From 0d074c37b501516712ac15e77c902f0983810e62 Mon Sep 17 00:00:00 2001 From: auricom Date: Sun, 4 Apr 2021 15:33:28 +0200 Subject: [PATCH] add system-upgrade --- cluster/system-upgrade/k3s-plan.yaml | 83 ++++++++++++++++ cluster/system-upgrade/namespace.yaml | 7 ++ .../system-upgrade-controller.yaml | 98 +++++++++++++++++++ 3 files changed, 188 insertions(+) create mode 100644 cluster/system-upgrade/k3s-plan.yaml create mode 100644 cluster/system-upgrade/namespace.yaml create mode 100644 cluster/system-upgrade/system-upgrade-controller.yaml diff --git a/cluster/system-upgrade/k3s-plan.yaml b/cluster/system-upgrade/k3s-plan.yaml new file mode 100644 index 000000000..572958fea --- /dev/null +++ b/cluster/system-upgrade/k3s-plan.yaml @@ -0,0 +1,83 @@ +--- +# +# Server plan +# +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: k3s-server + namespace: system-upgrade +spec: + concurrency: 1 + cordon: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" + - key: k3os.io/mode + operator: DoesNotExist + - key: kubernetes.io/arch + operator: In + values: + - "amd64" + serviceAccountName: system-upgrade + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + upgrade: + image: rancher/k3s-upgrade + channel: https://update.k3s.io/v1-release/channels/v1.20 +--- +# +# Agent plan +# +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: k3s-agent + namespace: system-upgrade + labels: + k3s-upgrade: agent +spec: + concurrency: 1 + channel: https://update.k3s.io/v1-release/channels/v1.20 + nodeSelector: + matchExpressions: + - key: k3s-upgrade + operator: Exists + - key: k3s-upgrade + operator: NotIn + values: + - "disabled" + - "false" + - key: k3s.io/hostname + operator: Exists + - key: k3os.io/mode + operator: DoesNotExist + - key: node-role.kubernetes.io/master + operator: NotIn + values: + - "true" + serviceAccountName: system-upgrade + tolerations: + - key: kubernetes.io/arch + effect: NoSchedule + operator: Equal + value: amd64 + - key: kubernetes.io/arch + effect: NoSchedule + operator: Equal + value: arm64 + - key: kubernetes.io/arch + effect: NoSchedule + operator: Equal + value: arm + prepare: + image: rancher/k3s-upgrade + args: + - "prepare" + - "k3s-server" + upgrade: + image: rancher/k3s-upgrade diff --git a/cluster/system-upgrade/namespace.yaml b/cluster/system-upgrade/namespace.yaml new file mode 100644 index 000000000..9176d20be --- /dev/null +++ b/cluster/system-upgrade/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: system-upgrade + labels: + goldilocks.fairwinds.com/enabled: "true" diff --git a/cluster/system-upgrade/system-upgrade-controller.yaml b/cluster/system-upgrade/system-upgrade-controller.yaml new file mode 100644 index 000000000..6a88d2bf0 --- /dev/null +++ b/cluster/system-upgrade/system-upgrade-controller.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: system-upgrade + namespace: system-upgrade +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: system-upgrade + namespace: system-upgrade +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-controller-env + namespace: system-upgrade +data: + SYSTEM_UPGRADE_CONTROLLER_DEBUG: "false" + SYSTEM_UPGRADE_CONTROLLER_THREADS: "2" + SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: "900" + SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: "99" + SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: "Always" + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: "rancher/kubectl:v1.19.7" + SYSTEM_UPGRADE_JOB_PRIVILEGED: "true" + SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: "900" + SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: "15m" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-upgrade-controller + namespace: system-upgrade +spec: + selector: + matchLabels: + upgrade.cattle.io/controller: system-upgrade-controller + template: + metadata: + labels: + upgrade.cattle.io/controller: system-upgrade-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "node-role.kubernetes.io/master" + operator: In + values: + - "true" + serviceAccountName: system-upgrade + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + containers: + - name: system-upgrade-controller + image: rancher/system-upgrade-controller:v0.6.2 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: default-controller-env + env: + - name: SYSTEM_UPGRADE_CONTROLLER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['upgrade.cattle.io/controller'] + - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: etc-ssl + mountPath: /etc/ssl + - name: tmp + mountPath: /tmp + volumes: + - name: etc-ssl + hostPath: + path: /etc/ssl + type: Directory + - name: tmp + emptyDir: {}