-
Notifications
You must be signed in to change notification settings - Fork 86
/
linux-kernel-aws.yaml
77 lines (69 loc) · 2.74 KB
/
linux-kernel-aws.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
---
apiVersion: v1
kind: Secret
metadata:
name: kernel
namespace: system-upgrade
type: Opaque
stringData:
version: 4.15.0.1060.61
upgrade.sh: |
#!/bin/sh
set -e
export DEBIAN_FRONTEND=noninteractive
secrets=$(dirname $0)
apt-get update
apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -yq \
linux-aws=$(cat $secrets/version) \
linux-headers-aws=$(cat $secrets/version) \
linux-image-aws=$(cat $secrets/version)
if [ -f /run/reboot-required ]; then
cat /run/reboot-required
reboot
fi
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: kernel
namespace: system-upgrade
spec:
# The maximum number of concurrent nodes to apply this update on.
concurrency: 1
# Select which nodes this plan can be applied to.
nodeSelector:
matchExpressions:
- {key: plan.upgrade.cattle.io/kernel, operator: Exists}
# The service account for the pod to use. As with normal pods, if not specified the `default` service account from the namespace will be assigned.
# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccountName: system-upgrade
# Link to secrets that will be mounted into all containers in job pods.
# Secrets are calculated as part of the `.status.latestHash`. This means that changing
# the secrets profile for a plan or changing the secrets that a plan refers to will
# trigger application.
secrets:
- name: kernel
# optional: default=/run/system-upgrade/secrets/{name}
path: /host/run/system-upgrade/secrets/kernel
# The value for `channel` is assumed to be a URL that returns HTTP 302 with the last path element of the value
# returned in the Location header assumed to be an image tag.
#channel: https://canonical.example.com/ubuntu/lts
# Providing a value for `version` will prevent polling/resolution of the `channel` if specified.
version: bionic
# The prepare init container is run before cordon/drain which is run before the upgrade container.
# Shares the same format as the `upgrade` container
#prepare:
# image: alpine:3.18
# command: [sh, -c]
# args: [" echo '### ENV ###'; env | sort; echo '### RUN ###'; find /run/system-upgrade | sort"]
# See https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/#use-kubectl-drain-to-remove-a-node-from-service
drain:
# deleteLocalData: true
# ignoreDaemonSets: true
force: true
# A very limited container spec
upgrade:
# The tag portion of the image will be overridden with the value from `.status.latestVersion` a.k.a. the resolved version.
image: ubuntu
command: ["chroot", "/host"]
args: ["sh", "/run/system-upgrade/secrets/kernel/upgrade.sh"]