Ben Vincent
623ad6d701
All checks were successful
Build / precommit (pull_request) Successful in 5m26s
THis change will install rancher, purelb and cert-manager, then configure a dmz and common ip pool to be used by loadbalancers. The nginx ingres controller is configured to use 198.18.200.0 (common) and announce the ip from all nodes so that it becomes an anycast ip in ospf. - manage the install of rancher, purelb and cert-manager - add rancher ingress routes - add nginx externalip/loadBalancer
696 lines
19 KiB
YAML
696 lines
19 KiB
YAML
# Source: rancher/templates/priorityClass.yaml
|
|
apiVersion: scheduling.k8s.io/v1
|
|
kind: PriorityClass
|
|
metadata:
|
|
name: rancher-critical
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
value: 1000000000
|
|
globalDefault: false
|
|
description: Priority class used by pods critical to rancher's functionality.
|
|
---
|
|
# Source: rancher/templates/serviceAccount.yaml
|
|
kind: ServiceAccount
|
|
apiVersion: v1
|
|
metadata:
|
|
name: rancher
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
---
|
|
# Source: rancher/templates/configMap.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: rancher-config
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
app.kubernetes.io/part-of: rancher
|
|
data:
|
|
priorityClassName: rancher-critical
|
|
---
|
|
# Source: rancher/templates/clusterRoleBinding.yaml
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: rancher
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rancher
|
|
namespace: cattle-system
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
# Source: rancher/templates/service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: rancher
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
spec:
|
|
ports:
|
|
- port: 80
|
|
targetPort: 80
|
|
protocol: TCP
|
|
name: http
|
|
- port: 443
|
|
targetPort: 444
|
|
protocol: TCP
|
|
name: https-internal
|
|
selector:
|
|
app: rancher
|
|
---
|
|
# Source: rancher/templates/deployment.yaml
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: rancher
|
|
annotations:
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
app: rancher
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: rancher
|
|
release: rancher
|
|
spec:
|
|
priorityClassName: rancher-critical
|
|
serviceAccountName: rancher
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values: [rancher]
|
|
topologyKey: kubernetes.io/hostname
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/os
|
|
operator: NotIn
|
|
values: [windows]
|
|
tolerations:
|
|
- key: cattle.io/os
|
|
value: linux
|
|
effect: NoSchedule
|
|
operator: Equal
|
|
containers:
|
|
- image: docker.io/rancher/rancher:v2.12.1
|
|
imagePullPolicy: IfNotPresent
|
|
name: rancher
|
|
ports:
|
|
- containerPort: 80
|
|
protocol: TCP
|
|
- containerPort: 6666
|
|
protocol: TCP
|
|
args:
|
|
# Public trusted CA - clear ca certs
|
|
- --no-cacerts
|
|
- --http-listen-port=80
|
|
- --https-listen-port=443
|
|
- --add-local=true
|
|
env:
|
|
- name: CATTLE_NAMESPACE
|
|
value: cattle-system
|
|
- name: CATTLE_PEER_SERVICE
|
|
value: rancher
|
|
- name: CATTLE_BOOTSTRAP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bootstrap-secret
|
|
key: bootstrapPassword
|
|
- name: IMPERATIVE_API_DIRECT
|
|
value: 'true'
|
|
- name: IMPERATIVE_API_APP_SELECTOR
|
|
value: rancher
|
|
startupProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 80
|
|
timeoutSeconds: 5
|
|
failureThreshold: 12
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 80
|
|
timeoutSeconds: 5
|
|
periodSeconds: 30
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 80
|
|
timeoutSeconds: 5
|
|
periodSeconds: 30
|
|
failureThreshold: 5
|
|
volumeMounts:
|
|
volumes:
|
|
---
|
|
# Source: rancher/templates/ingress.yaml
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: rancher
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: '30'
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: '1800'
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: '1800'
|
|
spec:
|
|
rules:
|
|
- host: rancher.main.unkin.net # hostname to access rancher server
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: rancher
|
|
port:
|
|
number: 80
|
|
pathType: ImplementationSpecific
|
|
path: /
|
|
tls:
|
|
- hosts: [rancher.main.unkin.net]
|
|
secretName: tls-rancher-ingress
|
|
---
|
|
# Source: rancher/templates/post-delete-hook-service-account.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: rancher-post-delete
|
|
namespace: cattle-system
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: post-delete
|
|
helm.sh/hook-weight: '1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
|
|
---
|
|
# Source: rancher/templates/pre-upgrade-hook-service-account.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: rancher-pre-upgrade
|
|
namespace: cattle-system
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: pre-upgrade
|
|
helm.sh/hook-weight: '-1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
---
|
|
# Source: rancher/templates/secret.yaml
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: bootstrap-secret
|
|
namespace: cattle-system
|
|
annotations:
|
|
helm.sh/hook: pre-install,pre-upgrade
|
|
helm.sh/hook-weight: '-5'
|
|
helm.sh/resource-policy: keep
|
|
type: Opaque
|
|
data:
|
|
bootstrapPassword: YWRtaW4=
|
|
---
|
|
# Source: rancher/templates/post-delete-hook-config-map.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: rancher-post-delete
|
|
namespace: cattle-system
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: post-delete
|
|
helm.sh/hook-weight: '1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
|
|
data:
|
|
post-delete-hook.sh: |-
|
|
#!/bin/bash
|
|
set -e
|
|
namespaces="${NAMESPACES}"
|
|
rancher_namespace="${RANCHER_NAMESPACE}"
|
|
timeout="${TIMEOUT}"
|
|
ignoreTimeoutError="${IGNORETIMEOUTERROR}"
|
|
if [[ -z ${namespaces} ]]; then
|
|
echo "No namespace is provided."
