From c9f6b3dc3c440f135a0e9f3dd4b8f9c7072ac77b Mon Sep 17 00:00:00 2001
From: Harrison Affel <harrisonaffel@gmail.com>
Date: Mon, 23 May 2022 13:36:45 -0400
Subject: [PATCH] make charts

---
 ...tem-upgrade-controller-100.0.3+up0.3.2.tgz | Bin 0 -> 2108 bytes
 .../100.0.3+up0.3.2/Chart.yaml                |  18 +++++
 .../100.0.3+up0.3.2/templates/_helpers.tpl    |   9 +++
 .../templates/clusterrolebinding.yaml         |  12 +++
 .../100.0.3+up0.3.2/templates/configmap.yaml  |  16 ++++
 .../100.0.3+up0.3.2/templates/deployment.yaml |  71 ++++++++++++++++++
 .../100.0.3+up0.3.2/templates/psp.yaml        |  49 ++++++++++++
 .../templates/serviceaccount.yaml             |   5 ++
 .../100.0.3+up0.3.2/values.yaml               |  13 ++++
 index.yaml                                    |  22 ++++++
 10 files changed, 215 insertions(+)
 create mode 100644 assets/system-upgrade-controller/system-upgrade-controller-100.0.3+up0.3.2.tgz
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/Chart.yaml
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/templates/_helpers.tpl
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/templates/clusterrolebinding.yaml
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/templates/configmap.yaml
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/templates/deployment.yaml
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/templates/psp.yaml
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/templates/serviceaccount.yaml
 create mode 100644 charts/system-upgrade-controller/100.0.3+up0.3.2/values.yaml

diff --git a/assets/system-upgrade-controller/system-upgrade-controller-100.0.3+up0.3.2.tgz b/assets/system-upgrade-controller/system-upgrade-controller-100.0.3+up0.3.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7ef9c2d8d9a74f6cbda73164431a247ecbcbd5f9
GIT binary patch
literal 2108
zcmV-C2*dXuiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI@-Z{j!>pP%zrSe#BH?Oj3ww4IH#CsCkXb}2<bD~(PkWReH?
z>eyb}VTSAWe?R3LBs6?!XQs2e;{DPldG_boeqa4iE2SYYLot`w2h-zBOHL`sYHNX|
zwpKWx@4k?1+qTaejrgx^+uMJg`dQ<h)2KCS7mZru!hUBv=k<Ey9kRa^_!tV6#`2y0
z#aP>m`;!o6jBBh3XUa7Y^03B~&n*vYO~E3(>Vec`M!<KG#LQcOEM;2|-v{QRik2Z%
zN?9JlDVR%;ig4zl_y79Iv78T<ZQAck*%=N%3G9K3l9y(ptEJ3bxrh=LelGngKn6rB
zbItY7PlWmWlPcv-mst=M)vR-?Zel7HxLjNb6tDs_65B;P&C0-n+-DOn9Rmxod9<w$
zmSgy!JV}I(-(3R(i767H6kGw?%!D*Y0e*lK3sG1CMWOJq1{Hl|+y`YWcqGq4YoXj~
zbx!mmoLU|avSn6NQN76ARdq`FwCcmsT-L1fYWgzUk%zj<mL!enIPddY<XFyma-4_u
zK=Dv|pj^ZJ7J{wM&9QCEw(9=~g>BWXn(@7D?T<*i{r?iv5Y*QQ00;cPU9UUa{{QU!
