docs/master/README.md:39-41.
Source repository
The supervisor systemd unit and the manager-only maintenance loops.
The unit
The unit isType=notify with a 30-second watchdog and runs the master supervisor
command against the manager config:
docs/master/README.md:50-54.
It is installed from deploy/swarm/platform-supervisor.service and enabled with
systemd.
Source: docs/master/README.md:41-47; README.md:179.
The loops
The supervisor loops run on the manager only:| Loop | Responsibility |
|---|---|
| broker-health | Watch broker health |
| timeout-reaper | Reap jobs that exceed their timeout |
| image-updater | Roll control-plane services when a mutable image tag moves |
| challenge-image-updater | Roll challenge services when their image tag moves |
| config-sync | Keep service config in sync |
| self-update | Update the supervisor itself |
docs/master/README.md:56; README.md:179.
Timeout reaper
The timeout-reaper is the manager-only backstop for broker cleanup: it independently reaps jobs that exceed their timeout, so a crashed or unreachable challenge cannot leak long-running services even if the broker’s own cleanup path does not run. Source:docs/security.md:45.
Image updaters
The image updaters resolve the public container-registry tag digest and roll the Swarm services totag@sha256:<digest> only when a mutable tag actually moves. No
registry pull secret is required for public packages.
Source: docs/master/README.md:56; README.md:184.
Related
Master node
The manager node the supervisor runs on.
Broker
The job dispatch the timeout-reaper backstops.
Sources
Citations reference thebase repository pinned at SHA
e33109bfa4f5054928c3b4d429be9cf35d36b166 (see SOURCES.md).