diff --git a/bootstrap/system-upgrades/clusterrole.yaml b/bootstrap/system-upgrades/clusterrole.yaml
index 1346e31c49875b05dfeddfac49b2a7bcdd8dfc3a..3cb3cb53028fd642ab4f46c0fa534f5435aabc3d 100644
--- a/bootstrap/system-upgrades/clusterrole.yaml
+++ b/bootstrap/system-upgrades/clusterrole.yaml
@@ -39,6 +39,30 @@ rules:
- patch
- update
- delete
+- apiGroups:
+ - coordination.k8s.io
+ resourceNames:
+ - system-upgrade-controller
+ resources:
+ - leases
+ verbs:
+ - get
+ - update
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - get
+ - create
+ - patch
+ - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@@ -88,6 +112,7 @@ rules:
verbs:
- "get"
- "list"
+ - "delete"
# Needed to cordon Nodes
- apiGroups:
- ""
@@ -95,8 +120,6 @@ rules:
- "nodes"
verbs:
- "get"
- - "list"
- - "watch"
- "patch"
# Needed to determine Pod owners
- apiGroups:
diff --git a/bootstrap/system-upgrades/crd.yaml b/bootstrap/system-upgrades/crd.yaml
index 6fb5343a16a251f296c929102d69a32a67c84be7..f89b870addd35f2937d61897b07da570d65acc5e 100644
--- a/bootstrap/system-upgrades/crd.yaml
+++ b/bootstrap/system-upgrades/crd.yaml
@@ -130,6 +130,9 @@ spec:
nullable: true
type: object
type: object
+ postCompleteDelay:
+ nullable: true
+ type: string
prepare:
nullable: true
properties:
@@ -248,6 +251,16 @@ spec:
allowPrivilegeEscalation:
nullable: true
type: boolean
+ appArmorProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
capabilities:
nullable: true
properties:
@@ -497,6 +510,16 @@ spec:
allowPrivilegeEscalation:
nullable: true
type: boolean
+ appArmorProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
capabilities:
nullable: true
properties:
@@ -593,6 +616,25 @@ spec:
version:
nullable: true
type: string
+ window:
+ nullable: true
+ properties:
+ days:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ endTime:
+ nullable: true
+ type: string
+ startTime:
+ nullable: true
+ type: string
+ timeZone:
+ nullable: true
+ type: string
+ type: object
required:
- upgrade
type: object
@@ -639,4 +681,4 @@ spec:
served: true
storage: true
subresources:
- status: {}
+ status: {}
\ No newline at end of file
diff --git a/bootstrap/system-upgrades/deployment.yaml b/bootstrap/system-upgrades/deployment.yaml
index 996a1a869cdc5348fe6b4bdcb2dd04dc8cf22f31..6e0479e6bfadffaa74fe65c375721fdf8969e42d 100644
--- a/bootstrap/system-upgrades/deployment.yaml
+++ b/bootstrap/system-upgrades/deployment.yaml
@@ -29,10 +29,14 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: SYSTEM_UPGRADE_CONTROLLER_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
envFrom:
- configMapRef:
name: default-controller-env
- image: docker.io/rancher/system-upgrade-controller:v0.13.4@sha256:3df6d01b9eb583a78c309ce0b2cfeed98a9af97983e4ea96bf53410dd56c6f45
+ image: docker.io/rancher/system-upgrade-controller:v0.15.2
imagePullPolicy: IfNotPresent
name: system-upgrade-controller
securityContext: