From dd0e4978d31298a75a9cda04b0284dcb17f0a5e8 Mon Sep 17 00:00:00 2001 From: Harrison Affel Date: Tue, 14 Feb 2023 11:48:38 -0500 Subject: [PATCH 1/4] make remove v101.1.0+up0.4.0 --- ...tem-upgrade-controller-101.1.0+up0.4.0.tgz | Bin 2138 -> 0 bytes .../101.1.0+up0.4.0/Chart.yaml | 18 ----- .../101.1.0+up0.4.0/templates/_helpers.tpl | 9 --- .../templates/clusterrolebinding.yaml | 12 --- .../101.1.0+up0.4.0/templates/configmap.yaml | 16 ---- .../101.1.0+up0.4.0/templates/deployment.yaml | 69 ------------------ .../101.1.0+up0.4.0/templates/psp.yaml | 51 ------------- .../templates/serviceaccount.yaml | 5 -- .../101.1.0+up0.4.0/values.yaml | 15 ---- index.yaml | 22 ------ 10 files changed, 217 deletions(-) delete mode 100644 assets/system-upgrade-controller/system-upgrade-controller-101.1.0+up0.4.0.tgz delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/Chart.yaml delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/templates/_helpers.tpl delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/templates/clusterrolebinding.yaml delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/templates/configmap.yaml delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/templates/deployment.yaml delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/templates/psp.yaml delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/templates/serviceaccount.yaml delete mode 100644 charts/system-upgrade-controller/101.1.0+up0.4.0/values.yaml diff --git a/assets/system-upgrade-controller/system-upgrade-controller-101.1.0+up0.4.0.tgz b/assets/system-upgrade-controller/system-upgrade-controller-101.1.0+up0.4.0.tgz deleted file mode 100644 index 42badb0e95b6e5e55280b5172e0fda1213062e1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2138 zcmV-g2&MNQiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@-Z{j!>pP%zrSe#BH?Oj3wOqq>tPohA(>{5z=RvMj7$RrQ& z)v>*{!wlE$|9;9hAT)d_Gt=I#c)tM2vp>)F`|5{UDh+`dikZYdm>y?Za!Ns#n{zC+ zwZs8^_myPZwtZ2n#hbU=d#SKx#52;JZj-=FLGCvdxL_19MSH%MeP1 zEDzxX%mqkAICIhafBu9V%lT;8rj7oA9IJ8>eSKdzl;HrBz#h0Ld1xkjTgc3nizs2? zm%_IKWI(hsS6qMpOqkC1SkqD*W3eb8gq&W)k1EgSx!U8A?g^x9;=q2MmC}Yke zf#zBZ<(A7cqUYhn@_3M~ww%i9MIJzvCzMahJ}k^d#j2OnhuOwFR8_VnX+$S{zjeUr zsUF${#Y5?Vat-r)2(~&t$962ovi}we+p1Z%@z&<|=Cs@YFE9;3eTx8a!2jFTi)a4- z!mghE|7*~U@(HG?>(>;bZz#3X7EEzS^#Eo>X}NS!sT98zN+fIu0mBm-#fHf38%8qj zE>WiDN|z#T65v@ny9B`%(L9=R%d!hRLo`C;+1eS#ZpPE}h*?w4jX4~vQnjjQyU%F1 z{c8vWjRHq`JO?U3Docx#T){#6uiJV1uh{i!fV;lu*!10Y3%N zws>=J(GTUPC&PGrG?5Qe!T^;Ll^OeqcNojmJ(Q67^b|9aDYEX9=#jXWEGa5!8TwGXu| z`>#6n4`=&-4caU|raHsFYba#sgu#i<*fl3^;|$L=}txH1@H^ zQ4~(H{5@%Yq(cLkM!Z;%Yso{g2iHL88SDxr)k+il0bzy;C;tIY$3?7}jv9ho5Dyxj z$3v#$B;ZgPlJOK4n{Rzq--C{_f6k_47GQB=F>t{CE0MA1?cb@?YG?a@4cfYVNX;!i z@Ea@&jC-fTn2DMgdkiR>Y4~Y4YTu0S`qzU-t37Vs_C|x-Znr%cx7wF?*DiW|TqOWI zN{SXt!WsG^kLXv?=IWTQ8$5)Au~6%Coi?o)6<4++-Gp;K1Ua}rWkCId(J}Gg z2SNEV0Cr+K=s^6hRV&Zpf9=9P$N$%$&G?UnQ0r8`wL0~eWC8oazY^d@Qz)R|X)cp{ zy8vr%-o+E3D!Wxor`_yAt?v@|VrNR5PQ4*_L^OwTG7kC+V&H*NST2#~2roGCkuNb} z$?a*n&WP}IN*K}0H7MggG@d<0NWyO+k>IyNN!V=Y&A|_2Pda0K^|<{7yfAJ9ZH!Fj z9HzTE0vV|M>!>7(x4HdANKh*4_HC1i9$@LBQWW|m0}U$arrHC@wZAhWr4kz?DhwZs5N1@)V(O>-JSG)TF<48Xi9+kg|epa`dH81RSd8a=l`$w`<(v!f1e=ou-|BY zN4Zzwbc27vX&Aswr2VRRmqB}`QgquzL?e><%b>mTHb*vE2V&32_1i>_0*iVMKj$hL zpPN|hmPIcGxTr;B9MzW3Ao4OoAoQ|Dq>CQUm-{cEWAcBYPQCd{=+OP2UE99@x9$4H zIsbnR+S{*-4nFPhN1&wVOez1ox-4lc z4^y1{^C|w5LCOGr6AL^clxUK9AQLqk{qgYAaC~`tJ2Dcd(*ymP%ZJtI*b#MFx!;|B zbM;%Su4z_}WXKxoPC;6+$dH1I2GPR?TgC-Vm$2~5uD78O6rw^3)41cIb}&v=(hwa#tu}L?WdPmaKWRa{Xqi5$RtslD~6Bnb`)%{xmBal$+95 zsXoQC6G$?^1<1(;Td3eGx8jsuR= 1.18.0-0 < 1.26.0-0' - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: system-upgrade-controller -apiVersion: v1 -appVersion: v0.10.0 -description: General purpose controller to make system level updates to nodes -home: https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader -kubeVersion: '>= 1.16.0-0' -name: system-upgrade-controller -sources: -- https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader -version: 101.1.0+up0.4.0 diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/_helpers.tpl b/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/_helpers.tpl deleted file mode 100644 index 67a534eb7..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/_helpers.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/clusterrolebinding.yaml b/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/clusterrolebinding.yaml deleted file mode 100644 index f2a09949d..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system-upgrade-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: system-upgrade-controller - namespace: cattle-system diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/configmap.yaml b/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/configmap.yaml deleted file mode 100644 index 7619c3974..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: system-upgrade-controller-config - namespace: cattle-system -data: - SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }} - SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }} - SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }} - SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }} - SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }} - SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} - SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }} - SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }} - SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }} - diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/deployment.yaml b/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/deployment.yaml deleted file mode 100644 index cfc27992e..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: system-upgrade-controller - namespace: cattle-system -spec: - selector: - matchLabels: - upgrade.cattle.io/controller: system-upgrade-controller - template: - metadata: - labels: - upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "kubernetes.io/os" - operator: NotIn - values: - - windows - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: In - values: - - "true" - weight: 100 - - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "true" - weight: 100 - tolerations: - - operator: Exists - serviceAccountName: system-upgrade-controller - containers: - - name: system-upgrade-controller - image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }} - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: system-upgrade-controller-config - env: - - name: SYSTEM_UPGRADE_CONTROLLER_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['upgrade.cattle.io/controller'] - - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: etc-ssl - mountPath: /etc/ssl - - name: tmp - mountPath: /tmp - volumes: - - name: etc-ssl - hostPath: - path: /etc/ssl - type: Directory - - name: tmp - emptyDir: {} diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/psp.yaml b/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/psp.yaml deleted file mode 100644 index ca87b996c..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/psp.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: system-upgrade-controller -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - CAP_SYS_BOOT - hostNetwork: true - hostPID: true - hostIPC: true - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system-upgrade-controller-psp -rules: - - apiGroups: - - policy - resourceNames: - - system-upgrade-controller - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system-upgrade-controller-psp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system-upgrade-controller-psp -subjects: - - kind: Group - apiGroup: rbac.authorization.k8s.io - name: system:serviceaccounts:cattle-system -{{- end }} diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/serviceaccount.yaml b/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/serviceaccount.yaml deleted file mode 100644 index b6cdcf48b..