apiVersion: apps/v1 kind: Deployment metadata: name: system-upgrade-controller namespace: cattle-system spec: selector: matchLabels: upgrade.cattle.io/controller: system-upgrade-controller template: metadata: labels: upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "kubernetes.io/os" operator: NotIn values: - windows preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: In values: - "true" weight: 100 - preference: matchExpressions: - key: node-role.kubernetes.io/master operator: In values: - "true" weight: 100 tolerations: - operator: Exists serviceAccountName: system-upgrade-controller containers: - name: system-upgrade-controller image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }} imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: system-upgrade-controller-config env: - name: SYSTEM_UPGRADE_CONTROLLER_NAME valueFrom: fieldRef: fieldPath: metadata.labels['upgrade.cattle.io/controller'] - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: etc-ssl mountPath: /etc/ssl - name: tmp mountPath: /tmp volumes: - name: etc-ssl hostPath: path: /etc/ssl type: Directory - name: tmp emptyDir: {}