From 34b55c9764e605f3ad186a91bffab4960ae418d0 Mon Sep 17 00:00:00 2001 From: Jake Hyde Date: Tue, 2 Jan 2024 14:06:33 -0500 Subject: [PATCH 1/2] Copy rancher-k3s-upgrader 0.6.0 -> 0.7.0 --- charts/rancher-k3s-upgrader/0.7.0/Chart.yaml | 10 +++ .../rancher-k3s-upgrader/0.7.0/questions.yml | 1 + .../0.7.0/templates/NOTES.txt | 4 ++ .../0.7.0/templates/_helpers.tpl | 9 +++ .../0.7.0/templates/clusterrolebinding.yaml | 12 ++++ .../0.7.0/templates/configmap.yaml | 16 +++++ .../0.7.0/templates/deployment.yaml | 69 +++++++++++++++++++ .../0.7.0/templates/namespace.yaml | 6 ++ .../0.7.0/templates/psp.yaml | 51 ++++++++++++++ .../0.7.0/templates/serviceaccount.yaml | 5 ++ charts/rancher-k3s-upgrader/0.7.0/values.yaml | 15 ++++ 11 files changed, 198 insertions(+) create mode 100644 charts/rancher-k3s-upgrader/0.7.0/Chart.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/questions.yml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/psp.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-k3s-upgrader/0.7.0/values.yaml diff --git a/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml b/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml new file mode 100644 index 000000000..d6c6ae3bb --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +name: rancher-k3s-upgrader +description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs. + Users do not need to manually upgrade this app. It will be automatically upgraded to the latest version when upgrading a cluster. +home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader +sources: + - "https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader" +version: 0.6.0 +appVersion: v0.13.1 +kubeVersion: '>= 1.23.0-0' diff --git a/charts/rancher-k3s-upgrader/0.7.0/questions.yml b/charts/rancher-k3s-upgrader/0.7.0/questions.yml new file mode 100644 index 000000000..3de6ac192 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/questions.yml @@ -0,0 +1 @@ +rancher_min_version: 2.8.0-alpha1 diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt b/charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt new file mode 100644 index 000000000..b08f5ae30 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher K3s Upgrader +Version: {{ .Chart.AppVersion }} +Description: This controller enables a k3s or rke2 cluster to update itself by reacting to Plan CRs. + Users do not need to manually upgrade this app. It will be automatically upgraded to the latest version when upgrading a cluster. \ No newline at end of file diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl b/charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl new file mode 100644 index 000000000..67a534eb7 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f2a09949d --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: system-upgrade-controller + namespace: cattle-system diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml new file mode 100644 index 000000000..7619c3974 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: system-upgrade-controller-config + namespace: cattle-system +data: + SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }} + SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }} + SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }} + SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }} + SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }} + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} + SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }} + SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }} + SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }} + diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml new file mode 100644 index 000000000..cfc27992e --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-upgrade-controller + namespace: cattle-system +spec: + selector: + matchLabels: + upgrade.cattle.io/controller: system-upgrade-controller + template: + metadata: + labels: + upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/os" + operator: NotIn + values: + - windows + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + weight: 100 + - preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" + weight: 100 + tolerations: + - operator: Exists + serviceAccountName: system-upgrade-controller + containers: + - name: system-upgrade-controller + image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }} + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: system-upgrade-controller-config + env: + - name: SYSTEM_UPGRADE_CONTROLLER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['upgrade.cattle.io/controller'] + - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: etc-ssl + mountPath: /etc/ssl + - name: tmp + mountPath: /tmp + volumes: + - name: etc-ssl + hostPath: + path: /etc/ssl + type: Directory + - name: tmp + emptyDir: {} diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml new file mode 100644 index 000000000..da0eaec36 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cattle-system + annotations: + "helm.sh/resource-policy": keep diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/psp.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/psp.yaml new file mode 100644 index 000000000..ca87b996c --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.cattle.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: system-upgrade-controller +spec: + allowPrivilegeEscalation: true + allowedCapabilities: + - CAP_SYS_BOOT + hostNetwork: true + hostPID: true + hostIPC: true + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system-upgrade-controller-psp +rules: + - apiGroups: + - policy + resourceNames: + - system-upgrade-controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-controller-psp +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system-upgrade-controller-psp +subjects: + - kind: Group + apiGroup: rbac.authorization.k8s.io + name: system:serviceaccounts:cattle-system +{{- end }} diff --git a/charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml b/charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..b6cdcf48b --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: system-upgrade-controller + namespace: cattle-system diff --git a/charts/rancher-k3s-upgrader/0.7.0/values.yaml b/charts/rancher-k3s-upgrader/0.7.0/values.yaml new file mode 100644 index 000000000..015736f08 --- /dev/null +++ b/charts/rancher-k3s-upgrader/0.7.0/values.yaml @@ -0,0 +1,15 @@ +global: + cattle: + systemDefaultRegistry: "" + psp: + enabled: true + +systemUpgradeController: + image: + repository: rancher/system-upgrade-controller + tag: v0.13.1 + +kubectl: + image: + repository: rancher/kubectl + tag: v1.23.3 From a61c78a896354eeab8fb028ed894cfae07bd24b9 Mon Sep 17 00:00:00 2001 From: Jake Hyde Date: Tue, 2 Jan 2024 14:07:30 -0500 Subject: [PATCH 2/2] Update rancher-k3s-upgrader chart with values for rancher 2.9 --- charts/rancher-k3s-upgrader/0.7.0/Chart.yaml | 6 +++--- charts/rancher-k3s-upgrader/0.7.0/questions.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml b/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml index d6c6ae3bb..61a8f6a6a 100644 --- a/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml +++ b/charts/rancher-k3s-upgrader/0.7.0/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v1 name: rancher-k3s-upgrader description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs. Users do not need to manually upgrade this app. It will be automatically upgraded to the latest version when upgrading a cluster. -home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader +home: https://github.com/rancher/system-charts/blob/dev-v2.9/charts/rancher-k3s-upgrader sources: - - "https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader" -version: 0.6.0 + - "https://github.com/rancher/system-charts/blob/dev-v2.9/charts/rancher-k3s-upgrader" +version: 0.7.0 appVersion: v0.13.1 kubeVersion: '>= 1.23.0-0' diff --git a/charts/rancher-k3s-upgrader/0.7.0/questions.yml b/charts/rancher-k3s-upgrader/0.7.0/questions.yml index 3de6ac192..e625c8e57 100644 --- a/charts/rancher-k3s-upgrader/0.7.0/questions.yml +++ b/charts/rancher-k3s-upgrader/0.7.0/questions.yml @@ -1 +1 @@ -rancher_min_version: 2.8.0-alpha1 +rancher_min_version: 2.9.0-alpha1