] The new dockerhub yaml is broken, ServiceAccount is declared twice HOT 2
- Add Support for Kubernetes 1.28.0
- Unable to receive teams notification. We have the http_proxy as environment variable in kured pod HOT 4
- HashiCorp license change to BSL HOT 2
- Lock TTL not being honored HOT 5
- Build fails on aarch64
- Kured pods crash looping on clusters running Cilium Network plugin HOT 2
- Kured pods are not deployed to all nodes having taints on it in AKS ckuster HOT 3
- KURED supportability of the 6.2 kernel version HOT 2
- kured cordon node before checking if just 1 up HOT 8
- [DOC] Make Control Plane use kured
- AKS Node not rebooted with lock held for not existing node HOT 11
- If a sentinel command is configured, it runs every minute. HOT 8
- path-based reboot mechanism HOT 5
- Reboot delay between two nodes HOT 4
- Retry reboot when the node is NotReady and still has SchedulingDisabled after the first reboot HOT 3
- Cron schedule for node reboots HOT 10
- Make nsenter in reboot command optional HOT 9
- 'Permission denied' when using signal reboot mechanism to reboot AKS nodes HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kured.