Skip to content

Commit

Permalink
feat(helm): install system-upgrade
Browse files Browse the repository at this point in the history
  • Loading branch information
@willianpaixao
willianpaixao committed Oct 28, 2024
1 parent 3500265 commit d97a031
Show file tree
Hide file tree
Showing 12 changed files with 138 additions and 86 deletions.
1 change: 0 additions & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/.mjfilter.py
View file

This file was deleted.

32 changes: 0 additions & 32 deletions bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml.j2
View file

This file was deleted.

20 changes: 0 additions & 20 deletions bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2
View file

This file was deleted.

2 changes: 1 addition & 1 deletion ...et-csr-approver/app/kustomization.yaml.j2 → ...system-upgrade/k3s/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- plan.yaml
55 changes: 55 additions & 0 deletions kubernetes/raspberry/system-upgrade/k3s/app/plan.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: controllers
namespace: system-upgrade
spec:
version: "${KUBE_VERSION}"
upgrade:
image: rancher/k3s-upgrade
serviceAccountName: system-upgrade
concurrency: 1
cordon: true
nodeSelector:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
operator: Exists
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: Exists
- key: node-role.kubernetes.io/etcd
effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: workers
namespace: system-upgrade
spec:
version: "${KUBE_VERSION}"
serviceAccountName: system-upgrade
concurrency: 1
nodeSelector:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
prepare:
image: rancher/k3s-upgrade
args: ["prepare", "controllers"]
drain:
force: true
skipWaitForDeleteTimeout: 60
upgrade:
image: rancher/k3s-upgrade
27 changes: 27 additions & 0 deletions kubernetes/raspberry/system-upgrade/k3s/ks.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app system-upgrade-k3s
namespace: flux-system
spec:
targetNamespace: system-upgrade
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: system-upgrade-controller
path: ./kubernetes/raspberry/system-upgrade/k3s/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
wait: false
interval: 1h
retryInterval: 1m
timeout: 5m
postBuild:
substitute:
# renovate: datasource=github-releases depName=k3s-io/k3s
KUBE_VERSION: v1.31.1+k3s1
7 changes: 7 additions & 0 deletions kubernetes/raspberry/system-upgrade/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- k3s/ks.yaml
- namespace.yaml
- system-upgrade-controller/ks.yaml
8 changes: 8 additions & 0 deletions kubernetes/raspberry/system-upgrade/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: system-upgrade
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
63 changes: 35 additions & 28 deletions ...pgrade-controller/app/helmrelease.yaml.j2 → ...m-upgrade-controller/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app system-upgrade-controller
namespace: system-upgrade
spec:
interval: 30m
interval: 1h
chart:
spec:
chart: app-template
version: 3.5.0
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
Expand All @@ -28,17 +30,17 @@ spec:
app:
image:
repository: docker.io/rancher/system-upgrade-controller
tag: v0.14.1
tag: v0.14.2
env:
SYSTEM_UPGRADE_CONTROLLER_DEBUG: false
SYSTEM_UPGRADE_CONTROLLER_THREADS: 2
SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: 900
SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: 99
SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: IfNotPresent
SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: registry.k8s.io/kubectl:v1.31.1
SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: registry.k8s.io/kubectl:v1.31.2
SYSTEM_UPGRADE_JOB_PRIVILEGED: true
SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: 900
SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m
SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 1h
SYSTEM_UPGRADE_CONTROLLER_NAME: *app
SYSTEM_UPGRADE_CONTROLLER_NAMESPACE:
valueFrom:
Expand All @@ -47,29 +49,34 @@ spec:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
seccompProfile: { type: RuntimeDefault }
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
pod:
securityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
seccompProfile:
type: RuntimeDefault
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
serviceAccount:
create: true
name: system-upgrade
Expand Down
2 changes: 1 addition & 1 deletion ...rade-controller/app/kustomization.yaml.j2 → ...upgrade-controller/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# renovate: datasource=github-releases depName=rancher/system-upgrade-controller
- https://github.com/rancher/system-upgrade-controller/releases/download/v0.14.1/crd.yaml
- https://github.com/rancher/system-upgrade-controller/releases/download/v0.14.2/crd.yaml
- helmrelease.yaml
- rbac.yaml
0 ...ystem-upgrade-controller/app/rbac.yaml.j2 → ...e/system-upgrade-controller/app/rbac.yaml
View file
File renamed without changes.
7 changes: 4 additions & 3 deletions ...rade/system-upgrade-controller/ks.yaml.j2 → ...upgrade/system-upgrade-controller/ks.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
Expand All @@ -9,12 +10,12 @@ spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/system-upgrade/system-upgrade-controller/app
path: ./kubernetes/raspberry/system-upgrade/system-upgrade-controller/app
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: flux-system
wait: true
interval: 30m
interval: 1h
retryInterval: 1m
timeout: 5m

0 comments on commit d97a031

Please sign in to comment.