[release-v2.11] Move helm charts from rancher/charts to /charts dir

charts/Chart.yaml

@@ -0,0 +1,17 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/kube-version: '>= 1.25.0-0 < 1.33.0-0'
+ catalog.cattle.io/managed: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux,windows
+ catalog.cattle.io/rancher-version: '>= 2.11.0-0'
+ catalog.cattle.io/release-name: system-upgrade-controller
+apiVersion: v1
+appVersion: v0.15.2
+description: General purpose controller to make system level updates to nodes.
+home: https://github.com/rancher/system-upgrade-controller
+kubeVersion: '>= 1.25.0-0'
+name: system-upgrade-controller
+version: 106.0.0

charts/templates/_helpers.tpl

@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

charts/templates/clusterrolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: system-upgrade-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: system-upgrade-controller
+ namespace: cattle-system

charts/templates/configmap.yaml

@@ -0,0 +1,18 @@
+# Source: https://github.com/rancher/system-upgrade-controller/blob/master/manifests/system-upgrade-controller.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: system-upgrade-controller-config
+ namespace: cattle-system
+data:
+ SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }}
+ SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }}
+ SYSTEM_UPGRADE_CONTROLLER_LEADER_ELECT: {{ .Values.systemUpgradeControllerLeaderElect | default "true" | quote }}
+ SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }}
+ SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }}
+ SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "IfNotPresent" | quote }}
+ SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }}
+ SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }}
+ SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }}
+ SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }}
+

charts/templates/deployment.yaml

@@ -0,0 +1,112 @@
+# Source: https://github.com/rancher/system-upgrade-controller/blob/master/manifests/system-upgrade-controller.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: system-upgrade-controller
+ namespace: cattle-system
+spec:
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ upgrade.cattle.io/controller: system-upgrade-controller
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: system-upgrade-controller
+ upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "kubernetes.io/os"
+ operator: NotIn
+ values:
+ - windows
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: In
+ values:
+ - "true"
+ weight: 100
+ - preference:
+ matchExpressions:
+ - key: "node-role.kubernetes.io/master"
+ operator: In
+ values:
+ - "true"
+ weight: 100
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: "kubernetes.io/hostname"
+ labelSelector:
+ matchExpressions:
+ - key: "app.kubernetes.io/name"
+ operator: "In"
+ values:
+ - "system-upgrade-controller"
+ tolerations:
+ - operator: Exists
+ serviceAccountName: system-upgrade-controller
+ containers:
+ - name: system-upgrade-controller
+ image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }}
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 65534
+ runAsGroup: 65534
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
+ envFrom:
+ - configMapRef:
+ name: system-upgrade-controller-config
+ env:
+ - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.labels['upgrade.cattle.io/controller']
+ - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: SYSTEM_UPGRADE_CONTROLLER_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumeMounts:
+ - name: etc-ssl
+ mountPath: /etc/ssl
+ readOnly: true
+ - name: etc-pki
+ mountPath: /etc/pki
+ readOnly: true
+ - name: etc-ca-certificates
+ mountPath: /etc/ca-certificates
+ readOnly: true
+ - name: tmp
+ mountPath: /tmp
+ volumes:
+ - name: etc-ssl
+ hostPath:
+ path: /etc/ssl
+ type: DirectoryOrCreate
+ - name: etc-pki
+ hostPath:
+ path: /etc/pki
+ type: DirectoryOrCreate
+ - name: etc-ca-certificates
+ hostPath:
+ path: /etc/ca-certificates
+ type: DirectoryOrCreate
+ - name: tmp
+ emptyDir: {}

charts/templates/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: system-upgrade-controller
+ namespace: cattle-system

charts/values.yaml

@@ -0,0 +1,13 @@
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+systemUpgradeController:
+ image:
+ repository: rancher/system-upgrade-controller
+ tag: v0.15.2
+
+kubectl:
+ image:
+ repository: rancher/kubectl
+ tag: v1.32.2