make charts

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+appVersion: v0.13.1
+description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs.
+  Users do not need to manually upgrade this app. It will be automatically upgraded
+  to the latest version when upgrading a cluster.
+home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+kubeVersion: '>= 1.23.0-0'
+name: rancher-k3s-upgrader
+sources:
+- https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+version: 103.1.0+up0.6.0

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/Chart.yaml.orig

@@ -0,0 +1,11 @@
+apiVersion: v1
+appVersion: v0.13.1
+description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs.
+  Users do not need to manually upgrade this app. It will be automatically upgraded
+  to the latest version when upgrading a cluster.
+home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+kubeVersion: '>= 1.23.0-0'
+name: rancher-k3s-upgrader
+sources:
+- https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+version: 0.6.0

packages/system-upgrade-controller/generated-changes/patch/Chart.yaml.patch → charts/rancher-k3s-upgrader/103.1.0+up0.6.0/Chart.yaml.rej

@@ -1,10 +1,10 @@
---- charts-original/Chart.yaml
-+++ charts/Chart.yaml
+--- Chart.yaml
++++ Chart.yaml
 @@ -1,11 +1,18 @@
 +annotations:
 +  catalog.cattle.io/certified: rancher
 +  catalog.cattle.io/hidden: "true"
-+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.27.0-0'
++  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.28.0-0'
 +  catalog.cattle.io/namespace: cattle-system
 +  catalog.cattle.io/os: linux
 +  catalog.cattle.io/permits-os: linux,windows

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/questions.yml

@@ -0,0 +1 @@
+rancher_min_version: 2.8.0-alpha1

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/templates/_helpers.tpl

@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/templates/clusterrolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  system-upgrade-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: system-upgrade-controller
+    namespace: cattle-system

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/templates/configmap.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: system-upgrade-controller-config
+  namespace: cattle-system
+data:
+  SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }}
+  SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }}
+  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }}
+  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }}
+  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }}
+  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}
+  SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }}
+  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }}
+  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }}
+

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/templates/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: system-upgrade-controller
+  namespace: cattle-system
+spec:
+  selector:
+    matchLabels:
+      upgrade.cattle.io/controller: system-upgrade-controller
+  template:
+    metadata:
+      labels:
+        upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: "kubernetes.io/os"
+                    operator: NotIn
+                    values:
+                      - windows
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - preference:
+              matchExpressions:
+                - key: node-role.kubernetes.io/control-plane
+                  operator: In
+                  values:
+                    - "true"
+            weight: 100
+          - preference:
+              matchExpressions:
+                - key: node-role.kubernetes.io/master
+                  operator: In
+                  values:
+                    - "true"
+            weight: 100
+      tolerations:
+        - operator: Exists
+      serviceAccountName: system-upgrade-controller
+      containers:
+        - name: system-upgrade-controller
+          image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: system-upgrade-controller-config
+          env:
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.labels['upgrade.cattle.io/controller']
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: etc-ssl
+              mountPath: /etc/ssl
+            - name: tmp
+              mountPath: /tmp
+      volumes:
+        - name: etc-ssl
+          hostPath:
+            path: /etc/ssl
+            type: Directory
+        - name: tmp
+          emptyDir: {}

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/templates/psp.yaml

@@ -0,0 +1,51 @@
+{{- if .Values.global.cattle.psp.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: system-upgrade-controller
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+    - CAP_SYS_BOOT
+  hostNetwork: true
+  hostPID: true
+  hostIPC: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  volumes:
+    - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system-upgrade-controller-psp
+rules:
+  - apiGroups:
+      - policy
+    resourceNames:
+      - system-upgrade-controller
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  system-upgrade-controller-psp
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system-upgrade-controller-psp
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: system:serviceaccounts:cattle-system
+{{- end }}

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/templates/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: system-upgrade-controller
+  namespace: cattle-system

charts/rancher-k3s-upgrader/103.1.0+up0.6.0/values.yaml

@@ -0,0 +1,15 @@
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    psp:
+      enabled: true
+
+systemUpgradeController:
+  image:
+    repository: rancher/system-upgrade-controller
+    tag: v0.13.1
+
+kubectl:
+  image:
+    repository: rancher/kubectl
+    tag: v1.23.3

index.yaml

@@ -9720,6 +9720,22 @@ entries:
     urls:
     - assets/rancher-istio/rancher-istio-1.7.100.tgz
     version: 1.7.100
+  rancher-k3s-upgrader:
+  - apiVersion: v1
+    appVersion: v0.13.1
+    created: "2023-08-29T16:32:53.54148517-05:00"
+    description: Enables a k3s or rke2 cluster to update itself by reacting to Plan
+      CRs. Users do not need to manually upgrade this app. It will be automatically
+      upgraded to the latest version when upgrading a cluster.
+    digest: 970ced2026ab39e4e3f229bb51be166bf60e5146131dcf87732254b77488a2db
+    home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+    kubeVersion: '>= 1.23.0-0'
+    name: rancher-k3s-upgrader
+    sources:
+    - https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+    urls:
+    - assets/rancher-k3s-upgrader/rancher-k3s-upgrader-103.1.0+up0.6.0.tgz
+    version: 103.1.0+up0.6.0
   rancher-kiali-server:
   - annotations:
       catalog.cattle.io/auto-install: rancher-kiali-server-crd=match

packages/system-upgrade-controller/generated-changes/overlay/Chart.yaml.orig

@@ -0,0 +1,11 @@
+apiVersion: v1
+appVersion: v0.13.1
+description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs.
+  Users do not need to manually upgrade this app. It will be automatically upgraded
+  to the latest version when upgrading a cluster.
+home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+kubeVersion: '>= 1.23.0-0'
+name: rancher-k3s-upgrader
+sources:
+- https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+version: 0.6.0

packages/system-upgrade-controller/generated-changes/overlay/Chart.yaml.rej

@@ -0,0 +1,25 @@
+--- Chart.yaml
++++ Chart.yaml
+@@ -1,11 +1,18 @@
++annotations:
++  catalog.cattle.io/certified: rancher
++  catalog.cattle.io/hidden: "true"
++  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.28.0-0'
++  catalog.cattle.io/namespace: cattle-system
++  catalog.cattle.io/os: linux
++  catalog.cattle.io/permits-os: linux,windows
++  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
++  catalog.cattle.io/release-name: system-upgrade-controller
+ apiVersion: v1
+ appVersion: v0.11.0
+-description: Enables a k3s or rke2 cluster to update itself by reacting to Plan CRs.
+-  Users do not need to manually upgrade this app. It will be automatically upgraded
+-  to the latest version when upgrading a cluster.
++description: General purpose controller to make system level updates to nodes.
+ home: https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader
+ kubeVersion: '>= 1.23.0-0'
+-name: rancher-k3s-upgrader
++name: system-upgrade-controller
+ sources:
+ - https://github.com/rancher/system-charts/blob/dev-v2.7/charts/rancher-k3s-upgrader
+ version: 0.5.0