From 77d40b99383dab6f2089ed72b8eb3384c578aca1 Mon Sep 17 00:00:00 2001
From: Jacob Lindgren <jacob.lindgren@suse.com>
Date: Thu, 31 Aug 2023 14:53:26 -0500
Subject: [PATCH] make charts

---
 ...tem-upgrade-controller-103.0.0+up0.6.0.tgz | Bin 0 -> 2138 bytes
 .../103.0.0+up0.6.0/Chart.yaml                |  18 +++++
 .../103.0.0+up0.6.0/templates/_helpers.tpl    |   9 +++
 .../templates/clusterrolebinding.yaml         |  12 +++
 .../103.0.0+up0.6.0/templates/configmap.yaml  |  16 ++++
 .../103.0.0+up0.6.0/templates/deployment.yaml |  69 ++++++++++++++++++
 .../103.0.0+up0.6.0/templates/psp.yaml        |  51 +++++++++++++
 .../templates/serviceaccount.yaml             |   5 ++
 .../103.0.0+up0.6.0/values.yaml               |  15 ++++
 index.yaml                                    |  22 ++++++
 10 files changed, 217 insertions(+)
 create mode 100644 assets/system-upgrade-controller/system-upgrade-controller-103.0.0+up0.6.0.tgz
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/Chart.yaml
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/templates/_helpers.tpl
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/templates/clusterrolebinding.yaml
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/templates/configmap.yaml
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/templates/deployment.yaml
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/templates/psp.yaml
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/templates/serviceaccount.yaml
 create mode 100644 charts/system-upgrade-controller/103.0.0+up0.6.0/values.yaml

diff --git a/assets/system-upgrade-controller/system-upgrade-controller-103.0.0+up0.6.0.tgz b/assets/system-upgrade-controller/system-upgrade-controller-103.0.0+up0.6.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..dff3887e5f526143f28bb2661f81bde6f497c1d4
GIT binary patch
literal 2138
zcmV-g2&MNQiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI?AZ{j-kpV#>m7JvOU((ERLhqg1(-jyiOUhbt70j)Gzt&m9$
z;H_i(+72^pZ@>F0Pe5o0l$mMw-sQXjl4Jjl?epk^S}F~`8Hkz09+)m?T5?K3mYZ`d
zwY9`PefN!I+qQjPuScJ@ZEt^8>bCu^Qm<dsE9V#IXJ_y1%6Y9`d57$81wMoVrLlZx
ze>2wh;{G6n8RHsj!kKamgj}pK<ul90T2rtHFS{T$nG*0EBr$X6AamK~#PfhTsH9~8
zrCgSWU;^d>q#~R-=>6Y+LKUl8vux8we+$2U48Ok59m=o|N?;cp6hAa$z0GCj%0ZN{
z;A`$%0n#U0nJccpej&``UsNu4vgEATRqJCSb=CT`TWARsumUp_-a$JJ&A@`(r_(Pg
z1{Pxd)3z!#t73SdTuFqE9$o_ji766+6kGvXPlYr`K7N1%3{hABMS<|J1{J<!+yiA9
za~?`G*IFp2T%Hj<4<?q&{dBqIL|8X;0jfNqd{XvcVJ@oH$8z#8-I<4)N*5)K@QCm8
zPWZjCZx<8~qzlS1%pW1x>ijBp&9W`~FM+VFbIUf~+Wy{}cKiPYrU9t$5dil1f4g>m
zvF-oQE7g<#e+`;ZKEX6`{hC7f4JBsUf+-HD9>9z!Etd`|m7=#oiI@!`V0c2q*busX
z!-&V-#mdxN=~Bo|d^}5Lmms(znuk+v8Fr3i2uEl<TRX$Z%ea~zFl)lOF-PQ(YX9?Q
zzoOmtufZ2I3>@Y09H;=PEG>?51$*uPVk`fv+83w%?{(<$vHSroi0>c;8chiWy%g}1
zA8v~~2M2v9KRp@7<D-c@m=Xr46syeGi@n2GChnnx%%`V_kxY?wA4iYay`)J|u3K3R
z6Ou4JMWz2&<<e0T09CO1QCiCb%zO6zt@r)Eg$}WQmj+6Ml$^qZFpsd=%d&!f_Fq4%
zZ`psXYS&Np{~EMee8>rQEga}Mm*n43O=vxQRADKzs2C4~c@ApEsxaUbE@M?Ne9+j#
z8i!FhPVx(~{7{DmFb#RJAlH%yq5#)G=o#z^CDBR~dp==?3MT&oS4TyxnT#5OTo4x;
zuFC_aqa<Ko6_WDg7MpK<RzHFcvVYE|WaeXWWHGSE{;QRXvn~6tRL^QB`+p7Ex_n5?
