diff --git a/infrastructure/system-upgrades/kubelet.yaml b/infrastructure/system-upgrades/kubelet.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4c1e682fdf3491bdc51a4a27f7c7bbbcfe0d32ad --- /dev/null +++ b/infrastructure/system-upgrades/kubelet.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: kubelet + namespace: system-upgrade +type: Opaque +stringData: + kubelet.service: | + [Service] + Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --authentication-token-webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" + upgrade.sh: | + #!/bin/sh + set -e + set -x + secrets="$(dirname $0)" + cp "$secrets/kubelet.service" /etc/systemd/system/kubelet.service.d/flux.conf + systemctl daemon-reload + systemctl restart kubelet.service +--- +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: kubelet-config + namespace: system-upgrade +spec: + concurrency: 1 + nodeSelector: + matchExpressions: + - key: feature.node.kubernetes.io/system-os_release.ID + operator: In + values: + - "fedora" + - key: feature.node.kubernetes.io/system-os_release.VERSION_ID.major + operator: In + values: + - "35" + serviceAccountName: system-upgrade + secrets: + - name: kubelet + path: /host/run/system-upgrade/secrets/kubelet + version: "1.0.0" + upgrade: + image: registry.fedoraproject.org/fedora:35 + command: ["chroot", "/host"] + args: ["sh", "/run/system-upgrade/secrets/kubelet/upgrade.sh"] diff --git a/infrastructure/system-upgrades/kustomization.yaml b/infrastructure/system-upgrades/kustomization.yaml index 6f6c7a78b45100af8950d413d6fd0e52a4070e2d..d7047ee689f2b178b25db15645fd1e139a19f8d2 100644 --- a/infrastructure/system-upgrades/kustomization.yaml +++ b/infrastructure/system-upgrades/kustomization.yaml @@ -2,8 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: system-upgrade resources: - - fedora.yaml - calver-server.yaml + - fedora.yaml + - kubelet.yaml - longhorn-lvm.yaml - longhorn-setup.yaml - fedora-temperature-monitoring.yaml