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: system-upgrade-controller - namespace: cattle-system diff --git a/charts/system-upgrade-controller/101.1.0+up0.4.0/values.yaml b/charts/system-upgrade-controller/101.1.0+up0.4.0/values.yaml deleted file mode 100644 index f6cd03da9..000000000 --- a/charts/system-upgrade-controller/101.1.0+up0.4.0/values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -global: - cattle: - systemDefaultRegistry: "" - psp: - enabled: true - -systemUpgradeController: - image: - repository: rancher/system-upgrade-controller - tag: v0.10.0 - -kubectl: - image: - repository: rancher/kubectl - tag: v1.23.3 diff --git a/index.yaml b/index.yaml index bb0234c30..ccf27a1f1 100755 --- a/index.yaml +++ b/index.yaml @@ -12646,28 +12646,6 @@ entries: - assets/sriov-crd/sriov-crd-100.0.0+up0.1.0.tgz version: 100.0.0+up0.1.0 system-upgrade-controller: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.26.0-0' - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: system-upgrade-controller - apiVersion: v1 - appVersion: v0.10.0 - created: "2023-02-10T10:22:39.333482-05:00" - description: General purpose controller to make system level updates to nodes - digest: 513cf38eacf00a600d71457b13eb0068676dea5a0c7615a5de3f6b47da704ef7 - home: https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader - kubeVersion: '>= 1.16.0-0' - name: system-upgrade-controller - sources: - - https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader - urls: - - assets/system-upgrade-controller/system-upgrade-controller-101.1.0+up0.4.0.tgz - version: 101.1.0+up0.4.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" From e23873b8d150ca5021a8aa2dcbe83af02dc3bf94 Mon Sep 17 00:00:00 2001 From: Harrison Affel Date: Tue, 14 Feb 2023 11:48:55 -0500 Subject: [PATCH 2/4] bump SUC major version --- packages/system-upgrade-controller/package.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/system-upgrade-controller/package.yaml b/packages/system-upgrade-controller/package.yaml index c7cdd4cec..2ad7de009 100644 --- a/packages/system-upgrade-controller/package.yaml +++ b/packages/system-upgrade-controller/package.yaml @@ -1,4 +1,4 @@ url: https://github.com/rancher/system-charts.git subdirectory: charts/rancher-k3s-upgrader/0.4.0 commit: f89e0e0885e8e069ca21c72759dbd8b27ec44960 -version: 101.1.0 +version: 102.0.0 From 5dd7f8da0125e3a7ef56f320830d95baa43b5adc Mon Sep 17 00:00:00 2001 From: Harrison Affel Date: Tue, 14 Feb 2023 11:49:17 -0500 Subject: [PATCH 3/4] make charts --- ...tem-upgrade-controller-102.0.0+up0.4.0.tgz | Bin 0 -> 2136 bytes .../102.0.0+up0.4.0/Chart.yaml | 18 +++++ .../102.0.0+up0.4.0/templates/_helpers.tpl | 9 +++ .../templates/clusterrolebinding.yaml | 12 +++ .../102.0.0+up0.4.0/templates/configmap.yaml | 16 ++++ .../102.0.0+up0.4.0/templates/deployment.yaml | 69 ++++++++++++++++++ .../102.0.0+up0.4.0/templates/psp.yaml | 51 +++++++++++++ .../templates/serviceaccount.yaml | 5 ++ .../102.0.0+up0.4.0/values.yaml | 15 ++++ index.yaml | 22 ++++++ 10 files changed, 217 insertions(+) create mode 100644 assets/system-upgrade-controller/system-upgrade-controller-102.0.0+up0.4.0.tgz create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/Chart.yaml create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/templates/_helpers.tpl create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/templates/clusterrolebinding.yaml create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/templates/configmap.yaml create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/templates/deployment.yaml create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/templates/psp.yaml create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/templates/serviceaccount.yaml create mode 100644 charts/system-upgrade-controller/102.0.0+up0.4.0/values.yaml diff --git a/assets/system-upgrade-controller/system-upgrade-controller-102.0.0+up0.4.0.tgz b/assets/system-upgrade-controller/system-upgrade-controller-102.0.0+up0.4.