add zincati section for airlock check

k8s/butane.yml

@@ -8,7 +8,7 @@ passwd:
 
 storage:
   files:
-    # 1. Load required kernel modules for Kubernetes/CRI-O
+    # Load required kernel modules for Kubernetes/CRI-O
     - path: /etc/modules-load.d/k8s.conf
       mode: 0644
       contents:
@@ -16,7 +16,7 @@ storage:
           overlay
           br_netfilter
 
-    # 2. Configure Sysctl for networking
+    # Configure Sysctl for networking
     - path: /etc/sysctl.d/k8s.conf
       mode: 0644
       contents:
@@ -24,14 +24,23 @@ storage:
           net.bridge.bridge-nf-call-iptables  = 1
           net.bridge.bridge-nf-call-ip6tables = 1
           net.ipv4.ip_forward                 = 1
+          
+    # Configure zincati to check airlock before rebooting after update
+    - path: /etc/zincati/config.d/50-strategy-fleetlock.toml
+      contents:
+      inline: |
+        [updates]
+        strategy = "fleetlock"
+        [updates.fleetlock]
+        base_url = "http://airlock.example.com/v1/pre-reboot"
 
 systemd:
   units:
-    # 3. Ensure CRI-O (Container Runtime) is enabled and started
+    # Ensure CRI-O (Container Runtime) is enabled and started
     - name: crio.service
       enabled: true
 
-    # 4. Kubelet Service definition
+    # Kubelet Service definition
     - name: kubelet.service
       enabled: true
       contents: |