|
|
exit 1
|
|
fi
|
|
if [[ -z ${rancher_namespace} ]]; then
|
|
echo "No rancher namespace is provided."
|
|
exit 1
|
|
fi
|
|
if [[ -z ${timeout} ]]; then
|
|
echo "No timeout value is provided."
|
|
exit 1
|
|
fi
|
|
if [[ -z ${ignoreTimeoutError} ]]; then
|
|
echo "No ignoreTimeoutError value is provided."
|
|
exit 1
|
|
fi
|
|
succeeded=()
|
|
failed=()
|
|
get_pod_count() {
|
|
kubectl get pods --selector app="${1}" -n "${2}" -o json | jq '.items | length'
|
|
}
|
|
echo "Uninstalling Rancher resources in the following namespaces: ${namespaces}"
|
|
for namespace in ${namespaces}; do
|
|
for app in $(helm list -n "${namespace}" -q); do
|
|
if [[ ${app} =~ .crd$ ]]; then
|
|
echo "--- Skip the app [${app}] in the namespace [${namespace}]"
|
|
continue
|
|
fi
|
|
echo "--- Deleting the app [${app}] in the namespace [${namespace}]"
|
|
if [[ ! $(helm uninstall "${app}" -n "${namespace}") ]]; then
|
|
failed=("${failed[@]}" "${app}")
|
|
continue
|
|
fi
|
|
t=0
|
|
while true; do
|
|
if [[ $(get_pod_count "${app}" "${namespace}") -eq 0 ]]; then
|
|
echo "successfully uninstalled [${app}] in the namespace [${namespace}]"
|
|
succeeded=("${succeeded[@]}" "${app}")
|
|
break
|
|
fi
|
|
if [[ ${t} -ge ${timeout} ]]; then
|
|
echo "timeout uninstalling [${app}] in the namespace [${namespace}]"
|
|
failed=("${failed[@]}" "${app}")
|
|
break
|
|
fi
|
|
# by default, wait 120 seconds in total for an app to be uninstalled
|
|
echo "waiting 5 seconds for pods of [${app}] to be terminated ..."
|
|
sleep 5
|
|
t=$((t + 5))
|
|
done
|
|
done
|
|
|
|
# delete the helm operator pods
|
|
for pod in $(kubectl get pods -n "${namespace}" -o name); do
|
|
if [[ ${pod} =~ ^pod\/helm-operation-* ]]; then
|
|
echo "--- Deleting the pod [${pod}] in the namespace [${namespace}]"
|
|
kubectl delete "${pod}" -n "${namespace}"
|
|
fi
|
|
done
|
|
done
|
|
echo "Removing Rancher bootstrap secret in the following namespace: ${rancher_namespace}"
|
|
kubectl --ignore-not-found=true delete secret bootstrap-secret -n "${rancher_namespace}"
|
|
echo "------ Summary ------"
|
|
if [[ ${#succeeded[@]} -ne 0 ]]; then
|
|
echo "Succeeded to uninstall the following apps:" "${succeeded[@]}"
|
|
fi
|
|
if [[ ${#failed[@]} -ne 0 ]]; then
|
|
echo "Failed to uninstall the following apps:" "${failed[@]}"
|
|
if [[ "${ignoreTimeoutError}" == "false" ]]; then
|
|
exit 2
|
|
fi
|
|
else
|
|
echo "Cleanup finished successfully."