z<p1A<=9Et{O<ljH5dDWz(`~~Hhg1(?PL!4_7gZ{Tk$k#K^rf{{muMUb@I0MBg5Zj1
z9*x?v=MsMqjnH_$_JFZ(@iaYR(v&kdg=5w1ld&I5yX{{?AZQdzs*?p!0a967yvh|E
zwEqjcX#X|)qIR<XH=)PJ>JMm10v9RJXhtaLm4KguXj{Amxaf!K)01I5KAOmf8DW4b
ziONj;#5+u6>K-b{e0qu*$qZTdN%TnEOO_^;x|Q`XAqmqnRQbEAR$es$PzCFU%0?bw
z{<HtT_rCv8=otI=Xs9$u$tg?;^9h^3EGsx<|BdbXuU2=?FHZLV7L+eX<P>`r4)uad
z^1rwyv>raFsJK}=#sgu#i&}{)3^|3%L=}txH1@H^QH)L!|2>(1q(eiPMZ8#$Yso{g
z2iHL88SEM*)k+il0bzy;r~d^{$3?7}jv9en5)Yc5$3v#$6yZ>1lJS%lp5Obdz6Bj+
z|D4UpJiy|W#lQjkuQ?ZITlVkN>gOl>e+$~Wj!4ZdKJXhXN{oA_!kCGg7<&vTn`!iM
zH16C??grPxX1g<K-S)@B+g`6ToU}Wach@d@d|W30JL-)#Ov5?)9i>?as?0D|P(i<=
z-$JedJw5Hk8UH-&G~1(Nkj4uM*jIV1+J2m0ZZ9Xz*0_7$nY262cCXv-Oh%p7ZGRu&
zFMQhcG+9C$uulnt5qO*xaeuV!!^oG-)~~l$SCd}%raRt?cZt0RKAZJOKy(4-$HOSy
zo91<AGPvvYCWG5vxAk!^Qa38%1|g*bPKme5gLP+pt_KnnFnt*I*SpJ3YuroVW5~=+
z?a50m^z@VyE-e|YxU#f1MJ0NAa(A+6Jl`qQVA#Fy_Bz*{_TEhxNU|gp=HTboAK#ZA
zT=#g~%T#F6yc&0gldEpOJNkJq;CS3im8dz>Ag>4`YVjg{8uXg|=zM$K{`I8WA9sfL
z&E9Uz0mW>{DJ5*)Wg6rX(>$DW78KzAk^%KkM#sc|9|YyA0N5+rK?mZ0qtS4-<A3AK
zImQ3CpnUwtLa0ru-(H{kOR|7{;a>^xqA3(m@HCgntzLk&x9H(1P?fwuD4jOnh1y&+
z9?0IK!b0q4$}~I0&n+$@S`g*c!l1t)1|BGd<qBzz@RAcB`4SVhp8BAq2xWT~v(ILP
z5xv^T#<&m7XKxXb@LNbE`0Y><HXnHl@Wa?E&lz98?tBI>jJr&^k;$B+^n}JB16BMS
zl~?hRbv_FTN@bnHZ8FgVtXx!y!l-1RK_z{<N(nDQT!6%pN}xX1T~^AIG$hKf61+`M
zFC!sg2J%(=V5WnCd9V$6c=_q#qpdWflGiHkLVCugpqN3)dN#XJx)u92!rXLVH}na}
ze4*op*jp_zz)^AjUDl>KjUb9*n>palXQFhbC#rBs&_CjS0L4vMOc=-lz%h3V2_-#^
z*JZCes+2?7?EYcv?6x4`CSi9`K26W@0b5>49u&{ZL|#@vrguF>I=Ya|p=={0bL=kg
z`puh;QKDMUrHyDtfcmAfrr!owFWhygu#y<@@Avy+!~6fdLgdk)+4_cZuS0W=f5~YW
zz)ht6s(hD0d!|x!+eJhplKHEkz3MhcHd+T_&&bW!M2-@RdJezfDj8pxSnQTXuLQWL
zO=KL^R?i@cGD0Bqs!gPe9{=)<f@AW3p<a9Qm(YRy-?=#3zW=iw+dk$0Z$bI|U&Ow?
zx^$+XaaINlxIY3fltizRSn#51AWL5{rTo+S0;HonOmXr9rzoOl4B)r0z*9nrCYdKN
zQL8zaj6RMgm$$cLBQgFy=uccetVhQVq1!GzcL%NYvshoftY68HHPxMhv<i_S1s4sY
zmrb^ci<BN=;pbgnLm?<c#Sx})7enn}oT;SAQU0~y^GsCvp<<Y(X}rEE^P&q|p@b2M
zlr~MWhRoUpo2f>mKfXwQwH0MZIgb75PBy48rLR(bif1Q~WMWH@(;Qo<;0w3nHT|h%
zOTJ!@YClj}&nkwCci}kfB9fbCvpC6Sm3y#(b&UTnPWtjtaH#+5oYlAdf30rUPX7Nb
msI>pH)j0i1*FWETsV6$oiB5E)9Q{840RR7v_gCQnGynji9V$2g

literal 0
HcmV?d00001

diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/Chart.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/Chart.yaml
new file mode 100644
index 000000000..ee8161ee2
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>=1.18.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.6.3-alpha'
+  catalog.cattle.io/release-name: system-upgrade-controller
+apiVersion: v1
+appVersion: v0.8.1
+description: General purpose controller to make system level updates to nodes
+home: https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+kubeVersion: '>= 1.16.0-0'
+name: system-upgrade-controller
+sources:
+- https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+version: 100.0.3+up0.3.2
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/_helpers.tpl b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/_helpers.tpl
new file mode 100644
index 000000000..67a534eb7
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/clusterrolebinding.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..f2a09949d
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  system-upgrade-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: system-upgrade-controller
+    namespace: cattle-system
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/configmap.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/configmap.yaml
new file mode 100644
index 000000000..7619c3974
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: system-upgrade-controller-config
+  namespace: cattle-system
+data:
+  SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }}
+  SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }}
+  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }}
+  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }}
+  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }}
+  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}
+  SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }}
+  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }}
+  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }}
+
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/deployment.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/deployment.yaml
new file mode 100644
index 000000000..59445c5c5
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/deployment.yaml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: system-upgrade-controller
+  namespace: cattle-system
