This is an opinionated fork of the upstream project at https://github.com/rancher/system-upgrade-controller.
This project aims to provide a general-purpose, Kubernetes-native upgrade controller (for nodes). It introduces a new CRD, the Plan, for defining any and all of your upgrade policies/requirements. A Plan is an outstanding intent to mutate nodes in your cluster. For up-to-date details on defining a plan please review v1/types.go.
CNCF Member Webinar: Declarative Host Upgrades From Within Kubernetes
Rancher Online Meetup: Automating K3s Cluster Upgrades
Purporting to support general-purpose node upgrades (essentially, arbitrary mutations) this controller attempts minimal imposition of opinion. Our design constraints, such as they are:
- content delivery via container image a.k.a. container command pattern
- operator-overridable command(s)
- a very privileged job/pod/container:
- host IPC, NET, and PID
- CAP_SYS_BOOT
- host root file-system mounted at
/host
(read/write)
- optional opt-in/opt-out via node labels
- optional cordon/drain a la
kubectl
Additionally, one should take care when defining upgrades by ensuring that such are idempotent--there be dragons.
Take a look at kubesearch.dev for a list of Helm charts and other deployment options.
Using this for Talos and with the examples below will only work if node-feature-discovery
is installed and configured with the system source like so:
worker:
config:
core:
sources: ["pci", "system", "usb"]
- examples/kubernetes.yaml
- Demonstrates upgrading Kubernetes on Talos Linux.
- examples/talos.yaml
- Demonstrates upgrading Talos Linux OS.
go build -o bin/system-upgrade-controller
Use ./bin/system-upgrade-controller
.
Copyright (c) 2019-2022 Rancher Labs, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.