chore(k3s): Update system-upgrade-controller to v0.15.1 #115

SIMULATAN · 2025-03-04T15:25:26Z

No description provided.

github-actions · 2025-03-04T15:27:48Z

Argo CD Diff Preview

Summary:

 {base => target}/k3s | 353 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 353 insertions(+)

Diff:

diff --git base/k3s target/k3s
index 5f4fa30..d913594 100644
--- base/k3s
+++ target/k3s
@@ -1,22 +1,375 @@
+---
+apiVersion: v1
+data:
+  SYSTEM_UPGRADE_CONTROLLER_DEBUG: "false"
+  SYSTEM_UPGRADE_CONTROLLER_LEADER_ELECT: "true"
+  SYSTEM_UPGRADE_CONTROLLER_THREADS: "2"
+  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: "900"
+  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: "99"
+  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: Always
+  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: rancher/kubectl:v1.30.3
+  SYSTEM_UPGRADE_JOB_PRIVILEGED: "true"
+  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: "900"
+  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m
+kind: ConfigMap
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: default-controller-env
+  namespace: system-upgrade
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+    pod-security.kubernetes.io/enforce: privileged
+  name: system-upgrade
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade
+  namespace: system-upgrade
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade-controller
+  namespace: system-upgrade
+spec:
+  selector:
+    matchLabels:
+      upgrade.cattle.io/controller: system-upgrade-controller
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: controller
+        app.kubernetes.io/name: system-upgrade-controller
+        upgrade.cattle.io/controller: system-upgrade-controller
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                - linux
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app.kubernetes.io/name
+                operator: In
+                values:
+                - system-upgrade-controller
+            topologyKey: kubernetes.io/hostname
+      containers:
+      - env:
+        - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.labels['upgrade.cattle.io/controller']
+        - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: SYSTEM_UPGRADE_CONTROLLER_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        envFrom:
+        - configMapRef:
+            name: default-controller-env
+        image: rancher/system-upgrade-controller:v0.15.1
+        imagePullPolicy: IfNotPresent
+        name: system-upgrade-controller
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsGroup: 65534
+          runAsNonRoot: true
+          runAsUser: 65534
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /etc/ssl
+          name: etc-ssl
+          readOnly: true
+        - mountPath: /etc/pki
+          name: etc-pki
+          readOnly: true
+        - mountPath: /etc/ca-certificates
+          name: etc-ca-certificates
+          readOnly: true
+        - mountPath: /tmp
+          name: tmp
+      serviceAccountName: system-upgrade
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/controlplane
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+        operator: Exists
+      - effect: NoExecute
+        key: node-role.kubernetes.io/etcd
+        operator: Exists
+      volumes:
+      - hostPath:
+          path: /etc/ssl
+          type: DirectoryOrCreate
+        name: etc-ssl
+      - hostPath:
+          path: /etc/pki
+          type: DirectoryOrCreate
+        name: etc-pki
+      - hostPath:
+          path: /etc/ca-certificates
+          type: DirectoryOrCreate
+        name: etc-ca-certificates
+      - emptyDir: {}
+        name: tmp
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade-controller
+rules:
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - get
+  - create
+  - patch
+  - update
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - system-upgrade-controller
+  resources:
+  - leases
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - upgrade.cattle.io
+  resources:
+  - plans
+  - plans/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - patch
+  - update
+  - delete
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade-controller-drainer
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/eviction
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - patch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  - daemonsets
+  - replicasets
+  verbs:
+  - get
+  - list
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system-upgrade-controller
+subjects:
+- kind: ServiceAccount
+  name: system-upgrade
+  namespace: system-upgrade
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade-drainer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system-upgrade-controller-drainer
+subjects:
+- kind: ServiceAccount
+  name: system-upgrade
+  namespace: system-upgrade
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade-controller
+  namespace: system-upgrade
+rules:
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    argocd.argoproj.io/instance: k3s
+  name: system-upgrade
+  namespace: system-upgrade
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: system-upgrade-controller
+subjects:
+- kind: ServiceAccount
+  name: system-upgrade
+  namespace: system-upgrade
+
 ---
 apiVersion: upgrade.cattle.io/v1
 kind: Plan
 metadata:
   labels:
     argocd.argoproj.io/instance: k3s
   name: server-plan
   namespace: system-upgrade
 spec:
   concurrency: 1
   cordon: true
   nodeSelector:
     matchExpressions:
     - key: node-role.kubernetes.io/control-plane
       operator: In
       values:
       - "true"
+  postCompleteDelay: 5m
   serviceAccountName: system-upgrade
   upgrade:
     image: rancher/k3s-upgrade
   version: v1.31.2+k3s1

Closes #9

argocd-simulatan · 2025-03-04T15:56:03Z

Application k3s is now running the new manifests.
See more here: https://argocd.simulatan.me/applications/k3s?operation=true

argocd-simulatan · 2025-03-04T15:56:05Z

Application k3s is now running the new manifests.
See more here: https://argocd.simulatan.me/applications/k3s?operation=true

SIMULATAN force-pushed the chore/bump-system-upgrade-controller branch from 3641207 to 74298c2 Compare March 4, 2025 15:30

SIMULATAN added 2 commits March 4, 2025 16:50

chore(k3s): Update system-upgrade-controller to v0.15.1

91afafc

chore(k3s): wait 5m before upgrading next node

ce4d384

Closes #9

SIMULATAN force-pushed the chore/bump-system-upgrade-controller branch from 45b2dff to ce4d384 Compare March 4, 2025 15:50

SIMULATAN merged commit 6c6f468 into main Mar 4, 2025
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(k3s): Update system-upgrade-controller to v0.15.1 #115

chore(k3s): Update system-upgrade-controller to v0.15.1 #115

SIMULATAN commented Mar 4, 2025

github-actions bot commented Mar 4, 2025 •

edited

Loading

argocd-simulatan bot commented Mar 4, 2025

argocd-simulatan bot commented Mar 4, 2025

chore(k3s): Update system-upgrade-controller to v0.15.1 #115

chore(k3s): Update system-upgrade-controller to v0.15.1 #115

Conversation

SIMULATAN commented Mar 4, 2025

github-actions bot commented Mar 4, 2025 • edited Loading

Argo CD Diff Preview

argocd-simulatan bot commented Mar 4, 2025

argocd-simulatan bot commented Mar 4, 2025

github-actions bot commented Mar 4, 2025 •

edited

Loading