zEjsWUEOLx{r^1-AnivHJl+HB#JRG%e#&`YeL8H|kH*b5R!ELwO9*kS<%e!j_JwC1y
zfE^`83nsw~{f?3>1eK<kDk!1f(Qg6QfS#TTaYjE6+Ktxm5Twyu0`}A<R<#)Cm)py6
zqdDr_x5uq^qt)&7+T&rndD|-j{Dn^%t|kj;0rn_iFa(#gEbb@U-j96QX#RS8bv5pG
zZaSkvyi4pp@aeQme4;ZjpZ244ZW`C^asRH{9rtg$o#y94q)u3-^#e-#oDz4r3D%kR
zxb90(!1R9DU+*s4%~3aok04VwRgjlj=;>)gxTGkwqT10~myPJ@$=S)K@ocA1{Xyrx
z(`{e3TZNm@mt;XG%)r}Re{^5Ecip2=H&vl=<7(6%jITPq&hY0#z|p9iC{bgoL0%C?
z)ci&I)bBQW;rVtuz3XwOH);>=8{OTQeTvzDQ%cyZ!!*bRrkik;Gd~0OrwpinFghgu
zdmt!Z`oNBC2knXf^;-2={I8#1oZ|m$&}RI{La24B-&&peOR|8X@UH~8;S>rexSGrO
z-p<F`op<pBs7h}YlW8}*Q0u$ILhMv&lc_i44vA(^j>bX%hZwk^6qZY*Il>E0Jmg7C
zSbTe$tTQA$of1a$at+G32aRV>5t8s*KqPprKoT|^x^wV?$dk?(Up;Pr1viM=KpP|D
zIfu!vjzIb<`#LO%qHS(}6%v$6yM5baq6b(ys1$}i$v}gO`)Q>dUWB*+iNj+=J+3<}
zmnUu_<YC2l>)u;RLc$c}QTt#fgMqoQ4Y_~$$>PJUG{Z90%I-pP{HCCoLC$*CyOFyU
zMH^wRyQXXU0%SJV4yxGpYc0{oVL|;SYtx*D5LvO!4dC`yqI9Y!DpT0^4yfr-)Fs7)
zfy@9Lavu;=+-W#2<J?hM?8`ulhpjTwjD+hX+d-SD^#&iX#g*iK_Pk8wrbS<JKa-_{
zi@yz&ZG?D^-9=fianm+(RO`94Ax#NTFIU#&T_5YYvx)&$?EL@nzR2mn|K|}R5BrVg
z50rZqPB-`$oCZGJgxat2cNw&6Dn++lL^vXzzYN+fZ*!!hwJ!=ruHVLT<XF^m_&Hbc
z_{_v&w=8-oz(Fk{qo}rg29cE!e4&>uA|3R2y4-&O9g_bGb?nVwO#ANt?E3cozg@A<
zPWk_9P+`9=Jou!;ABLLET0ulHro5<3K;yJz=yPufZXk(X#xdwcl|z~~V@mm#)n!Rr
zxtQYkpHI=B3=#(Lnpofop+u9^1DUAV=#Ph=hvUoJ+mR7FogU~fTt2KuM~<k|%KYy1
zo2%bqbxpH+Bm>q^cM6h<MFtccGzcFy*fJ_;x`YK^cfAdSpb!>Pm_{8BwS#f0;)Y26
z+l;R@QRzd;Fiq1qzJc?i%Uz*_5sH*FSkmUr%JrLxMkIg5i2uzMW@Z~4#c5VLC^My}
z5`BthClF_V3y_lywm`u*ZpAUZtawYlUq7oDD6hX2!9}}p7<LxPNwR1hXVJ>Z7VBxV
z{M0M|Q_~^wKdUG&PX+e%|0`#;t@vN9RZjPRuR^)~zpcjkce?(2>!qIPL?=4Yi8kmz
Q0RRC1|7YSxKmaxX0DPAz9{>OV

literal 0
HcmV?d00001

diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/Chart.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/Chart.yaml
new file mode 100644
index 0000000000..7198a27f2b
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.28.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: system-upgrade-controller
+apiVersion: v1
+appVersion: v0.13.1
+description: General purpose controller to make system level updates to nodes.
