kfox1111

Its also unclear how prometheus metrics can be made to work in this configuration.

https://github.com/open-policy-agent/opa/issues/1975 filed for unix socket peercred support.

Alternate proposal. You could write a CSI Ephemeral driver (https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/20190122-csi-inline-volumes.md). We're still on track I think to have it beta in 1.16. The user facing api would then be something...

Or the api's flexible enough to even support both. if volumeAttributes.key set, use that. if volumeAttributes secretName and secretKey, pull the key out of the secret.

https://github.com/helm/helm/pull/7649. The annotations/labels it mentions could potentially be used to let helm adopt it. Though I've never tried to use it that way.

So, are you asking as: * a developer of said static manifests / helm charts, in order to make transitioning from one type of deployment to the other for your...

So, you created a chart, then did something like helm template then took the result and loaded it in as a static manifest into production. Then now you want to...

The farther apart the objects are that were statically loaded into the cluster and what is in the helm chart, the harder to do safely/more risky it will be. ideally...

What about a yum plugin that called 'locksmithctl send-need-reboot' on any change? It may reboot more then needed, but could work? Alternately, could you just buypass the locksmith and label...

Do you see the logic around picking nodes, draining, rebooting, and uncordoning as being distro specific? I could see the node agent being specific. Does the reboot manager pay attention...