From 21a37f2a4c8eb1d6b56383f7474ea0b7666c961a Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 21 May 2025 03:34:26 +0200
Subject: [PATCH] feat(system-upgrade): Adjust plans to automate Talos updates
using kured
This patch modifies the os upgrade tasks for Talos and Fedora to make
kured handle the system reboots. This should allow smooth Talos updates
without needing to worry about race conditions around the reboot of a
node.
---
.../system-upgrades/fedora/fedora-autoupdate.yaml | 2 +-
infrastructure/base/system-upgrades/kured.yaml | 13 ++++---------
infrastructure/base/system-upgrades/talos/os.yaml | 14 +++++---------
3 files changed, 10 insertions(+), 19 deletions(-)
diff --git a/infrastructure/base/system-upgrades/fedora/fedora-autoupdate.yaml b/infrastructure/base/system-upgrades/fedora/fedora-autoupdate.yaml
index a123fa8dd..8079a6fcd 100644
--- a/infrastructure/base/system-upgrades/fedora/fedora-autoupdate.yaml
+++ b/infrastructure/base/system-upgrades/fedora/fedora-autoupdate.yaml
@@ -15,7 +15,7 @@ stringData:
systemctl start --wait dnf-automatic-install.service
systemctl enable clevis-luks-askpass.path
if ! dnf needs-restarting --reboothint; then
- touch /var/run/reboot-required
+ touch /run/reboot-required
fi
---
apiVersion: upgrade.cattle.io/v1
diff --git a/infrastructure/base/system-upgrades/kured.yaml b/infrastructure/base/system-upgrades/kured.yaml
index 4cf8963e9..23429f139 100644
--- a/infrastructure/base/system-upgrades/kured.yaml
+++ b/infrastructure/base/system-upgrades/kured.yaml
@@ -39,20 +39,15 @@ metadata:
namespace: system-upgrade
data:
values.yaml: |
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: feature.node.kubernetes.io/system-os_release.ID
- operator: NotIn
- values:
- - talos
configuration:
+ useRebootSentinelHostPath: true
annotateNodes: true
preferNoScheduleTaint: weave.works/kured-node-reboot
blockingPodSelector:
- upgrade.cattle.io/plan
+ rebootSentinel: "/run/reboot-required"
+ rebootMethod: command
+ rebootCommand: /sbin/shutdown --reboot
hostNetwork: false
metrics:
create: true
diff --git a/infrastructure/base/system-upgrades/talos/os.yaml b/infrastructure/base/system-upgrades/talos/os.yaml
index 2aa873c77..333a215ee 100644
--- a/infrastructure/base/system-upgrades/talos/os.yaml
+++ b/infrastructure/base/system-upgrades/talos/os.yaml
@@ -12,11 +12,6 @@ spec:
path: /var/run/secrets/talos.dev
ignoreUpdates: true
concurrency: 1
- exclusive: true
- drain:
- deleteLocalData: true
- ignoreDaemonSets: true
- force: false
nodeSelector:
matchExpressions:
- key: feature.node.kubernetes.io/system-os_release.ID
@@ -25,7 +20,7 @@ spec:
- talos
- key: upgrade.shivering-isles.com/talos-autoupdate
operator: Exists
- upgrade:
+ prepare:
image: ghcr.io/siderolabs/talosctl
envs:
- name: NODE_IP
@@ -38,6 +33,7 @@ spec:
- --nodes=$(NODE_IP)
- upgrade
- --image=$(TALOS_IMAGE):$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
- - --preserve=true
- - --wait=false
- - --reboot-mode=powercycle
+ - --stage
+ upgrade:
+ image: quay.io/fedora/fedora:41
+ command: ["touch", "/host/run/reboot-required"]
\ No newline at end of file
--
GitLab