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f63695c8be18d9129dd60d2904dfe54b349a8c73 GIT binary patch literal 2136 zcmV-e2&eZSiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@-Z{j!>pP%zrSe#BH?Oj5Ew#-JiCsCkXb}2eyb}Vaj#;zn}6A2n~TUGwtn)_Y06b`}1tSuYRbd(%_qcm`Ut`>2jterxawlImc34 zOYGARUrDxY+ZShN(Whgw41`>)G37JM#adIa2rs)JHJK9d93(Mw=OA<0=EU=WIjE#%0Hs`( zhhPHc0;D3GIq2g*e?k?j^2xGI8~p=Stm;Mh^<(Z(hJ8>1yWpVsp&9FKE;CmSqJ#yH zxo-tXpJ-*Sxc>fyFpqyxx!lQ;vtn1RdLnhz`m|eU2^6pbGZfxII}Odig50OmFDeEW zV*S&$Dz;@C9w=85p`(Y_z(8V(L?8uMfYwtX&5@5EAOS-Z7C=!TJgh;5FB$hh8FL;A zG}l@vr(B*9Jr5?9%l&k<Ai^9!M9IW0>DVu+{NZ?5bs3_TK_wTW6MSytnziJMH%W3rqu0-y#6)@&9)1;)VY| zuV0+}|69(>;*Zz!?T7EEzK^#Eo>X}NSzsT92xO2ljk0mBm-#)i=C8%8|t zE>@=IN|!=z;^SE|y9B`%(L9`T%d&GkLpVa?+1eRKZpPL0fLRmHjX5e-wPw{$cAwI2 z``6$L8U~K?cn(y6RF)P;xq`j+U$?XNU$yJi^OOC*1wB2Le?SZ3J4k^>Q$j&61^ncP z+v3i_K|hqApAF;b$wVGZ2?JD$Rc7qP-eD{g_fSIS^K-;VrpUUFqetvs(xfQYt*nL# zNtm9Z(qC1%bkqbu6|8=g*75-JUVMM=egA)!}7PMJ>$O(2W9OyZh^nTc1?=IWTQ8$KUJ*vr z{8jqY?>2hj`F1v5+yY7g!k-QAddirIiuO4zK!G{^;}n{btLKLhut45)uFIwbyk zAShq@z>aJO?TP-SAbpj69hOAVHn$&z1f|k$-!_@(0hSIbg`rO}(4gXeS}BJYAud4T@EB2#>kiB1 ziJJ&{STWwZ_m+~7Fa>$kKA6d1U@mM!?q7bg_;4%DuuQeGyO12eDJW);v!3;C6*R(na#C>Dz^PrOZ0JAP`}ICG^Zg%R%~+vxcx|!PW41(3j5vxH9d;Dq?j;} z8Gu9X17eCh4aa4iJ1UEP8EEmaRYsbTaGhj3Xfw6m-~+a}lHAXpmx&uw@_(U@z4?o2-~FF`wtfF^+x5yR z|9=ZA?AL_{pLF=cP_tPph$zOC7nKQUoR$oI?hU~WB+<(_2ED3sNYiFaDgUy%ENLqj zQyl;EDf*K^!T??q3p^o|Xp(v$6Ez$C@$mC-e0h62GGeFG1O0`|ht=rF5p`Ob-<^JQ z^;@j2X;zP9z#8gKK~k~EfP#Yt;ll=7Mg>imu;6jm+dv2kVIhTS)bUU|7^f<3h~&S` z_*xT{ekd8HX&T2ja9(w}E0i!ok&*^W+Pqo0elyXC%aG2>WNNtq7$8HgZ>u) O0RR6x+u)4=HUI#vDm4@U literal 0 HcmV?d00001 diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/Chart.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/Chart.yaml new file mode 100644 index 000000000..acdf5a1a8 --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.26.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: system-upgrade-controller +apiVersion: v1 +appVersion: v0.10.0 +description: General purpose controller to make system level updates to nodes +home: https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader +kubeVersion: '>= 1.16.0-0' +name: system-upgrade-controller +sources: +- https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader +version: 102.0.0+up0.4.0 diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/_helpers.tpl b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/_helpers.tpl new file mode 100644 index 000000000..67a534eb7 --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/clusterrolebinding.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f2a09949d --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: system-upgrade-controller + namespace: cattle-system diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/configmap.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/configmap.yaml new file mode 100644 index 000000000..7619c3974 --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: system-upgrade-controller-config + namespace: cattle-system +data: + SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }} + SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }} + SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }} + SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }} + SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }} + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} + SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }} + SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }} + SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }} + diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/deployment.