Parameters
The parent key for all of the following parameters is system_upgrade_controller.
namespace
| type |
string |
| default |
|
The namespace in which to deploy this component.
When parameter plans_only is set to true, the component expects that the provided namespace exists and a SUC instance is deployed in the given namespace.
service_account
| type |
string |
| default |
|
The name of the service account for System Upgrade Controller.
When option plans_only is set to true, the component expects that a service account with the given name exists in the target namespace.
plans_only
| type |
boolean |
| default |
|
Whether to install the manifests for System Upgrade Controller.
If set to true only plan manifests will be applied.
Plans must be installed in the same namespace as the controller.
plan_polling_interval
| type |
string |
| default |
|
The interval time the System Upgrade Controller check for plan execution.
affinity
| type |
hash |
| default |
|
Affinity configuration for the System Upgrade Controller pod.
Example:
parameters:
system_upgrade_controller:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/controlplane
operator: In
values:
- "true"floodgate_url
| type |
string |
| default |
The floodgate service URL being used.
Floodgate is a Syn project providing individual System Upgrade Controller channels based on time conditions.
disable_grafana_dashboard
| type |
boolean |
| default |
|
If true it disables the Grafana dashboard.
This is intended to be used when Grafana components aren’t fully installed or the dashboard isn’t required at all.
job_deadline_seconds
| type |
string |
| default |
|
The deadline for System Upgrade Controller jobs in seconds.
job_image_pull_policy
| type |
string |
| default |
|
The image pull policy for System Upgrade Controller jobs.
job_kubectl_image
| type |
string |
| default |
|
The kubectl image the System Upgrade Controller uses in the jobs.
job_privileged
| type |
string |
| default |
|
If the System Upgrade Controller job does run in privileged mode.
job_ttl_after_finish
| type |
string |
| default |
|
The time in seconds the System Upgrade Controller jobs are kept after they’re completed.
plans
| type |
dict |
| default |
|
This parameter allows users to configure one or more System Upgrade Controller Plan resources.
Each entry in the dict corresponds to one Plan resource.
Dict keys are used as the name of the resulting Plan resource.
The dict value is expected to be another dict.
The component supports keys spec, floodgate, label_selectors and tolerations in the value dict.
Plans can be removed by setting the value of the dict entry to null.
plans.<P>.spec
| type |
dict |
| default |
|
This parameter is mandatory.
A minimal configuration requires fields upgrade.image and upgrade.command to be set.
This parameter is merged with the predefined configuration shown above to form the Plan resource’s spec field.
Configurations in the parameter override values in the default.
Configurations given in other fields in the plan configuration may override values provided in this parameter.
See the following sections for details.
The component accepts both string and array values for spec.upgrade.command.
If a string value is given, it’s transformed into an array with a single member.
See the System Upgrade Controller documentation for supported configurations.
plans.<P>.floodgate
| type |
dict |
| supported keys |
|
This parameter is required unless either field channel or field version is present in plan parameter spec.
This parameter can be used to instruct the component to construct a Floodgate-based value for the plan’s channel.
If field channel or field version in key plans.<P>.spec is set, configuration provided in this parameter has no effect.
The supported keys in this parameter have the following effects:
url-
The base URL of the Floodgate instance. This key is optional. If it’s not present, the value of component parameter
floodgate_urlis used in the resulting channel value. basepath-
The base path appended to the Floodgate URL. This key is optional. If it’s not present, the component uses
windowas base path. day-
The day of the week on which to start the upgrade. This should be a number between 0 (Sunday) and 6 (Saturday).
hour-
The hour in the day on which to start the upgrade This should be a number between 0 and 23.
See the Floodgate documentation for details on how Floodgate works.
plans.<P>.push_gateway
| type |
string |
A Prometheus push gateway address as DNS name or IP.
This parameter is optional.
If present, the value of this parameter is appended to any arbitrary arguments given in the plan’s spec.upgrade.args.
If you need more complex configuration, please provide any arguments to the upgrade command directly in spec.upgrade.args and omit this parameter
plans.<P>.label_selectors
| type |
dict |
Specify a label selector according to which nodes to upgrade are selected.
This parameter is mandatory.
The System Upgrade Controller will add and manage label plan.upgrade.cattle.io/P for a plan named P to all nodes selected by the label selectors.
It will set the value of that label to the SHA256 hash of the Docker image used for the upgrade.
It’s considered best practice to use that label as the label selector for the plan.
The component will transform the provided dict into a list of Kubernetes label selector matchExpressions.
Each dict entry is transformed into a LabelSelectorRequirement.
The value of each entry used as the LabelSelectorRequirement and the key of the entry is set as the value for field key.
The resulting list of LabelSelectorRequirements is assigned to key spec.nodeSelector.matchExpressions in the Plan resource.
See the Kubernetes API documentation for supported fields in LabelSelectorRequirement.
plans.<P>.tolerations
| type |
dict |
Specify Kubernetes tolerations for the upgrade job. This parameter is optional. If omitted, no tolerations are configured on the plan.
The component transforms the provided dict into a list of Kubernetes tolerations.
Each dict entry is transformed into a Toleration by the component.
The entry’s value is used as a Toleration and the entry’s key is set as value for field key.
The component assigns the resulting list of tolerations to field spec.tolerations in the Plan.
See the Kubernetes API documentation for supported fields in Toleration.
Example Plan
In this example, we specify a taint for etcd or control plane components so that the upgrade jobs can be scheduled on nodes hosting control plane or etcd components.
parameters:
system_upgrade_controller:
plans:
system-upgrade-focal: (1)
spec: (2)
concurrency: 1
upgrade:
image: docker.io/projectsyn/suc-ubuntu-focal
command: /scripts/run.sh
push_gateway: 10.43.209.108:9091
floodgate:
hour: 22
day: 2
label_selectors:
plan.upgrade.cattle.io/system-upgrade-focal: (1)
operator: Exists
tolerations:
node-role.kubernetes.io/controlplane:
operator: Exists
node-role.kubernetes.io/etcd:
operator: Exists| 1 | We recommend to use matching label selector and plan name. This minimizes the amount of labels added to nodes by the System Upgrade Controller. |
| 2 | Check the official documentation for supported fields in spec. |
This configuration results in the following Plan object:
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: system-upgrade-focal
spec:
channel: https://floodgate.syn.vshn.net/window/2/22
concurrency: 1
drain:
force: true
nodeSelector:
matchExpressions:
- key: plan.upgrade.cattle.io/system-upgrade-focal
operator: Exists
serviceAccountName: system-upgrade
tolerations:
- key: node-role.kubernetes.io/controlplane
operator: Exists
- key: node-role.kubernetes.io/etcd
operator: Exists
upgrade:
args:
- 10.43.209.108:9091
command:
- /scripts/run.sh
image: docker.io/projectsyn/suc-ubuntu-focal