{"id":15292907,"url":"https://github.com/poseidon/fleetlock","last_synced_at":"2025-04-06T18:17:11.762Z","repository":{"id":37051759,"uuid":"289785582","full_name":"poseidon/fleetlock","owner":"poseidon","description":"Reboot coordinator for Fedora CoreOS nodes using the Zincati FleetLock protocol","archived":false,"fork":false,"pushed_at":"2025-03-25T03:02:35.000Z","size":4415,"stargazers_count":81,"open_issues_count":1,"forks_count":15,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-30T17:09:28.224Z","etag":null,"topics":["fedora-coreos","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/poseidon.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["poseidon","dghubble"]}},"created_at":"2020-08-23T23:47:27.000Z","updated_at":"2025-03-25T03:02:38.000Z","dependencies_parsed_at":"2023-02-17T15:01:02.057Z","dependency_job_id":"a294ce70-ef8b-4c1f-9182-6f498c00118d","html_url":"https://github.com/poseidon/fleetlock","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poseidon%2Ffleetlock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poseidon%2Ffleetlock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poseidon%2Ffleetlock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poseidon%2Ffleetlock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/poseidon","download_url":"https://codeload.github.com/poseidon/fleetlock/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247526768,"owners_count":20953143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fedora-coreos","kubernetes"],"created_at":"2024-09-30T16:31:37.917Z","updated_at":"2025-04-06T18:17:11.725Z","avatar_url":"https://github.com/poseidon.png","language":"Go","funding_links":["https://github.com/sponsors/poseidon","https://github.com/sponsors/dghubble"],"categories":[],"sub_categories":[],"readme":"# fleetlock\n[![GoDoc](https://pkg.go.dev/badge/github.com/poseidon/fleetlock.svg)](https://pkg.go.dev/github.com/poseidon/fleetlock)\n[![Quay](https://img.shields.io/badge/container-quay-green)](https://quay.io/repository/poseidon/fleetlock)\n[![Workflow](https://github.com/poseidon/fleetlock/actions/workflows/build.yaml/badge.svg)](https://github.com/poseidon/fleetlock/actions/workflows/build.yaml?query=branch%3Amain)\n[![Sponsors](https://img.shields.io/github/sponsors/poseidon?logo=github)](https://github.com/sponsors/poseidon)\n[![Mastodon](https://img.shields.io/badge/follow-news-6364ff?logo=mastodon)](https://fosstodon.org/@poseidon)\n\n`fleetlock` is a reboot coordinator for Fedora CoreOS nodes in Kubernetes clusters. It implements the [FleetLock](https://coreos.github.io/zincati/development/fleetlock/protocol/) protocol for use as a [Zincati](https://github.com/coreos/zincati) lock [strategy](https://github.com/coreos/zincati/blob/master/docs/usage/updates-strategy.md) backend.\n\n## Usage\n\nZincati runs on-host (`zincati.service`). Declare a Zincati `fleet_lock` strategy when provisioning Fedora CoreOS nodes. Set `base_url` for host nodes to access the in-cluster `fleetlock` Service (e.g. known ClusterIP).\n\n```yaml\nvariant: fcos\nversion: 1.4.0\nstorage:\n  files:\n    - path: /etc/zincati/config.d/55-update-strategy.toml\n      contents:\n        inline: |\n          [updates]\n          strategy = \"fleet_lock\"\n          [updates.fleet_lock]\n          base_url = \"http://10.3.0.15/\"\n```\n\nApply the `fleetlock` Deployment, Service (with ClusterIP), and ServiceAccount.\n\n```\nkubectl apply -f examples/k8s\n```\n\nInspect the fleetlock Lease object.\n\n```\n$ kubectl get leases -n default\nNAME                HOLDER                             AGE\nfleetlock-default   049ad0f57ade4723a48692b7b692c318   4m50s\n```\n\n### Configuration\n\nConfigure the server via flags.\n\n| flag       | description  | default      |\n|------------|--------------|--------------|\n| -address   | HTTP listen address | 0.0.0.0:8080 |\n| -log-level | Logger level | info |\n| -version   | Show version | NA   |\n| -help      | Show help    | NA   |\n\nOr via environment variables.\n\n| variable   | description            | default   |\n|------------|------------------------|-----------|\n| NAMESPACE  | Kubernetes Namespace   | \"default\" |\n| KUBECONFIG | Development Kubeconfig | NA        |\n\n### Typhoon\n\nFor Typhoon clusters, add the Zincati config a [snippet](https://typhoon.psdn.io/advanced/customization/#fedora-coreos).\n\n```tf\nmodule \"nemo\" {\n  ...\n  controller_snippets = [\n    file(\"./snippets/zincati-strategy.yaml\"),\n  ]\n  worker_snippets = [\n    file(\"./snippets/zincati-strategy.yaml\"),\n  ]\n}\n```\n\n## Manual Intervention\n\n`fleetlock` coordinates OS auto-updates to avoid concurrent node updates or a potential bad auto-update continuing. Zincati obtains a reboot lease lock before finalization (i.e reboot).\n\nIf an auto-update fails, the lease continues to be held by design. An admin should investigate the node failure and decide whether it is safe to remove the lease.\n\n```\n$ kubectl get leases\n$ kubectl delete lease fleetlock-default\n```\n\n## Metrics\n\n`fleetlock` serves Prometheus `/metrics` from Go, process, and custom collectors.\n\n| name                 | description                                         |\n|----------------------|-----------------------------------------------------|\n| fleetlock_lock_state | State of the fleetlock lease (0 unlocked, 1 locked) |\n| fleetlock_lock_transition_count | Number of fleetlock lease transitions    |\n| fleetlock_lock_request_count   | Number of lock requests   |\n| fleetlock_unlock_request_count | Number of unlock requests |\n\n## Development\n\nTo develop locally, build and run the executable.\n\n### Static Binary\n\nBuild the static binary.\n\n```\nmake build\n```\n\n### Container Image\n\nBuild the container image.\n\n```\nmake image\n```\n\n### Run\n\nRun the executable.\n\n```\nexport KUBECONFIG=some-dev-kubeconfig\n./bin/fleetlock\n```\n\nUse curl to emulate a Zincati FleetLock client.\n\n```json\n{\n  \"client_params\": {\n    \"id\": \"c988d2509fdf5cdcbed39037c56406fb\",\n    \"group\": \"default\"\n  }\n}\n```\n\nRequest a reboot lock.\n\n\n```\ncurl -H \"fleet-lock-protocol: true\" -d @examples/body.json http://127.0.0.1:8080/v1/pre-reboot\n```\n\nRelease a reboot lock.\n\n```\ncurl -H \"fleet-lock-protocol: true\" -d @examples/body.json http://127.0.0.1:8080/v1/steady-state\n```\n\n## Related\n\n* [Zincati Guide](https://docs.fedoraproject.org/en-US/fedora-coreos/auto-updates/)\n* [Zincati Docs](https://github.com/coreos/zincati/blob/master/docs/usage/updates-strategy.md)\n* [FleetLock Protocol](https://coreos.github.io/zincati/development/fleetlock/protocol/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fposeidon%2Ffleetlock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fposeidon%2Ffleetlock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fposeidon%2Ffleetlock/lists"}