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/deployment.yaml new file mode 100644 index 000000000..cfc27992e --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-upgrade-controller + namespace: cattle-system +spec: + selector: + matchLabels: + upgrade.cattle.io/controller: system-upgrade-controller + template: + metadata: + labels: + upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/os" + operator: NotIn + values: + - windows + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + weight: 100 + - preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" + weight: 100 + tolerations: + - operator: Exists + serviceAccountName: system-upgrade-controller + containers: + - name: system-upgrade-controller + image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }} + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: system-upgrade-controller-config + env: + - name: SYSTEM_UPGRADE_CONTROLLER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['upgrade.cattle.io/controller'] + - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: etc-ssl + mountPath: /etc/ssl + - name: tmp + mountPath: /tmp + volumes: + - name: etc-ssl + hostPath: + path: /etc/ssl + type: Directory + - name: tmp + emptyDir: {} diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/psp.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/psp.yaml new file mode 100644 index 000000000..ca87b996c --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.cattle.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: system-upgrade-controller +spec: + allowPrivilegeEscalation: true + allowedCapabilities: + - CAP_SYS_BOOT + hostNetwork: true + hostPID: true + hostIPC: true + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system-upgrade-controller-psp +rules: + - apiGroups: + - policy + resourceNames: + - system-upgrade-controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-controller-psp +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system-upgrade-controller-psp +subjects: + - kind: Group + apiGroup: rbac.authorization.k8s.io + name: system:serviceaccounts:cattle-system +{{- end }} diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/serviceaccount.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..b6cdcf48b --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: system-upgrade-controller + namespace: cattle-system diff --git a/charts/system-upgrade-controller/102.0.0+up0.4.0/values.yaml b/charts/system-upgrade-controller/102.0.0+up0.4.0/values.yaml new file mode 100644 index 000000000..f6cd03da9 --- /dev/null +++ b/charts/system-upgrade-controller/102.0.0+up0.4.0/values.yaml @@ -0,0 +1,15 @@ +global: + cattle: + systemDefaultRegistry: "" + psp: + enabled: true + +systemUpgradeController: + image: + repository: rancher/system-upgrade-controller + tag: v0.10.0 + +kubectl: + image: + repository: rancher/kubectl + tag: v1.23.3 diff --git a/index.yaml b/index.yaml index ccf27a1f1..445140dc8 100755 --- a/index.yaml +++ b/index.yaml @@ -12646,6 +12646,28 @@ entries: - assets/sriov-crd/sriov-crd-100.0.0+up0.1.0.tgz version: 100.0.0+up0.1.0 system-upgrade-controller: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.26.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: system-upgrade-controller + apiVersion: v1 + appVersion: v0.10.0 + created: "2023-02-14T11:49:05.073462-05:00" + description: General purpose controller to make system level updates to nodes + digest: e4a6f3ae7b7211660f92f4c5d331c94f3387e861056a12f648a19ab00e1c5375 + home: https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader + kubeVersion: '>= 1.16.0-0' + name: system-upgrade-controller + sources: + - https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader + urls: + - assets/system-upgrade-controller/system-upgrade-controller-102.0.0+up0.4.0.tgz + version: 102.0.0+up0.4.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" From 161d875b185487a3b57cfdf41f2f9ad514d8ba7f Mon Sep 17 00:00:00 2001 From: Harrison Affel Date: Tue, 14 Feb 2023 12:40:24 -0500 Subject: [PATCH 4/4] update release.yaml --- release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release.yaml b/release.yaml index a36647fea..fa9bc2a09 100644 --- a/release.yaml +++ b/release.yaml @@ -77,7 +77,7 @@ sriov-crd: - 101.0.2+up0.1.0 - 101.0.3+up0.1.0 system-upgrade-controller: -- 101.1.0+up0.4.0 +- 102.0.0+up0.4.0 ui-plugin-operator: - 102.0.0+up0.2.0-rc1 ui-plugin-operator-crd: