deploy kured

ansible/playbooks/cluster-prepare.yaml

@@ -24,7 +24,7 @@
             name: apt-transport-https,ca-certificates,conntrack,curl,dirmngr,gdisk,gnupg,hdparm,htop,
               iptables,iputils-ping,ipvsadm,libseccomp2,lm-sensors,net-tools,nfs-common,
               nvme-cli,open-iscsi,parted,psmisc,python3,python3-apt,python3-kubernetes,python3-yaml,
-              smartmontools,socat,software-properties-common,unzip,util-linux
+              smartmontools,socat,software-properties-common,unzip,util-linux,unattended-upgrades
             install_recommends: false
 
     - name: Network Configuration
@@ -104,6 +104,17 @@
               fs.inotify.max_queued_events: 65536
               fs.inotify.max_user_watches: 524288
               fs.inotify.max_user_instances: 8192
+        - name: Enable and configure automatic upgrades
+          ansible.builtin.copy:
+            content: |
+              APT::Periodic::Update-Package-Lists "1";
+              APT::Periodic::Download-Upgradeable-Packages "1";
+              APT::Periodic::AutocleanInterval "7";
+              APT::Periodic::Unattended-Upgrade "1";
+            dest: /etc/apt/apt.conf.d/20auto-upgrades
+            owner: root
+            group: root
+            mode: '0644'
 
   handlers:
     - name: Reboot

kubernetes/apps/kube-system/kured/app/helmrelease.yaml

@@ -0,0 +1,56 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: kured
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: kured
+      version: 5.3.2
+      sourceRef:
+        kind: HelmRepository
+        name: kubereboot
+        namespace: flux-system
+      interval: 10m
+  install:
+    timeout: 10m
+    replace: true
+    crds: CreateReplace
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      remediateLastFailure: true
+      retries: 3
+      strategy: rollback
+    cleanupOnFail: true
+    crds: CreateReplace
+  test:
+    enable: true
+  rollback:
+    recreate: true
+    force: true
+    cleanupOnFail: true
+  uninstall:
+    keepHistory: false
+  maxHistory: 3
+  values:
+    service:
+      create: true
+    metrics:
+      create: true
+    timeZone: "America/Denver"
+    startTime: "4:00"
+    endTime: "10:00"
+    messageTemplateDrain: "⏳ Draining node %s"
+    messageTemplateReboot: "♻️ Rebooted node %s"
+    extraEnvVars:
+      - name: notifyUrl
+        valueFrom:
+          secretKeyRef:
+            name: kured-discord-webhook
+            key: secret_key

kubernetes/apps/kube-system/kured/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ./secret.sops.yaml

kubernetes/apps/kube-system/kured/app/secret.sops.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: kured-discord-webhook
+type: Opaque
+data:
+    secret_key: ENC[AES256_GCM,data:nERHBcYf861xGAgcODlvcdolhSJSvdCWeRnXUNg4RveUX2CiaEPF7nkDduN749CmCumFg5n5ngNL1DJjYfALgZKpmtByr9s/pQIFauzcvh2hSFsarPzcO2Wm6eItqLNZ9CIu6sPhsXgCC8mak7VWDYzWU8LOC20IQvvSZ0e/EZzRADXisEBk8Uj9fTPXcPm8eJllo8SRlfuBlBxeidJVD6LNPi4=,iv:SFfWRC6ZAspoo9QZ8oks6L3K4lg60HDx9twpQNC+l9U=,tag:UPL0ddLj5EuDhZd7EUIsxw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12rzrdtn8xhd89y23qw4kymxftuylqn5cm522jcn327atent4a40swjcgmj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWGVLNmRnN2xLditrQ3dl
+            Tyt4N3Q1MkxlKzRZSUVyM09IVmNMOTB3VXpBCnZoVEF2U1BIckpmSmFHdXFjSi85
+            Uk9TQXpBZmgyZ01LY2pLMG1WdWw5MFUKLS0tIEJmL21KNnhZbFBkTW5DbC9OZ3ho
+            Z2lmenN4SEhOU1ovZVd5ME40R3BDS2MKtjf8W7pYsws153PbL91RxmaoCEPXEzpX
+            RNzlTc8zgjB61ST8v/Y8SFz1N0oDijFiQs0zh7pPiNpKs/nDzwNN4Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-03-04T23:40:47Z"
+    mac: ENC[AES256_GCM,data:ugQp13VDr6cVsZh/Pwn8dELp1pK3Y0wc9BopCv42TWlNrKp9RD6qrUKtuVh365AGMi+mYeA/JDMiaIe20lSlRxbJRAA0tfq4PDBPkdg594LT5CZpW+IYyUJtHqaWGwOVPWT7G8HPbf/McH802d0rUGptVyyQhYbsDGPnqBwlnBo=,iv:/FM+C+/5WL7YjhPFv6HlOGxQUfDuPEw5mZeDjkqxU44=,tag:WfTn3kkcD7Cx9JC0uNn7eg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

kubernetes/apps/kube-system/kured/ks.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app kured
+  namespace: flux-system
+spec:
+  targetNamespace: kube-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/kube-system/kured/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 5m30s
+  timeout: 5m

kubernetes/apps/kube-system/kustomization.yaml

@@ -10,3 +10,4 @@ resources:
   - ./system-upgrade-controller/ks.yaml
   - ./node-feature-discovery/ks.yaml
   - ./intel-device-plugin/ks.yaml
+  - ./kured/ks.yaml

kubernetes/flux/repositories/helm/weaveworks-kured.yaml → kubernetes/flux/repositories/helm/kubereboot.yaml

@@ -2,9 +2,8 @@
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
-  name: weaveworks-kured-charts
+  name: kubereboot
   namespace: flux-system
 spec:
   interval: 1h
-  url: https://kubereboot.github.io/charts
-  timeout: 3m
+  url: https://kubereboot.github.io/charts

kubernetes/flux/repositories/helm/kustomization.yaml

@@ -16,6 +16,7 @@ resources:
   - ./jetstack.yaml
   - ./k8s-gateway.yaml
   - ./kubernetes-dashboard.yaml
+  - ./kubereboot.yaml
   - ./metrics-server.yaml
   - ./node-feature-discovery.yaml
   - ./openebs.yaml