|
|
fi
|
|
---
|
|
# Source: rancher/templates/pre-upgrade-hook-config-map.yaml
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: rancher-pre-upgrade
|
|
namespace: cattle-system
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: pre-upgrade
|
|
helm.sh/hook-weight: '-1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
data:
|
|
pre-upgrade-hook.sh: |-
|
|
#!/bin/bash
|
|
set -eo pipefail
|
|
|
|
# Global counters
|
|
declare -A COUNTS
|
|
RESOURCES_FOUND=false
|
|
check_prerequisites() {
|
|
if ! command -v kubectl &>/dev/null; then
|
|
echo "Missing required tool: kubectl"
|
|
exit 1
|
|
fi
|
|
}
|
|
print_resource_table() {
|
|
local kind="$1"
|
|
local items="$2"
|
|
local -a headers=("${@:3}")
|
|
local count
|
|
count=$(wc -l <<< "$items")
|
|
COUNTS["$kind"]=$count
|
|
RESOURCES_FOUND=true
|
|
echo "Found $count $kind resource(s):"
|
|
echo
|
|
IFS=$'\n' read -r -d '' -a lines < <(printf '%s\0' "$items")
|
|
|
|
# Initialize max_lengths array with header lengths
|
|
local -a max_lengths
|
|
for i in "${!headers[@]}"; do
|
|
max_lengths[i]=${#headers[i]}
|
|
done
|
|
|
|
# Calculate max width for each column
|
|
for line in "${lines[@]}"; do
|
|
IFS=$'\t' read -r -a cols <<< "$line"
|
|
for i in "${!cols[@]}"; do
|
|
(( ${#cols[i]} > max_lengths[i] )) && max_lengths[i]=${#cols[i]}
|
|
done
|
|
done
|
|
for i in "${!headers[@]}"; do
|
|
printf "%-${max_lengths[i]}s " "${headers[i]}"
|
|
done
|
|
printf "\n"
|
|
for i in "${!headers[@]}"; do
|
|
printf "%-${max_lengths[i]}s " "$(printf '%*s' "${max_lengths[i]}" '' | tr ' ' '-')"
|
|
done
|
|
printf "\n"
|
|
for line in "${lines[@]}"; do
|
|
IFS=$'\t' read -r -a cols <<< "$line"
|
|
for i in "${!cols[@]}"; do
|
|
printf "%-${max_lengths[i]}s " "${cols[i]}"
|
|
done
|
|
printf "\n"
|
|
done
|
|
echo
|
|
}
|
|
detect_resource() {
|
|
local crd="$1"
|
|
local kind="$2"
|
|
local jsonpath="$3"
|
|
local -a headers=("${@:4}")
|
|
echo "Checking for $kind resources..."
|
|
local output
|
|
if ! output=$(kubectl get "$crd" --all-namespaces -o=jsonpath="$jsonpath" 2>&1); then
|
|
if grep -q "the server doesn't have a resource type" <<< "$output"; then
|
|
echo "Resource type $crd not found. Skipping."
|
|
echo
|
|
return 0
|
|
else
|
|
echo "Error retrieving $kind resources: $output"
|
|
exit 1
|
|
fi
|
|
fi
|
|
if [ -z "$output" ]; then
|
|
echo "No $kind resources found."
|
|
echo
|
|
else
|
|
print_resource_table "$kind" "$output" "${headers[@]}"
|
|
fi
|
|
}
|
|
print_summary() {
|
|
echo "===== SUMMARY ====="
|
|
local total=0
|
|
for kind in "${!COUNTS[@]}"; do
|
|
local count=${COUNTS[$kind]}
|
|
echo "$kind: $count"
|
|
total=$((total + count))
|
|
done
|
|
echo "Total resources detected: $total"
|
|
if [ "$RESOURCES_FOUND" = true ]; then
|
|
echo "Error: Rancher v2.12+ does not support RKE1.
|
|
Detected RKE1-related resources (listed above).
|
|
Please migrate these clusters to RKE2 or K3s, or delete the related resources.
|
|
More info: https://www.suse.com/c/rke-end-of-life-by-july-2025-replatform-to-rke2-or-k3s"
|
|
exit 1
|
|
else
|
|
echo "No RKE related resources found."