+spec:
+  selector:
+    matchLabels:
+      upgrade.cattle.io/controller: system-upgrade-controller
+      app: system-upgrade-controller
+  template:
+    metadata:
+      labels:
+        upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain
+        app: system-upgrade-controller
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: "kubernetes.io/os"
+                    operator: NotIn
+                    values:
+                      - windows
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - preference:
+              matchExpressions:
+                - key: node-role.kubernetes.io/control-plane
+                  operator: In
+                  values:
+                    - "true"
+            weight: 100
+          - preference:
+              matchExpressions:
+                - key: node-role.kubernetes.io/master
+                  operator: In
+                  values:
+                    - "true"
+            weight: 100
+      tolerations:
+        - operator: Exists
+      serviceAccountName: system-upgrade-controller
+      containers:
+        - name: system-upgrade-controller
+          image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: system-upgrade-controller-config
+          env:
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.labels['upgrade.cattle.io/controller']
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: etc-ssl
+              mountPath: /etc/ssl
+            - name: tmp
+              mountPath: /tmp
+      volumes:
+        - name: etc-ssl
+          hostPath:
+            path: /etc/ssl
+            type: Directory
+        - name: tmp
+          emptyDir: {}
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/psp.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/psp.yaml
new file mode 100644
index 000000000..be27b4026
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/psp.yaml
@@ -0,0 +1,49 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: system-upgrade-controller
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+    - CAP_SYS_BOOT
+  hostNetwork: true
+  hostPID: true
+  hostIPC: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  volumes:
+    - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system-upgrade-controller-psp
+rules:
+  - apiGroups:
+      - policy
+    resourceNames:
+      - system-upgrade-controller
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  system-upgrade-controller-psp
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system-upgrade-controller-psp
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: system:serviceaccounts:cattle-system
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/serviceaccount.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b6cdcf48b
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: system-upgrade-controller
+  namespace: cattle-system
diff --git a/charts/system-upgrade-controller/100.0.3+up0.3.2/values.yaml b/charts/system-upgrade-controller/100.0.3+up0.3.2/values.yaml
new file mode 100644
index 000000000..79fb1a65a
--- /dev/null
+++ b/charts/system-upgrade-controller/100.0.3+up0.3.2/values.yaml
@@ -0,0 +1,13 @@
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+systemUpgradeController:
+  image:
+    repository: rancher/system-upgrade-controller
+    tag: v0.8.1
+
+kubectl:
+  image:
+    repository: rancher/kubectl
+    tag: v1.20.2
diff --git a/index.yaml b/index.yaml
index e3c7f05e8..6879f9703 100755
--- a/index.yaml
+++ b/index.yaml
@@ -8533,6 +8533,28 @@ entries:
     - assets/sriov-crd/sriov-crd-100.0.0+up0.1.0.tgz
     version: 100.0.0+up0.1.0
   system-upgrade-controller:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>=1.18.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.6.3-alpha'
+      catalog.cattle.io/release-name: system-upgrade-controller
+    apiVersion: v1
+    appVersion: v0.8.1
+    created: "2022-05-23T13:32:40.550412-04:00"
+    description: General purpose controller to make system level updates to nodes
+    digest: c9685faaa65a6743d183653ddbebb0e1174d04313390d879abc8e2871a43efc6
+    home: https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+    kubeVersion: '>= 1.16.0-0'
+    name: system-upgrade-controller
+    sources:
+    - https://github.com/rancher/system-charts/blob/dev-v2.6/charts/rancher-k3s-upgrader
+    urls:
+    - assets/system-upgrade-controller/system-upgrade-controller-100.0.3+up0.3.2.tgz
+    version: 100.0.3+up0.3.2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"