apiVersion: batch/v1
kind: Job
metadata:
  name: kubezero-upgrade
  namespace: kube-system
spec:
  backoffLimit: 1
  template:
    spec:
      hostNetwork: true
      #hostIPC: true
      #hostPID: true
      containers:
      - name: kubezero-admin
        image: public.ecr.aws/zero-downtime/kubezero-admin:v1.21.7
        imagePullPolicy: Always
        command: ["kubezero.sh"]
        args:
        - upgrade
        env:
        - name: DEBUG
          value: "1"
        volumeMounts:
        - name: host
          mountPath: /host
        - name: workdir
          mountPath: /tmp
        securityContext:
          capabilities:
            add: ["SYS_CHROOT"]
      volumes:
      - name: host
        hostPath:
          path: /
          type: Directory
      - name: workdir
        emptyDir: {}
      nodeSelector:
        node-role.kubernetes.io/master: ""
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      restartPolicy: Never