|
|
fi
|
|
}
|
|
main() {
|
|
check_prerequisites
|
|
detect_resource "clusters.management.cattle.io" "RKE Management Cluster" \
|
|
'{range .items[?(@.spec.rancherKubernetesEngineConfig)]}{.metadata.name}{"\t"}{.spec.displayName}{"\n"}{end}' \
|
|
"NAME" "DISPLAY NAME"
|
|
detect_resource "nodetemplates.management.cattle.io" "NodeTemplate" \
|
|
'{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.spec.displayName}{"\n"}{end}' \
|
|
"NAMESPACE" "NAME" "DISPLAY NAME"
|
|
detect_resource "clustertemplates.management.cattle.io" "ClusterTemplate" \
|
|
'{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.spec.displayName}{"\n"}{end}' \
|
|
"NAMESPACE" "NAME" "DISPLAY NAME"
|
|
print_summary
|
|
}
|
|
main
|
|
---
|
|
# Source: rancher/templates/post-delete-hook-cluster-role.yaml
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: rancher-post-delete
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: post-delete
|
|
helm.sh/hook-weight: '1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
|
|
rules:
|
|
- apiGroups: [extensions, apps]
|
|
resources: [deployments]
|
|
verbs: [get, list, delete]
|
|
- apiGroups: [batch]
|
|
resources: [jobs]
|
|
verbs: [get, list, watch, delete, create]
|
|
- apiGroups: [rbac.authorization.k8s.io]
|
|
resources: [clusterroles, clusterrolebindings, roles, rolebindings]
|
|
verbs: [get, list, delete, create]
|
|
- apiGroups: ['']
|
|
resources: [pods, secrets, services, configmaps]
|
|
verbs: [get, list, delete]
|
|
- apiGroups: ['']
|
|
resources: [serviceaccounts]
|
|
verbs: [get, list, delete, create]
|
|
- apiGroups: [networking.k8s.io]
|
|
resources: [networkpolicies]
|
|
verbs: [get, list, delete]
|
|
- apiGroups: [admissionregistration.k8s.io]
|
|
resources:
|
|
- validatingwebhookconfigurations
|
|
- mutatingwebhookconfigurations
|
|
verbs: [get, list, delete]
|
|
- apiGroups: [networking.k8s.io]
|
|
resources: [ingresses]
|
|
verbs: [delete]
|
|
- apiGroups: [cert-manager.io]
|
|
resources: [issuers]
|
|
verbs: [delete]
|
|
---
|
|
# Source: rancher/templates/pre-upgrade-hook-cluster-role.yaml
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: rancher-pre-upgrade
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: pre-upgrade
|
|
helm.sh/hook-weight: '-1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
rules:
|
|
- apiGroups: [management.cattle.io]
|
|
resources: [clusters, nodetemplates, clustertemplates]
|
|
verbs: [get, list]
|
|
---
|
|
# Source: rancher/templates/post-delete-hook-cluster-role-binding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: rancher-post-delete
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: post-delete
|
|
helm.sh/hook-weight: '2'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: rancher-post-delete
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rancher-post-delete
|
|
namespace: cattle-system
|
|
---
|
|
# Source: rancher/templates/pre-upgrade-hook-cluster-role-binding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: rancher-pre-upgrade
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: pre-upgrade
|
|
helm.sh/hook-weight: '-1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: rancher-pre-upgrade
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rancher-pre-upgrade
|
|
namespace: cattle-system
|
|
---
|
|
# Source: rancher/templates/post-delete-hook-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: rancher-post-delete
|
|
namespace: cattle-system
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: post-delete
|
|
helm.sh/hook-weight: '3'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
spec:
|
|
backoffLimit: 3
|
|
template:
|
|
metadata:
|
|
name: rancher-post-delete
|
|
labels:
|
|
app: rancher
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
spec:
|
|
serviceAccountName: rancher-post-delete
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: rancher-post-delete
|
|
image: rancher/shell:v0.5.0
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsUser: 0
|
|
command: [/scripts/post-delete-hook.sh]
|
|
volumeMounts:
|
|
- mountPath: /scripts
|
|
name: config-volume
|
|
env:
|
|
- name: NAMESPACES
|
|
value: cattle-fleet-system cattle-system rancher-operator-system
|
|
- name: RANCHER_NAMESPACE
|
|
value: cattle-system
|
|
- name: TIMEOUT
|
|
value: '120'
|
|
- name: IGNORETIMEOUTERROR
|
|
value: 'false'
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: rancher-post-delete
|
|
defaultMode: 0777
|
|
---
|
|
# Source: rancher/templates/pre-upgrade-hook-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: rancher-pre-upgrade
|
|
namespace: cattle-system
|
|
labels:
|
|
app: rancher-pre-upgrade
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
annotations:
|
|
helm.sh/hook: pre-upgrade
|
|
helm.sh/hook-weight: '-1'
|
|
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
|
spec:
|
|
backoffLimit: 3
|
|
template:
|
|
metadata:
|
|
name: rancher-pre-upgrade
|
|
labels:
|
|
app: rancher-pre-upgrade
|
|
chart: rancher-2.12.1
|
|
heritage: Helm
|
|
release: rancher
|
|
spec:
|
|
serviceAccountName: rancher-pre-upgrade
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: rancher-pre-upgrade
|
|
image: rancher/shell:v0.5.0
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsUser: 0
|
|
command: [/scripts/pre-upgrade-hook.sh]
|
|
volumeMounts:
|
|
- mountPath: /scripts
|
|
name: config-volume
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: rancher-pre-upgrade
|
|
defaultMode: 0777
|