Unattended upgrades

For
* APT based
* YUM based
* Flatcar

Signed-off-by: Artiom Diomin <[email protected]>

addons/unattended-upgrades/README.md

@@ -0,0 +1,3 @@
+# Unnatended Upgrades
+
+This addon will automate upgrading system packages of the distro of your choice.

addons/unattended-upgrades/apt.yaml

@@ -0,0 +1,59 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: unnatended-upgrades-install
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: unnatended-upgrades-install
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: unnatended-upgrades-install
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: v1.machine-controller.kubermatic.io/operating-system
+                operator: In
+                values:
+                - ubuntu
+            - matchExpressions:
+              - key: v1.kubeone.io/operating-system
+                operator: In
+                values:
+                - ubuntu
+                - debian
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      hostPID: true
+      containers:
+      - name: "unnatended-upgrades-install"
+        image: "alpine:3.12.4"
+        securityContext:
+          privileged: true
+        command:
+        - |
+          #!/bin/sh
+          set -xeuo pipefail
+          apk add --no-cache bash util-linux
+          EXEC=(nsenter -t 1 -m -u -i -n -p --)
+          "${EXEC[@]}" bash -c "${STARTUP_SCRIPT}"
+          sleep inf
+        env:
+        - name: STARTUP_SCRIPT
+          value: |
+            #!/usr/bin/env bash
+            set -xeuo pipefail
+            export DEBIAN_FRONTEND=noninteractive
+            apt-get update
+            apt-get install -y --no-install-recommends \
+              apt-utils \
+              unattended-upgrades