+home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+kubeVersion: '>= 1.23.0-0'
+name: system-upgrade-controller
+sources:
+- https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+version: 103.0.0+up0.6.0
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/_helpers.tpl b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/_helpers.tpl
new file mode 100644
index 0000000000..67a534eb7b
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/clusterrolebinding.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000000..f2a09949d5
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  system-upgrade-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: system-upgrade-controller
+    namespace: cattle-system
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/configmap.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/configmap.yaml
new file mode 100644
index 0000000000..7619c39744
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: system-upgrade-controller-config
+  namespace: cattle-system
+data:
+  SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }}
+  SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }}
+  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }}
+  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }}
+  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }}
+  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}
+  SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }}
+  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }}
+  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }}
+
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/deployment.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/deployment.yaml
new file mode 100644
index 0000000000..cfc27992eb
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: system-upgrade-controller
+  namespace: cattle-system
+spec:
+  selector:
+    matchLabels:
+      upgrade.cattle.io/controller: system-upgrade-controller
+  template:
+    metadata:
+      labels:
+        upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: "kubernetes.io/os"
+                    operator: NotIn
+                    values:
+                      - windows
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - preference:
+              matchExpressions:
+                - key: node-role.kubernetes.io/control-plane
+                  operator: In
+                  values:
+                    - "true"
+            weight: 100
+          - preference:
+              matchExpressions:
+                - key: node-role.kubernetes.io/master
+                  operator: In
+                  values:
+                    - "true"
+            weight: 100
+      tolerations:
+        - operator: Exists
+      serviceAccountName: system-upgrade-controller
+      containers:
+        - name: system-upgrade-controller
+          image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }}
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            - configMapRef:
+                name: system-upgrade-controller-config
+          env:
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.labels['upgrade.cattle.io/controller']
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: etc-ssl
+              mountPath: /etc/ssl
+            - name: tmp
+              mountPath: /tmp
+      volumes:
+        - name: etc-ssl
+          hostPath:
+            path: /etc/ssl
+            type: Directory
+        - name: tmp
+          emptyDir: {}
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/psp.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/psp.yaml
new file mode 100644
index 0000000000..ca87b996cb
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/psp.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.global.cattle.psp.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: system-upgrade-controller
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+    - CAP_SYS_BOOT
+  hostNetwork: true
+  hostPID: true
+  hostIPC: true
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  volumes:
+    - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system-upgrade-controller-psp
+rules:
+  - apiGroups:
+      - policy
+    resourceNames:
+      - system-upgrade-controller
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  system-upgrade-controller-psp
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system-upgrade-controller-psp
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: system:serviceaccounts:cattle-system
+{{- end }}
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/serviceaccount.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..b6cdcf48b3
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: system-upgrade-controller
+  namespace: cattle-system
diff --git a/charts/system-upgrade-controller/103.0.0+up0.6.0/values.yaml b/charts/system-upgrade-controller/103.0.0+up0.6.0/values.yaml
new file mode 100644
index 0000000000..015736f088
--- /dev/null
+++ b/charts/system-upgrade-controller/103.0.0+up0.6.0/values.yaml
@@ -0,0 +1,15 @@
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    psp:
+      enabled: true
+
+systemUpgradeController:
+  image:
+    repository: rancher/system-upgrade-controller
+    tag: v0.13.1
+
+kubectl:
+  image:
+    repository: rancher/kubectl
+    tag: v1.23.3
diff --git a/index.yaml b/index.yaml
index 9fa94b3e20..0edbd3d0ca 100755
--- a/index.yaml
+++ b/index.yaml
@@ -15865,6 +15865,28 @@ entries:
     - assets/sriov-crd/sriov-crd-100.0.0+up0.1.0.tgz
     version: 100.0.0+up0.1.0
   system-upgrade-controller:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.28.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: system-upgrade-controller
+    apiVersion: v1
+    appVersion: v0.13.1
+    created: "2023-08-31T14:53:17.911123032-05:00"
+    description: General purpose controller to make system level updates to nodes.
+    digest: d7bc9c0dccd63fb9a30849aaec35f3302265bbd7ccbf4bcafce12c91513ec281
+    home: https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+    kubeVersion: '>= 1.23.0-0'
+    name: system-upgrade-controller
+    sources:
+    - https://github.com/rancher/system-charts/blob/dev-v2.8/charts/rancher-k3s-upgrader
+    urls:
+    - assets/system-upgrade-controller/system-upgrade-controller-103.0.0+up0.6.0.tgz
+    version: 103.0.0+up0.6.0
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"