forked from rancher/k3os
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathk3os-latest.yaml
77 lines (69 loc) · 3.57 KB
/
k3os-latest.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
# This `name` should be short but descriptive.
name: k3os-latest
# The same `namespace` as is used for the system-upgrade-controller Deployment.
namespace: k3os-system
spec:
# The maximum number of concurrent nodes to apply this update on.
concurrency: 1
# The value for `channel` is assumed to be a URL that returns HTTP 302 with the last path element of the value
# returned in the Location header assumed to be an image tag.
channel: https://github.com/rancher/k3os/releases/latest
# Providing a value for `version` will prevent polling/resolution of the `channel` if specified.
# version: v0.11.0-rc1
# Select which nodes this plan can be applied to.
nodeSelector:
matchExpressions:
# This limits application of this upgrade only to nodes that have opted in by applying this label.
# Additionally, a value of `disabled` for this label on a node will cause the controller to skip over the node.
- {key: k3os.io/upgrade, operator: Exists}
- {key: k3os.io/upgrade, operator: NotIn, values: ["disabled"]}
# This label is set by k3OS, therefore a node without it should not apply this upgrade.
- {key: k3os.io/mode, operator: Exists}
# Additionally, do not attempt to upgrade nodes booted from "live" CDROM.
- {key: k3os.io/mode, operator: NotIn, values: ["live"]}
# The service account for the pod to use. As with normal pods, if not specified the `default` service account from the namespace will be assigned.
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccountName: k3os-upgrade
# Specify which node taints should be tolerated by pods applying the upgrade.
# Anything specified here is appended to the default of:
# - {key: node.kubernetes.io/unschedulable, effect: NoSchedule, operator: Exists}
tolerations:
- {key: CriticalAddonsOnly, operator: Exists}
- {key: node-role.kubernetes.io/master, effect: NoSchedule, operator: Exists}
- {key: node-role.kubernetes.io/control-plane, effect: NoSchedule, operator: Exists}
- {key: kubernetes.io/arch, effect: NoSchedule, operator: Equal, value: amd64}
- {key: kubernetes.io/arch, effect: NoSchedule, operator: Equal, value: arm64}
- {key: kubernetes.io/arch, effect: NoSchedule, operator: Equal, value: arm}
# The prepare init container is run before cordon/drain which is run before the upgrade container.
# Shares the same format as the `upgrade` container.
# This formulation will incur the rancher/k3os image download prior to the drain, minimizing unavailability.
prepare:
image: rancher/k3os
command: [k3os, --version]
args: []
# See https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/#use-kubectl-drain-to-remove-a-node-from-service
drain:
# deleteLocalData: true
# ignoreDaemonSets: true
force: true
# disableEviction: false # set this to true to bypass pod disruption budgets during drain
upgrade:
# The tag portion of the image will be overridden with the value from `.status.latestVersion` a.k.a. the resolved version.
image: rancher/k3os
command: [k3os, --debug]
# It is safe to specify `--kernel` on overlay installations as the destination path will not exist and so the
# upgrade of the kernel component will be skipped (with a warning in the log).
args:
- upgrade
- --kernel
- --rootfs
- --remount
- --sync
- --reboot
- --lock-file=/host/run/k3os/upgrade.lock
- --source=/k3os/system
- --destination=/host/k3os/system