install and configure system upgrade controller
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
this brings (semi) automated k3s upgrades. YAY!
This commit is contained in:
parent
2a2532f7fe
commit
5215484f9c
|
@ -0,0 +1,23 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: system-upgrade-controller
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
destination:
|
||||
namespace: system-upgrade
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
source:
|
||||
path: system-upgrade-controller
|
||||
repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
|
||||
targetRevision: HEAD
|
||||
directory:
|
||||
recurse: true
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: system-upgrade
|
|
@ -0,0 +1,54 @@
|
|||
# These plans are adapted from work by Dax McDonald (https://github.com/daxmc99) and Hussein Galal (https://github.com/galal-hussein)
|
||||
# in support of Rancher v2 managed k3s upgrades. See Also: https://rancher.com/docs/k3s/latest/en/upgrades/automated/
|
||||
---
|
||||
apiVersion: upgrade.cattle.io/v1
|
||||
kind: Plan
|
||||
metadata:
|
||||
name: k3s-server
|
||||
namespace: system-upgrade
|
||||
labels:
|
||||
k3s-upgrade: server
|
||||
spec:
|
||||
concurrency: 1
|
||||
version: v1.18.4+k3s1
|
||||
nodeSelector:
|
||||
matchExpressions:
|
||||
- {key: k3s-upgrade, operator: Exists}
|
||||
- {key: k3s-upgrade, operator: NotIn, values: ["disabled", "false"]}
|
||||
- {key: k3s.io/hostname, operator: Exists}
|
||||
- {key: k3os.io/mode, operator: DoesNotExist}
|
||||
- {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
|
||||
serviceAccountName: system-upgrade
|
||||
cordon: false
|
||||
# drain:
|
||||
# force: true
|
||||
upgrade:
|
||||
image: tobru/k3s-upgrade-alpine
|
||||
---
|
||||
apiVersion: upgrade.cattle.io/v1
|
||||
kind: Plan
|
||||
metadata:
|
||||
name: k3s-agent
|
||||
namespace: system-upgrade
|
||||
labels:
|
||||
k3s-upgrade: agent
|
||||
spec:
|
||||
concurrency: 2
|
||||
version: v1.18.4+k3s1
|
||||
nodeSelector:
|
||||
matchExpressions:
|
||||
- {key: k3s-upgrade, operator: Exists}
|
||||
- {key: k3s-upgrade, operator: NotIn, values: ["disabled", "false"]}
|
||||
- {key: k3s.io/hostname, operator: Exists}
|
||||
- {key: k3os.io/mode, operator: DoesNotExist}
|
||||
- {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
|
||||
serviceAccountName: system-upgrade
|
||||
prepare:
|
||||
# Since v0.5.0-m1 SUC will use the resolved version of the plan for the tag on the prepare container.
|
||||
# image: rancher/k3s-upgrade:v1.17.4-k3s1
|
||||
image: tobru/k3s-upgrade-alpine
|
||||
args: ["prepare", "k3s-server"]
|
||||
drain:
|
||||
force: true
|
||||
upgrade:
|
||||
image: rancher/k3s-upgrade
|
|
@ -0,0 +1,93 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: system-upgrade
|
||||
namespace: system-upgrade
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: system-upgrade
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: system-upgrade
|
||||
namespace: system-upgrade
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
SYSTEM_UPGRADE_CONTROLLER_DEBUG: "false"
|
||||
SYSTEM_UPGRADE_CONTROLLER_THREADS: "2"
|
||||
SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: "900"
|
||||
SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: "99"
|
||||
SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: Always
|
||||
SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: rancher/kubectl:v1.18.3
|
||||
SYSTEM_UPGRADE_JOB_PRIVILEGED: "true"
|
||||
SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: "900"
|
||||
SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: default-controller-env
|
||||
namespace: system-upgrade
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: system-upgrade-controller
|
||||
namespace: system-upgrade
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
upgrade.cattle.io/controller: system-upgrade-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
upgrade.cattle.io/controller: system-upgrade-controller
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: node-role.kubernetes.io/master
|
||||
operator: In
|
||||
values:
|
||||
- "true"
|
||||
containers:
|
||||
- env:
|
||||
- name: SYSTEM_UPGRADE_CONTROLLER_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.labels['upgrade.cattle.io/controller']
|
||||
- name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: default-controller-env
|
||||
image: rancher/system-upgrade-controller:v0.6.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: system-upgrade-controller
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl
|
||||
name: etc-ssl
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
serviceAccountName: system-upgrade
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/ssl
|
||||
type: Directory
|
||||
name: etc-ssl
|
||||
- emptyDir: {}
|
||||
name: tmp
|
Reference in New Issue