diff --git a/bootstrap/templates/kubernetes/apps/tools/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/kustomization.yaml.j2 index d8836c40d34..50d2275474a 100644 --- a/bootstrap/templates/kubernetes/apps/tools/kustomization.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/tools/kustomization.yaml.j2 @@ -5,6 +5,6 @@ resources: - ./namespace.yaml - ./descheduler/ks.yaml - ./reloader/ks.yaml - #% if bootstrap_distribution in ['k3s'] and addon_system_upgrade_controller.enabled %# + #% if bootstrap_distribution in ['k3s', 'talos'] and addon_system_upgrade_controller.enabled %# - ./system-upgrade-controller/ks.yaml #% endif %# diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/.mjfilter.py b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/.mjfilter.py index f87c91c30f8..95f7c347c24 100644 --- a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/.mjfilter.py +++ b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/.mjfilter.py @@ -1 +1 @@ -main = lambda data: data.get("bootstrap_distribution") in ['k3s'] and data.get("addon_system_upgrade_controller", {}).get("enabled", False) == True +main = lambda data: data.get("bootstrap_distribution") in ['k3s', 'talos'] and data.get("addon_system_upgrade_controller", {}).get("enabled", False) == True diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/app/rbac.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/app/rbac.yaml.j2 index 17fee3254f7..bf68d369dbf 100644 --- a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/app/rbac.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/app/rbac.yaml.j2 @@ -11,3 +11,13 @@ subjects: - kind: ServiceAccount name: system-upgrade namespace: tools +#% if bootstrap_distribution in ['talos'] %# +--- +apiVersion: talos.dev/v1alpha1 +kind: ServiceAccount +metadata: + name: talos +spec: + roles: + - os:admin +#% endif %# diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/agent.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/agent.yaml.j2 deleted file mode 100644 index dcbd38dba72..00000000000 --- a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/agent.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: agent -spec: - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.29.0+k3s1" - serviceAccountName: system-upgrade - concurrency: 1 - nodeSelector: - matchExpressions: - - {key: node-role.kubernetes.io/control-plane, operator: DoesNotExist} - prepare: - image: rancher/k3s-upgrade - args: ["prepare", "server"] - upgrade: - image: rancher/k3s-upgrade diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/k3s.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/k3s.yaml.j2 new file mode 100644 index 00000000000..905f00194d7 --- /dev/null +++ b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/k3s.yaml.j2 @@ -0,0 +1,54 @@ +#% if bootstrap_distribution in ['k3s'] %# +--- +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: controllers +spec: + # renovate: datasource=github-releases depName=k3s-io/k3s + version: "v1.29.0+k3s1" + upgrade: + image: rancher/k3s-upgrade + serviceAccountName: system-upgrade + concurrency: 1 + cordon: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + operator: Exists + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node-role.kubernetes.io/etcd + effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists +--- +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: workers +spec: + # renovate: datasource=github-releases depName=k3s-io/k3s + version: "v1.29.0+k3s1" + serviceAccountName: system-upgrade + concurrency: 1 + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist + prepare: + image: rancher/k3s-upgrade + args: ["prepare", "server"] + upgrade: + image: rancher/k3s-upgrade +#% endif %# diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/kustomization.yaml.j2 index 2a658c35b80..e2ddd381e76 100644 --- a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/kustomization.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/kustomization.yaml.j2 @@ -2,5 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./server.yaml - - ./agent.yaml + #% if bootstrap_distribution in ['k3s'] %# + - ./k3s.yaml + #% elif bootstrap_distribution in ['talos'] %# + - ./talos.yaml + #% endif %# diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/server.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/server.yaml.j2 deleted file mode 100644 index 773883cec9a..00000000000 --- a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/server.yaml.j2 +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: server -spec: - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.29.0+k3s1" - serviceAccountName: system-upgrade - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - {key: node-role.kubernetes.io/control-plane, operator: Exists} - tolerations: - - {effect: NoSchedule, operator: Exists} - - {effect: NoExecute, operator: Exists} - - {key: node-role.kubernetes.io/control-plane, effect: NoSchedule, operator: Exists} - - {key: node-role.kubernetes.io/master, effect: NoSchedule, operator: Exists} - - {key: node-role.kubernetes.io/etcd, effect: NoExecute, operator: Exists} - - {key: CriticalAddonsOnly, operator: Exists} - upgrade: - image: rancher/k3s-upgrade diff --git a/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/talos.yaml.j2 b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/talos.yaml.j2 new file mode 100644 index 00000000000..fe951cf6802 --- /dev/null +++ b/bootstrap/templates/kubernetes/apps/tools/system-upgrade-controller/plans/talos.yaml.j2 @@ -0,0 +1,93 @@ +#% if bootstrap_distribution in ['talos'] %# +--- +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: kubernetes +spec: + # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet + version: v1.29.1 + serviceAccountName: system-upgrade + secrets: + - name: talos + path: /var/run/secrets/talos.dev + ignoreUpdates: true + concurrency: 1 + exclusive: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + prepare: &prepare + image: ghcr.io/siderolabs/talosctl:v1.6.3 + envs: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + args: + - --nodes=$(NODE_IP) + - health + - --server=false + upgrade: + <<: *prepare + args: + - --nodes=$(NODE_IP) + - upgrade-k8s + - --to=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) +--- +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: talos +spec: + # renovate: datasource=docker depName=ghcr.io/siderolabs/installer + version: v1.6.3 + serviceAccountName: system-upgrade + secrets: + - name: talos + path: /var/run/secrets/talos.dev + ignoreUpdates: true + concurrency: 1 + exclusive: true + nodeSelector: + matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/controlplane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + operator: Exists + effect: NoSchedule + prepare: &prepare + image: ghcr.io/siderolabs/talosctl + envs: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + args: + - --nodes=$(NODE_IP) + - health + - --server=false + upgrade: + <<: *prepare + args: + - --nodes=$(NODE_IP) + - upgrade + - --image=factory.talos.dev/installer/#{ addon_system_upgrade_controller.talos_schematic_id|default('df491c50a5acc05b977ef00c32050e1ceb0df746e40b33c643ac8a9bfb7c7263', true) }#:$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) + - --preserve=true + - --wait=false +#% endif %# diff --git a/bootstrap/vars/addons.sample.yaml b/bootstrap/vars/addons.sample.yaml index ba7705dee66..33b7459c7d2 100644 --- a/bootstrap/vars/addons.sample.yaml +++ b/bootstrap/vars/addons.sample.yaml @@ -29,16 +29,16 @@ addon_weave_gitops: # https://github.com/rancher/system-upgrade-controller addon_system_upgrade_controller: - # IMPORTANT: Only enable this if you also track the version of k3s in the - # ansible configuration files. Running ansible against an already provisioned - # cluster with this enabled might cause your cluster to be downgraded. - # NOTE: If bootstrap_distribution is set to k0s or talos this will be ignored. + # NOTE: If bootstrap_distribution is set to k0s this will be ignored. enabled: false + # IMPORTANT: For talos, head over to https://factory.talos.dev/ and + # generate a schematic ID based on your System Extension requirements + # talos_schematic_id: df491c50a5acc05b977ef00c32050e1ceb0df746e40b33c643ac8a9bfb7c7263 # https://github.com/morphy2k/rss-forwarder addon_discord_template_notifier: # Will post commits from the template repository to the specified discord channel - # so it's easier to keep track of changes. + # so it's easier to keep track of changes. enabled: false # webhook_url: # Required: Discord webhook url